heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

This has been an update to clean out the code a little bit. The primary change

Browse Source 
I made was I added the method has_privilege (which takes a variable amount of
unicode privilege names as an argument) to the User model. This method allowed
for much cleaner checks as to whether or not a user has a privilege. Other-
wise, I also made it impossible for moderators to punish admins. I created a
new url path and three new pages for Users to look at filed reports and the
code of conduct for the mg instance.

=== Made reports on admins not resolvable by moderators:
--\   mediagoblin/moderation/views.py
--\   mediagoblin/templates/mediagoblin/moderation/report.html

=== Created new files for the new pages:
--\   mediagoblin/meta/__init__.py
--\   mediagoblin/meta/routing.py
--\   mediagoblin/meta/views.py
--\   mediagoblin/templates/mediagoblin/meta/code_of_conduct.html
--\   mediagoblin/templates/mediagoblin/meta/reports_details.html
--\   mediagoblin/templates/mediagoblin/meta/reports_panel.html
--\   mediagoblin/routing.py
--\   mediagoblin/static/css/base.css

=== Replaced vestigial methods of checking a user's privilege with the more
====== effective method has_privilege(u'privilege_name'):
--\   mediagoblin/db/models.py
--|   Added in the has_privilege method to the User class

--\   mediagoblin/db/migrations.py
--\   mediagoblin/db/models.py
--\   mediagoblin/decorators.py
--\   mediagoblin/edit/lib.py
--\   mediagoblin/edit/views.py
--\   mediagoblin/gmg_commands/users.py
--\   mediagoblin/moderation/views.py
--\   mediagoblin/templates/mediagoblin/base.html
--\   mediagoblin/templates/mediagoblin/user_pages/collection.html
--\   mediagoblin/templates/mediagoblin/user_pages/media.html
--\   mediagoblin/templates/mediagoblin/user_pages/user.html
--\   mediagoblin/templates/mediagoblin/utils/collection_gallery.html
--\   mediagoblin/user_pages/views.py

=== Minor UI changes
--\   mediagoblin/templates/mediagoblin/moderation/report_panel.html
--\   mediagoblin/templates/mediagoblin/moderation/user.html

=== Other Bugs:
--\   mediagoblin/tools/response.py
--\   mediagoblin/db/migrations.py
This commit is contained in:
tilly-Q 2013-08-13 18:38:00 -04:00
parent 9d6e453f8f
commit 8394febbe1
25 changed files with 219 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mediagoblin/db/migrations.py
View File

@ -410,7 +410,7 @@ class ArchivedReport_v0(ReportBase_v0):
__tablename__ = 'core__reports_archived'
__mapper_args__ = {'polymorphic_identity': 'archived_report'}
id = Column('id',Integer, ForeignKey('core__reports.id'))
id = Column('id',Integer, ForeignKey('core__reports.id'), primary_key=True)
media_entry_id = Column(Integer, ForeignKey(MediaEntry.id))
comment_id = Column(Integer, ForeignKey(MediaComment.id))
resolver_id = Column(Integer, ForeignKey(User.id), nullable=False)

10
mediagoblin/db/models.py
View File

@ -106,6 +106,16 @@ class User(Base, UserMixin):
super(User, self).delete(**kwargs)
_log.info('Deleted user "{0}" account'.format(self.username))
def has_privilege(self,*priv_names):
if len(priv_names) == 1:
priv = Privilege.query.filter(
Privilege.privilege_name==priv_names[0]).one()
return (priv in self.all_privileges)
elif len(priv_names) > 1:
return self.has_privilege(priv_names[0]) or \
self.has_privilege(*priv_names[1:])
return False
class MediaEntry(Base, MediaEntryMixin):
"""

21
mediagoblin/decorators.py
View File

@ -35,11 +35,11 @@ def require_active_login(controller):
@wraps(controller)
def new_controller_func(request, *args, **kwargs):
if request.user and \
request.user.status == u'needs_email_verification':
not request.user.has_privilege(u'active'):
return redirect(
request, 'mediagoblin.user_pages.user_home',
user=request.user.username)
elif not request.user or request.user.status != u'active':
elif not request.user or not request.user.has_privilege(u'active'):
next_url = urljoin(
request.urlgen('mediagoblin.auth.login',
qualified=True),
@ -72,13 +72,9 @@ def user_has_privilege(privilege_name):
@wraps(controller)
def wrapper(request, *args, **kwargs):
user_id = request.user.id
privileges_of_user = Privilege.query.filter(
Privilege.all_users.any(
User.id==user_id))
if UserBan.query.filter(UserBan.user_id==user_id).count():
return render_user_banned(request)
elif not privileges_of_user.filter(
Privilege.privilege_name==privilege_name).count():
elif not request.user.has_privilege(privilege_name):
raise Forbidden()
return controller(request, *args, **kwargs)
@ -94,7 +90,7 @@ def user_may_delete_media(controller):
@wraps(controller)
def wrapper(request, *args, **kwargs):
uploader_id = kwargs['media'].uploader
if not (request.user.is_admin or
if not (request.user.has_privilege(u'admin') or
request.user.id == uploader_id):
raise Forbidden()
@ -111,7 +107,7 @@ def user_may_alter_collection(controller):
def wrapper(request, *args, **kwargs):
creator_id = request.db.User.query.filter_by(
username=request.matchdict['user']).first().id
if not (request.user.is_admin or
if not (request.user.has_privilege(u'admin') or
request.user.id == creator_id):
raise Forbidden()
@ -309,13 +305,8 @@ def require_admin_or_moderator_login(controller):
"""
@wraps(controller)
def new_controller_func(request, *args, **kwargs):
admin_privilege = Privilege.query.filter(
Privilege.privilege_name==u'admin').one()
moderator_privilege = Privilege.query.filter(
Privilege.privilege_name==u'moderator').one()
if request.user and \
not admin_privilege in request.user.all_privileges and \
not moderator_privilege in request.user.all_privileges:
not request.user.has_privilege(u'admin',u'moderator'):
raise Forbidden()
elif not request.user:

2
mediagoblin/edit/lib.py
View File

@ -19,6 +19,6 @@ def may_edit_media(request, media):
"""Check, if the request's user may edit the media details"""
if media.uploader == request.user.id:
return True
if request.user.is_admin:
if request.user.has_privilege(u'admin'):
return True
return False

6
mediagoblin/edit/views.py
View File

@ -83,7 +83,7 @@ def edit_media(request, media):
return redirect_obj(request, media)
if request.user.is_admin \
if request.user.has_privilege(u'admin') \
and media.uploader != request.user.id \
and request.method != 'POST':
messages.add_message(
@ -184,7 +184,7 @@ def legacy_edit_profile(request):
def edit_profile(request, url_user=None):
# admins may edit any user profile
if request.user.username != url_user.username:
if not request.user.is_admin:
if not request.user.has_privilege(u'admin'):
raise Forbidden(_("You can only edit your own profile."))
# No need to warn again if admin just submitted an edited profile
@ -326,7 +326,7 @@ def edit_collection(request, collection):
return redirect_obj(request, collection)
if request.user.is_admin \
if request.user.has_privilege(u'admin') \
and collection.creator != request.user.id \
and request.method != 'POST':
messages.add_message(

1
mediagoblin/gmg_commands/users.py
View File

@ -85,7 +85,6 @@ def makeadmin(args):
user = db.User.query.filter_by(
username=unicode(args.username.lower())).one()
if user:
user.is_admin = True
user.all_privileges.append(
db.Privilege.query.filter(
db.Privilege.privilege_name==u'admin').one()

0
mediagoblin/meta/__init__.py Normal file
View File

27
mediagoblin/meta/routing.py Normal file
View File

@ -0,0 +1,27 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
meta_routes = [
('mediagoblin.meta.code_of_conduct',
'/coc/',
'mediagoblin.meta.views:code_of_conduct'),
('mediagoblin.meta.reports_panel',
'/reports/',
'mediagoblin.meta.views:public_reports_panel'),
('mediagoblin.meta.reports_detail',
'/reports/<int:report_id>',
'mediagoblin.meta.views:public_reports_details')
]

33
mediagoblin/meta/views.py Normal file
View File

@ -0,0 +1,33 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from mediagoblin.tools.response import render_to_response
def code_of_conduct(request):
return render_to_response(request,
'mediagoblin/meta/code_of_conduct.html',
{})
def public_reports_panel(request):
return render_to_response(request,
'mediagoblin/meta/reports_panel.html',
{})
def public_reports_details(request):
return render_to_response(request,
'mediagoblin/meta/reports_details.html',
{})

8
mediagoblin/moderation/views.py
View File

@ -74,15 +74,12 @@ def moderation_users_detail(request):
ReportBase.discriminator=='archived_report').all()
privileges = Privilege.query
user_banned = UserBan.query.get(user.id)
user_privileges = user_privileges_to_dictionary(user.id)
requesting_user_privileges = user_privileges_to_dictionary(request.user.id)
return render_to_response(
request,
'mediagoblin/moderation/user.html',
{'user':user,
'privileges': privileges,
'requesting_user_privileges':requesting_user_privileges,
'reports':active_reports,
'user_banned':user_banned})
@ -121,7 +118,10 @@ def moderation_reports_detail(request):
for s in report.reported_user.all_privileges
]
if request.method == "POST" and form.validate():
if request.method == "POST" and form.validate() and not (
not request.user.has_privilege(u'admin') and
report.reported_user.has_privilege(u'admin')):
user = User.query.get(form.targeted_user.data)
return take_punitive_actions(request, form, report, user)

3
mediagoblin/routing.py
View File

@ -20,6 +20,7 @@ from mediagoblin.tools.routing import add_route, mount, url_map
from mediagoblin.tools.pluginapi import PluginManager
from mediagoblin.moderation.routing import moderation_routes
from mediagoblin.auth.routing import auth_routes
from mediagoblin.meta.routing import meta_routes
_log = logging.getLogger(__name__)
@ -29,6 +30,7 @@ def get_url_map():
add_route('index', '/', 'mediagoblin.views:root_view')
mount('/auth', auth_routes)
mount('/mod', moderation_routes)
mount('/meta', meta_routes)
import mediagoblin.submit.routing
import mediagoblin.user_pages.routing
@ -37,6 +39,7 @@ def get_url_map():
import mediagoblin.listings.routing
import mediagoblin.notifications.routing
for route in PluginManager().get_routes():
add_route(*route)

18
mediagoblin/static/css/base.css
View File

@ -220,6 +220,7 @@ footer {
color: #283F35;
}
.button_form {
min-width: 99px;
margin: 10px 0px 10px 15px;
@ -615,7 +616,7 @@ table.media_panel th {
text-align: left;
}
/* admin panels */
/* moderator panels */
table.admin_panel {
width: 100%
@ -655,6 +656,21 @@ table td.user_without_privilege {
margin-left: 10px;
}
/* code of conduct */
#code_of_conduct_list {
margin-left:25px;
margin-bottom: 10px;
}
#code_of_conduct_list li {
margin-top:5px;
}
ol.nested_sublist{
margin: 5px 0 10px 25px;
font-size:80%;
}
/* ASCII art and code */
@font-face {

4
mediagoblin/templates/mediagoblin/base.html
View File

@ -109,9 +109,9 @@
<a class="button_action" href="{{ request.urlgen('mediagoblin.submit.collection') }}">
{%- trans %}Create new collection{% endtrans -%}
</a>
{% if request.user.is_admin %}
{% if request.user.has_privilege('admin','moderator') %}
<p>
<span class="dropdown_title">Admin powers:</span>
<span class="dropdown_title">Moderation powers:</span>
<a href="{{ request.urlgen('mediagoblin.moderation.media_panel') }}">
{%- trans %}Media processing panel{% endtrans -%}
</a>

46
mediagoblin/templates/mediagoblin/meta/code_of_conduct.html Normal file
View File

@ -0,0 +1,46 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% extends "mediagoblin/base.html" %}
{% block title %}
Code of Conduct
{% endblock %}
{% block mediagoblin_content -%}
<h2>{% trans %}Code of Conduct for this Website{% endtrans %}</h2>
{# Suggested layout for this page:
<ol id="code_of_conduct_list">
<li> Item #1 </li>
<li>
Item #2
<ol class="nested_sublist">
<li>Sub-Item #1</li>
<li>Sub-Item #2</li>
<li>
Sub-Item #3
<ol class="nested_sublist">
<li>Sub-Subitem #1</li>
</ol>
</li>
</ol>
</li>
<li>Item #3 </li>
</ol>
#}
{% endblock -%}

17
mediagoblin/templates/mediagoblin/meta/reports_details.html Normal file
View File

@ -0,0 +1,17 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}

17
mediagoblin/templates/mediagoblin/meta/reports_panel.html Normal file
View File

@ -0,0 +1,17 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}

20
mediagoblin/templates/mediagoblin/moderation/report.html
View File

@ -122,7 +122,7 @@
{{ report.report_content }}
</div>
</div>
{% if not report.is_archived_report() %}
{% if not report.is_archived_report() and not (report.reported_user.has_privilege('admin') and not request.user.has_privilege('admin')) %}
<input type=button value=Resolve id=open_resolution_form />
<form action="" method="POST" id=resolution_form>
{{ wtforms_util.render_divs(form) }}
@ -163,19 +163,6 @@ $(document).ready(function() {
$('#'+name).hide();
});
});
/* $.each(hidden_input_names, function(key,name){
if ($.inArray(key, $('ul#action_to_resolve li input:checked').val())){
$.each(hidden_input_names[key], function(index,name){
$('#'+name).show();
$('label[for='+name+']').show();
});
} else {
$.each(hidden_input_names[key], function(index,name){
$('#'+name).hide();
$('label[for='+name+']').hide();
});
}
});*/
});
$("#user_banned_until").focus(function() {
$(this).val("");
@ -188,7 +175,7 @@ $(document).ready(function() {
});
});
</script>
{% else %}
{% elif not (report.reported_user.has_privilege('admin')) %}
<h2><img src="{{ request.staticdirect('/images/icon_clipboard.png') }}"
alt="Under a GNU LGPL v.3 or Creative Commons BY-SA 3.0 license.
Distributed by the GNOME project http://www.gnome.org" />
@ -199,6 +186,9 @@ $(document).ready(function() {
{% autoescape False %}
<p>{{ report.result }}</p>
{% endautoescape %}
{% else %}
<input type=button disabled=disabled value="Resolve This Report"/>
<p>You cannot take action against an administrator</p>
{% endif %}
{% endif %}
{% endblock %}

2
mediagoblin/templates/mediagoblin/moderation/report_panel.html
View File

@ -112,7 +112,7 @@
<td>{{ report.reported_user.username }}</td>
<td>{{ report.created.strftime("%F %R") }}</td>
<td>{{ report.reporter.username }}</td>
<td>{{ report.report_content }}</td>
<td>{{ report.report_content[:15] }}...</td>
</tr>
{% endfor %}
</table>

25
mediagoblin/templates/mediagoblin/moderation/user.html
View File

@ -33,12 +33,10 @@
{# If no user... #}
{% if not user %}
<p>{% trans %}Sorry, no such user found.{% endtrans %}</p>
{# User exists, but needs verification #}
{% elif user.status == "needs_email_verification" %}
<div class="form_box">
<h1>{% trans %}Email verification needed{% endtrans %}</h1>
<p>
{% trans -%}
Someone has registered an account with this username, but it still has
@ -56,6 +54,10 @@
{# Active(?) (or at least verified at some point) user, horray! #}
{% else %}
<a href="{{ request.urlgen('mediagoblin.moderation.users') }}"
class="return_to_panel button_action"
title="Return to Users Panel">
{% trans %}Return to Users Panel{% endtrans %}</a>
<h1>
{%- trans username=user.username %}{{ username }}'s profile{% endtrans -%}
{% if user_banned and user_banned.expiration_date %}
@ -64,7 +66,6 @@
&mdash; Banned Indefinitely
{% endif %}
</h1>
{% if not user.url and not user.bio %}
<div class="profile_sidebar empty_space">
<p>
@ -76,7 +77,7 @@
<div class="profile_sidebar">
{% include "mediagoblin/utils/profile.html" %}
{% if request.user and
(request.user.id == user.id or request.user.is_admin) %}
(request.user.id == user.id or request.user.has_privilege('admin')) %}
<a href="{{ request.urlgen('mediagoblin.edit.profile',
user=user.username) }}">
{%- trans %}Edit profile{% endtrans -%}
@ -145,13 +146,19 @@
<td class="user_without_privilege">
No{% endif %}
</td>
{% if requesting_user_privileges.admin%}
<td>{% if privilege in user.all_privileges %}
<input type=submit id="{{ privilege.privilege_name }}" class=submit_button value ="-" />{% else %}
<input type=submit id="{{ privilege.privilege_name }}" class=submit_button value ="+" />{% endif %}
{% if request.user.has_privilege('admin') %}
<td>
{% if privilege in user.all_privileges %}
<input type=submit id="{{ privilege.privilege_name }}"
class="submit_button button_action"
value =" -" />
{% else %}
<input type=submit id="{{ privilege.privilege_name }}"
class="submit_button button_action"
value ="+" />
{% endif %}
</td>
{% endif %}
</tr>
{% endfor %}
</table>

2
mediagoblin/templates/mediagoblin/user_pages/collection.html
View File

@ -45,7 +45,7 @@
{%- endtrans %}
</h1>
{% if request.user and (collection.creator == request.user.id or
request.user.is_admin) %}
request.user.has_privilege(u'admin')) %}
{% set edit_url = request.urlgen('mediagoblin.edit.edit_collection',
user=collection.get_creator.username,
collection=collection.slug) %}

4
mediagoblin/templates/mediagoblin/user_pages/media.html
View File

@ -72,7 +72,7 @@
</h2>
{% if request.user and
(media.uploader == request.user.id or
request.user.is_admin) %}
request.user.has_privilege('admin')) %}
{% set edit_url = request.urlgen('mediagoblin.edit.edit_media',
user= media.get_uploader.username,
media_id=media.id) %}
@ -198,7 +198,7 @@
{%- if app_config['allow_attachments']
and request.user
and (media.uploader == request.user.id
or request.user.is_admin) %}
or request.user.has_privilege('admin')) %}
{%- if not media.attachment_files|count %}
<h3>{% trans %}Attachments{% endtrans %}</h3>
{%- endif %}

2
mediagoblin/templates/mediagoblin/user_pages/user.html
View File

@ -111,7 +111,7 @@
<div class="profile_sidebar">
{% include "mediagoblin/utils/profile.html" %}
{% if request.user and
(request.user.id == user.id or request.user.is_admin) %}
(request.user.id == user.id or request.user.has_privilege('admin')) %}
<a href="{{ request.urlgen('mediagoblin.edit.profile',
user=user.username) }}">
{%- trans %}Edit profile{% endtrans -%}

2
mediagoblin/templates/mediagoblin/utils/collection_gallery.html
View File

@ -39,7 +39,7 @@
{% endif %}
{% if request.user and
(item.in_collection.creator == request.user.id or
request.user.is_admin) %}
request.user.has_privilege(u'admin')) %}
{%- set remove_url=request.urlgen(
'mediagoblin.user_pages.collection_item_confirm_remove',
user=item.in_collection.get_creator.username,

2
mediagoblin/tools/response.py
View File

@ -72,7 +72,7 @@ def render_user_banned(request):
if datetime.now()>user_ban.expiration_date:
user_ban.delete()
redirect(request,
'mediagoblin.index')
'index')
return render_to_response(request,
'mediagoblin/banned.html',
{'reason':user_ban.reason,

8
mediagoblin/user_pages/views.py
View File

@ -299,7 +299,7 @@ def media_confirm_delete(request, media):
_("The media was not deleted because you didn't check that you were sure."))
return redirect_obj(request, media)
if ((request.user.is_admin and
if ((request.user.has_privilege(u'admin') and
request.user.id != media.uploader)):
messages.add_message(
request, messages.WARNING,
@ -385,7 +385,7 @@ def collection_item_confirm_remove(request, collection_item):
return redirect_obj(request, collection)
if ((request.user.is_admin and
if ((request.user.has_privilege(u'admin') and
request.user.id != collection_item.in_collection.creator)):
messages.add_message(
request, messages.WARNING,
@ -433,7 +433,7 @@ def collection_confirm_delete(request, collection):
return redirect_obj(request, collection)
if ((request.user.is_admin and
if ((request.user.has_privilege(u'admin') and
request.user.id != collection.creator)):
messages.add_message(
request, messages.WARNING,
@ -594,7 +594,7 @@ def processing_panel(request):
#
# Make sure we have permission to access this user's panel. Only
# admins and this user herself should be able to do so.
if not (user.id == request.user.id or request.user.is_admin):
if not (user.id == request.user.id or request.user.has_privilege(u'admin')):
# No? Simply redirect to this user's homepage.
return redirect(
request, 'mediagoblin.user_pages.user_home',