In this commit, I have made a few changes and tightened up some of my models

code. I added in two major pieces of functionality: table foundations and a decorator to confirm whether or not a user is a member of a certain group. Table Foundations are default rows that should be present in a given table as soon as the database is initialized. For example, I am using these to populate the core__groups table with all of the necessary groups ('moderator', 'com- menter', etc). Right now, this is achieved by adding a dictionary of parameters (with the parameters as lists) to the constant FOUNDATIONS in mediagoblin.db.models. The keys to this dictionary are uninstantiated classes. The classes which require foundations also have must have a constructor so that the list of parameters can be passed appropriately like so: Model(*parameters) In order to implement these foundations, I added the method populate_table_fou- -ndations to MigrationManager in mediagoblin.db.migration_tools. The decorator, called user_in_group, accepts as a parameter a unicode string, and then decides whether to redirect to 403 or let the user access the page. The identifier is the Group.group_name string, because I believe that will allow for the most readable code. I also added in the simple decorator require_admin_login. In terms of tightening up my code, I made many minor changes to my use of white space and made a few small documentation additions. I removed a vestigial class (ReportForm) from mediagoblin.user_pages.forms. I moved all of my migrations in- to one registered Migration. Setting up Foundations ============================== --\ mediagoblin/db/migration_tools.py --| created: MigrationManager.populate_table_foundations --| modified: MigrationManager.init_or_migrate to run | self.populate_table_foundations on init --\ mediagoblin/db/models.py --| created: FOUNDATIONS ----| created: group_foundations Working With Permissions ============================== --\ mediagoblin/decorators.py --| created: user_in_group --| created: require_admin_login --\ mediagoblin/user_pages/views.py --| modified: added decorator user_in_group to file_a_report --\ mediagoblin/admin/views.py --| modified: added decorator require_admin_login to all views functions General Code Tidying ============================= --/ mediagoblin/admin/views.py --/ mediagoblin/user_pages/forms.py --/ mediagoblin/db/models.py --/ mediagoblin/user_pages/lib.py --/ mediagoblin/user_pages/views.py --/ mediagoblin/db/migrations.py
2013-06-27 14:13:42 -07:00 · 2013-06-27 14:13:42 -07:00 · 9b8ef022ef
commit 9b8ef022ef
parent 30a9fe7c1c
8 changed files with 175 additions and 87 deletions
--- a/mediagoblin/admin/views.py
+++ b/mediagoblin/admin/views.py
@ -17,18 +17,14 @@
 from werkzeug.exceptions import Forbidden
 from mediagoblin.db.models import MediaEntry, User, MediaComment, CommentReport, ReportBase
-from mediagoblin.decorators import require_active_login
+from mediagoblin.decorators import require_admin_login
 from mediagoblin.tools.response import render_to_response
-@require_active_login
+@require_admin_login
 def admin_processing_panel(request):
    '''
-    Show the global processing panel for this instance
+    Show the global media processing panel for this instance
    '''
    # TODO: Why not a "require_admin_login" decorator throwing a 403 exception?
    if not request.user.is_admin:
        raise Forbidden()
    processing_entries = MediaEntry.query.filter_by(state = u'processing').\
        order_by(MediaEntry.created.desc())
@ -47,15 +43,11 @@ def admin_processing_panel(request):
         'failed_entries': failed_entries,
         'processed_entries': processed_entries})
-@require_active_login
+@require_admin_login
 def admin_users_panel(request):
    '''
-    Show the global processing panel for this instance
+    Show the global panel for monitoring users in this instance
    '''
    # TODO: Why not a "require_admin_login" decorator throwing a 403 exception?
    if not request.user.is_admin:
        raise Forbidden()
    user_list = User.query
    # Render to response
@ -64,17 +56,18 @@ def admin_users_panel(request):
        'mediagoblin/admin/user.html',
        {'user_list': user_list})
-@require_active_login
+@require_admin_login
 def admin_reports_panel(request):
    '''
-    Show the global processing panel for this instance
+    Show the global panel for monitoring reports filed against comments or 
        media entries for this instance.
    '''
-    # TODO: Why not a "require_admin_login" decorator throwing a 403 exception?
+    report_list = ReportBase.query.filter(
-    if not request.user.is_admin:
+        ReportBase.resolved==None).order_by(
-        raise Forbidden()
+        ReportBase.created.desc()).limit(10)
-
+    closed_report_list = ReportBase.query.filter(
-    report_list = ReportBase.query.filter(ReportBase.resolved==None).order_by(ReportBase.created.desc()).limit(10)
+        ReportBase.resolved!=None).order_by(
-    closed_report_list = ReportBase.query.filter(ReportBase.resolved!=None).order_by(ReportBase.created.desc()).limit(10)
+        ReportBase.created.desc()).limit(10)
    # Render to response
    return render_to_response(
--- a/mediagoblin/db/migration_tools.py
+++ b/mediagoblin/db/migration_tools.py
@ -140,6 +140,17 @@ class MigrationManager(object):
            self.session.bind,
            tables=[model.__table__ for model in self.models])
    def populate_table_foundations(self):
        """
        Create the table foundations (default rows) as layed out in FOUNDATIONS
            in mediagoblin.db.models
        """
        from mediagoblin.db.models import FOUNDATIONS as MAIN_FOUNDATIONS
        for Model in MAIN_FOUNDATIONS.keys():
            for parameters in MAIN_FOUNDATIONS[Model]:
                row = Model(*parameters)
                row.save()
    def create_new_migration_record(self):
        """
        Create a new migration record for this migration set
@ -203,8 +214,10 @@ class MigrationManager(object):
            self.init_tables()
            # auto-set at latest migration number
-            self.create_new_migration_record()  
+            self.create_new_migration_record() 
-            
+            if self.name==u'__main__': 
                self.populate_table_foundations()
            self.printer(u"done.\n")
            self.set_current_migration()
            return u'inited'
--- a/mediagoblin/db/migrations.py
+++ b/mediagoblin/db/migrations.py
@ -314,16 +314,13 @@ class MediaReport_v0(ReportBase_v0):
    __tablename__ = 'core__reports_on_media'
    __mapper_args__ = {'polymorphic_identity': 'media_report'}
-    id = Column('id',Integer, ForeignKey('core__reports.id'),
+    id = Column(
-                                                primary_key=True)
+        'id',
        Integer, 
        ForeignKey('core__reports.id'),
        primary_key=True)
    media_entry_id = Column(Integer, ForeignKey(MediaEntry.id), nullable=False)
@RegisterMigration(11, MIGRATIONS)
 def create_report_tables(db):
    ReportBase_v0.__table__.create(db.bind)
    CommentReport_v0.__table__.create(db.bind)
    MediaReport_v0.__table__.create(db.bind)
    db.commit()
 class UserBan_v0(declarative_base()):
    __tablename__ = 'core__user_bans'
@ -334,23 +331,31 @@ class UserBan_v0(declarative_base()):
 class Group_v0(declarative_base()):
    __tablename__ = 'core__groups'
-    id = Column(Integer, nullable=False, primary_key=True)
+    id = Column(Integer, nullable=False, primary_key=True, unique=True)
    group_name = Column(Unicode, nullable=False)
 class GroupUserAssociation_v0(declarative_base()):
    __tablename__ = 'core__group_user_associations'
-    group_id = Column('core__group_id', Integer, ForeignKey(User.id), primary_key=True)
+    group_id = Column(
-    user_id = Column('core__user_id', Integer, ForeignKey(Group.id), primary_key=True)
+        'core__group_id', 
        Integer, 
        ForeignKey(User.id), 
        primary_key=True)
    user_id = Column(
        'core__user_id', 
        Integer, 
        ForeignKey(Group.id), 
        primary_key=True)
-
+@RegisterMigration(11, MIGRATIONS)
-
+def create_moderation_tables(db):
-@RegisterMigration(12, MIGRATIONS)
+    ReportBase_v0.__table__.create(db.bind)
-def create_banned_and_group_tables(db):
+    CommentReport_v0.__table__.create(db.bind)
    MediaReport_v0.__table__.create(db.bind)
    UserBan_v0.__table__.create(db.bind)
    Group_v0.__table__.create(db.bind)
    GroupUserAssociation_v0.__table__.create(db.bind)
    db.commit()
--- a/mediagoblin/db/models.py
+++ b/mediagoblin/db/models.py
@ -492,11 +492,13 @@ class ReportBase(Base):
    __tablename__ = 'core__reports'
    id = Column(Integer, primary_key=True)
    reporter_id = Column(Integer, ForeignKey(User.id), nullable=False)
-    reporter =  relationship(User, backref=backref("reports_filed_by",
+    reporter =  relationship(
-                                                                lazy="dynamic",
+        User, 
-                                                                cascade="all, delete-orphan"))
+        backref=backref("reports_filed_by",
            lazy="dynamic",
            cascade="all, delete-orphan"))
    report_content = Column(UnicodeText)
-    created = Column(DateTime, nullable=False, default=datetime.datetime.now()) 
+    created = Column(DateTime, nullable=False, default=datetime.datetime.now())
    resolved = Column(DateTime)
    discriminator = Column('type', Unicode(50))
    __mapper_args__ = {'polymorphic_on': discriminator}
@ -512,9 +514,10 @@ class CommentReport(ReportBase):
    id = Column('id',Integer, ForeignKey('core__reports.id'),
                                                primary_key=True)
    comment_id = Column(Integer, ForeignKey(MediaComment.id), nullable=False)
-    comment = relationship(MediaComment, backref=backref("reports_filed_on",
+    comment = relationship(
-                                                                lazy="dynamic",
+        MediaComment, backref=backref("reports_filed_on",
-                                                                cascade="all, delete-orphan"))
+            lazy="dynamic",
            cascade="all, delete-orphan"))
 class MediaReport(ReportBase):
    """
@ -526,27 +529,32 @@ class MediaReport(ReportBase):
    id = Column('id',Integer, ForeignKey('core__reports.id'),
                                                primary_key=True)
    media_entry_id = Column(Integer, ForeignKey(MediaEntry.id), nullable=False)
-    media_entry = relationship(MediaEntry, backref=backref("reports_filed_on",
+    media_entry = relationship(
-                                                                lazy="dynamic",
+        MediaEntry, 
-                                                                cascade="all, delete-orphan"))
+        backref=backref("reports_filed_on",
            lazy="dynamic",
            cascade="all, delete-orphan"))
 class UserBan(Base):
    """
-    Holds the information on a specific user's ban-state. As long as one of these
+    Holds the information on a specific user's ban-state. As long as one of 
-      is attached to a user, they are banned from accessing mediagoblin. When they
+        these is attached to a user, they are banned from accessing mediagoblin. 
-      try to log in, they are greeted with a page that tells them the reason why 
+        When they try to log in, they are greeted with a page that tells them 
-      they are banned and when (if ever) the ban will be lifted
+        the reason why they are banned and when (if ever) the ban will be 
-        :param user_id          Holds the id of the user this object is attached to.
+        lifted
-                                    This should be a one-to-one relationship.
+
-        :param expiration_date  Holds the date that the ban will be lifted. If this
+        :param user_id          Holds the id of the user this object is 
-                                    is null, the ban is permanent unless a moderator
+                                    attached to. This is a one-to-one 
-                                    manually lifts it.
+                                    relationship.
        :param expiration_date  Holds the date that the ban will be lifted. 
                                    If this is null, the ban is permanent 
                                    unless a moderator manually lifts it.
        :param reason           Holds the reason why the user was banned.
    """
    __tablename__ = 'core__user_bans'
-    user_id = Column('id',Integer, ForeignKey(User.id), nullable=False,
+    user_id = Column(Integer, ForeignKey(User.id), nullable=False, 
-                                         primary_key=True)
+                                                        primary_key=True)
    expiration_date = Column(DateTime)
    reason = Column(UnicodeText, nullable=False)
@ -555,8 +563,14 @@ class Group(Base):
    __tablename__ = 'core__groups'
    id = Column(Integer, nullable=False, primary_key=True)
-    group_name = Column(Unicode, nullable=False)
+    group_name = Column(Unicode, nullable=False, unique=True)
-    all_users = relationship(User, backref='all_groups', secondary="core__group_user_associations")
+    all_users = relationship(
        User, 
        backref='all_groups', 
        secondary="core__group_user_associations")
    def __init__(self, group_name):
        self.group_name = group_name
    def __repr__(self):
        return "<Group %s>" % (self.group_name)
@ -564,14 +578,31 @@ class Group(Base):
 class GroupUserAssociation(Base):
    __tablename__ = 'core__group_user_associations'
-    group_id = Column('core__group_id', Integer, ForeignKey(User.id), primary_key=True)
+    group_id = Column(
-    user_id = Column('core__user_id', Integer, ForeignKey(Group.id), primary_key=True)
+        'core__group_id', 
        Integer, 
        ForeignKey(User.id), 
        primary_key=True)
    user_id = Column(
        'core__user_id', 
        Integer, 
        ForeignKey(Group.id), 
        primary_key=True)
 group_foundations = [[u'admin'], [u'moderator'], [u'commenter'], [u'uploader'],[u'reporter'],[u'active']]
 MODELS = [
-    User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem, MediaFile, FileKeynames,
+    User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem, 
-    MediaAttachmentFile, ProcessingMetaData, CommentReport, MediaReport, UserBan, Group, GroupUserAssociation]
+    MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData, ReportBase,
    CommentReport, MediaReport, UserBan, Group, GroupUserAssociation]
 # Foundations are the default rows that are created immediately after the tables are initialized. Each entry to
 #   this dictionary should be in the format of 
 #                                               ModelObject:List of Rows
 #                                         (Each Row must be a list of parameters that can create and instance of the ModelObject)
 #   
 FOUNDATIONS = {Group:group_foundations}
 ######################################################
 # Special, migrations-tracking table
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@ -21,7 +21,7 @@ from werkzeug.exceptions import Forbidden, NotFound
 from werkzeug.urls import url_quote
 from mediagoblin import mg_globals as mgg
-from mediagoblin.db.models import MediaEntry, User, MediaComment
+from mediagoblin.db.models import MediaEntry, User, MediaComment, Group
 from mediagoblin.tools.response import redirect, render_404
@ -63,6 +63,26 @@ def active_user_from_url(controller):
    return wrapper
 def user_in_group(group_name):
 #TODO handle possible errors correctly
    def user_in_group_decorator(controller):
        @wraps(controller)
        def wrapper(request, *args, **kwargs):
            user_id = request.user.id
            group = Group.query.filter(
                Group.group_name==group_name).first()
            if not (group.query.filter(
                Group.all_users.any(
                    User.id==user_id)).count()):
                raise Forbidden()
            return controller(request, *args, **kwargs)
        return wrapper
    return user_in_group_decorator
 def user_may_delete_media(controller):
    """
@ -253,3 +273,26 @@ def get_workbench(func):
            return func(*args, workbench=workbench, **kwargs)
    return new_func
 def require_admin_login(controller):
    """
    Require an login from an administrator.
    """
    @wraps(controller)
    def new_controller_func(request, *args, **kwargs):
        if request.user and \
                not request.user.is_admin:
            raise Forbidden()
        elif not request.user:
            next_url = urljoin(
                    request.urlgen('mediagoblin.auth.login',
                        qualified=True),
                    request.url)
            return redirect(request, 'mediagoblin.auth.login',
                            next=next_url)
        return controller(request, *args, **kwargs)
    return new_controller_func
--- a/mediagoblin/user_pages/forms.py
+++ b/mediagoblin/user_pages/forms.py
@ -59,9 +59,3 @@ class MediaReportForm(wtforms.Form):
    report_reason = wtforms.TextAreaField('Reason for Reporting')
    media_entry_id = wtforms.IntegerField()
    reporter_id = wtforms.IntegerField()
 class ReportForm(wtforms.Form):
    report_reason = wtforms.TextAreaField('Reason for Reporting')
    media_entry_id = wtforms.IntegerField()
    reporter_id = wtforms.IntegerField()
    comment_id = wtforms.IntegerField()
--- a/mediagoblin/user_pages/lib.py
+++ b/mediagoblin/user_pages/lib.py
@ -79,12 +79,15 @@ def add_media_to_collection(collection, media, note=None, commit=True):
 def build_report_form(form_dict):
    """
-    :param form_dict should be an ImmutableMultiDict object which is what is
+    This function is used to convert a form dictionary (from a User filing a 
-            returned from 'request.form.' The Object should have valid keys
+        report) into either a MediaReport or CommentReport object.
            matching the fields in either MediaReportForm or CommentReportForm
-    :returns either of MediaReport or a CommentReport object that has not been saved.
+    :param form_dict should be an ImmutableMultiDict object as is returned from
-            In case of an improper form_dict, returns None
+        'request.form.' The Object should have valid keys matching the fields 
        in either MediaReportForm or CommentReportForm
    :returns either of MediaReport or a CommentReport object that has not been 
        saved. In case of an improper form_dict, returns None
    """
    if 'comment_id' in form_dict.keys():
        report_form = user_forms.CommentReportForm(form_dict)
@ -92,6 +95,7 @@ def build_report_form(form_dict):
        report_form = user_forms.MediaReportForm(form_dict)
    else:
        return None
    if report_form.validate() and 'comment_id' in form_dict.keys():
        report_model = CommentReport()
        report_model.comment_id = report_form.comment_id.data
@ -100,6 +104,7 @@ def build_report_form(form_dict):
        report_model.media_entry_id = report_form.media_entry_id.data
    else:
        return None
    report_model.report_content = report_form.report_reason.data or u''
    report_model.reporter_id = report_form.reporter_id.data
    return report_model
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@ -20,7 +20,7 @@ import datetime
 from mediagoblin import messages, mg_globals
 from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
                                   CollectionItem, User, MediaComment,
-                                   CommentReport, MediaReport)
+                                   CommentReport, MediaReport, Group)
 from mediagoblin.tools.response import render_to_response, render_404, \
    redirect, redirect_obj
 from mediagoblin.tools.translate import pass_to_ugettext as _
@ -30,7 +30,7 @@ from mediagoblin.user_pages.lib import (send_comment_email, build_report_form,
    add_media_to_collection)
 from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
-    get_media_entry_by_id,
+    get_media_entry_by_id, user_in_group,
    require_active_login, user_may_delete_media, user_may_alter_collection,
    get_user_collection, get_user_collection_item, active_user_from_url,
    get_media_comment_by_id)
@ -621,22 +621,26 @@ def processing_panel(request):
@require_active_login
@get_user_media_entry
-def file_a_report(request, media, comment=None):
+@user_in_group(u'reporter')
 def file_a_report(request, media, comment=None, required_group=1):
    if request.method == "POST":
        report_form = build_report_form(request.form)
        report_form.save()
        return redirect(
-              request,
+            request,
-             'index')
+            'index')
    if comment is not None:
        context = {'media': media,
-                 'comment':comment}
+                   'comment':comment}
    else:
        context = {'media': media}
    return render_to_response(
-            request,
+        request,
-                'mediagoblin/user_pages/report.html',
+        'mediagoblin/user_pages/report.html',
-                context)
+        context)
@require_active_login
@get_user_media_entry