heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check for edit permission.

Browse Source 
You need to own the media, or be an admin to use the edit form.
As simple as that, for now.
This commit is contained in:
Elrond 2011-06-02 14:25:31 +02:00
parent 98857207cc
commit c849e69092
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
mediagoblin/edit/views.py
View File

@ -5,9 +5,22 @@ from webob import Response, exc
from mediagoblin.edit import forms from mediagoblin.edit import forms
from mediagoblin.decorators import require_active_login, get_media_entry_by_id from mediagoblin.decorators import require_active_login, get_media_entry_by_id
def may_edit_media(request, media):
"""Check, if the request's user may edit the media details"""
if media['uploader'] == request.user['_id']:
return True
if request.user['is_admin']:
return True
return False
@get_media_entry_by_id @get_media_entry_by_id
@require_active_login @require_active_login
def edit_media(request, media): def edit_media(request, media):
if not may_edit_media(request, media):
return exc.HTTPForbidden()
form = forms.EditForm(request.POST, form = forms.EditForm(request.POST,
title = media['title'], title = media['title'],
slug = media['slug'], slug = media['slug'],