Instead of redirecting directly to user's home. Makes the flow for mass or just
a few deletions easier. For really large deletions it would still make sense to
have a dedicated view, but this is still way better then losing context by
jumping back to the home view.
Signed-off-by: Alon Levy <alon@pobox.com>
I made was I added the method has_privilege (which takes a variable amount of
unicode privilege names as an argument) to the User model. This method allowed
for much cleaner checks as to whether or not a user has a privilege. Other-
wise, I also made it impossible for moderators to punish admins. I created a
new url path and three new pages for Users to look at filed reports and the
code of conduct for the mg instance.
=== Made reports on admins not resolvable by moderators:
--\ mediagoblin/moderation/views.py
--\ mediagoblin/templates/mediagoblin/moderation/report.html
=== Created new files for the new pages:
--\ mediagoblin/meta/__init__.py
--\ mediagoblin/meta/routing.py
--\ mediagoblin/meta/views.py
--\ mediagoblin/templates/mediagoblin/meta/code_of_conduct.html
--\ mediagoblin/templates/mediagoblin/meta/reports_details.html
--\ mediagoblin/templates/mediagoblin/meta/reports_panel.html
--\ mediagoblin/routing.py
--\ mediagoblin/static/css/base.css
=== Replaced vestigial methods of checking a user's privilege with the more
====== effective method has_privilege(u'privilege_name'):
--\ mediagoblin/db/models.py
--| Added in the has_privilege method to the User class
--\ mediagoblin/db/migrations.py
--\ mediagoblin/db/models.py
--\ mediagoblin/decorators.py
--\ mediagoblin/edit/lib.py
--\ mediagoblin/edit/views.py
--\ mediagoblin/gmg_commands/users.py
--\ mediagoblin/moderation/views.py
--\ mediagoblin/templates/mediagoblin/base.html
--\ mediagoblin/templates/mediagoblin/user_pages/collection.html
--\ mediagoblin/templates/mediagoblin/user_pages/media.html
--\ mediagoblin/templates/mediagoblin/user_pages/user.html
--\ mediagoblin/templates/mediagoblin/utils/collection_gallery.html
--\ mediagoblin/user_pages/views.py
=== Minor UI changes
--\ mediagoblin/templates/mediagoblin/moderation/report_panel.html
--\ mediagoblin/templates/mediagoblin/moderation/user.html
=== Other Bugs:
--\ mediagoblin/tools/response.py
--\ mediagoblin/db/migrations.py
It does this in real time with a 500ms lag by using a timer. Initially I tried the onChange handler but you need to lose focus for that to process. The javascript timer is only invoked if the add comment button is pressed. A request is only sent if the comment box is not empty and the current value is not the same as the last value.
a bit. I made it so that mediagoblin.user_pages.report recieves the report
form as part of it's context. I also made sure I used {% trans %} tags effect-
-ively.
the folders and enpoints labeled 'admin' to the more accurate term of 'moderat-
ion.' I also created the ability for admins and moderators to add or remove pr-
ivileges or to ban a user in response to a report. This also meant implementing
the UserBan class in various places. I also had to add a column called result
to the ReportBase table. This allows the moderator/admin to leave comments when
they respond to a report, allowing for archiving of what responses they do/n't
take.
--\ mediagoblin/db/migrations.py
--| Added result column to ReportBase
--\ mediagoblin/db/models.py
--| Added result column to ReportBase
--| Added documentation to tables I had made previously
--\ mediagoblin/decorators.py
--| Editted the user_has_privilege decorator to check whether a user has been
| banned or not
--| Created a seperate user_not_banned decorator to prevent banned users from
| accessing any pages
--| Changed require_admin_login into require_admin_or_moderator login
--\ mediagoblin/gmg_commands/users.py
--| Made the gmg command `adduser` create a user w/ the appropriate privileges
--\ mediagoblin/moderation/routing.py << formerly mediagoblin/admin/routing.py
--| Renamed all of the routes from admin -> moderation
--\ mediagoblin/routing.py
--| Renamed all of the routes from admin -> moderation
--\ mediagoblin/moderation/views.py << formerly mediagoblin/admin/views.py
--| Renamed all of the routes & functions from admin -> moderation
--| Expanded greatly on the moderation_reports_detail view and functionality
--| Added in the give_or_take_away_privilege form, however this might be a use-
| -less function which I could remove (because privilege changes should happe-
| n in response to a report so they can be archived and visible)
--\ mediagoblin/static/css/base.css
--| Added in a style for the reports_detail page
--\ mediagoblin/templates/mediagoblin/base.html
--| Renamed all of the routes from admin -> moderation
--\ mediagoblin/templates/mediagoblin/moderation/report.html
--| Added form to allow moderators and admins to respond to reports.
--\ mediagoblin/templates/mediagoblin/moderation/reports_panel.html
--| Fixed the table for closed reports
--\ mediagoblin/templates/mediagoblin/moderation/user.html
--| Added in a table w/ all of the user's privileges and the option to add or
| remove them. Again, this is probably vestigial
--| Renamed all of the routes from admin -> moderation
--\ mediagoblin/templates/mediagoblin/moderation/user_panel.html
--| Renamed all of the routes from admin -> moderation
--\ mediagoblin/tools/response.py
--| Added function render_user_banned, this is the view function for the redir-
| -ect that happens when a user tries to access the site whilst banned
--\ mediagoblin/user_pages/forms.py
--| Added important translate function where I had text
--\ mediagoblin/user_pages/lib.py
--| Renamed functiion for clarity
--\ mediagoblin/user_pages/views.py
--| Added the user_not_banned decorator to every view
--\ mediagoblin/views.py
--| Added the user_not_banned decorator
--\ mediagoblin/moderation/forms.py
--| Created this new file
--\ mediagoblin/templates/mediagoblin/banned.html
--| Created this new file
--| This is the page which people are redirected to when they access the site
| while banned
as to not conflict with the new federated groups which are also being written.
I also fixed up some of the code in the user_in_group/user_has_privilege decor-
ator. Users are now assigned the default privileges when they sign up, and ass-
iged active once they are activated. I updated the gmg command makeadmin to use
my groups as well. Lastly, I added the decorator to various views, requiring th-
at users belong to appropriate groups to access pages.
--\ mediagoblin/auth/tools.py
--| Added code to assign new users to default privileges
--\ mediagoblin/auth/views.py
--| Added code to assign users to u'active' privilege once the email
| verification is complete
--\ mediagoblin/db/migrations.py
--| Renamed Group class to Privilege class
--\ mediagoblin/db/models.py
--| Renamed Group class to Privilege class
--\ mediagoblin/decorators.py
--| Renamed function based on the Group->Privilege change
--| Rewrote the function to be, ya know, functional
--\ mediagoblin/gmg_commands/users.py
--| Changed the 'makeadmin' command to add the target user to the admin
| privilege group as well as affecting 'is_admin' column
--\ mediagoblin/submit/views.py
--| Added the requirement that a user has the 'uploader' privilege in order
| to submit new media.
--\ mediagoblin/user_pages/views.py
--| Added the requirement that a user has the 'commenter' privilege in order
| to make a comment.
--| Added the requirement that a user has the 'reporter' privilege in order
| to submit new reports.
--| Got rid of some vestigial code in the file_a_report function.
code. I added in two major pieces of functionality: table foundations and a
decorator to confirm whether or not a user is a member of a certain group.
Table Foundations are default rows that should be present in a given table as
soon as the database is initialized. For example, I am using these to populate
the core__groups table with all of the necessary groups ('moderator', 'com-
menter', etc). Right now, this is achieved by adding a dictionary of parameters
(with the parameters as lists) to the constant FOUNDATIONS in
mediagoblin.db.models. The keys to this dictionary are uninstantiated classes.
The classes which require foundations also have must have a constructor so that
the list of parameters can be passed appropriately like so:
Model(*parameters)
In order to implement these foundations, I added the method populate_table_fou-
-ndations to MigrationManager in mediagoblin.db.migration_tools.
The decorator, called user_in_group, accepts as a parameter a unicode string,
and then decides whether to redirect to 403 or let the user access the page. The
identifier is the Group.group_name string, because I believe that will allow for
the most readable code.
I also added in the simple decorator require_admin_login.
In terms of tightening up my code, I made many minor changes to my use of white
space and made a few small documentation additions. I removed a vestigial class
(ReportForm) from mediagoblin.user_pages.forms. I moved all of my migrations in-
to one registered Migration.
Setting up Foundations
==============================
--\ mediagoblin/db/migration_tools.py
--| created: MigrationManager.populate_table_foundations
--| modified: MigrationManager.init_or_migrate to run
| self.populate_table_foundations on init
--\ mediagoblin/db/models.py
--| created: FOUNDATIONS
----| created: group_foundations
Working With Permissions
==============================
--\ mediagoblin/decorators.py
--| created: user_in_group
--| created: require_admin_login
--\ mediagoblin/user_pages/views.py
--| modified: added decorator user_in_group to file_a_report
--\ mediagoblin/admin/views.py
--| modified: added decorator require_admin_login to all views functions
General Code Tidying
=============================
--/ mediagoblin/admin/views.py
--/ mediagoblin/user_pages/forms.py
--/ mediagoblin/db/models.py
--/ mediagoblin/user_pages/lib.py
--/ mediagoblin/user_pages/views.py
--/ mediagoblin/db/migrations.py
lity. At this point, I have finished all the of basic work with the models! I
still need to do some tightening of their documentation, but they seem to be
working well.
Working with Models
========================================
--\ mediagoblin/db/models.py
--| Added in the Report model and table. This model is strictly a parent
----| Added in the CommentReport model which holds information about a report
| filed against a comment. This class inherits from Report.
----| Added in the MediaReport model which holds information about a report f-
| -iled against a media entry. This class inherits from Report.
--| Added in a UserBan model and table. This model is in a one to one relatio-
| -nship with User. This object acts as a marker for whether a user is banned
| or not.
--| Added in a Group model. These objects are in a many-to-many relationship
| with User to explain which privileges a User has.
----| Added in GroupUserAssociation which is a table used to hold this many to
| many relationship between Group & User.
--\ mediagoblin/db/migrations.py
--| Added in the migrations for all of the additions to models
--| Added UserBan_v0
--| Added Report_v0
----| Added CommentReport_v0
----| Added MediaReport_v0
--| Added Group_v0
----| Added GroupUserAssociation_v0
Working with Templates, Views, and Routing
===============================================
>>> Reporting a Comment or a MediaEntry
--\ mediagoblin/user_pages/views.py
--| Added in the function file_a_report to allow user to file reports against
| MediaEntries or Comments. Handles GET and POST requests.
--| Added in the function file_a_comment_report which uses file_a_report but
| also catches appropriate information for comment_ids. I may be able to do
| this more eloquently with decorators.
--\ mediagoblin/user_pages/routing.py
--| Added in route 'mediagoblin.user_pages.media_home.report_media'
| (linked to address /u/<user>/m/<media>/report/ )
--| Added in route ''mediagoblin.user_pages.media_home.report_comment'
| (linked to address /u/<user>/m/<media>/c/<comment>/report/ )
--\ mediagoblin/templates/mediagoblin/user_pages/report.html
--| I created this file to handle the filing of a report.
--\ mediagoblin/templates/mediagoblin/user_pages/media.html
--| Modified this file to add in links allowing users to report either media
| or comments.
--\ mediagoblin/user_pages/lib.py
--| Added in build_report_form which processes data as either a CommentReport or
| a MediaReport depending on which parameters are present
--\ mediagoblin/user_pages/forms.py
--| Added in CommentReportForm
--| Added in MediaReportForm
--| note: ReportForm is vestigial to an earlier strategy I used and I'll remove it
| promptly
--\ mediagoblin/decorators.py
--| Added in 'get_media_comment_by_id' for use in mediagoblin/user_pages/views.py
>>> New Admin Panels
--\ mediagoblin/admin/views.py
--| Added in the function admin_users_panel
--| Added in the function admin_reports_panel
--\ mediagoblin/admin/routing.py
--| Added in route 'mediagoblin.admin.users'
| (linked to address '/a/users')
--| Added in route 'mediagoblin.admin.reports'
| (linked to address '/a/reports/')
--\ mediagoblin/templates/admin/user.html
--| Created this file as a template for monitoring users
--\ mediagoblin/templates/admin/report.html
--| Created this file as a template for monitoring reports filed against media or
| comments
- Added request.notifications
- Email configuration fixes
- Set config_spec default SMTP port to `0` and switch to SSL/non-SSL
default if `port == 0`
- Added email_smtp_use_ssl configuration setting
- Added migrations for notification tables
- Added __repr__ to MediaComment(Mixin)
- Added MediaComment.get_entry => MediaEntry
- Added CommentSubscription, CommentNotification, Notification,
ProcessingNotification tables
- Added notifications.task to celery init
- Fixed a bug in the video transcoder where pygst would hijack the
--help argument.
- Added notifications
- views
- silence
- subscribe
- routes
- utility methods
- celery task
- Added half-hearted .active comment CSS style
- Added quick JS to show header_dropdown
- Added fragment template to show notifications in header_dropdown
- Added fragment template to show subscribe/unsubscribe buttons on
media/comment pages
- Updated celery setup tests with notifications.task
- Tried to fix test_misc tests that I broke
- Added notification tests
- Added and extended tests.tools fixtures
- Integrated new notifications into media_home, media_post_comment views
- Bumped SQLAlchemy dependency to >= 0.8.0 since we need polymorphic for
the notifications to work
Using collection.url_for_self(request.urlgen) instead
of request.urlgen(lengthy) is so much nicer, so using
it around the place.
Also added a few missing </a> in one template.
This is a shortcut function to redirect to the main page
for an object. Objects currently supported: media entries
and collections.
And go around and replace various places to use this.
Don't do: _("With some value: %s" % value)
Please do: _("WIth some value: %s") % value
Fixed for collection messages.
Also removed a
try:
some_code.
except Exception as e:
raise
No point in doing that.
Fixing the indentation of some_code comes in an extra
commit, because changing indentation is annoying enough
alone, so don't mix it with other changes.
The ideas is by Alon Levy.
Not only media_collect, but also other places might want to
add media to a collection. So refactor this into a function
for easier usage.
The problem is:
Collection.query.filter_by(id=X, ...)
1. X = form.collection.data
This works nicely for the completely empty form (X = None).
It does not work for a selected collection, because X
will be the collection, not its id.
2. X = request.form.get('collection') (old code).
This one works mostly, except for the completely empty
form on postgres, because in this case X = u"__None" and
postgres does not like comparing an integer column with
a string.
Fix:
collection = form.collection.data
if collection and collection.creator != request.user.id:
collection = None
That's true; I'm not sure what it's fixing, but he thinks it's fixing
something. Anyway, it's correct :)
This commit sponsored by Philippe Gauthier. Thanks!
- Don't let people who aren't the authors of a collection from adding
things to it (handled by forcing the user check in the query)
- request url in case invalid collection selected fixed
- collection_item.author doesn't yet exist; removing the selection
(we might want multiple people to be able to edit a collection in
the future but that future does not yet exist; as Elrond said,
remove this "false hope")
Thanks to Elrond to pointing out these issues.
And thanks to David Kindler for sponsoring this commit!
- Fixed PEP-008 issues.
- Removed .user-{user} from the tag URI and put it before the domain,
such as {user}@{host} instead.
- Use year from collection.created instead of current year.
tags used to be global, you could only browse media by tag for all users.
This patch implements a view that allows us to browse only a user's tagged
media.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
when linking to a comment in a MediaEntry, the page did not
contain a <a name="comment"> because, well:
We fetched a string comment-id from the routing. And the
pagination code tried to compare that to the int id on the
comment.
Fix is to let routing fetch an int from the url. Easy.
Relatedly remove duplicated comment_id fetching from the
URL in the view.
schendje rightly pointed out that we should not return to the media
homepage if we did not select a collection on the "collect" page, but
should actually return to the collect page.
This is an improvement of the user experience ;-)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Deleting a MediaEntry instance will automatically
delete all related comments and files/attachments. This moves
implementation logic out of views.py and allows to make use of this
functionality when e.g. deleting a User() account.
Whenever a MediaEntry entry is deleted, this will also sql-delete
the corresponding MediaFile entry.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
- add a route at /u/<user>/collections/ (note trailing 's') that lists
all existing collections
- move there the "Create new collection" link, if the user is logged in
- add a new link "Browse collections" from root.html
We have a bunch of URLs that are more for internal use. At
least they're definitely not intended to be posted
somewhere for long term useage.
When those things affect a media, it's much better to
reference the media by its id. This can't change, ever.
This is better for races.
Like someone posting a comment while the owner
corrects a typo in the slug.
We provided a custom GMQuery class that offered a .sort() method for
compatibility with the Mongo syntax. Now that we have settled for sqlalchemy
which uses the order_by() method, we can safely remove this custom class
and move a little closer to "pure" and native sqlalchemy usage.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
