I made was I added the method has_privilege (which takes a variable amount of
unicode privilege names as an argument) to the User model. This method allowed
for much cleaner checks as to whether or not a user has a privilege. Other-
wise, I also made it impossible for moderators to punish admins. I created a
new url path and three new pages for Users to look at filed reports and the
code of conduct for the mg instance.
=== Made reports on admins not resolvable by moderators:
--\ mediagoblin/moderation/views.py
--\ mediagoblin/templates/mediagoblin/moderation/report.html
=== Created new files for the new pages:
--\ mediagoblin/meta/__init__.py
--\ mediagoblin/meta/routing.py
--\ mediagoblin/meta/views.py
--\ mediagoblin/templates/mediagoblin/meta/code_of_conduct.html
--\ mediagoblin/templates/mediagoblin/meta/reports_details.html
--\ mediagoblin/templates/mediagoblin/meta/reports_panel.html
--\ mediagoblin/routing.py
--\ mediagoblin/static/css/base.css
=== Replaced vestigial methods of checking a user's privilege with the more
====== effective method has_privilege(u'privilege_name'):
--\ mediagoblin/db/models.py
--| Added in the has_privilege method to the User class
--\ mediagoblin/db/migrations.py
--\ mediagoblin/db/models.py
--\ mediagoblin/decorators.py
--\ mediagoblin/edit/lib.py
--\ mediagoblin/edit/views.py
--\ mediagoblin/gmg_commands/users.py
--\ mediagoblin/moderation/views.py
--\ mediagoblin/templates/mediagoblin/base.html
--\ mediagoblin/templates/mediagoblin/user_pages/collection.html
--\ mediagoblin/templates/mediagoblin/user_pages/media.html
--\ mediagoblin/templates/mediagoblin/user_pages/user.html
--\ mediagoblin/templates/mediagoblin/utils/collection_gallery.html
--\ mediagoblin/user_pages/views.py
=== Minor UI changes
--\ mediagoblin/templates/mediagoblin/moderation/report_panel.html
--\ mediagoblin/templates/mediagoblin/moderation/user.html
=== Other Bugs:
--\ mediagoblin/tools/response.py
--\ mediagoblin/db/migrations.py
mediagoblin/db/models.py. This list holds all of the information about rows that
should be created at database initialization. Read the documentation near the
FOUNDATIONS list to understand the proper format for this list.
All of the work is done through a new method on MigrationManager in
mediagoblin/db/migrations_tools.py. This method, `populate_table_foundations`
parses the FOUNDATIONS list and creates the foundations based on the data incl-
uded. This only ever happens when the database is initialized. Migrations to
releases with new Foundations should be very easy just using the basic
database functionality.
have mostly completed the moderator punishment and resolution of reports. Along
with this, I have also added one last table to the database: one that holds ar-
-chived (or resolved) reports. This is some of the primary functionality of my
whole update, so this is a big step! The other changes I made this update are
primarily organizational. I refactored some of my code into functions and I cl-
eaned up many of my templates.
--\ mediagoblin/db/models.py
--| Created the new ArchivedReport table
--| Removed columns from BaseReport table that are only necessary for Archived
| reports
--\ mediagoblin/db/migrations.py
--| Created the new ArchivedReport table
--| Removed columns from BaseReport table that are only necessary for Archived
| reports
--\ mediagoblin/db/util.py
--| Created the user_privileges_to_dictionary function. This is useful for
| accessing a user's permissions from within a template.
--\ mediagoblin/moderation/forms.py
--| Expanded the disciplinary actions a moderator can take
--| Allowed the moderator to choose more than one disciplinary action at a time
| (It's now managed with a list of checkboxes rather than radio buttons)
----| Pulled a MultiCheckBox class from a wtforms tutorial
--| Added various other form inputs for details of the moderator's disciplinary
| actions
--| Tried to ensure that every string is unicode and translated
--\ mediagoblin/moderation/tools.py
--| Created this file for holding useful moderation tools
--| Moved the penalizing code from views to the function take_punitive_actions
--| Added many more types of punitive actions
--| Added the archiving of old reports
--\ mediagoblin/moderation/views.py
--| Used the privileges_to_dictionary function for the Users Detail view to
| allow for different actions available to a moderator and an admin.
--| Added in functionality for ArchivedReports to the reports_detail and
| reports_panel views
--| Moved the punishments of repots_detail to tools.py (as mentioned above)
--\ mediagoblin/static/css/base.css
--| Added new styling for the User Detail page
--\ mediagoblin/static/images/icon_clipboard_alert.png
--| Added this image to represent unresolved reports
--\ mediagoblin/templates/mediagoblin/moderation/report.html
--| Added 'Return to Reports Panel' button
--| Fixed the spacing to be less that 80 columns wide
--| Added in display for Archived Reports
--\ mediagoblin/templates/mediagoblin/moderation/reports_panel.html
--| Changed the placement and columns of the tables
--| Fixed the spacing to be less that 80 columns wide
--| Added in display for Archived Reports
--\ mediagoblin/templates/mediagoblin/moderation/user.html
--| Fixed the spacing to be less that 80 columns wide
--| Took away the moderator's ability to add and remove privileges at will.
| Only the admin has this power now.
--\ mediagoblin/templates/mediagoblin/moderation/users_panel.html
--| Fixed the spacing to be less that 80 columns wide
--\ mediagoblin/tools/response.py
--| Added in code to remove a UserBan from a User if that user logs in after
| the expiration date
the folders and enpoints labeled 'admin' to the more accurate term of 'moderat-
ion.' I also created the ability for admins and moderators to add or remove pr-
ivileges or to ban a user in response to a report. This also meant implementing
the UserBan class in various places. I also had to add a column called result
to the ReportBase table. This allows the moderator/admin to leave comments when
they respond to a report, allowing for archiving of what responses they do/n't
take.
--\ mediagoblin/db/migrations.py
--| Added result column to ReportBase
--\ mediagoblin/db/models.py
--| Added result column to ReportBase
--| Added documentation to tables I had made previously
--\ mediagoblin/decorators.py
--| Editted the user_has_privilege decorator to check whether a user has been
| banned or not
--| Created a seperate user_not_banned decorator to prevent banned users from
| accessing any pages
--| Changed require_admin_login into require_admin_or_moderator login
--\ mediagoblin/gmg_commands/users.py
--| Made the gmg command `adduser` create a user w/ the appropriate privileges
--\ mediagoblin/moderation/routing.py << formerly mediagoblin/admin/routing.py
--| Renamed all of the routes from admin -> moderation
--\ mediagoblin/routing.py
--| Renamed all of the routes from admin -> moderation
--\ mediagoblin/moderation/views.py << formerly mediagoblin/admin/views.py
--| Renamed all of the routes & functions from admin -> moderation
--| Expanded greatly on the moderation_reports_detail view and functionality
--| Added in the give_or_take_away_privilege form, however this might be a use-
| -less function which I could remove (because privilege changes should happe-
| n in response to a report so they can be archived and visible)
--\ mediagoblin/static/css/base.css
--| Added in a style for the reports_detail page
--\ mediagoblin/templates/mediagoblin/base.html
--| Renamed all of the routes from admin -> moderation
--\ mediagoblin/templates/mediagoblin/moderation/report.html
--| Added form to allow moderators and admins to respond to reports.
--\ mediagoblin/templates/mediagoblin/moderation/reports_panel.html
--| Fixed the table for closed reports
--\ mediagoblin/templates/mediagoblin/moderation/user.html
--| Added in a table w/ all of the user's privileges and the option to add or
| remove them. Again, this is probably vestigial
--| Renamed all of the routes from admin -> moderation
--\ mediagoblin/templates/mediagoblin/moderation/user_panel.html
--| Renamed all of the routes from admin -> moderation
--\ mediagoblin/tools/response.py
--| Added function render_user_banned, this is the view function for the redir-
| -ect that happens when a user tries to access the site whilst banned
--\ mediagoblin/user_pages/forms.py
--| Added important translate function where I had text
--\ mediagoblin/user_pages/lib.py
--| Renamed functiion for clarity
--\ mediagoblin/user_pages/views.py
--| Added the user_not_banned decorator to every view
--\ mediagoblin/views.py
--| Added the user_not_banned decorator
--\ mediagoblin/moderation/forms.py
--| Created this new file
--\ mediagoblin/templates/mediagoblin/banned.html
--| Created this new file
--| This is the page which people are redirected to when they access the site
| while banned
-uple other small changes. I changed the information around the media processi-
ng panel to be more specific, since it was written when it was the only admin
page. Git didn't catch this, but I renamed the templates, so mediagoblin/templ-
ates/admin/user.html now referrs to the page which shows the details of a spec-
ific user. The list view pages are now named ELEMENT_panel.html(ie. user_panel)
I also added a column reported_user_id to the ReportBase table, and had to add
to Report filing to make sure that column gets created. Also I moved the report
media button (on a media page) to the sidebar, though it still needs some form-
atting
--\ mediagoblin/static/images/icon_clipboard.png
--| Added this image for use in template mediagoblin/admin/report.html.
--| Distributed by the GNOME project http://www.gnome.org
--| Under a GNU LGPL v.3 or Creative Commons BY-SA 3.0 license.
--| I'm still trying to figure out the appropriate way to attribute this in
| the code
--\ mediagoblin/templates/mediagoblin/admin/media_panel.html
--| This template is actually the template formerly know as media.html. I
| renamed it for clarity
--\ mediagoblin/templates/mediagoblin/admin/report_panel.html
--| This template is actually the template formerly know as report.html. I
| renamed it for clarity
--\ mediagoblin/templates/mediagoblin/admin/user_panel.html
--| This template is actually the template formerly know as user.html. I renam-
| -ed it for clarity
--\ mediagoblin/templates/mediagoblin/utils/report.html
--| This template is included in the media_home page. It is the report media
| button. I figured I'd write it like this in case it got more complicated.
--\ mediagoblin/admin/routing.py
--| I changed the routing path /a/panel to /a/media for specificity
--\ mediagoblin/admin/views.py
--| I renamed admin_processing_panel to admin_media_processing_panel
--| I wrote a new view function admin_reports_detail
--| I wrote a new view function admin_users_detail
--\ mediagoblin/db/migrations.py
--| I added in the column reported_user_id to the ReportBase_v0 class
--\ mediagoblin/db/models.py
--| I added in the column reported_user_id to the ReportBase class
--\ mediagoblin/static/css/base.css
--| I added in css classes to display a report. Right now, they are just echo-
| -ing the ways comments are displayed, but with the link in another color
--\ mediagoblin/templates/mediagoblin/admin/report.html
--| Created this new template (although git doesn't realize it) to show the de-
| -tails of a specific report, indicated in the URL
--\ mediagoblin/templates/mediagoblin/admin/user.html
--| Created this new template (although git doesn't realize it) to show the de-
| -tails of a specific user, indicated in the URL
--\ mediagoblin/templates/mediagoblin/base.html
--| Redirected the link from /a/panel to /a/media
--\ mediagoblin/templates/mediagoblin/user_pages/media.html
--| Moved the media report button to the sidebar
--\ mediagoblin/user_pages/lib.py
--| Changed the creation of reports, so that they also assign a column for rep-
| -orted_user_id.
as to not conflict with the new federated groups which are also being written.
I also fixed up some of the code in the user_in_group/user_has_privilege decor-
ator. Users are now assigned the default privileges when they sign up, and ass-
iged active once they are activated. I updated the gmg command makeadmin to use
my groups as well. Lastly, I added the decorator to various views, requiring th-
at users belong to appropriate groups to access pages.
--\ mediagoblin/auth/tools.py
--| Added code to assign new users to default privileges
--\ mediagoblin/auth/views.py
--| Added code to assign users to u'active' privilege once the email
| verification is complete
--\ mediagoblin/db/migrations.py
--| Renamed Group class to Privilege class
--\ mediagoblin/db/models.py
--| Renamed Group class to Privilege class
--\ mediagoblin/decorators.py
--| Renamed function based on the Group->Privilege change
--| Rewrote the function to be, ya know, functional
--\ mediagoblin/gmg_commands/users.py
--| Changed the 'makeadmin' command to add the target user to the admin
| privilege group as well as affecting 'is_admin' column
--\ mediagoblin/submit/views.py
--| Added the requirement that a user has the 'uploader' privilege in order
| to submit new media.
--\ mediagoblin/user_pages/views.py
--| Added the requirement that a user has the 'commenter' privilege in order
| to make a comment.
--| Added the requirement that a user has the 'reporter' privilege in order
| to submit new reports.
--| Got rid of some vestigial code in the file_a_report function.
code. I added in two major pieces of functionality: table foundations and a
decorator to confirm whether or not a user is a member of a certain group.
Table Foundations are default rows that should be present in a given table as
soon as the database is initialized. For example, I am using these to populate
the core__groups table with all of the necessary groups ('moderator', 'com-
menter', etc). Right now, this is achieved by adding a dictionary of parameters
(with the parameters as lists) to the constant FOUNDATIONS in
mediagoblin.db.models. The keys to this dictionary are uninstantiated classes.
The classes which require foundations also have must have a constructor so that
the list of parameters can be passed appropriately like so:
Model(*parameters)
In order to implement these foundations, I added the method populate_table_fou-
-ndations to MigrationManager in mediagoblin.db.migration_tools.
The decorator, called user_in_group, accepts as a parameter a unicode string,
and then decides whether to redirect to 403 or let the user access the page. The
identifier is the Group.group_name string, because I believe that will allow for
the most readable code.
I also added in the simple decorator require_admin_login.
In terms of tightening up my code, I made many minor changes to my use of white
space and made a few small documentation additions. I removed a vestigial class
(ReportForm) from mediagoblin.user_pages.forms. I moved all of my migrations in-
to one registered Migration.
Setting up Foundations
==============================
--\ mediagoblin/db/migration_tools.py
--| created: MigrationManager.populate_table_foundations
--| modified: MigrationManager.init_or_migrate to run
| self.populate_table_foundations on init
--\ mediagoblin/db/models.py
--| created: FOUNDATIONS
----| created: group_foundations
Working With Permissions
==============================
--\ mediagoblin/decorators.py
--| created: user_in_group
--| created: require_admin_login
--\ mediagoblin/user_pages/views.py
--| modified: added decorator user_in_group to file_a_report
--\ mediagoblin/admin/views.py
--| modified: added decorator require_admin_login to all views functions
General Code Tidying
=============================
--/ mediagoblin/admin/views.py
--/ mediagoblin/user_pages/forms.py
--/ mediagoblin/db/models.py
--/ mediagoblin/user_pages/lib.py
--/ mediagoblin/user_pages/views.py
--/ mediagoblin/db/migrations.py
lity. At this point, I have finished all the of basic work with the models! I
still need to do some tightening of their documentation, but they seem to be
working well.
Working with Models
========================================
--\ mediagoblin/db/models.py
--| Added in the Report model and table. This model is strictly a parent
----| Added in the CommentReport model which holds information about a report
| filed against a comment. This class inherits from Report.
----| Added in the MediaReport model which holds information about a report f-
| -iled against a media entry. This class inherits from Report.
--| Added in a UserBan model and table. This model is in a one to one relatio-
| -nship with User. This object acts as a marker for whether a user is banned
| or not.
--| Added in a Group model. These objects are in a many-to-many relationship
| with User to explain which privileges a User has.
----| Added in GroupUserAssociation which is a table used to hold this many to
| many relationship between Group & User.
--\ mediagoblin/db/migrations.py
--| Added in the migrations for all of the additions to models
--| Added UserBan_v0
--| Added Report_v0
----| Added CommentReport_v0
----| Added MediaReport_v0
--| Added Group_v0
----| Added GroupUserAssociation_v0
Working with Templates, Views, and Routing
===============================================
>>> Reporting a Comment or a MediaEntry
--\ mediagoblin/user_pages/views.py
--| Added in the function file_a_report to allow user to file reports against
| MediaEntries or Comments. Handles GET and POST requests.
--| Added in the function file_a_comment_report which uses file_a_report but
| also catches appropriate information for comment_ids. I may be able to do
| this more eloquently with decorators.
--\ mediagoblin/user_pages/routing.py
--| Added in route 'mediagoblin.user_pages.media_home.report_media'
| (linked to address /u/<user>/m/<media>/report/ )
--| Added in route ''mediagoblin.user_pages.media_home.report_comment'
| (linked to address /u/<user>/m/<media>/c/<comment>/report/ )
--\ mediagoblin/templates/mediagoblin/user_pages/report.html
--| I created this file to handle the filing of a report.
--\ mediagoblin/templates/mediagoblin/user_pages/media.html
--| Modified this file to add in links allowing users to report either media
| or comments.
--\ mediagoblin/user_pages/lib.py
--| Added in build_report_form which processes data as either a CommentReport or
| a MediaReport depending on which parameters are present
--\ mediagoblin/user_pages/forms.py
--| Added in CommentReportForm
--| Added in MediaReportForm
--| note: ReportForm is vestigial to an earlier strategy I used and I'll remove it
| promptly
--\ mediagoblin/decorators.py
--| Added in 'get_media_comment_by_id' for use in mediagoblin/user_pages/views.py
>>> New Admin Panels
--\ mediagoblin/admin/views.py
--| Added in the function admin_users_panel
--| Added in the function admin_reports_panel
--\ mediagoblin/admin/routing.py
--| Added in route 'mediagoblin.admin.users'
| (linked to address '/a/users')
--| Added in route 'mediagoblin.admin.reports'
| (linked to address '/a/reports/')
--\ mediagoblin/templates/admin/user.html
--| Created this file as a template for monitoring users
--\ mediagoblin/templates/admin/report.html
--| Created this file as a template for monitoring reports filed against media or
| comments
- Added request.notifications
- Email configuration fixes
- Set config_spec default SMTP port to `0` and switch to SSL/non-SSL
default if `port == 0`
- Added email_smtp_use_ssl configuration setting
- Added migrations for notification tables
- Added __repr__ to MediaComment(Mixin)
- Added MediaComment.get_entry => MediaEntry
- Added CommentSubscription, CommentNotification, Notification,
ProcessingNotification tables
- Added notifications.task to celery init
- Fixed a bug in the video transcoder where pygst would hijack the
--help argument.
- Added notifications
- views
- silence
- subscribe
- routes
- utility methods
- celery task
- Added half-hearted .active comment CSS style
- Added quick JS to show header_dropdown
- Added fragment template to show notifications in header_dropdown
- Added fragment template to show subscribe/unsubscribe buttons on
media/comment pages
- Updated celery setup tests with notifications.task
- Tried to fix test_misc tests that I broke
- Added notification tests
- Added and extended tests.tools fixtures
- Integrated new notifications into media_home, media_post_comment views
- Bumped SQLAlchemy dependency to >= 0.8.0 since we need polymorphic for
the notifications to work
If one deletes a media with attachments, there have been
various problems:
1) If the file in the storage did not exist any more (maybe
because due to a previous deletion attempt?), the error
propagation failed, because the wrong thing was
gathered.
2) The attachment database entries were not deleted.
Using cascade for this, for now.
Also add a simple unit test, that tests both by having a
broken attachment on a media.
Instead of doing query by hand, use the relationships on
the models to find the media_data. Is is made possible by
the BACKREF_NAME in each models.py, which lets us know the
local attr to ask for.
Also initialize the relationship attribute on new
media_data instead of the media_id. Also do not add it to
the session. This gives us:
- This automatically initializes the other side of the
relationship, which will allow later acces via that way.
- If the media_data is too early in the session, when the
(new) media_entry is not yet in there, this could get
conflicts. Avoid those by not adding to session.
- Uses cascading to commit media_data together with the
media_entry.
This feature is absolutely necessary. Now a user can simply define
their default license and quickly go through a form, as opposed to
stopping to click on the select and choosing the same option over
and over again.
Also added DB migration for the field, so that's working now, too.
Rebased by Sebastian and made the default value to be unicode.
Reviewed-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Merging an old branch, I reintroduced an import of db.sql.util rather than
db.util. Fixing the glitch.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Set User.collections to her Collections using the backref feature.
This way we can iterate a user's collections and delete them all.
Delete all MediaEntries/Files/attachments/comments/collections etc
before finally deleting the User object. This is the backend work for
issue 302 (allow a user to delete ones own account)
Deleting a MediaEntry instance will automatically
delete all related comments and files/attachments. This moves
implementation logic out of views.py and allows to make use of this
functionality when e.g. deleting a User() account.
Whenever a MediaEntry entry is deleted, this will also sql-delete
the corresponding MediaFile entry.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This concludes the db.sql.* -> db.* move. Our db abstraction layer is
sqlalchemy, so there is no need to a separate db.sql.* hierarchy.
All tests have been run for each of the commit series to make sure
everything works at every step.
The .uploader() method conflicts with the uploader database
field. As we're moving to .FIELD for db field access, this
is a relevant conflict.
So renaming .uploader() to .get_uploader()
