def set_original_language(request, video_id): """ We only allow if a video is own a team, or the video owner is the logged in user """ video = get_object_or_404(Video, video_id=video_id) if not (can_edit_video(video.get_team_video(), request.user) or video.user == request.user): return HttpResponseForbidden("Can't touch this.") form = ChangeVideoOriginalLanguageForm( request.POST or None, initial={'language_code': video.primary_audio_language_code}) if request.method == "POST" and form.is_valid(): video.primary_audio_language_code = form.cleaned_data['language_code'] video.save() messages.success( request, fmt(_(u'The language for %(video)s has been changed'), video=video)) return HttpResponseRedirect( reverse("videos:set_original_language", args=(video_id, ))) return render_to_response("videos/set-original-language.html", { "video": video, 'form': form }, context_instance=RequestContext(request))
def test_can_edit_video(self): user, team = self.user, self.team # Policy: members. team.video_policy = Team.VP_MEMBER team.save() for r in [ROLE_CONTRIBUTOR, ROLE_MANAGER, ROLE_ADMIN, ROLE_OWNER]: with self.role(r): self.assertTrue(can_edit_video(self.nonproject_video, user)) self.assertFalse(can_edit_video(self.nonproject_video, self.outsider)) # Policy: managers. team.video_policy = Team.VP_MANAGER team.save() for r in [ROLE_MANAGER, ROLE_ADMIN, ROLE_OWNER]: with self.role(r): self.assertTrue(can_edit_video(self.nonproject_video, user)) with self.role(ROLE_CONTRIBUTOR): self.assertFalse(can_edit_video(self.nonproject_video, user)) self.assertFalse(can_edit_video(self.nonproject_video, self.outsider)) # Make sure narrowings are taken into account. with self.role(ROLE_MANAGER, self.test_project): self.assertFalse(can_edit_video(self.nonproject_video, user)) self.assertTrue(can_edit_video(self.project_video, user)) # Policy: admins. team.video_policy = Team.VP_ADMIN team.save() for r in [ROLE_ADMIN, ROLE_OWNER]: with self.role(r): self.assertTrue(can_edit_video(self.nonproject_video, user)) for r in [ROLE_CONTRIBUTOR, ROLE_MANAGER]: with self.role(r): self.assertFalse(can_edit_video(self.nonproject_video, user)) self.assertFalse(can_edit_video(self.nonproject_video, self.outsider))
def can_user_edit_video_urls(video, user): """Check if a user has permission to add a URL to a video.""" team_video = video.get_team_video() if not team_video: # for non-team videos, the allow_video_urls_edit attribute # controls access. This should be True for all videos return video.allow_video_urls_edit else: # for team videos, check if the user can edit the video return teams_permissions.can_edit_video(team_video, user)
def user_can_edit_video(self, user): return permissions.can_edit_video(self.team_video, user)