def change_pass(request):
form = auth_forms.ChangePassForm(request.form)
user = request.user
if request.method == 'POST' and form.validate():
if not tools.bcrypt_check_password(
form.old_password.data, user.pw_hash):
form.old_password.errors.append(
_('Wrong password'))
return render_to_response(
request,
'mediagoblin/plugins/recaptcha/change_pass.html',
{'form': form,
'user': user})
# Password matches
user.pw_hash = tools.bcrypt_gen_password_hash(
form.new_password.data)
user.save()
messages.add_message(
request, messages.SUCCESS,
_('Your password was changed successfully'))
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request,
'mediagoblin/plugins/recaptcha/change_pass.html',
{'form': form,
'user': user})
def add(request):
if request.method == 'GET':
return redirect(request, 'mediagoblin.plugins.persona.edit')
email = _get_response(request)
if email:
query = PersonaUserEmails.query.filter_by(
persona_email=email
).first()
user_exists = query.user if query else None
if user_exists:
messages.add_message(
request,
messages.WARNING,
_('Sorry, an account is already registered with that Persona'
' email address.'))
return redirect(request, 'mediagoblin.plugins.persona.edit')
else:
# Save the Persona Email to the user
new_entry = PersonaUserEmails()
new_entry.persona_email = email
new_entry.user_id = request.user.id
new_entry.save()
messages.add_message(
request,
messages.SUCCESS,
_('Your Persona email address was saved successfully.'))
return redirect(request, 'mediagoblin.edit.account')
def test_messages(test_app):
"""
Added messages should show up in the request.session,
fetched messages should be the same as the added ones,
and fetching should clear the message list.
"""
# Aquire a request object
test_app.get('/')
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
request = context['request']
# The message queue should be empty
assert request.session.get('messages', []) == []
# First of all, we should clear the messages queue
messages.clear_add_message()
# Adding a message should modify the session accordingly
messages.add_message(request, 'herp_derp', 'First!')
test_msg_queue = [{'text': 'First!', 'level': 'herp_derp'}]
# Alternative tests to the following, test divided in two steps:
# assert request.session['messages'] == test_msg_queue
# 1. Tests if add_message worked
assert messages.ADD_MESSAGE_TEST[-1] == test_msg_queue
# 2. Tests if add_message updated session information
assert messages.ADD_MESSAGE_TEST[-1] == request.session['messages']
# fetch_messages should return and empty the queue
assert messages.fetch_messages(request) == test_msg_queue
assert request.session.get('messages') == []
def edit_blog_post(request):
"""
First view for submitting a file.
"""
form = forms.BlogPostEditForm(request.form,
license=request.user.license_preference)
if request.method == 'POST' and form.validate():
media_type = 'blogpost'
entry = request.db.MediaEntry()
entry.media_type = unicode(media_type)
entry.title = unicode(form.title.data)
entry.description = unicode(form.description.data)
entry.license = unicode(form.license.data) or None
entry.uploader = request.user.id
entry.tags = convert_to_tag_list_of_dicts(form.tags.data)
entry.generate_slug()
entry.save()
add_message(request, SUCCESS, _('Woohoo! Submitted!'))
return redirect(request, "mediagoblin.plugins.blog.blog.view",
user=request.user.username)
return render_to_response(
request,
'blog/blogpost_edit.html',
{'form': form,
'app_config': mg_globals.app_config,
'user': request.user})
def register(request):
"""The registration view.
Note that usernames will always be lowercased. Email domains are lowercased while
the first part remains case-sensitive.
"""
# Redirects to indexpage if registrations are disabled
if not mg_globals.app_config["allow_registration"]:
messages.add_message(
request,
messages.WARNING,
_('Sorry, registration is disabled on this instance.'))
return redirect(request, "index")
register_form = auth_forms.RegistrationForm(request.form)
if request.method == 'POST' and register_form.validate():
# TODO: Make sure the user doesn't exist already
users_with_username = User.query.filter_by(username=register_form.data['username']).count()
users_with_email = User.query.filter_by(email=register_form.data['email']).count()
extra_validation_passes = True
if users_with_username:
register_form.username.errors.append(
_(u'Sorry, a user with that name already exists.'))
extra_validation_passes = False
if users_with_email:
register_form.email.errors.append(
_(u'Sorry, a user with that email address already exists.'))
extra_validation_passes = False
if extra_validation_passes:
# Create the user
user = User()
user.username = register_form.data['username']
user.email = register_form.data['email']
user.pw_hash = auth_lib.bcrypt_gen_password_hash(
register_form.password.data)
user.verification_key = unicode(uuid.uuid4())
user.save()
# log the user in
request.session['user_id'] = unicode(user.id)
request.session.save()
# send verification email
email_debug_message(request)
send_verification_email(user, request)
# redirect the user to their homepage... there will be a
# message waiting for them to verify their email
return redirect(
request, 'mediagoblin.user_pages.user_home',
user=user.username)
return render_to_response(
request,
'mediagoblin/auth/register.html',
{'register_form': register_form})
def delete_account(request):
"""Delete a user completely"""
user = request.user
if request.method == 'POST':
if request.form.get(u'confirmed'):
# Form submitted and confirmed. Actually delete the user account
# Log out user and delete cookies etc.
# TODO: Should we be using MG.auth.views.py:logout for this?
request.session.delete()
# Delete user account and all related media files etc....
request.user.delete()
# We should send a message that the user has been deleted
# successfully. But we just deleted the session, so we
# can't...
return redirect(request, 'index')
else: # Did not check the confirmation box...
messages.add_message(
request, messages.WARNING,
_('You need to confirm the deletion of your account.'))
# No POST submission or not confirmed, just show page
return render_to_response(
request,
'mediagoblin/edit/delete_account.html',
{'user': user})
def edit_account(request):
user = request.user
form = forms.EditAccountForm(
request.form,
wants_comment_notification=user.wants_comment_notification,
license_preference=user.license_preference,
wants_notifications=user.wants_notifications)
if request.method == 'POST' and form.validate():
user.wants_comment_notification = form.wants_comment_notification.data
user.wants_notifications = form.wants_notifications.data
user.license_preference = form.license_preference.data
user.save()
messages.add_message(request, messages.SUCCESS,
_("Account settings saved"))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=user.username)
return render_to_response(request, 'mediagoblin/edit/edit_account.html', {
'user': user,
'form': form
})
def subscribe_comments(request, media):
add_comment_subscription(request.user, media)
messages.add_message(request, messages.SUCCESS, _("Subscribed to comments on %s!") % media.title)
return redirect(request, location=media.url_for_self(request.urlgen))
def edit_account(request):
user = request.user
form = forms.EditAccountForm(
request.form,
wants_comment_notification=user.wants_comment_notification,
license_preference=user.license_preference,
)
if request.method == "POST":
form_validated = form.validate()
if form_validated and form.wants_comment_notification.validate(form):
user.wants_comment_notification = form.wants_comment_notification.data
if form_validated and form.new_password.data or form.old_password.data:
password_matches = auth_lib.bcrypt_check_password(form.old_password.data, user.pw_hash)
if password_matches:
# the entire form validates and the password matches
user.pw_hash = auth_lib.bcrypt_gen_password_hash(form.new_password.data)
else:
form.old_password.errors.append(_("Wrong password"))
if form_validated and form.license_preference.validate(form):
user.license_preference = form.license_preference.data
if form_validated and not form.errors:
user.save()
messages.add_message(request, messages.SUCCESS, _("Account settings saved"))
return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
return render_to_response(request, "mediagoblin/edit/edit_account.html", {"user": user, "form": form})
def finish_edit(request):
"""Finishes the process of adding an openid url to a user"""
response = _finish_verification(request)
if not response:
# Verification failed, redirect to add openid page.
return redirect(request, 'mediagoblin.plugins.openid.edit')
# Verification was successfull
query = OpenIDUserURL.query.filter_by(
openid_url=response.identity_url, ).first()
user_exists = query.user if query else None
if user_exists:
# user exists with that openid url, redirect back to edit page
messages.add_message(
request, messages.WARNING,
_('Sorry, an account is already registered to that OpenID.'))
return redirect(request, 'mediagoblin.plugins.openid.edit')
else:
# Save openid to user
user = User.query.filter_by(id=request.session['user_id']).first()
new_entry = OpenIDUserURL()
new_entry.openid_url = response.identity_url
new_entry.user_id = user.id
new_entry.save()
messages.add_message(request, messages.SUCCESS,
_('Your OpenID url was saved successfully.'))
return redirect(request, 'mediagoblin.edit.account')
def edit_profile(request, url_user=None):
# admins may edit any user profile
if request.user.username != url_user.username:
if not request.user.is_admin:
raise Forbidden(_("You can only edit your own profile."))
# No need to warn again if admin just submitted an edited profile
if request.method != "POST":
messages.add_message(
request, messages.WARNING, _("You are editing a user's profile. Proceed with caution.")
)
user = url_user
form = forms.EditProfileForm(request.form, url=user.url, bio=user.bio)
if request.method == "POST" and form.validate():
user.url = unicode(form.url.data)
user.bio = unicode(form.bio.data)
user.save()
messages.add_message(request, messages.SUCCESS, _("Profile changes saved"))
return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
return render_to_response(request, "mediagoblin/edit/edit_profile.html", {"user": user, "form": form})
def change_pass(request):
form = forms.ChangePassForm(request.form)
user = request.user
if request.method == 'POST' and form.validate():
if not tools.bcrypt_check_password(form.old_password.data,
user.pw_hash):
form.old_password.errors.append(_('Wrong password'))
return render_to_response(
request, 'mediagoblin/plugins/basic_auth/change_pass.html', {
'form': form,
'user': user
})
# Password matches
user.pw_hash = tools.bcrypt_gen_password_hash(form.new_password.data)
user.save()
messages.add_message(request, messages.SUCCESS,
_('Your password was changed successfully'))
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request, 'mediagoblin/plugins/basic_auth/change_pass.html', {
'form': form,
'user': user
})
def edit_account(request):
user = request.user
form = forms.EditAccountForm(request.form, wants_comment_notification=user.get("wants_comment_notification"))
if request.method == "POST":
form_validated = form.validate()
# if the user has not filled in the new or old password fields
if not form.new_password.data and not form.old_password.data:
if form.wants_comment_notification.validate(form):
user.wants_comment_notification = form.wants_comment_notification.data
user.save()
messages.add_message(request, messages.SUCCESS, _("Account settings saved"))
return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
# so the user has filled in one or both of the password fields
else:
if form_validated:
password_matches = auth_lib.bcrypt_check_password(form.old_password.data, user.pw_hash)
if password_matches:
# the entire form validates and the password matches
user.pw_hash = auth_lib.bcrypt_gen_password_hash(form.new_password.data)
user.wants_comment_notification = form.wants_comment_notification.data
user.save()
messages.add_message(request, messages.SUCCESS, _("Account settings saved"))
return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
else:
form.old_password.errors.append(_("Wrong password"))
return render_to_response(request, "mediagoblin/edit/edit_account.html", {"user": user, "form": form})
def edit_profile(request):
# admins may edit any user profile given a username in the querystring
edit_username = request.GET.get("username")
if request.user.is_admin and request.user.username != edit_username:
user = request.db.User.find_one({"username": edit_username})
# No need to warn again if admin just submitted an edited profile
if request.method != "POST":
messages.add_message(
request, messages.WARNING, _("You are editing a user's profile. Proceed with caution.")
)
else:
user = request.user
form = forms.EditProfileForm(request.form, url=user.get("url"), bio=user.get("bio"))
if request.method == "POST" and form.validate():
user.url = unicode(request.form["url"])
user.bio = unicode(request.form["bio"])
user.save()
messages.add_message(request, messages.SUCCESS, _("Profile changes saved"))
return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
return render_to_response(request, "mediagoblin/edit/edit_profile.html", {"user": user, "form": form})
def delete_account(request):
"""Delete a user completely"""
user = request.user
if request.method == 'POST':
if request.form.get(u'confirmed'):
# Form submitted and confirmed. Actually delete the user account
# Log out user and delete cookies etc.
# TODO: Should we be using MG.auth.views.py:logout for this?
request.session.delete()
# Delete user account and all related media files etc....
request.user.delete()
# We should send a message that the user has been deleted
# successfully. But we just deleted the session, so we
# can't...
return redirect(request, 'index')
else: # Did not check the confirmation box...
messages.add_message(
request, messages.WARNING,
_('You need to confirm the deletion of your account.'))
# No POST submission or not confirmed, just show page
return render_to_response(request, 'mediagoblin/edit/delete_account.html',
{'user': user})
def _finish_verification(request):
"""
Complete OpenID Verification Process.
If the verification failed, will return false, otherwise, will return
the response
"""
c = consumer.Consumer(request.session, SQLAlchemyOpenIDStore())
# Check the response from the provider
response = c.complete(request.args, request.base_url)
if response.status == consumer.FAILURE:
messages.add_message(
request,
messages.WARNING,
_('Verification of %s failed: %s' %
(response.getDisplayIdentifier(), response.message)))
elif response.status == consumer.SUCCESS:
# Verification was successfull
return response
elif response.status == consumer.CANCEL:
# Verification canceled
messages.add_message(
request,
messages.WARNING,
_('Verification cancelled'))
return False
def verify_email(request):
"""
Email verification view
validates GET parameters against database and unlocks the user account, if
you are lucky :)
"""
# If we don't have userid and token parameters, we can't do anything; 404
if not 'userid' in request.GET or not 'token' in request.GET:
return render_404(request)
user = request.db.User.find_one(
{'_id': ObjectId(unicode(request.GET['userid']))})
if user and user.verification_key == unicode(request.GET['token']):
user.status = u'active'
user.email_verified = True
user.verification_key = None
user.save()
messages.add_message(
request,
messages.SUCCESS,
_("Your email address has been verified. "
"You may now login, edit your profile, and submit images!"))
else:
messages.add_message(
request,
messages.ERROR,
_('The verification key or user id is incorrect'))
return redirect(
request, 'mediagoblin.user_pages.user_home',
user=user.username)
def register_client(request):
'''
Register an OAuth client
'''
form = ClientRegistrationForm(request.form)
if request.method == 'POST' and form.validate():
client = OAuthClient()
client.name = unicode(request.form['name'])
client.description = unicode(request.form['description'])
client.type = unicode(request.form['type'])
client.owner_id = request.user.id
client.redirect_uri = unicode(request.form['redirect_uri'])
client.generate_identifier()
client.generate_secret()
client.save()
add_message(request, SUCCESS, _('The client {0} has been registered!')\
.format(
client.name))
return redirect(request, 'mediagoblin.plugins.oauth.list_clients')
return render_to_response(
request,
'oauth/client/register.html',
{'form': form})
def _finish_verification(request):
"""
Complete OpenID Verification Process.
If the verification failed, will return false, otherwise, will return
the response
"""
c = consumer.Consumer(request.session, SQLAlchemyOpenIDStore())
# Check the response from the provider
response = c.complete(request.args, request.base_url)
if response.status == consumer.FAILURE:
messages.add_message(
request, messages.WARNING,
_('Verification of %s failed: %s' %
(response.getDisplayIdentifier(), response.message)))
elif response.status == consumer.SUCCESS:
# Verification was successfull
return response
elif response.status == consumer.CANCEL:
# Verification canceled
messages.add_message(request, messages.WARNING,
_('Verification cancelled'))
return False
def add(request):
if request.method == 'GET':
return redirect(request, 'mediagoblin.plugins.persona.edit')
email = _get_response(request)
if email:
query = PersonaUserEmails.query.filter_by(persona_email=email).first()
user_exists = query.user if query else None
if user_exists:
messages.add_message(
request, messages.WARNING,
_('Sorry, an account is already registered with that Persona'
' email address.'))
return redirect(request, 'mediagoblin.plugins.persona.edit')
else:
# Save the Persona Email to the user
new_entry = PersonaUserEmails()
new_entry.persona_email = email
new_entry.user_id = request.user.id
new_entry.save()
request.session['persona_login_email'] = email
messages.add_message(
request, messages.SUCCESS,
_('Your Persona email address was saved successfully.'))
return redirect(request, 'mediagoblin.edit.account')
def change_pass(request):
# If no password authentication, no need to change your password
if 'pass_auth' not in request.template_env.globals:
return redirect(request, 'index')
form = forms.ChangePassForm(request.form)
user = request.user
if request.method == 'POST' and form.validate():
if not auth.check_password(form.old_password.data, user.pw_hash):
form.old_password.errors.append(_('Wrong password'))
return render_to_response(request,
'mediagoblin/edit/change_pass.html', {
'form': form,
'user': user
})
# Password matches
user.pw_hash = auth.gen_password_hash(form.new_password.data)
user.save()
messages.add_message(request, messages.SUCCESS,
_('Your password was changed successfully'))
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(request, 'mediagoblin/edit/change_pass.html', {
'form': form,
'user': user
})
def login(request):
if request.method == 'GET':
return redirect(request, 'mediagoblin.auth.login')
email = _get_response(request)
if email:
query = PersonaUserEmails.query.filter_by(persona_email=email).first()
user = query.user if query else None
if user:
request.session['user_id'] = unicode(user.id)
request.session['persona_login_email'] = email
request.session.save()
return redirect(request, "index")
else:
if not mg_globals.app.auth:
messages.add_message(
request, messages.WARNING,
_('Sorry, authentication is disabled on this instance.'))
return redirect(request, 'index')
register_form = forms.RegistrationForm(email=email,
persona_email=email)
return render_to_response(
request, 'mediagoblin/auth/register.html', {
'register_form':
register_form,
'post_url':
request.urlgen('mediagoblin.plugins.persona.register')
})
return redirect(request, 'mediagoblin.auth.login')
def deauthorize_applications(request):
""" Deauthroize OAuth applications """
if request.method == 'POST' and "application" in request.form:
token = request.form["application"]
access_token = AccessToken.query.filter_by(token=token).first()
if access_token is None:
messages.add_message(
request,
messages.ERROR,
_("Unknown application, not able to deauthorize")
)
else:
access_token.delete()
messages.add_message(
request,
messages.SUCCESS,
_("Application has been deauthorized")
)
access_tokens = AccessToken.query.filter_by(user=request.user.id)
applications = [(a.get_requesttoken, a) for a in access_tokens]
return render_to_response(
request,
'mediagoblin/edit/deauthorize_applications.html',
{'applications': applications}
)
def media_post_comment(request, media):
"""
recieves POST from a MediaEntry() comment form, saves the comment.
"""
assert request.method == 'POST'
comment = request.db.MediaComment()
comment.media_entry = media.id
comment.author = request.user.id
comment.content = unicode(request.form['comment_content'])
if not comment.content.strip():
messages.add_message(
request,
messages.ERROR,
_("Oops, your comment was empty."))
else:
comment.save()
messages.add_message(
request, messages.SUCCESS,
_('Your comment has been posted!'))
media_uploader = media.get_uploader
#don't send email if you comment on your own post
if (comment.author != media_uploader and
media_uploader.wants_comment_notification):
send_comment_email(media_uploader, comment, media, request)
return redirect(request, location=media.url_for_self(request.urlgen))
def edit_account(request):
user = request.user
form = forms.EditAccountForm(request.form,
wants_comment_notification=user.wants_comment_notification,
license_preference=user.license_preference,
wants_notifications=user.wants_notifications)
if request.method == 'POST' and form.validate():
user.wants_comment_notification = form.wants_comment_notification.data
user.wants_notifications = form.wants_notifications.data
user.license_preference = form.license_preference.data
user.save()
messages.add_message(request,
messages.SUCCESS,
_("Account settings saved"))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=user.username)
return render_to_response(
request,
'mediagoblin/edit/edit_account.html',
{'user': user,
'form': form})
def register_client(request):
'''
Register an OAuth client
'''
form = ClientRegistrationForm(request.form)
if request.method == 'POST' and form.validate():
client = OAuthClient()
client.name = six.text_type(form.name.data)
client.description = six.text_type(form.description.data)
client.type = six.text_type(form.type.data)
client.owner_id = request.user.id
client.redirect_uri = six.text_type(form.redirect_uri.data)
client.save()
add_message(request, SUCCESS, _('The client {0} has been registered!')\
.format(
client.name))
return redirect(request, 'mediagoblin.plugins.oauth.list_clients')
return render_to_response(
request,
'oauth/client/register.html',
{'form': form})
def edit_profile(request, url_user=None):
# admins may edit any user profile
if request.user.username != url_user.username:
if not request.user.has_privilege(u'admin'):
raise Forbidden(_("You can only edit your own profile."))
# No need to warn again if admin just submitted an edited profile
if request.method != 'POST':
messages.add_message(
request, messages.WARNING,
_("You are editing a user's profile. Proceed with caution."))
user = url_user
form = forms.EditProfileForm(request.form, url=user.url, bio=user.bio)
if request.method == 'POST' and form.validate():
user.url = unicode(form.url.data)
user.bio = unicode(form.bio.data)
user.save()
messages.add_message(request, messages.SUCCESS,
_("Profile changes saved"))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=user.username)
return render_to_response(request, 'mediagoblin/edit/edit_profile.html', {
'user': user,
'form': form
})
def wrapper(request, *args, **kwargs):
if not mgg.app.auth:
messages.add_message(
request, messages.WARNING,
_('Sorry, authentication is disabled on this instance.'))
return redirect(request, 'index')
return controller(request, *args, **kwargs)
def subscribe_comments(request, media):
add_comment_subscription(request.user, media)
messages.add_message(request, messages.SUCCESS,
_('Subscribed to comments on %s!') % media.title)
return redirect(request, location=media.url_for_self(request.urlgen))
def silence_comments(request, media):
silence_comment_subscription(request.user, media)
messages.add_message(
request, messages.SUCCESS, _("You will not receive notifications for comments on" " %s.") % media.title
)
return redirect(request, location=media.url_for_self(request.urlgen))
def wrapper(request, *args, **kwargs):
if not mgg.app_config["allow_registration"]:
messages.add_message(
request, messages.WARNING,
_('Sorry, registration is disabled on this instance.'))
return redirect(request, "index")
return controller(request, *args, **kwargs)
def edit_subtitles(request, media):
allowed_extensions = ['aqt','gsub','jss','sub','ttxt','pjs','psb',
'rt','smi','stl','ssf','srt','ssa','ass','usf','vtt','lrc']
form = forms.EditSubtitlesForm(request.form)
# Add any subtitles
if 'subtitle_file' in request.files \
and request.files['subtitle_file']:
if mimetypes.guess_type(
request.files['subtitle_file'].filename)[0] in \
UNSAFE_MIMETYPES:
public_filename = secure_filename('{0}.notsafe'.format(
request.files['subtitle_file'].filename))
else:
public_filename = secure_filename(
request.files['subtitle_file'].filename)
filepath = request.files['subtitle_file'].filename
if filepath.split('.')[-1] not in allowed_extensions :
messages.add_message(
request,
messages.ERROR,
("Invalid subtitle file"))
return redirect(request,
location=media.url_for_self(request.urlgen))
subtitle_public_filepath = mg_globals.public_store.get_unique_filepath(
['media_entries', six.text_type(media.id), 'subtitle',
public_filename])
with mg_globals.public_store.get_file(
subtitle_public_filepath, 'wb') as subtitle_public_file:
subtitle_public_file.write(
request.files['subtitle_file'].stream.read())
request.files['subtitle_file'].stream.close()
media.subtitle_files.append(dict(
name=form.subtitle_language.data \
or request.files['subtitle_file'].filename,
filepath=subtitle_public_filepath,
created=datetime.utcnow(),
))
media.save()
messages.add_message(
request,
messages.SUCCESS,
("You added the subtitle %s!") %
(form.subtitle_language.data or
request.files['subtitle_file'].filename))
return redirect(request,
location=media.url_for_self(request.urlgen))
return render_to_response(
request,
'mediagoblin/plugins/subtitles/subtitles.html',
{'media': media,
'form': form})
def wrapper(request, *args, **kwargs):
if not mgg.app.auth:
messages.add_message(
request,
messages.WARNING,
_('Sorry, authentication is disabled on this instance.'))
return redirect(request, 'index')
return controller(request, *args, **kwargs)
def silence_comments(request, media):
silence_comment_subscription(request.user, media)
messages.add_message(request,
messages.SUCCESS,
_('You will not receive notifications for comments on'
' %s.') % media.title)
return redirect(request, location=media.url_for_self(request.urlgen))
def wrapper(request, *args, **kwargs):
if not mgg.app_config["allow_reporting"]:
messages.add_message(
request,
messages.WARNING,
_('Sorry, reporting is disabled on this instance.'))
return redirect(request, 'index')
return controller(request, *args, **kwargs)
def edit_subtitles(request, media):
# This was originally quite a long list of allowed extensions, but as far as
# I understand, Video.js only supports WebVTT format subtitles:
# https://docs.videojs.com/docs/guides/text-tracks.html
allowed_extensions = ['vtt']
form = forms.EditSubtitlesForm(request.form)
# Add any subtitles
if 'subtitle_file' in request.files \
and request.files['subtitle_file']:
if mimetypes.guess_type(
request.files['subtitle_file'].filename)[0] in \
UNSAFE_MIMETYPES:
public_filename = secure_filename('{}.notsafe'.format(
request.files['subtitle_file'].filename))
else:
public_filename = secure_filename(
request.files['subtitle_file'].filename)
filepath = request.files['subtitle_file'].filename
if filepath.split('.')[-1] not in allowed_extensions:
messages.add_message(request, messages.ERROR,
("Invalid subtitle file"))
return redirect(request,
location=media.url_for_self(request.urlgen))
subtitle_public_filepath = mg_globals.public_store.get_unique_filepath(
['media_entries',
str(media.id), 'subtitle', public_filename])
with mg_globals.public_store.get_file(subtitle_public_filepath,
'wb') as subtitle_public_file:
subtitle_public_file.write(
request.files['subtitle_file'].stream.read())
request.files['subtitle_file'].stream.close()
media.subtitle_files.append(dict(
name=form.subtitle_language.data \
or request.files['subtitle_file'].filename,
filepath=subtitle_public_filepath,
created=datetime.utcnow(),
))
media.save()
messages.add_message(request, messages.SUCCESS,
("You added the subtitle %s!") %
(form.subtitle_language.data
or request.files['subtitle_file'].filename))
return redirect(request, location=media.url_for_self(request.urlgen))
return render_to_response(request,
'mediagoblin/plugins/subtitles/subtitles.html', {
'media': media,
'form': form
})
def register(request):
# if request.method == 'GET':
# return redirect(
# request,
# 'mediagoblin.plugins.recaptcha.register')
register_form = auth_forms.RegistrationForm(request.form)
config = pluginapi.get_config('mediagoblin.plugins.recaptcha')
recaptcha_protocol = ''
if config['RECAPTCHA_USE_SSL']:
recaptcha_protocol = 'https'
else:
recaptcha_protocol = 'http'
_log.debug("Connecting to reCAPTCHA service via %r", recaptcha_protocol)
if register_form.validate():
recaptcha_challenge = request.form['recaptcha_challenge_field']
recaptcha_response = request.form['recaptcha_response_field']
_log.debug("response field is: %r", recaptcha_response)
_log.debug("challenge field is: %r", recaptcha_challenge)
response = captcha.submit(
recaptcha_challenge,
recaptcha_response,
config.get('RECAPTCHA_PRIVATE_KEY'),
request.remote_addr,
)
goblin = response.is_valid
if response.error_code:
_log.warning("reCAPTCHA error: %r", response.error_code)
if goblin:
user = register_user(request, register_form)
if user:
# redirect the user to their homepage... there will be a
# message waiting for them to verify their email
return redirect(
request, 'mediagoblin.user_pages.user_home',
user=user.username)
else:
messages.add_message(
request,
messages.WARNING,
_('Sorry, captcha was incorrect. Please try again.'))
return render_to_response(
request,
'mediagoblin/plugins/recaptcha/register.html',
{'register_form': register_form,
'post_url': request.urlgen('mediagoblin.plugins.recaptcha.register'),
'recaptcha_public_key': config.get('RECAPTCHA_PUBLIC_KEY'),
'recaptcha_protocol' : recaptcha_protocol})
def edit_attachments(request, media):
if mg_globals.app_config["allow_attachments"]:
form = forms.EditAttachmentsForm()
# Add any attachements
if "attachment_file" in request.files and request.files["attachment_file"]:
# Security measure to prevent attachments from being served as
# text/html, which will be parsed by web clients and pose an XSS
# threat.
#
# TODO
# This method isn't flawless as some browsers may perform
# content-sniffing.
# This method isn't flawless as we do the mimetype lookup on the
# machine parsing the upload form, and not necessarily the machine
# serving the attachments.
if mimetypes.guess_type(request.files["attachment_file"].filename)[0] in UNSAFE_MIMETYPES:
public_filename = secure_filename("{0}.notsafe".format(request.files["attachment_file"].filename))
else:
public_filename = secure_filename(request.files["attachment_file"].filename)
attachment_public_filepath = mg_globals.public_store.get_unique_filepath(
["media_entries", unicode(media.id), "attachment", public_filename]
)
attachment_public_file = mg_globals.public_store.get_file(attachment_public_filepath, "wb")
try:
attachment_public_file.write(request.files["attachment_file"].stream.read())
finally:
request.files["attachment_file"].stream.close()
media.attachment_files.append(
dict(
name=form.attachment_name.data or request.files["attachment_file"].filename,
filepath=attachment_public_filepath,
created=datetime.utcnow(),
)
)
media.save()
messages.add_message(
request,
messages.SUCCESS,
_("You added the attachment %s!")
% (form.attachment_name.data or request.files["attachment_file"].filename),
)
return redirect(request, location=media.url_for_self(request.urlgen))
return render_to_response(request, "mediagoblin/edit/attachments.html", {"media": media, "form": form})
else:
raise Forbidden("Attachments are disabled")
def email_debug_message(request):
"""
If the server is running in email debug mode (which is
the current default), give a debug message to the user
so that they have an idea where to find their email.
"""
if mg_globals.app_config['email_debug_mode']:
# DEBUG message, no need to translate
messages.add_message(request, messages.DEBUG,
u"This instance is running in email debug mode. "
u"The email will be on the console of the server process.")
def edit_profile(request, url_user=None):
# admins may edit any user profile
if request.user.username != url_user.username:
if not request.user.has_privilege(u'admin'):
raise Forbidden(_("You can only edit your own profile."))
# No need to warn again if admin just submitted an edited profile
if request.method != 'POST':
messages.add_message(
request, messages.WARNING,
_("You are editing a user's profile. Proceed with caution."))
user = url_user
# Get the location name
if user.location is None:
location = ""
else:
location = user.get_location.name
form = forms.EditProfileForm(request.method == 'POST' and request.form
or None,
url=user.url,
bio=user.bio,
location=location)
if request.method == 'POST' and form.validate():
user.url = six.text_type(form.url.data)
user.bio = six.text_type(form.bio.data)
# Save location
if form.location.data and user.location is None:
user.get_location = Location(
name=six.text_type(form.location.data))
elif form.location.data:
location = user.get_location
location.name = six.text_type(form.location.data)
location.save()
else:
user.location = None
user.save()
messages.add_message(request, messages.SUCCESS,
_("Profile changes saved"))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=user.username)
return render_to_response(request, 'mediagoblin/edit/edit_profile.html', {
'user': user,
'form': form
})
def email_debug_message(request):
"""
If the server is running in email debug mode (which is
the current default), give a debug message to the user
so that they have an idea where to find their email.
"""
if mg_globals.app_config['email_debug_mode']:
# DEBUG message, no need to translate
messages.add_message(
request, messages.DEBUG,
u"This instance is running in email debug mode. "
u"The email will be on the console of the server process.")
def login(request):
login_form = forms.LoginForm(request.form)
login_failed = False
if request.method == 'POST' and login_form.validate():
l = LDAP()
username, email = l.login(login_form.username.data,
login_form.password.data)
if username:
user = LocalUser.query.filter(
LocalUser.username==username
).first()
if user:
# set up login in session
request.session['user_id'] = six.text_type(user.id)
request.session.save()
if request.form.get('next'):
return redirect(request, location=request.form['next'])
else:
return redirect(request, "index")
else:
if not mg_globals.app.auth:
messages.add_message(
request,
messages.WARNING,
_('Sorry, authentication is disabled on this '
'instance.'))
return redirect(request, 'index')
register_form = forms.RegisterForm(username=username,
email=email)
return render_to_response(
request,
'mediagoblin/auth/register.html',
{'register_form': register_form,
'post_url': request.urlgen('mediagoblin.plugins.ldap.register')})
login_failed = True
return render_to_response(
request,
'mediagoblin/auth/login.html',
{'login_form': login_form,
'next': request.GET.get('next') or request.form.get('next'),
'login_failed': login_failed,
'post_url': request.urlgen('mediagoblin.plugins.ldap.login'),
'allow_registration': mg_globals.app_config["allow_registration"]})
def edit_collection(request, collection):
defaults = dict(
title=collection.title,
slug=collection.slug,
description=collection.description)
form = forms.EditCollectionForm(
request.form,
**defaults)
if request.method == 'POST' and form.validate():
# Make sure there isn't already a Collection with such a slug
# and userid.
slug_used = check_collection_slug_used(request.db, collection.creator,
request.form['slug'], collection.id)
# Make sure there isn't already a Collection with this title
existing_collection = request.db.Collection.find_one({
'creator': request.user._id,
'title':request.form['title']})
if existing_collection and existing_collection.id != collection.id:
messages.add_message(
request, messages.ERROR,
_('You already have a collection called "%s"!') % \
request.form['title'])
elif slug_used:
form.slug.errors.append(
_(u'A collection with that slug already exists for this user.'))
else:
collection.title = unicode(request.form['title'])
collection.description = unicode(request.form.get('description'))
collection.slug = unicode(request.form['slug'])
collection.save()
return redirect(request, "mediagoblin.user_pages.user_collection",
user=collection.get_creator.username,
collection=collection.slug)
if request.user.is_admin \
and collection.creator != request.user._id \
and request.method != 'POST':
messages.add_message(
request, messages.WARNING,
_("You are editing another user's collection. Proceed with caution."))
return render_to_response(
request,
'mediagoblin/edit/edit_collection.html',
{'collection': collection,
'form': form})
def login(request):
login_form = forms.LoginForm(request.form)
login_failed = False
if request.method == 'POST' and login_form.validate():
l = LDAP()
username, email = l.login(login_form.username.data,
login_form.password.data)
if username:
user = LocalUser.query.filter(
LocalUser.username == username).first()
if user:
# set up login in session
request.session['user_id'] = six.text_type(user.id)
request.session.save()
if request.form.get('next'):
return redirect(request, location=request.form['next'])
else:
return redirect(request, "index")
else:
if not mg_globals.app.auth:
messages.add_message(
request, messages.WARNING,
_('Sorry, authentication is disabled on this '
'instance.'))
return redirect(request, 'index')
register_form = forms.RegisterForm(username=username,
email=email)
return render_to_response(
request, 'mediagoblin/auth/register.html', {
'register_form':
register_form,
'post_url':
request.urlgen('mediagoblin.plugins.ldap.register')
})
login_failed = True
return render_to_response(
request, 'mediagoblin/auth/login.html', {
'login_form': login_form,
'next': request.GET.get('next') or request.form.get('next'),
'login_failed': login_failed,
'post_url': request.urlgen('mediagoblin.plugins.ldap.login'),
'allow_registration': mg_globals.app_config["allow_registration"]
})
def edit_profile(request, url_user=None):
# admins may edit any user profile
if request.user.username != url_user.username:
if not request.user.has_privilege(u'admin'):
raise Forbidden(_("You can only edit your own profile."))
# No need to warn again if admin just submitted an edited profile
if request.method != 'POST':
messages.add_message(
request, messages.WARNING,
_("You are editing a user's profile. Proceed with caution."))
user = url_user
# Get the location name
if user.location is None:
location = ""
else:
location = user.get_location.name
form = forms.EditProfileForm(request.form,
url=user.url,
bio=user.bio,
location=location)
if request.method == 'POST' and form.validate():
user.url = six.text_type(form.url.data)
user.bio = six.text_type(form.bio.data)
# Save location
if form.location.data and user.location is None:
user.get_location = Location(name=unicode(form.location.data))
elif form.location.data:
location = user.get_location
location.name = unicode(form.location.data)
location.save()
user.save()
messages.add_message(request,
messages.SUCCESS,
_("Profile changes saved"))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=user.username)
return render_to_response(
request,
'mediagoblin/edit/edit_profile.html',
{'user': user,
'form': form})
def verify_forgot_password(request):
"""
Check the forgot-password verification and possibly let the user
change their password because of it.
"""
# get form data variables, and specifically check for presence of token
formdata = _process_for_token(request)
if not formdata['has_userid_and_token']:
return render_404(request)
formdata_token = formdata['vars']['token']
formdata_userid = formdata['vars']['userid']
formdata_vars = formdata['vars']
# check if it's a valid Id
try:
user = request.db.User.find_one(
{'_id': ObjectId(unicode(formdata_userid))})
except InvalidId:
return render_404(request)
# check if we have a real user and correct token
if ((user and user.fp_verification_key and
user.fp_verification_key == unicode(formdata_token) and
datetime.datetime.now() < user.fp_token_expire
and user.email_verified and user.status == 'active')):
cp_form = auth_forms.ChangePassForm(formdata_vars)
if request.method == 'POST' and cp_form.validate():
user.pw_hash = auth_lib.bcrypt_gen_password_hash(
request.form['password'])
user.fp_verification_key = None
user.fp_token_expire = None
user.save()
messages.add_message(
request,
messages.INFO,
_("You can now log in using your new password."))
return redirect(request, 'mediagoblin.auth.login')
else:
return render_to_response(
request,
'mediagoblin/auth/change_fp.html',
{'cp_form': cp_form})
# in case there is a valid id but no user whit that id in the db
# or the token expired
else:
return render_404(request)
def edit_media(request, media):
if not may_edit_media(request, media):
return exc.HTTPForbidden()
defaults = dict(
title=media.title,
slug=media.slug,
description=media.description,
tags=media_tags_as_string(media.tags),
license=media.license)
form = forms.EditForm(
request.form,
**defaults)
if request.method == 'POST' and form.validate():
# Make sure there isn't already a MediaEntry with such a slug
# and userid.
slug_used = check_media_slug_used(request.db, media.uploader,
request.form['slug'], media.id)
if slug_used:
form.slug.errors.append(
_(u'An entry with that slug already exists for this user.'))
else:
media.title = unicode(request.form['title'])
media.description = unicode(request.form.get('description'))
media.tags = convert_to_tag_list_of_dicts(
request.form.get('tags'))
media.license = unicode(request.form.get('license', '')) or None
media.slug = unicode(request.form['slug'])
media.save()
return exc.HTTPFound(
location=media.url_for_self(request.urlgen))
if request.user.is_admin \
and media.uploader != request.user._id \
and request.method != 'POST':
messages.add_message(
request, messages.WARNING,
_("You are editing another user's media. Proceed with caution."))
return render_to_response(
request,
'mediagoblin/edit/edit.html',
{'media': media,
'form': form})
def edit_collection(request, collection):
defaults = dict(
title=collection.title,
slug=collection.slug,
description=collection.description)
form = forms.EditCollectionForm(
request.form,
**defaults)
if request.method == 'POST' and form.validate():
# Make sure there isn't already a Collection with such a slug
# and userid.
slug_used = check_collection_slug_used(collection.creator,
form.slug.data, collection.id)
# Make sure there isn't already a Collection with this title
existing_collection = request.db.Collection.query.filter_by(
creator=request.user.id,
title=form.title.data).first()
if existing_collection and existing_collection.id != collection.id:
messages.add_message(
request, messages.ERROR,
_('You already have a collection called "%s"!') % \
form.title.data)
elif slug_used:
form.slug.errors.append(
_(u'A collection with that slug already exists for this user.'))
else:
collection.title = unicode(form.title.data)
collection.description = unicode(form.description.data)
collection.slug = unicode(form.slug.data)
collection.save()
return redirect_obj(request, collection)
if request.user.has_privilege(u'admin') \
and collection.creator != request.user.id \
and request.method != 'POST':
messages.add_message(
request, messages.WARNING,
_("You are editing another user's collection. Proceed with caution."))
return render_to_response(
request,
'mediagoblin/edit/edit_collection.html',
{'collection': collection,
'form': form})
def edit_collection(request, collection):
defaults = dict(
title=collection.title,
slug=collection.slug,
description=collection.description)
form = forms.EditCollectionForm(
request.form,
**defaults)
if request.method == 'POST' and form.validate():
# Make sure there isn't already a Collection with such a slug
# and userid.
slug_used = check_collection_slug_used(collection.creator,
form.slug.data, collection.id)
# Make sure there isn't already a Collection with this title
existing_collection = request.db.Collection.query.filter_by(
creator=request.user.id,
title=form.title.data).first()
if existing_collection and existing_collection.id != collection.id:
messages.add_message(
request, messages.ERROR,
_('You already have a collection called "%s"!') % \
form.title.data)
elif slug_used:
form.slug.errors.append(
_(u'A collection with that slug already exists for this user.'))
else:
collection.title = six.text_type(form.title.data)
collection.description = six.text_type(form.description.data)
collection.slug = six.text_type(form.slug.data)
collection.save()
return redirect_obj(request, collection)
if request.user.has_privilege(u'admin') \
and collection.creator != request.user.id \
and request.method != 'POST':
messages.add_message(
request, messages.WARNING,
_("You are editing another user's collection. Proceed with caution."))
return render_to_response(
request,
'mediagoblin/edit/edit_collection.html',
{'collection': collection,
'form': form})
def edit_media(request, media):
# If media is not processed, return NotFound.
if not media.state == 'processed':
return render_404(request)
if not may_edit_media(request, media):
raise Forbidden("User may not edit this media")
defaults = dict(title=media.title,
slug=media.slug,
description=media.description,
tags=media_tags_as_string(media.tags),
license=media.license)
form = forms.EditForm(request.method == 'POST' and request.form or None,
**defaults)
if request.method == 'POST' and form.validate():
# Make sure there isn't already a MediaEntry with such a slug
# and userid.
slug = slugify(form.slug.data)
slug_used = check_media_slug_used(media.actor, slug, media.id)
if slug_used:
form.slug.errors.append(
_('An entry with that slug already exists for this user.'))
else:
media.title = form.title.data
media.description = form.description.data
media.tags = convert_to_tag_list_of_dicts(form.tags.data)
media.license = str(form.license.data) or None
media.slug = slug
media.save()
return redirect_obj(request, media)
if request.user.has_privilege('admin') \
and media.actor != request.user.id \
and request.method != 'POST':
messages.add_message(
request, messages.WARNING,
_("You are editing another user's media. Proceed with caution."))
return render_to_response(request, 'mediagoblin/edit/edit.html', {
'media': media,
'form': form
})
def finish_login(request):
"""Complete OpenID Login Process"""
response = _finish_verification(request)
if not response:
# Verification failed, redirect to login page.
return redirect(request, 'mediagoblin.plugins.openid.login')
# Verification was successfull
query = OpenIDUserURL.query.filter_by(
openid_url=response.identity_url, ).first()
user = query.user if query else None
if user:
# Set up login in session
request.session['user_id'] = str(user.id)
request.session.save()
if request.session.get('next'):
return redirect(request, location=request.session.pop('next'))
else:
return redirect(request, "index")
else:
# No user, need to register
if not mg_globals.app_config['allow_registration']:
messages.add_message(
request, messages.WARNING,
_('Sorry, registration is disabled on this instance.'))
return redirect(request, 'index')
# Get email and nickname from response
email = _response_email(response)
username = _response_nickname(response)
register_form = auth_forms.RegistrationForm(
request.form,
openid=response.identity_url,
email=email,
username=username)
return render_to_response(
request, 'mediagoblin/auth/register.html', {
'register_form': register_form,
'post_url':
request.urlgen('mediagoblin.plugins.openid.register')
})
def delete_subtitles(request, media):
id = request.matchdict['id']
delete_container = None
index = 0
for subtitle in media.subtitle_files:
if subtitle["id"] == id:
path = subtitle["filepath"]
mg_globals.public_store.delete_file(path)
delete_container = index
media.subtitle_files.pop(delete_container)
media.save()
break
index += 1
messages.add_message(request, messages.SUCCESS,
("Subtitle file deleted!!!"))
return redirect(request, location=media.url_for_self(request.urlgen))
def blogpost_create(request):
form = blog_forms.BlogPostEditForm(request.form,
license=request.user.license_preference)
if request.method == 'POST' and form.validate():
blog_slug = request.matchdict.get('blog_slug')
blog = request.db.Blog.query.filter_by(slug=blog_slug,
author=request.user.id).first()
if not blog:
return render_404(request)
blogpost = request.db.MediaEntry()
blogpost.media_type = 'mediagoblin.media_types.blogpost'
blogpost.title = unicode(form.title.data)
blogpost.description = unicode(
cleaned_markdown_conversion((form.description.data)))
blogpost.tags = convert_to_tag_list_of_dicts(form.tags.data)
blogpost.license = unicode(form.license.data) or None
blogpost.uploader = request.user.id
blogpost.generate_slug()
set_blogpost_state(request, blogpost)
blogpost.save()
# connect this blogpost to its blog
blog_post_data = request.db.BlogPostData()
blog_post_data.blog = blog.id
blog_post_data.media_entry = blogpost.id
blog_post_data.save()
add_message(request, SUCCESS, _('Woohoo! Submitted!'))
add_comment_subscription(request.user, blogpost)
return redirect(request,
"mediagoblin.media_types.blog.blog-dashboard",
user=request.user.username,
blog_slug=blog.slug)
return render_to_response(
request, 'mediagoblin/blog/blog_post_edit_create.html', {
'form': form,
'app_config': mg_globals.app_config,
'user': request.user.username
})
def add_collection(request, media=None):
"""
View to create a new collection
"""
submit_form = submit_forms.AddCollectionForm(request.form)
if request.method == 'POST' and submit_form.validate():
collection = request.db.Collection()
collection.title = str(submit_form.title.data)
collection.description = str(submit_form.description.data)
collection.actor = request.user.id
collection.type = request.db.Collection.USER_DEFINED_TYPE
collection.generate_slug()
# Make sure this user isn't duplicating an existing collection
existing_collection = request.db.Collection.query.filter_by(
actor=request.user.id,
type=request.db.Collection.USER_DEFINED_TYPE,
title=collection.title).first()
if existing_collection:
messages.add_message(
request,
messages.ERROR,
_('You already have a collection called "%s"!') %
collection.title)
else:
collection.save()
messages.add_message(
request,
messages.SUCCESS,
_('Collection "%s" added!') % collection.title)
return redirect(request, "mediagoblin.user_pages.user_home",
user=request.user.username)
return render_to_response(
request,
'mediagoblin/submit/collection.html',
{'submit_form': submit_form,
'app_config': mg_globals.app_config})
def blogpost_edit(request):
blog_slug = request.matchdict.get('blog_slug', None)
blog_post_slug = request.matchdict.get('blog_post_slug', None)
blogpost = request.db.MediaEntry.query.filter_by(
slug=blog_post_slug, uploader=request.user.id).first()
blog = get_blog_by_slug(request, blog_slug, author=request.user.id)
if not blogpost or not blog:
return render_404(request)
defaults = dict(title=blogpost.title,
description=cleaned_markdown_conversion(
blogpost.description),
tags=media_tags_as_string(blogpost.tags),
license=blogpost.license)
form = blog_forms.BlogPostEditForm(request.form, **defaults)
if request.method == 'POST' and form.validate():
blogpost.title = six.text_type(form.title.data)
blogpost.description = six.text_type(
cleaned_markdown_conversion((form.description.data)))
blogpost.tags = convert_to_tag_list_of_dicts(form.tags.data)
blogpost.license = six.text_type(form.license.data)
set_blogpost_state(request, blogpost)
blogpost.generate_slug()
blogpost.save()
add_message(request, SUCCESS,
_('Woohoo! edited blogpost is submitted'))
return redirect(request,
"mediagoblin.media_types.blog.blog-dashboard",
user=request.user.username,
blog_slug=blog.slug)
return render_to_response(
request, 'mediagoblin/blog/blog_post_edit_create.html', {
'form': form,
'app_config': mg_globals.app_config,
'user': request.user.username,
'blog_post_slug': blog_post_slug
})
def media_post_comment(request):
"""
recieves POST from a MediaEntry() comment form, saves the comment.
"""
comment = request.db.MediaComment()
comment['media_entry'] = ObjectId(request.matchdict['media'])
comment['author'] = request.user['_id']
comment['content'] = request.POST['comment']
comment['content_html'] = cleaned_markdown_conversion(comment['content'])
comment.save()
messages.add_message(request, messages.SUCCESS, 'Comment posted!')
return redirect(request,
'mediagoblin.user_pages.media_home',
media=request.matchdict['media'],
user=request.matchdict['user'])
def blog_delete(request, **kwargs):
"""
Deletes a blog and media entries, tags associated with it.
"""
url_user = request.matchdict.get('user')
owner_user = request.db.LocalUser.query.filter(
LocalUser.username == url_user).first()
blog_slug = request.matchdict.get('blog_slug', None)
blog = get_blog_by_slug(request, blog_slug, author=owner_user.id)
if not blog:
return render_404(request)
form = blog_forms.ConfirmDeleteForm(request.form)
if request.user.id == blog.author or request.user.has_privilege(u'admin'):
if request.method == 'POST' and form.validate():
if form.confirm.data is True:
blog.delete()
messages.add_message(request, messages.SUCCESS,
_('You deleted the Blog.'))
return redirect(
request,
"mediagoblin.media_types.blog.blog_admin_dashboard",
user=request.user.username)
else:
messages.add_message(
request, messages.ERROR,
_("The media was not deleted because you didn't check "
"that you were sure."))
return redirect(
request,
"mediagoblin.media_types.blog.blog_admin_dashboard",
user=request.user.username)
else:
if request.user.has_privilege(u'admin'):
messages.add_message(
request, messages.WARNING,
_("You are about to delete another user's Blog. "
"Proceed with caution."))
return render_to_response(
request, 'mediagoblin/blog/blog_confirm_delete.html', {
'blog': blog,
'form': form
})
else:
messages.add_message(
request, messages.ERROR,
_("The blog was not deleted because you have no rights."))
return redirect(request,
"mediagoblin.media_types.blog.blog_admin_dashboard",
user=request.user.username)
def resend_activation(request):
"""
The reactivation view
Resend the activation email.
"""
if request.user is None:
messages.add_message(
request, messages.ERROR,
_('You must be logged in so we know who to send the email to!'))
return redirect(request, 'mediagoblin.auth.login')
if request.user.has_privilege(u'active'):
messages.add_message(request, messages.ERROR,
_("You've already verified your email address!"))
return redirect(request,
"mediagoblin.user_pages.user_home",
user=request.user.username)
email_debug_message(request)
send_verification_email(request.user, request)
messages.add_message(request, messages.INFO,
_('Resent your verification email.'))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=request.user.username)
