From 7da6aedf697ec4da9a8c2ae255d36301912e69d1 Mon Sep 17 00:00:00 2001
From: Olivier Mehani <shtrom@ssji.net>
Date: Sat, 10 Oct 2015 16:42:03 +1100
Subject: [PATCH] Limit access to media to logged in users
Issues:
* Code is duplicated between collection and single-media display;
* Login message is not translated.
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
squash! Limit access to media to logged in users
Prevent collection listing
squash! Limit access to media to logged in users
Add require_login option
squash! squash! Limit access to media to logged in users
Remove ATOM entries when not logged in
---
mediagoblin.example.ini | 3 +++
mediagoblin/config_spec.ini | 3 +++
mediagoblin/listings/views.py | 3 +++
.../mediagoblin/user_pages/collection.html | 4 ++++
.../user_pages/collection_list.html | 4 ++++
.../mediagoblin/user_pages/media.html | 4 ++++
.../mediagoblin/utils/object_gallery.html | 23 +++++++++++--------
.../mediagoblin/utils/require_login.html | 8 +++++++
mediagoblin/user_pages/views.py | 6 +++++
9 files changed, 49 insertions(+), 9 deletions(-)
create mode 100644 mediagoblin/templates/mediagoblin/utils/require_login.html
diff --git a/mediagoblin.example.ini b/mediagoblin.example.ini
index 6648fb91..2628d7c2 100644
a
|
b
|
email_debug_mode = true
|
30 | 30 | # Set to false to disable registrations |
31 | 31 | allow_registration = true |
32 | 32 | |
| 33 | # Set to true to only display media to logged-in users |
| 34 | #require_login = false |
| 35 | |
33 | 36 | # Set to false to disable the ability for users to report offensive content |
34 | 37 | allow_reporting = true |
35 | 38 | |
diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini
index 8901cefa..4b056933 100644
a
|
b
|
email_smtp_pass = string(default=None)
|
52 | 52 | # Set to false to disable registrations |
53 | 53 | allow_registration = boolean(default=True) |
54 | 54 | |
| 55 | # Set to true to only display media to logged-in users |
| 56 | require_login = boolean(default=False) |
| 57 | |
55 | 58 | # tag parsing |
56 | 59 | tags_max_length = integer(default=255) |
57 | 60 | |
diff --git a/mediagoblin/listings/views.py b/mediagoblin/listings/views.py
index 6e1528ca..0b0050eb 100644
a
|
b
|
def atom_feed(request):
|
105 | 105 | id=link, |
106 | 106 | links=atomlinks) |
107 | 107 | |
| 108 | if mg_globals.app_config["require_login"] and not request.user: |
| 109 | return feed.get_response() |
| 110 | |
108 | 111 | for entry in cursor: |
109 | 112 | # Include a thumbnail image in content. |
110 | 113 | file_urls = get_media_file_paths(entry.media_files, request.urlgen) |
diff --git a/mediagoblin/templates/mediagoblin/user_pages/collection.html b/mediagoblin/templates/mediagoblin/user_pages/collection.html
index 71ba4451..171de887 100644
a
|
b
|
|
56 | 56 | <a class="button_action" href="{{ delete_url }}">{% trans %}Delete{% endtrans %}</a> |
57 | 57 | {% endif %} |
58 | 58 | |
| 59 | {% if app_config['require_login'] and not request.user %} |
| 60 | {% include "mediagoblin/utils/require_login.html" %} |
| 61 | {% else %} |
59 | 62 | <p> |
60 | 63 | {% autoescape False %} |
61 | 64 | {{ collection.description_html }} |
… |
… |
|
68 | 71 | user=user.username, |
69 | 72 | collection=collection.slug ) %} |
70 | 73 | {% include "mediagoblin/utils/feed_link.html" %} |
| 74 | {% endif %} |
71 | 75 | |
72 | 76 | {% endblock %} |
diff --git a/mediagoblin/templates/mediagoblin/user_pages/collection_list.html b/mediagoblin/templates/mediagoblin/user_pages/collection_list.html
index 4b449c76..8081cb39 100644
a
|
b
|
|
44 | 44 | {% endif %} |
45 | 45 | {% endif %} |
46 | 46 | |
| 47 | {% if app_config['require_login'] and not request.user %} |
| 48 | {% include "mediagoblin/utils/require_login.html" %} |
| 49 | {% else %} |
47 | 50 | <ul> |
48 | 51 | {% for coll in collections %} |
49 | 52 | {%- set coll_url = coll.url_for_self(request.urlgen) %} |
… |
… |
|
52 | 55 | </li> |
53 | 56 | {% endfor %} |
54 | 57 | </ul> |
| 58 | {% endif %} |
55 | 59 | |
56 | 60 | {% endblock %} |
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index 39a09d45..3ba125d9 100644
a
|
b
|
|
36 | 36 | {% template_hook("media_head") %} |
37 | 37 | {% endblock mediagoblin_head %} |
38 | 38 | {% block mediagoblin_content %} |
| 39 | {%- if app_config['require_login'] and not request.user %} |
| 40 | {% include "mediagoblin/utils/require_login.html" %} |
| 41 | {% else %} |
39 | 42 | <div class="row foot"> |
40 | 43 | <p class="eleven columns context"> |
41 | 44 | {%- trans user_url=request.urlgen( |
… |
… |
|
245 | 248 | </div><!--end media_sidebar--> |
246 | 249 | |
247 | 250 | <div class="clear"></div> |
| 251 | {%- endif %} |
248 | 252 | {% endblock %} |
diff --git a/mediagoblin/templates/mediagoblin/utils/object_gallery.html b/mediagoblin/templates/mediagoblin/utils/object_gallery.html
index a01cb3d5..2a3cddaa 100644
a
|
b
|
|
56 | 56 | #} |
57 | 57 | {% macro object_gallery(request, media_entries, pagination, |
58 | 58 | pagination_base_url=None, col_number=5) %} |
59 | | {% if media_entries and media_entries.count() %} |
60 | | {{ media_grid(request, media_entries, col_number=col_number) }} |
61 | | <div class="clear"></div> |
62 | | {% if pagination_base_url %} |
63 | | {# different url, so set that and don't keep the get params #} |
64 | | {{ render_pagination(request, pagination, pagination_base_url, False) }} |
65 | | {% else %} |
66 | | {{ render_pagination(request, pagination) }} |
67 | | {% endif %} |
| 59 | |
| 60 | {% if app_config['require_login'] and not request.user %} |
| 61 | {% include "mediagoblin/utils/require_login.html" %} |
68 | 62 | {% else %} |
| 63 | {% if media_entries and media_entries.count() %} |
| 64 | {{ media_grid(request, media_entries, col_number=col_number) }} |
| 65 | <div class="clear"></div> |
| 66 | {% if pagination_base_url %} |
| 67 | {# different url, so set that and don't keep the get params #} |
| 68 | {{ render_pagination(request, pagination, pagination_base_url, False) }} |
| 69 | {% else %} |
| 70 | {{ render_pagination(request, pagination) }} |
| 71 | {% endif %} |
| 72 | {% else %} |
69 | 73 | <p> |
70 | 74 | <i> |
71 | 75 | {%- trans -%} |
… |
… |
|
79 | 83 | </a> |
80 | 84 | </p> |
81 | 85 | {% endif %} |
| 86 | {%- endif %} |
82 | 87 | {% endmacro %} |
diff --git a/mediagoblin/templates/mediagoblin/utils/require_login.html b/mediagoblin/templates/mediagoblin/utils/require_login.html
new file mode 100644
index 00000000..72bf4c4a
-
|
+
|
|
| 1 | <p><a href= |
| 2 | {% if persona_auth is defined %} |
| 3 | "javascript:;" id="persona_login" |
| 4 | {% else %} |
| 5 | "{{ request.urlgen('mediagoblin.auth.login') }}" |
| 6 | {% endif %} |
| 7 | >{%- trans %}Log in{% endtrans -%} |
| 8 | </a> to access media.</p> |
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py
index 62a4f151..8f353682 100644
a
|
b
|
def atom_feed(request):
|
577 | 577 | user=request.matchdict['user']), |
578 | 578 | links=atomlinks) |
579 | 579 | |
| 580 | if mg_globals.app_config["require_login"] and not request.user: |
| 581 | return feed.get_response() |
| 582 | |
580 | 583 | for entry in cursor: |
581 | 584 | # Include a thumbnail image in content. |
582 | 585 | file_urls = get_media_file_paths(entry.media_files, request.urlgen) |
… |
… |
def collection_atom_feed(request):
|
655 | 658 | slug=collection.slug), |
656 | 659 | links=atomlinks) |
657 | 660 | |
| 661 | if mg_globals.app_config["require_login"] and not request.user: |
| 662 | return feed.get_response() |
| 663 | |
658 | 664 | for item in cursor: |
659 | 665 | obj = item.get_object() |
660 | 666 | feed.add( |