id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	parents
343	Deleting media can become tricky	Elrond	Christopher Allan Webber	"{{{
#!rst
The changes in Issue `#582 </issues/582>`_ introduced some
interesting code:

::

    def user_may_delete_media(controller):
    ...
            uploader = request.db.MediaEntry.find_one(
                {'slug': request.matchdict['media']}).get_uploader()

If two people have the same slug, this query will not always do the
right thing(TM).

That said, I'd really prefer things like ""edit"" and ""delete"" use
the id instead of the slug. It just feels safer and will avoid all
these slug duplicates/etc issuess.
I don't see anyone needing to bookmark the delete page? And
bookmarking the edit page might have rare use cases, so those
should be able to live with ugly urls.

For performance/safety reasons, we could consider to have an extra
decorator for finding the media only by user/id or somesuch.



}}}"	defect	closed	minor	0.2.0	programming	FIXED