From: yomguy Date: Wed, 23 Mar 2011 13:16:20 +0000 (+0100) Subject: restrict player and download access to public items (public_access = 'full'), fix... X-Git-Tag: 1.1~344 X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=5c0e67eff371711088ac58ad764aa6f8f5864c69;p=telemeta.git restrict player and download access to public items (public_access = 'full'), fix file field in mediaitem_edit template, add 'not allowed' page using messsages --- diff --git a/telemeta/templates/telemeta/messages.html b/telemeta/templates/telemeta/messages.html new file mode 100644 index 00000000..787f796a --- /dev/null +++ b/telemeta/templates/telemeta/messages.html @@ -0,0 +1 @@ +{% extends "telemeta_default/messages.html" %} diff --git a/telemeta/templates/telemeta_default/mediaitem_add.html b/telemeta/templates/telemeta_default/mediaitem_add.html index 7410f2f1..71e6c06d 100644 --- a/telemeta/templates/telemeta_default/mediaitem_add.html +++ b/telemeta/templates/telemeta_default/mediaitem_add.html @@ -12,7 +12,7 @@ {% block tools %} - {% trans "Cancel" %} {% endblock tools %} @@ -37,7 +37,7 @@ {% endfor %}
- {% trans "Cancel" %} {% trans "Save" %} diff --git a/telemeta/templates/telemeta_default/mediaitem_detail.html b/telemeta/templates/telemeta_default/mediaitem_detail.html index 6d904317..0da5cc22 100644 --- a/telemeta/templates/telemeta_default/mediaitem_detail.html +++ b/telemeta/templates/telemeta_default/mediaitem_detail.html @@ -61,8 +61,8 @@ {% block content %}

Item : {{ item }}

-
- {% if item.file %} +
+ {% if item.file and item.public_access == 'full' %}
Minimize
diff --git a/telemeta/templates/telemeta_default/mediaitem_edit.html b/telemeta/templates/telemeta_default/mediaitem_edit.html index 3d9adc17..a07be4d0 100644 --- a/telemeta/templates/telemeta_default/mediaitem_edit.html +++ b/telemeta/templates/telemeta_default/mediaitem_edit.html @@ -16,7 +16,12 @@ {% if not field.html_name == "copied_from_item" %} {{ field.errors }} - {{ field.label_tag }}: {{ field }} + {{ field.label_tag }}: + {% if field.html_name == "file" %} + {{ item.file.name }}
{{ field }} + {% else %} + {{ field }} + {% endif %} {% endif %} {% endfor %} diff --git a/telemeta/templates/telemeta_default/messages.html b/telemeta/templates/telemeta_default/messages.html new file mode 100644 index 00000000..300986dc --- /dev/null +++ b/telemeta/templates/telemeta_default/messages.html @@ -0,0 +1,13 @@ +{% extends "telemeta/base.html" %} +{% load i18n %} + +{% block content %} + +{% if messages %} + {% for message in messages %} +

{{ message }}

+ {% endfor %} +{% endif %} + +{% endblock %} + diff --git a/telemeta/urls.py b/telemeta/urls.py index 4a1ac4f7..b4721389 100644 --- a/telemeta/urls.py +++ b/telemeta/urls.py @@ -206,5 +206,8 @@ urlpatterns = patterns('', url(r'^markers/(?P[A-Za-z0-9]+)/$', web_view.item_detail, name="telemeta-item-detail-marker"), # RSS feeds - url(r'rss/$', web_view.rss, name="telemeta-rss"), + url(r'^rss/$', web_view.rss, name="telemeta-rss"), + + # Not allowed + url(r'^not_allowed/$', web_view.not_allowed, name="telemeta-not-allowed"), ) diff --git a/telemeta/web/base.py b/telemeta/web/base.py index 94ad4d58..36ac7979 100644 --- a/telemeta/web/base.py +++ b/telemeta/web/base.py @@ -51,6 +51,7 @@ from django.shortcuts import render_to_response, redirect from django.views.generic import list_detail from django.conf import settings from django.contrib import auth +from django.contrib import messages from django.contrib.auth.decorators import login_required, permission_required from django.core.context_processors import csrf from django.forms.models import modelformset_factory @@ -400,9 +401,11 @@ class WebView(object): def item_export(self, request, public_id, extension): """Export a given media item in the specified format (OGG, FLAC, ...)""" - - if extension != 'mp3' and not getattr(settings, 'TELEMETA_DOWNLOAD_ENABLED', False): - raise Http404 # FIXME: should be some sort of permissions denied error + + item = MediaItem.objects.get(public_id=public_id) + + if extension != 'mp3' and not getattr(settings, 'TELEMETA_DOWNLOAD_ENABLED', False) or item.public_access != 'full': + return HttpResponseRedirect('/not_allowed/') for encoder in self.encoders: if encoder.file_extension() == extension: @@ -413,7 +416,6 @@ class WebView(object): mime_type = encoder.mime_type() file = public_id + '.' + encoder.file_extension() - item = MediaItem.objects.get(public_id=public_id) audio = item.file.path decoder = timeside.decoder.FileDecoder(audio) @@ -942,7 +944,8 @@ class WebView(object): feed = rss.to_xml(encoding='utf-8') response = HttpResponse(feed, mimetype='application/rss+xml') - return response - + def not_allowed(self, request): + messages.error(request, 'Not allowed') + return render(request, 'telemeta/messages.html')