[extensions-web] upload: Validate model instead of blindly accepting it

[Jasper St. Pierre <jstpierre src gnome org>]

commit c58125080f611fd2141f8af3279fe4b69e4cb412
Author: Jasper St. Pierre <jstpierre mecheye net>
Date:   Thu Dec 8 11:37:06 2011 -0500

    upload: Validate model instead of blindly accepting it

 .../extensions/templates/extensions/upload.html    |   10 ++++
 sweettooth/extensions/views.py                     |   45 +++++++++++++-------
 2 files changed, 39 insertions(+), 16 deletions(-)
---
diff --git a/sweettooth/extensions/templates/extensions/upload.html b/sweettooth/extensions/templates/extensions/upload.html
index ebe8687..a485163 100644
--- a/sweettooth/extensions/templates/extensions/upload.html
+++ b/sweettooth/extensions/templates/extensions/upload.html
@@ -1,4 +1,14 @@
 {% extends "base.html" %}
+
+{% block extra-messages %}
+  {{ block.super }}
+  {% for error in errors %}
+  <p class="message error">
+    {{ error }}
+  </p>
+  {% endfor %}
+{% endblock %}
+
 {% block body %}
 <div class="step upload">
   <h2 class="steptitle">Step <span>1</span></h2>
diff --git a/sweettooth/extensions/views.py b/sweettooth/extensions/views.py
index 264ecad..8b5f339 100644
--- a/sweettooth/extensions/views.py
+++ b/sweettooth/extensions/views.py
@@ -1,4 +1,5 @@
 
+from django.core.exceptions import ValidationError
 from django.core.paginator import Paginator, InvalidPage
 from django.core.urlresolvers import reverse
 from django.contrib.auth.decorators import login_required
@@ -329,6 +330,8 @@ def upload_file(request, pk):
         if extension.creator != request.user:
             return HttpResponseForbidden()
 
+    errors = []
+
     if request.method == 'POST':
         form = UploadForm(request.POST, request.FILES)
         if form.is_valid():
@@ -361,20 +364,30 @@ def upload_file(request, pk):
             version.parse_metadata_json(metadata)
 
             extension.creator = request.user
-            extension.save()
-
-            version.extension = extension
-            version.source = file_source
-            version.status = models.STATUS_NEW
-            version.save()
-
-            version.replace_metadata_json()
 
-            return redirect('extensions-version-detail',
-                            pk=version.pk,
-                            ext_pk=extension.pk,
-                            slug=extension.slug)
-    else:
-        form = UploadForm()
-
-    return render(request, 'extensions/upload.html', dict(form=form))
+            try:
+                extension.full_clean()
+            except ValidationError, e:
+                is_valid = False
+                errors = e.messages
+            else:
+                is_valid = True
+
+            if is_valid:
+                extension.save()
+
+                version.extension = extension
+                version.source = file_source
+                version.status = models.STATUS_NEW
+                version.save()
+
+                version.replace_metadata_json()
+
+                return redirect('extensions-version-detail',
+                                pk=version.pk,
+                                ext_pk=extension.pk,
+                                slug=extension.slug)
+
+    form = UploadForm()
+    return render(request, 'extensions/upload.html', dict(form=form,
+                                                          errors=errors))