1.1 --- a/actions/PostComment.py Sat Nov 02 20:08:45 2013 +0100
1.2 +++ b/actions/PostComment.py Sun Nov 03 00:45:49 2013 +0100
1.3 @@ -8,11 +8,23 @@
1.4
1.5 from MoinMoin.action import ActionBase
1.6 from MoinMoin.PageEditor import PageEditor
1.7 +from MoinMoin.security import Permissions
1.8 from MoinMoin.wikiutil import escape
1.9 from MoinSupport import getPagesForSearch, getPagesFromResults, ActionSupport
1.10
1.11 Dependencies = ['pages']
1.12
1.13 +class SpecialPermissions(Permissions):
1.14 +
1.15 + "Permit saving of ACL-enabled comment pages."
1.16 +
1.17 + def __init__(self, user, pagename):
1.18 + Permissions.__init__(self, user)
1.19 + self.pagename = pagename
1.20 +
1.21 + def admin(self, pagename):
1.22 + return pagename == self.pagename
1.23 +
1.24 class PostComment(ActionBase, ActionSupport):
1.25
1.26 "Post a comment to the wiki."
1.27 @@ -62,14 +74,35 @@
1.28
1.29 # Write the new page.
1.30
1.31 - new_page = PageEditor(request, "%s/%04d" % (self.pagename, last_comment_pagename + 1))
1.32 + comment_pagename = "%s/%04d" % (self.pagename, last_comment_pagename + 1)
1.33 + new_page = PageEditor(request, comment_pagename)
1.34 + username = request.user.name
1.35
1.36 try:
1.37 - new_page.saveText(comment, 0)
1.38 + # To add a page with an ACL, a special policy is required.
1.39 +
1.40 + may = request.user.may
1.41 + request.user.may = SpecialPermissions(request.user, comment_pagename)
1.42 +
1.43 + # Save the page, labelling it with the actual username.
1.44 +
1.45 + try:
1.46 + new_page.saveText(comment_template % (username, username, comment), 0)
1.47 +
1.48 + # Restore the superusers.
1.49 +
1.50 + finally:
1.51 + request.user.may = may
1.52 +
1.53 return 1, _("Comment added.")
1.54 except new_page.SaveError, exc:
1.55 return 0, unicode(exc)
1.56
1.57 +comment_template = """\
1.58 +#acl %s:read,write,delete,revert All:read
1.59 +#pragma comment-owner %s
1.60 +%s"""
1.61 +
1.62 def get_comment_numbers(pagename, request):
1.63
1.64 """