1.1 --- a/MoinForms.py Thu Nov 07 23:26:32 2013 +0100
1.2 +++ b/MoinForms.py Thu Nov 07 23:52:03 2013 +0100
1.3 @@ -21,7 +21,7 @@
1.4 except ImportError:
1.5 from StringIO import StringIO
1.6
1.7 -__version__ = "0.1"
1.8 +__version__ = "0.2"
1.9
1.10 form_field_regexp_str = r"<<Form(Field|Message)\((.*?)\)>>"
1.11 form_field_regexp = re.compile(form_field_regexp_str, re.DOTALL)
1.12 @@ -423,6 +423,20 @@
1.13 self.request = request
1.14 self.attributes = attributes
1.15
1.16 + def getAccessACL(self, access):
1.17 +
1.18 + """
1.19 + Return the form-specific ACL specified by 'access' with the "before"
1.20 + policy being used as the basis of the resultant policy.
1.21 + """
1.22 +
1.23 + cfg = self.request.cfg
1.24 +
1.25 + # Combine the "before" ACL with the form-specific policy.
1.26 +
1.27 + before_acl = [s.split(" ", 1)[1] for s in cfg.cache.acl_rights_before.getString().split("\n") if s.startswith("#acl ")]
1.28 + return security.AccessControlList(cfg, before_acl + [access])
1.29 +
1.30 def getACL(self):
1.31
1.32 """
1.33 @@ -432,7 +446,7 @@
1.34
1.35 if self.attributes.has_key("access"):
1.36 access = self.attributes["access"]
1.37 - return security.AccessControlList(self.request.cfg, [access])
1.38 + return self.getAccessACL(access)
1.39 else:
1.40 return Page(self.request, self.pagename).getACL(self.request)
1.41
1.42 @@ -489,7 +503,7 @@
1.43
1.44 if self.attributes.has_key("access"):
1.45 access = self.attributes["access"]
1.46 - acl = security.AccessControlList(self.request.cfg, [access])
1.47 + acl = self.getAccessACL(access)
1.48 policy = lambda request, pagename, username, action: acl.may(request, username, action)
1.49
1.50 # Otherwise, use the page permissions.