MoinForms

Change of MoinForms.py

24:d4b3a51c6d05
MoinForms.py
     1.1 --- a/MoinForms.py	Sun Jan 20 18:24:06 2013 +0100
     1.2 +++ b/MoinForms.py	Sun Jan 20 19:47:48 2013 +0100
     1.3 @@ -10,8 +10,7 @@
     1.4  from compiler.ast import Const, Dict, Discard, List, Module, Stmt
     1.5  from MoinMoin.action import do_show
     1.6  from MoinMoin.Page import Page
     1.7 -from MoinMoin.security import parseACL
     1.8 -from MoinMoin import wikiutil
     1.9 +from MoinMoin import security, wikiutil
    1.10  from MoinSupport import *
    1.11  import re
    1.12  
    1.13 @@ -107,17 +106,24 @@
    1.14  
    1.15          user = self.request.user
    1.16  
    1.17 -        # Use the page permissions if no access definition is given.
    1.18 +        # Use the access definition if one is given.
    1.19  
    1.20 -        if not self.attributes.has_key("access"):
    1.21 -            return user and getattr(user.may, action)(self.pagename)
    1.22 +        if self.attributes.has_key("access"):
    1.23 +            access = self.attributes["access"]
    1.24 +            acl = security.AccessControlList(self.request.cfg, [access])
    1.25 +            policy = lambda request, pagename, username, action: acl.may(request, username, action)
    1.26  
    1.27 -        # Otherwise use the access definition.
    1.28 +        # Otherwise, use the page permissions.
    1.29  
    1.30          else:
    1.31 -            access = self.attributes["access"]
    1.32 -            acl = parseACL(self.request, access)
    1.33 -            return user and acl.may(self.request, user.name, action)
    1.34 +            policy = security._check
    1.35 +
    1.36 +        # The "read" action is only satisfied by the "admin" role.
    1.37 +
    1.38 +        return user and (
    1.39 +            action != "read" and policy(self.request, self.pagename, user.name, action) or
    1.40 +            action == "read" and policy(self.request, self.pagename, user.name, "admin")
    1.41 +            )
    1.42  
    1.43      def validateFields(self, fields, structure):
    1.44  
    1.45 @@ -317,6 +323,15 @@
    1.46  
    1.47          return self.handler.checkPermissions("write")
    1.48  
    1.49 +    def can_read(self):
    1.50 +
    1.51 +        """
    1.52 +        Permit reading of form data using the form attributes or page
    1.53 +        permissions.
    1.54 +        """
    1.55 +
    1.56 +        return self.handler.checkPermissions("read")
    1.57 +
    1.58  # Form and field information.
    1.59  
    1.60  def getFormStructure(text, request, path=None, structure=None):