# HG changeset patch
# User Paul Boddie <paul@boddie.org.uk>
# Date 1383848205 -3600
# Node ID 124b54c4342853ce5d1128923f1ce468f2a0b404
# Parent  89b43fa145a60725bf7a0edcffaa3e191754daa0
Moved ACL definition writing and filtering from ItemSupport.
Added form-specific ACL writing in addition to support for page-level ACLs.

diff -r 89b43fa145a6 -r 124b54c43428 MoinForms.py
--- a/MoinForms.py	Wed Nov 06 14:42:12 2013 +0100
+++ b/MoinForms.py	Thu Nov 07 19:16:45 2013 +0100
@@ -413,6 +413,19 @@
         self.request = request
         self.attributes = attributes
 
+    def getACL(self):
+
+        """
+        Return the access control list for the form. Where no form-specific
+        policy is specified, the page's ACL will be returned.
+        """
+
+        if self.attributes.has_key("access"):
+            access = self.attributes["access"]
+            return security.AccessControlList(self.request.cfg, [access])
+        else:
+            return Page(self.request, self.pagename).getACL(self.request)
+
     def checkPermissions(self, action):
 
         """
@@ -458,8 +471,8 @@
 
         # Use an alternative store type if indicated.
 
-        storetype = handler.attributes.get("storetype")
-        if storetype == "subpage":
+        self.storetype = handler.attributes.get("storetype")
+        if self.storetype == "subpage":
             store = getSubpageItemStoreForPage(page, "form_locks/%s" % lockdir)
         else:
             store = getDirectoryItemStoreForPage(page, "forms/%s" % formdir, "form_locks/%s" % lockdir)
@@ -483,6 +496,34 @@
 
         return self.handler.checkPermissions("read")
 
+    def append(self, item):
+
+        "Append the given 'item' to the store."
+
+        if self.storetype == "subpage":
+
+            # Add an ACL to restrict direct access to subpages.
+
+            request = self.page.request
+            acl = self.handler.getACL()
+            item = acl.getString() + item
+
+        ItemStoreBase.append(self, item)
+
+    def __getitem__(self, number):
+
+        "Return the item for the given 'number'."
+
+        body = ItemStoreBase.__getitem__(self, number)
+
+        if self.storetype == "subpage":
+
+            # Remove any page directives.
+
+            directives, body = wikiutil.get_processing_instructions(body)
+
+        return body
+
 # Form and field information.
 
 def getFormStructure(text, request, path=None, structure=None):