MoinForms

Changeset

47:124b54c43428
2013-11-07 Paul Boddie raw files shortlog changelog graph Moved ACL definition writing and filtering from ItemSupport. Added form-specific ACL writing in addition to support for page-level ACLs.
MoinForms.py (file)
     1.1 --- a/MoinForms.py	Wed Nov 06 14:42:12 2013 +0100
     1.2 +++ b/MoinForms.py	Thu Nov 07 19:16:45 2013 +0100
     1.3 @@ -413,6 +413,19 @@
     1.4          self.request = request
     1.5          self.attributes = attributes
     1.6  
     1.7 +    def getACL(self):
     1.8 +
     1.9 +        """
    1.10 +        Return the access control list for the form. Where no form-specific
    1.11 +        policy is specified, the page's ACL will be returned.
    1.12 +        """
    1.13 +
    1.14 +        if self.attributes.has_key("access"):
    1.15 +            access = self.attributes["access"]
    1.16 +            return security.AccessControlList(self.request.cfg, [access])
    1.17 +        else:
    1.18 +            return Page(self.request, self.pagename).getACL(self.request)
    1.19 +
    1.20      def checkPermissions(self, action):
    1.21  
    1.22          """
    1.23 @@ -458,8 +471,8 @@
    1.24  
    1.25          # Use an alternative store type if indicated.
    1.26  
    1.27 -        storetype = handler.attributes.get("storetype")
    1.28 -        if storetype == "subpage":
    1.29 +        self.storetype = handler.attributes.get("storetype")
    1.30 +        if self.storetype == "subpage":
    1.31              store = getSubpageItemStoreForPage(page, "form_locks/%s" % lockdir)
    1.32          else:
    1.33              store = getDirectoryItemStoreForPage(page, "forms/%s" % formdir, "form_locks/%s" % lockdir)
    1.34 @@ -483,6 +496,34 @@
    1.35  
    1.36          return self.handler.checkPermissions("read")
    1.37  
    1.38 +    def append(self, item):
    1.39 +
    1.40 +        "Append the given 'item' to the store."
    1.41 +
    1.42 +        if self.storetype == "subpage":
    1.43 +
    1.44 +            # Add an ACL to restrict direct access to subpages.
    1.45 +
    1.46 +            request = self.page.request
    1.47 +            acl = self.handler.getACL()
    1.48 +            item = acl.getString() + item
    1.49 +
    1.50 +        ItemStoreBase.append(self, item)
    1.51 +
    1.52 +    def __getitem__(self, number):
    1.53 +
    1.54 +        "Return the item for the given 'number'."
    1.55 +
    1.56 +        body = ItemStoreBase.__getitem__(self, number)
    1.57 +
    1.58 +        if self.storetype == "subpage":
    1.59 +
    1.60 +            # Remove any page directives.
    1.61 +
    1.62 +            directives, body = wikiutil.get_processing_instructions(body)
    1.63 +
    1.64 +        return body
    1.65 +
    1.66  # Form and field information.
    1.67  
    1.68  def getFormStructure(text, request, path=None, structure=None):