1.1 --- a/MoinForms.py Wed Nov 06 14:42:12 2013 +0100
1.2 +++ b/MoinForms.py Thu Nov 07 19:16:45 2013 +0100
1.3 @@ -413,6 +413,19 @@
1.4 self.request = request
1.5 self.attributes = attributes
1.6
1.7 + def getACL(self):
1.8 +
1.9 + """
1.10 + Return the access control list for the form. Where no form-specific
1.11 + policy is specified, the page's ACL will be returned.
1.12 + """
1.13 +
1.14 + if self.attributes.has_key("access"):
1.15 + access = self.attributes["access"]
1.16 + return security.AccessControlList(self.request.cfg, [access])
1.17 + else:
1.18 + return Page(self.request, self.pagename).getACL(self.request)
1.19 +
1.20 def checkPermissions(self, action):
1.21
1.22 """
1.23 @@ -458,8 +471,8 @@
1.24
1.25 # Use an alternative store type if indicated.
1.26
1.27 - storetype = handler.attributes.get("storetype")
1.28 - if storetype == "subpage":
1.29 + self.storetype = handler.attributes.get("storetype")
1.30 + if self.storetype == "subpage":
1.31 store = getSubpageItemStoreForPage(page, "form_locks/%s" % lockdir)
1.32 else:
1.33 store = getDirectoryItemStoreForPage(page, "forms/%s" % formdir, "form_locks/%s" % lockdir)
1.34 @@ -483,6 +496,34 @@
1.35
1.36 return self.handler.checkPermissions("read")
1.37
1.38 + def append(self, item):
1.39 +
1.40 + "Append the given 'item' to the store."
1.41 +
1.42 + if self.storetype == "subpage":
1.43 +
1.44 + # Add an ACL to restrict direct access to subpages.
1.45 +
1.46 + request = self.page.request
1.47 + acl = self.handler.getACL()
1.48 + item = acl.getString() + item
1.49 +
1.50 + ItemStoreBase.append(self, item)
1.51 +
1.52 + def __getitem__(self, number):
1.53 +
1.54 + "Return the item for the given 'number'."
1.55 +
1.56 + body = ItemStoreBase.__getitem__(self, number)
1.57 +
1.58 + if self.storetype == "subpage":
1.59 +
1.60 + # Remove any page directives.
1.61 +
1.62 + directives, body = wikiutil.get_processing_instructions(body)
1.63 +
1.64 + return body
1.65 +
1.66 # Form and field information.
1.67
1.68 def getFormStructure(text, request, path=None, structure=None):