1.1 --- a/MoinForms.py Sun Jan 20 18:24:06 2013 +0100
1.2 +++ b/MoinForms.py Sun Jan 20 19:47:48 2013 +0100
1.3 @@ -10,8 +10,7 @@
1.4 from compiler.ast import Const, Dict, Discard, List, Module, Stmt
1.5 from MoinMoin.action import do_show
1.6 from MoinMoin.Page import Page
1.7 -from MoinMoin.security import parseACL
1.8 -from MoinMoin import wikiutil
1.9 +from MoinMoin import security, wikiutil
1.10 from MoinSupport import *
1.11 import re
1.12
1.13 @@ -107,17 +106,24 @@
1.14
1.15 user = self.request.user
1.16
1.17 - # Use the page permissions if no access definition is given.
1.18 + # Use the access definition if one is given.
1.19
1.20 - if not self.attributes.has_key("access"):
1.21 - return user and getattr(user.may, action)(self.pagename)
1.22 + if self.attributes.has_key("access"):
1.23 + access = self.attributes["access"]
1.24 + acl = security.AccessControlList(self.request.cfg, [access])
1.25 + policy = lambda request, pagename, username, action: acl.may(request, username, action)
1.26
1.27 - # Otherwise use the access definition.
1.28 + # Otherwise, use the page permissions.
1.29
1.30 else:
1.31 - access = self.attributes["access"]
1.32 - acl = parseACL(self.request, access)
1.33 - return user and acl.may(self.request, user.name, action)
1.34 + policy = security._check
1.35 +
1.36 + # The "read" action is only satisfied by the "admin" role.
1.37 +
1.38 + return user and (
1.39 + action != "read" and policy(self.request, self.pagename, user.name, action) or
1.40 + action == "read" and policy(self.request, self.pagename, user.name, "admin")
1.41 + )
1.42
1.43 def validateFields(self, fields, structure):
1.44
1.45 @@ -317,6 +323,15 @@
1.46
1.47 return self.handler.checkPermissions("write")
1.48
1.49 + def can_read(self):
1.50 +
1.51 + """
1.52 + Permit reading of form data using the form attributes or page
1.53 + permissions.
1.54 + """
1.55 +
1.56 + return self.handler.checkPermissions("read")
1.57 +
1.58 # Form and field information.
1.59
1.60 def getFormStructure(text, request, path=None, structure=None):
2.1 --- a/pages/HelpOnMoinForms Sun Jan 20 18:24:06 2013 +0100
2.2 +++ b/pages/HelpOnMoinForms Sun Jan 20 19:47:48 2013 +0100
2.3 @@ -250,28 +250,24 @@
2.4 By default, the usage of forms and the storage of form data is restricted according to the permissions granted for a given user for the page on which each form appears. This is summarised in the following table:
2.5
2.6 || '''Page Permission''' || '''Access to Form and Form Data''' ||
2.7 +|| `admin` || May read form data ||
2.8 || `delete` || May delete form data (since the entire page may also be deleted) ||
2.9 || `read` || ''Permission grants no additional access'' ||
2.10 || `write` || May submit forms and store form data ||
2.11
2.12 Thus, on any page for which a user only has read access, any form will by default be visible but not usable for submitting data.
2.13
2.14 -However, it is possible to change these restrictions by specifying an `access` keyword which defines the permissions that an unprivileged user has when using the form. For example:
2.15 +However, it is possible to override these restrictions by specifying an `access` keyword which defines a different set of permissions that applies to a user when using the form. For example:
2.16
2.17 {{{{
2.18 -{{{#!form fragment=exampleform5 access=All:write
2.19 +{{{#!form fragment=exampleform5 access='All:write'
2.20 ...
2.21 }}}
2.22 }}}}
2.23
2.24 -Here, unprivileged users - those who may not change the page and thus change the form definition - may submit the form and store their submissions. The following table summarises the different `access` options:
2.25 +Here, unprivileged users - those who may have been forbidden from changing the page and thus changing the form definition - may submit the form and store their submissions. The above table also summarises the permissions that may be specified along with their effects.
2.26
2.27 -|| '''Access Option''' || '''Access to Form and Form Data''' ||
2.28 -|| `delete` || May delete form data ||
2.29 -|| `read` || May read form data ||
2.30 -|| `write` || May submit forms and store form data ||
2.31 -
2.32 -The `access` keyword supports conventional [[HelpOnAccessControlLists|ACL]] syntax.
2.33 +The `access` keyword supports the conventional [[HelpOnAccessControlLists|ACL]] syntax, and where spaces are present in the specified value, quotes should be placed around the value itself and not the `access` keyword and equals sign as well.
2.34
2.35 === Extending the Default Form Handler ===
2.36