1.1 --- a/events/queue_for_review.py Mon Oct 10 22:28:58 2011 +0200
1.2 +++ b/events/queue_for_review.py Tue Oct 11 01:13:12 2011 +0200
1.3 @@ -17,27 +17,28 @@
1.4 request = event.request
1.5 _ = request.getText
1.6
1.7 - approved_editors_group = get_approved_editors_group(request)
1.8 queued_changes_page = get_queued_changes_page(request)
1.9
1.10 pagename = event.page_editor.page_name
1.11 + body = event.new_text
1.12
1.13 # Saving into queues has to be permitted or the mechanism will keep trying
1.14 # to save into a queue of the specified page.
1.15
1.16 if is_queued_changes_page(request, pagename):
1.17
1.18 - # NOTE: Add ACL to prevent normal users from seeing the page anywhere.
1.19 - # NOTE: (to-do/hide-queued-pages.txt)
1.20 + # Test the integrity of the page in order to prevent direct replacement
1.21 + # of the page. Reviewers can change the page as they please.
1.22
1.23 - return None
1.24 + if check_page(request, body) or is_reviewer(request):
1.25 + return None
1.26 + else:
1.27 + return Abort(_("Queued changes may not be edited."))
1.28
1.29 # For normal pages, the user has to be approved. Otherwise, the page will be
1.30 # saved into a queue.
1.31
1.32 - elif not request.user.valid or (
1.33 - not request.dicts.has_member(approved_editors_group, request.user.name) and \
1.34 - not request.user.isSuperUser()):
1.35 + elif not is_approved(request):
1.36
1.37 # Save the page in the queue.
1.38 # NOTE: Record the parent revision.
1.39 @@ -45,8 +46,30 @@
1.40
1.41 new_page = PageEditor(request, "%s/%s" % (pagename, queued_changes_page))
1.42
1.43 + # Add an ACL to prevent normal users from seeing the page anywhere.
1.44 +
1.45 + body = add_access_control(request, body)
1.46 +
1.47 + # Sign the page to prevent modification in the queue.
1.48 +
1.49 + body = sign_page(request, body)
1.50 + username = request.user.name
1.51 + comment = (username or _("anonymous")) + " : " + _("Queued page edit")
1.52 +
1.53 try:
1.54 - new_page.saveText(event.new_text, 0)
1.55 + try:
1.56 + new_page.saveText(body, 0, comment=comment)
1.57 +
1.58 + # Switch user in order to save a page with an ACL.
1.59 +
1.60 + except PageEditor.AccessDenied:
1.61 + user = request.user
1.62 + request.user = get_user_for_saving(request)
1.63 + try:
1.64 + new_page.saveText(body, 0, comment=comment)
1.65 + finally:
1.66 + request.user = user
1.67 +
1.68 except PageEditor.Unchanged:
1.69 pass
1.70
1.71 @@ -54,6 +77,8 @@
1.72
1.73 return Abort(_("Your changes have been queued for approval."))
1.74
1.75 + return None
1.76 +
1.77 def handle(event):
1.78 if isinstance(event, PagePreSaveEvent):
1.79 return handle_presave(event)