1.1 --- a/events/queue_for_review.py Tue Nov 05 22:18:45 2013 +0100
1.2 +++ b/events/queue_for_review.py Tue Nov 05 22:56:25 2013 +0100
1.3 @@ -11,8 +11,22 @@
1.4
1.5 from MoinMoin.PageEditor import PageEditor
1.6 from MoinMoin.events import PagePreSaveEvent, Abort
1.7 +from MoinMoin.security import Permissions
1.8 from ApproveChangesSupport import *
1.9
1.10 +class SpecialPermissions(Permissions):
1.11 +
1.12 + "Permit saving of ACL-enabled comment pages."
1.13 +
1.14 + def __init__(self, user, pagename):
1.15 + Permissions.__init__(self, user)
1.16 + self.pagename = pagename
1.17 +
1.18 + def admin(self, pagename):
1.19 + return pagename == self.pagename
1.20 +
1.21 + write = admin
1.22 +
1.23 def handle_presave(event):
1.24 request = event.request
1.25 _ = request.getText
1.26 @@ -31,7 +45,7 @@
1.27 # Test the integrity of the page in order to prevent direct replacement
1.28 # of the page. Reviewers can change the page as they please.
1.29
1.30 - if is_reviewer(request) or is_queued_changes_user(request):
1.31 + if is_reviewer(request) or isinstance(request.user.may, SpecialPermissions):
1.32 return None
1.33 else:
1.34 return Abort(_("Queued changes may not be edited."))
1.35 @@ -44,7 +58,8 @@
1.36
1.37 # Save the page in the queue.
1.38
1.39 - new_page = PageEditor(request, "%s/%s%s" % (pagename, user_specific_queue, queued_changes_page))
1.40 + queued_pagename = "%s/%s%s" % (pagename, user_specific_queue, queued_changes_page)
1.41 + new_page = PageEditor(request, queued_pagename)
1.42
1.43 # Add an ACL to prevent normal users from seeing the page anywhere.
1.44 # Add a parent revision to the page.
1.45 @@ -62,14 +77,20 @@
1.46 comment = (username or _("anonymous")) + " : " + _("Queued page edit")
1.47
1.48 try:
1.49 - # Switch user in order to save a page with an ACL.
1.50 + # To add a page with an ACL, a special policy is required.
1.51
1.52 - user = request.user
1.53 - request.user = get_user_for_saving(request)
1.54 + may = request.user.may
1.55 + request.user.may = SpecialPermissions(request.user, queued_pagename)
1.56 +
1.57 + # Save the page with the ACL.
1.58 +
1.59 try:
1.60 new_page.saveText(body, 0, comment=comment)
1.61 +
1.62 + # Restore the original policy.
1.63 +
1.64 finally:
1.65 - request.user = user
1.66 + request.user.may = may
1.67
1.68 except PageEditor.Unchanged:
1.69 pass