1 # -*- coding: iso-8859-1 -*- 2 """ 3 MoinMoin - Queue changes for review 4 5 Queue changed pages edited by unprivileged users for review by the 6 ApproveChanges action. 7 8 @copyright: 2011, 2013 Paul Boddie <paul@boddie.org.uk> 9 @license: GNU GPL, see COPYING for details. 10 """ 11 12 from MoinMoin.PageEditor import PageEditor 13 from MoinMoin.events import PagePreSaveEvent, Abort 14 from MoinMoin.security import Permissions 15 from ApproveChangesSupport import * 16 17 class SpecialPermissions(Permissions): 18 19 "Permit saving of ACL-enabled comment pages." 20 21 def __init__(self, user, pagename): 22 Permissions.__init__(self, user) 23 self.pagename = pagename 24 25 def admin(self, pagename): 26 return pagename == self.pagename 27 28 write = admin 29 30 def handle_presave(event): 31 request = event.request 32 _ = request.getText 33 34 queued_changes_page = get_queued_changes_page(request) 35 user_specific_queue = get_user_specific_queue(request) 36 37 pagename = event.page_editor.page_name 38 body = event.new_text 39 40 # Saving into queues has to be permitted or the mechanism will keep trying 41 # to save into a queue of the specified page. 42 43 if is_queued_changes_page(request, pagename): 44 45 # Test the integrity of the page in order to prevent direct replacement 46 # of the page. Reviewers can change the page as they please. 47 48 if is_reviewer(request) or isinstance(request.user.may, SpecialPermissions): 49 return None 50 else: 51 return Abort(_("Queued changes may not be edited.")) 52 53 # For normal pages, the user has to be approved. Otherwise, the page will be 54 # saved into a queue. If the save operation occurs as part of an approval 55 # action, however, the effective user will be able to save the page. 56 57 elif not request.action == "ApproveChanges" and not is_approved(request): 58 59 # Save the page in the queue. 60 61 queued_pagename = "%s/%s%s" % (pagename, user_specific_queue, queued_changes_page) 62 new_page = PageEditor(request, queued_pagename) 63 64 # Add an ACL to prevent normal users from seeing the page anywhere. 65 # Add a parent revision to the page. 66 67 directives = [ 68 get_access_control_directive(request), 69 get_parent_revision_directive(request, pagename), 70 get_user_directive(request), 71 get_user_queue_directive(request) 72 ] 73 74 body = add_directives(body, directives) 75 76 username = request.user.name 77 comment = (username or _("anonymous")) + " : " + _("Queued page edit") 78 79 try: 80 # To add a page with an ACL, a special policy is required. 81 82 may = request.user.may 83 request.user.may = SpecialPermissions(request.user, queued_pagename) 84 85 # Save the page with the ACL. 86 87 try: 88 new_page.saveText(body, 0, comment=comment) 89 90 # Restore the original policy. 91 92 finally: 93 request.user.may = may 94 95 except PageEditor.Unchanged: 96 pass 97 98 # Abort the page save operation. 99 100 return Abort(_("Your changes have been queued for approval.")) 101 102 return None 103 104 def handle(event): 105 if isinstance(event, PagePreSaveEvent): 106 return handle_presave(event) 107 108 # vim: tabstop=4 expandtab shiftwidth=4