1 # -*- coding: iso-8859-1 -*- 2 """ 3 MoinMoin - ApproveChanges library 4 5 This library relies on the existence of a user (by default 6 "ApprovalQueueUser") who has sufficient privileges to write pages with ACLs 7 to an approval queue (ACL permissions "write,admin"). 8 9 If users other than the superuser are to be able to edit pages freely, they 10 must be present in a group (by default "ApprovedGroup"), and if they are to 11 be allowed to review changes, they must be present in a different group (by 12 default "PageReviewersGroup"). 13 14 @copyright: 2011 by Paul Boddie <paul@boddie.org.uk> 15 @license: GNU GPL (v2 or later), see COPYING.txt for details. 16 """ 17 18 from MoinMoin import user 19 from MoinMoin.wikiutil import escape 20 21 __version__ = "0.1" 22 23 def get_queued_changes_page(request): 24 return getattr(request.cfg, "queued_changes_page", "ApprovalQueue") 25 26 def get_approved_editors_group(request): 27 return getattr(request.cfg, "approved_editors_group", "ApprovedGroup") 28 29 def get_page_reviewers_group(request): 30 return getattr(request.cfg, "reviewers_group", "PageReviewersGroup") 31 32 def get_queued_changes_user(request): 33 return getattr(request.cfg, "queued_changes_user", "ApprovalQueueUser") 34 35 def get_secret_key(request): 36 return request.cfg.secrets["wikiutil/tickets"] 37 38 def is_reviewer(request): 39 return request.user.valid and ( 40 request.dicts.has_member(get_approved_editors_group(request), request.user.name) or \ 41 request.user.isSuperUser()) 42 43 def is_approved(request): 44 return request.user.valid and ( 45 request.dicts.has_member(get_approved_editors_group(request), request.user.name) or \ 46 request.user.isSuperUser()) 47 48 def is_queued_changes_user(request): 49 return request.user.valid and request.user.name == get_queued_changes_user(request) 50 51 def is_queued_changes_page(request, pagename): 52 53 "Return whether 'pagename' is a queued changes page by testing its name." 54 55 parts = pagename.split("/") 56 return len(parts) > 1 and parts[-1] == get_queued_changes_page(request) 57 58 def get_target_page_name(pagename): 59 60 "Return the target page name for the given queued changes 'pagename'." 61 62 return "/".join(pagename.split("/")[:-1]) 63 64 def get_user_for_saving(request): 65 66 "Return a user that can save pages with ACLs." 67 68 username = get_queued_changes_user(request) 69 uid = user.getUserId(request, username) 70 71 # If the user does not exist, just return the existing user. 72 73 if not uid: 74 return request.user 75 76 # Otherwise, return the privileged user. 77 78 return user.User(request, uid) 79 80 def add_access_control(request, body): 81 82 """ 83 Using the 'request', add an ACL to the page 'body' in order to prevent 84 anyone other than reviewers from seeing it in the queue. 85 """ 86 87 return "#acl %s:read,write,delete,revert,admin All:\n" % ( 88 get_page_reviewers_group(request)) + body 89 90 def remove_access_control(request, body): 91 92 "Using the 'request', remove any added ACL to the page 'body'." 93 94 new_body = [] 95 header = 1 96 97 for line in body.split("\n"): 98 if header: 99 100 # Skip the first ACL, preserving others potentially added in the 101 # review process. 102 103 if line.startswith("#acl "): 104 header = 0 105 continue 106 107 # Detect the end of the header. 108 109 if not line.startswith("#"): 110 header = 0 111 112 new_body.append(line) 113 114 return "\n".join(new_body) 115 116 # Utility classes and associated functions. 117 # NOTE: These are a subset of EventAggregatorSupport. 118 119 class Form: 120 121 """ 122 A wrapper preserving MoinMoin 1.8.x (and earlier) behaviour in a 1.9.x 123 environment. 124 """ 125 126 def __init__(self, form): 127 self.form = form 128 129 def get(self, name, default=None): 130 values = self.form.getlist(name) 131 if not values: 132 return default 133 else: 134 return values 135 136 def __getitem__(self, name): 137 return self.form.getlist(name) 138 139 class ActionSupport: 140 141 """ 142 Work around disruptive MoinMoin changes in 1.9, and also provide useful 143 convenience methods. 144 """ 145 146 def get_form(self): 147 return get_form(self.request) 148 149 def get_form(request): 150 151 "Work around disruptive MoinMoin changes in 1.9." 152 153 if hasattr(request, "values"): 154 return Form(request.values) 155 else: 156 return request.form 157 158 def escattr(s): 159 return escape(s, 1) 160 161 # vim: tabstop=4 expandtab shiftwidth=4