1.1 --- a/MoinMessageSupport.py Tue Dec 17 14:11:38 2013 +0100
1.2 +++ b/MoinMessageSupport.py Sat Dec 21 01:48:54 2013 +0100
1.3 @@ -13,6 +13,7 @@
1.4 from MoinSupport import getHeader, getMetadata, getWikiDict, writeHeaders, \
1.5 parseDictEntry
1.6 from ItemSupport import ItemStore
1.7 +from TokenSupport import getIdentifiers
1.8 from MoinMessage import GPG, Message, MoinMessageError, \
1.9 MoinMessageMissingPart, MoinMessageBadContent, \
1.10 is_signed, is_encrypted, getContentAndSignature
1.11 @@ -228,6 +229,32 @@
1.12
1.13 return homedir
1.14
1.15 + def can_perform_action(self, action):
1.16 +
1.17 + """
1.18 + Determine whether the user in the request has the necessary privileges
1.19 + to change the current page using a message requesting the given
1.20 + 'action'.
1.21 + """
1.22 +
1.23 + for identifier in get_update_actions_for_user(self.request):
1.24 +
1.25 + # Expect "action:pagename", rejecting ill-formed identifiers.
1.26 +
1.27 + details = identifier.split(":", 1)
1.28 + if len(details) != 2:
1.29 + continue
1.30 +
1.31 + # If the action and page name match, return success.
1.32 +
1.33 + permitted, pagename = details
1.34 + if permitted.lower() == action.lower() and pagename == self.page.page_name:
1.35 + return True
1.36 +
1.37 + return False
1.38 +
1.39 +# More specific errors.
1.40 +
1.41 class MoinMessageRecipientError(MoinMessageError):
1.42 pass
1.43
1.44 @@ -240,6 +267,8 @@
1.45 class MoinMessageBadRecipient(MoinMessageRecipientError):
1.46 pass
1.47
1.48 +# Utility functions.
1.49 +
1.50 def get_homedir(request):
1.51
1.52 "Locate the GPG home directory."
1.53 @@ -302,20 +331,42 @@
1.54 'fingerprint' or None if no correspondence is present in the mapping page.
1.55 """
1.56
1.57 + # Since this function must be able to work before any user has been
1.58 + # identified, the wikidict operation uses superuser privileges.
1.59 +
1.60 gpg_users = getWikiDict(
1.61 getattr(request.cfg, "moinmessage_gpg_users_page", "MoinMessageUserDict"),
1.62 request,
1.63 - superuser=True # disable user test because we have no user yet
1.64 + superuser=True
1.65 )
1.66
1.67 - # With a user mapping and a fingerprint corresponding to a known
1.68 - # user, temporarily switch user in order to make the edit.
1.69 -
1.70 if gpg_users and gpg_users.has_key(fingerprint):
1.71 return gpg_users[fingerprint]
1.72 else:
1.73 return None
1.74
1.75 +def get_update_actions_for_user(request):
1.76 +
1.77 + """
1.78 + For the user associated with the 'request', return the permitted actions for
1.79 + the user in the form of
1.80 + """
1.81 +
1.82 + if not request.user or not request.user.valid:
1.83 + return []
1.84 +
1.85 + actions = getWikiDict(
1.86 + getattr(request.cfg, "moinmessage_user_actions_page", "MoinMessageUserActionsDict"),
1.87 + request
1.88 + )
1.89 +
1.90 + username = request.user.name
1.91 +
1.92 + if actions and actions.has_key(username):
1.93 + return getIdentifiers(actions[username])
1.94 + else:
1.95 + return []
1.96 +
1.97 def get_recipient_details(request, recipient, main=False, fetching=False):
1.98
1.99 """