# HG changeset patch
# User Paul Boddie <paul@boddie.org.uk>
# Date 1358633525 -3600
# Node ID 471bd53b5bb27c58672f9180250c854b1543c1a7
# Parent  5adaf0d18bcb83c6ac06aa78e7aae1e667f1918c
Added write permission checking when appending to an item store.

diff -r 5adaf0d18bcb -r 471bd53b5bb2 MoinSupport.py
--- a/MoinSupport.py	Sat Jan 19 21:17:18 2013 +0100
+++ b/MoinSupport.py	Sat Jan 19 23:12:05 2013 +0100
@@ -880,6 +880,7 @@
 
         "Initialise an item store for the given 'page'."
 
+        self.page = page
         self.path = page.getPagePath(item_dir_name)
         self.next_path = os.path.join(self.path, "next")
         lock_dir = page.getPagePath(lock_dir_name)
@@ -941,6 +942,9 @@
 
         "Append the given 'item' to the store."
 
+        if not self.can_write():
+            return
+
         self.lock.acquire()
         try:
             next = self.get_next()
@@ -949,4 +953,14 @@
         finally:
             self.lock.release()
 
+    def can_write(self):
+
+        """
+        Return whether the user associated with the request can write to the
+        page owning this store.
+        """
+
+        user = self.page.request.user
+        return user and user.may.write(self.page.page_name)
+
 # vim: tabstop=4 expandtab shiftwidth=4