# HG changeset patch # User Paul Boddie # Date 1383848101 -3600 # Node ID 658395dc76d3d3322952e4982e009d1783739294 # Parent be1cddf0aa09dde6259bfcfcd2826358f0d681e5 Removed ACL definitions from subpage items, delegating such definitions to specific extensions. Applied write permissions when writing subpage items and read permissions when obtaining the keys for a subpage item store. diff -r be1cddf0aa09 -r 658395dc76d3 ItemSupport.py --- a/ItemSupport.py Wed Nov 06 18:04:37 2013 +0100 +++ b/ItemSupport.py Thu Nov 07 19:15:01 2013 +0100 @@ -15,7 +15,7 @@ # Content storage support. -class AdminPermissionsForPage(Permissions): +class SpecialPermissionsForPage(Permissions): "Permit saving of ACL-enabled pages." @@ -26,6 +26,19 @@ def admin(self, pagename): return pagename == self.pagename + write = admin + +class ReadPermissionsForSubpages(Permissions): + + "Permit listing of ACL-affected subpages." + + def __init__(self, user, pagename): + Permissions.__init__(self, user) + self.pagename = pagename + + def read(self, pagename): + return pagename.startswith("%s/" % self.pagename) + # Underlying storage mechanisms. class GeneralItemStore: @@ -260,39 +273,51 @@ "Return the item keys." + request = self.page.request + # Collect the strict subpages of the parent page. leafnames = [] parentname = self.page.page_name - for page in getPagesForSearch("title:regex:^%s/" % parentname, self.page.request): - basename, leafname = page.page_name.rsplit("/", 1) + # To list pages whose ACLs may prevent access, a special policy is required. - # Only collect numbered pages immediately below the parent. + may = request.user.may + request.user.may = ReadPermissionsForSubpages(request.user, parentname) + + try: + for page in getPagesForSearch("title:regex:^%s/" % parentname, self.page.request): + basename, leafname = page.page_name.rsplit("/", 1) - if basename == parentname and leafname.isdigit(): - leafnames.append(int(leafname)) + # Only collect numbered pages immediately below the parent. + + if basename == parentname and leafname.isdigit(): + leafnames.append(int(leafname)) - return leafnames + return leafnames + + # Restore the original policy. + + finally: + request.user.may = may def write_item(self, item, next): "Write the given 'item' to a file with the given 'next' item number." request = self.page.request - acl = self.page.getACL(request) pagename = self.get_item_path(next) # To add a page with an ACL, a special policy is required. may = request.user.may - request.user.may = AdminPermissionsForPage(request.user, pagename) + request.user.may = SpecialPermissionsForPage(request.user, pagename) # Attempt to save the page, copying any ACL. try: page = PageEditor(request, pagename) - page.saveText(acl.getString() + item, 0) + page.saveText(item, 0) # Restore the original policy. @@ -304,10 +329,7 @@ "Read the item with the given item 'number'." page = Page(self.page.request, self.get_item_path(number)) - - # Remove any page directives. - - return page.data + return page.get_raw_body() def remove_item(self, number):