# HG changeset patch # User Paul Boddie # Date 1383757477 -3600 # Node ID be1cddf0aa09dde6259bfcfcd2826358f0d681e5 # Parent 77c1b8aa6fc13e38bcca091eb65fbf2bf93e336c Added ACL propagation from parent pages to subpages, although form access controls should also be considered. diff -r 77c1b8aa6fc1 -r be1cddf0aa09 ItemSupport.py --- a/ItemSupport.py Wed Nov 06 17:22:48 2013 +0100 +++ b/ItemSupport.py Wed Nov 06 18:04:37 2013 +0100 @@ -8,12 +8,24 @@ from MoinMoin.Page import Page from MoinMoin.PageEditor import PageEditor +from MoinMoin.security import Permissions from MoinMoin.util import lock from MoinSupport import getMetadata, getPagesForSearch import os # Content storage support. +class AdminPermissionsForPage(Permissions): + + "Permit saving of ACL-enabled pages." + + def __init__(self, user, pagename): + Permissions.__init__(self, user) + self.pagename = pagename + + def admin(self, pagename): + return pagename == self.pagename + # Underlying storage mechanisms. class GeneralItemStore: @@ -267,15 +279,35 @@ "Write the given 'item' to a file with the given 'next' item number." - page = PageEditor(self.page.request, self.get_item_path(next)) - page.saveText(item, 0) + request = self.page.request + acl = self.page.getACL(request) + pagename = self.get_item_path(next) + + # To add a page with an ACL, a special policy is required. + + may = request.user.may + request.user.may = AdminPermissionsForPage(request.user, pagename) + + # Attempt to save the page, copying any ACL. + + try: + page = PageEditor(request, pagename) + page.saveText(acl.getString() + item, 0) + + # Restore the original policy. + + finally: + request.user.may = may def read_item(self, number): "Read the item with the given item 'number'." page = Page(self.page.request, self.get_item_path(number)) - return page.get_raw_body() + + # Remove any page directives. + + return page.data def remove_item(self, number):