1.1 --- a/ItemSupport.py Wed Nov 06 18:04:37 2013 +0100
1.2 +++ b/ItemSupport.py Thu Nov 07 19:15:01 2013 +0100
1.3 @@ -15,7 +15,7 @@
1.4
1.5 # Content storage support.
1.6
1.7 -class AdminPermissionsForPage(Permissions):
1.8 +class SpecialPermissionsForPage(Permissions):
1.9
1.10 "Permit saving of ACL-enabled pages."
1.11
1.12 @@ -26,6 +26,19 @@
1.13 def admin(self, pagename):
1.14 return pagename == self.pagename
1.15
1.16 + write = admin
1.17 +
1.18 +class ReadPermissionsForSubpages(Permissions):
1.19 +
1.20 + "Permit listing of ACL-affected subpages."
1.21 +
1.22 + def __init__(self, user, pagename):
1.23 + Permissions.__init__(self, user)
1.24 + self.pagename = pagename
1.25 +
1.26 + def read(self, pagename):
1.27 + return pagename.startswith("%s/" % self.pagename)
1.28 +
1.29 # Underlying storage mechanisms.
1.30
1.31 class GeneralItemStore:
1.32 @@ -260,39 +273,51 @@
1.33
1.34 "Return the item keys."
1.35
1.36 + request = self.page.request
1.37 +
1.38 # Collect the strict subpages of the parent page.
1.39
1.40 leafnames = []
1.41 parentname = self.page.page_name
1.42
1.43 - for page in getPagesForSearch("title:regex:^%s/" % parentname, self.page.request):
1.44 - basename, leafname = page.page_name.rsplit("/", 1)
1.45 + # To list pages whose ACLs may prevent access, a special policy is required.
1.46
1.47 - # Only collect numbered pages immediately below the parent.
1.48 + may = request.user.may
1.49 + request.user.may = ReadPermissionsForSubpages(request.user, parentname)
1.50 +
1.51 + try:
1.52 + for page in getPagesForSearch("title:regex:^%s/" % parentname, self.page.request):
1.53 + basename, leafname = page.page_name.rsplit("/", 1)
1.54
1.55 - if basename == parentname and leafname.isdigit():
1.56 - leafnames.append(int(leafname))
1.57 + # Only collect numbered pages immediately below the parent.
1.58 +
1.59 + if basename == parentname and leafname.isdigit():
1.60 + leafnames.append(int(leafname))
1.61
1.62 - return leafnames
1.63 + return leafnames
1.64 +
1.65 + # Restore the original policy.
1.66 +
1.67 + finally:
1.68 + request.user.may = may
1.69
1.70 def write_item(self, item, next):
1.71
1.72 "Write the given 'item' to a file with the given 'next' item number."
1.73
1.74 request = self.page.request
1.75 - acl = self.page.getACL(request)
1.76 pagename = self.get_item_path(next)
1.77
1.78 # To add a page with an ACL, a special policy is required.
1.79
1.80 may = request.user.may
1.81 - request.user.may = AdminPermissionsForPage(request.user, pagename)
1.82 + request.user.may = SpecialPermissionsForPage(request.user, pagename)
1.83
1.84 # Attempt to save the page, copying any ACL.
1.85
1.86 try:
1.87 page = PageEditor(request, pagename)
1.88 - page.saveText(acl.getString() + item, 0)
1.89 + page.saveText(item, 0)
1.90
1.91 # Restore the original policy.
1.92
1.93 @@ -304,10 +329,7 @@
1.94 "Read the item with the given item 'number'."
1.95
1.96 page = Page(self.page.request, self.get_item_path(number))
1.97 -
1.98 - # Remove any page directives.
1.99 -
1.100 - return page.data
1.101 + return page.get_raw_body()
1.102
1.103 def remove_item(self, number):
1.104