1.1 --- a/ItemSupport.py Wed Nov 06 17:22:48 2013 +0100
1.2 +++ b/ItemSupport.py Wed Nov 06 18:04:37 2013 +0100
1.3 @@ -8,12 +8,24 @@
1.4
1.5 from MoinMoin.Page import Page
1.6 from MoinMoin.PageEditor import PageEditor
1.7 +from MoinMoin.security import Permissions
1.8 from MoinMoin.util import lock
1.9 from MoinSupport import getMetadata, getPagesForSearch
1.10 import os
1.11
1.12 # Content storage support.
1.13
1.14 +class AdminPermissionsForPage(Permissions):
1.15 +
1.16 + "Permit saving of ACL-enabled pages."
1.17 +
1.18 + def __init__(self, user, pagename):
1.19 + Permissions.__init__(self, user)
1.20 + self.pagename = pagename
1.21 +
1.22 + def admin(self, pagename):
1.23 + return pagename == self.pagename
1.24 +
1.25 # Underlying storage mechanisms.
1.26
1.27 class GeneralItemStore:
1.28 @@ -267,15 +279,35 @@
1.29
1.30 "Write the given 'item' to a file with the given 'next' item number."
1.31
1.32 - page = PageEditor(self.page.request, self.get_item_path(next))
1.33 - page.saveText(item, 0)
1.34 + request = self.page.request
1.35 + acl = self.page.getACL(request)
1.36 + pagename = self.get_item_path(next)
1.37 +
1.38 + # To add a page with an ACL, a special policy is required.
1.39 +
1.40 + may = request.user.may
1.41 + request.user.may = AdminPermissionsForPage(request.user, pagename)
1.42 +
1.43 + # Attempt to save the page, copying any ACL.
1.44 +
1.45 + try:
1.46 + page = PageEditor(request, pagename)
1.47 + page.saveText(acl.getString() + item, 0)
1.48 +
1.49 + # Restore the original policy.
1.50 +
1.51 + finally:
1.52 + request.user.may = may
1.53
1.54 def read_item(self, number):
1.55
1.56 "Read the item with the given item 'number'."
1.57
1.58 page = Page(self.page.request, self.get_item_path(number))
1.59 - return page.get_raw_body()
1.60 +
1.61 + # Remove any page directives.
1.62 +
1.63 + return page.data
1.64
1.65 def remove_item(self, number):
1.66