Mercurial > p > roundup > code

comparison roundup/cgi/actions.py @ 3474:235f1cee5cf2 maint-0.8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge from HEAD
author Richard Jones <richard@users.sourceforge.net>
date Fri, 20 Jan 2006 02:13:51 +0000
parents 8fcee705ebdb
children d1cda972f5d2
comparison
equal deleted inserted replaced
3467:8fcee705ebdb 3474:235f1cee5cf2
1 #$Id: actions.py,v 1.40.2.9 2006-01-13 03:34:34 richard Exp $ 1 #$Id: actions.py,v 1.40.2.10 2006-01-20 02:13:51 richard Exp $
2 2
3 import re, cgi, StringIO, urllib, Cookie, time, random, csv 3 import re, cgi, StringIO, urllib, Cookie, time, random, csv
4 4
5 from roundup import hyperdb, token, date, password 5 from roundup import hyperdb, token, date, password
6 from roundup.i18n import _ 6 from roundup.i18n import _
121 self.db.commit() 121 self.db.commit()
122 122
123 self.client.ok_message.append( 123 self.client.ok_message.append(
124 self._('%(classname)s %(itemid)s has been retired')%{ 124 self._('%(classname)s %(itemid)s has been retired')%{
125 'classname': self.classname.capitalize(), 'itemid': nodeid}) 125 'classname': self.classname.capitalize(), 'itemid': nodeid})
126
127 def hasPermission(self, permission, classname=Action._marker, itemid=None):
128 if itemid is None:
129 itemid = self.nodeid
130 return self.hasPermission(permission, classname, itemid)
126 131
127 class SearchAction(Action): 132 class SearchAction(Action):
128 name = 'search' 133 name = 'search'
129 permissionType = 'View' 134 permissionType = 'View'
130 135
433 return '<br>'.join(m) 438 return '<br>'.join(m)
434 439
435 def _changenode(self, cn, nodeid, props): 440 def _changenode(self, cn, nodeid, props):
436 """Change the node based on the contents of the form.""" 441 """Change the node based on the contents of the form."""
437 # check for permission 442 # check for permission
438 if not self.editItemPermission(props): 443 if not self.editItemPermission(props, classname=cn, itemid=nodeid):
439 raise exceptions.Unauthorised, self._( 444 raise exceptions.Unauthorised, self._(
440 'You do not have permission to edit %(class)s' 445 'You do not have permission to edit %(class)s'
441 ) % {'class': cn} 446 ) % {'class': cn}
442 447
443 # make the changes 448 # make the changes
445 return cl.set(nodeid, **props) 450 return cl.set(nodeid, **props)
446 451
447 def _createnode(self, cn, props): 452 def _createnode(self, cn, props):
448 """Create a node based on the contents of the form.""" 453 """Create a node based on the contents of the form."""
449 # check for permission 454 # check for permission
450 if not self.newItemPermission(props): 455 if not self.newItemPermission(props, classname=cn):
451 raise exceptions.Unauthorised, self._( 456 raise exceptions.Unauthorised, self._(
452 'You do not have permission to create %(class)s' 457 'You do not have permission to create %(class)s'
453 ) % {'class': cn} 458 ) % {'class': cn}
454 459
455 # create the node and return its id 460 # create the node and return its id
459 def isEditingSelf(self): 464 def isEditingSelf(self):
460 """Check whether a user is editing his/her own details.""" 465 """Check whether a user is editing his/her own details."""
461 return (self.nodeid == self.userid 466 return (self.nodeid == self.userid
462 and self.db.user.get(self.nodeid, 'username') != 'anonymous') 467 and self.db.user.get(self.nodeid, 'username') != 'anonymous')
463 468
464 def editItemPermission(self, props): 469 _cn_marker = []
470 def editItemPermission(self, props, classname=_cn_marker, itemid=None):
465 """Determine whether the user has permission to edit this item. 471 """Determine whether the user has permission to edit this item.
466 472
467 Base behaviour is to check the user can edit this class. If we're 473 Base behaviour is to check the user can edit this class. If we're
468 editing the "user" class, users are allowed to edit their own details. 474 editing the "user" class, users are allowed to edit their own details.
469 Unless it's the "roles" property, which requires the special Permission 475 Unless it's the "roles" property, which requires the special Permission
473 if props.has_key('roles') and not self.hasPermission('Web Roles'): 479 if props.has_key('roles') and not self.hasPermission('Web Roles'):
474 raise exceptions.Unauthorised, self._( 480 raise exceptions.Unauthorised, self._(
475 "You do not have permission to edit user roles") 481 "You do not have permission to edit user roles")
476 if self.isEditingSelf(): 482 if self.isEditingSelf():
477 return 1 483 return 1
478 if self.hasPermission('Edit', itemid=self.nodeid): 484 if itemid is None:
485 itemid = self.nodeid
486 if classname is self._cn_marker:
487 classname = self.classname
488 if self.hasPermission('Edit', itemid=itemid, classname=classname):
479 return 1 489 return 1
480 return 0 490 return 0
481 491
482 def newItemPermission(self, props): 492 def newItemPermission(self, props, classname=None):
483 """Determine whether the user has permission to create this item. 493 """Determine whether the user has permission to create this item.
484 494
485 Base behaviour is to check the user can edit this class. No additional 495 Base behaviour is to check the user can edit this class. No additional
486 property checks are made. 496 property checks are made.
487 """ 497 """
488 return self.hasPermission('Create') 498 if not classname :
499 classname = self.client.classname
500 return self.hasPermission('Create', classname=classname)
489 501
490 class EditItemAction(EditCommon): 502 class EditItemAction(EditCommon):
491 def lastUserActivity(self): 503 def lastUserActivity(self):
492 if self.form.has_key(':lastactivity'): 504 if self.form.has_key(':lastactivity'):
493 d = date.Date(self.form[':lastactivity'].value) 505 d = date.Date(self.form[':lastactivity'].value)
Roundup Issue Tracker: http://roundup-tracker.org/