Mercurial > p > roundup > code
comparison roundup/cgi/actions.py @ 4130:4ce043e9d43a gsoc-2009
Merge from trunk.
| author | Stefan Seefeld <stefan@seefeld.name> |
|---|---|
| date | Wed, 17 Jun 2009 02:02:07 +0000 |
| parents | 878767b75e1d |
| children |
comparison
equal
deleted
inserted
replaced
| 4123:10224418f88c | 4130:4ce043e9d43a |
|---|---|
| 537 """Determine whether the user has permission to create this item. | 537 """Determine whether the user has permission to create this item. |
| 538 | 538 |
| 539 Base behaviour is to check the user can edit this class. No additional | 539 Base behaviour is to check the user can edit this class. No additional |
| 540 property checks are made. | 540 property checks are made. |
| 541 """ | 541 """ |
| 542 | |
| 542 if not classname : | 543 if not classname : |
| 543 classname = self.client.classname | 544 classname = self.client.classname |
| 544 return self.hasPermission('Create', classname=classname) | 545 |
| 546 if not self.hasPermission('Create', classname=classname): | |
| 547 return 0 | |
| 548 | |
| 549 # Check Edit permission for each property, to avoid being able | |
| 550 # to set restricted ones on new item creation | |
| 551 for key in props: | |
| 552 if not self.hasPermission('Edit', classname=classname, | |
| 553 property=key): | |
| 554 # We restrict by default and special-case allowed properties | |
| 555 if key == 'date' or key == 'content': | |
| 556 continue | |
| 557 elif key == 'author' and props[key] == self.userid: | |
| 558 continue | |
| 559 return 0 | |
| 560 return 1 | |
| 545 | 561 |
| 546 class EditItemAction(EditCommon): | 562 class EditItemAction(EditCommon): |
| 547 def lastUserActivity(self): | 563 def lastUserActivity(self): |
| 548 if self.form.has_key(':lastactivity'): | 564 if self.form.has_key(':lastactivity'): |
| 549 d = date.Date(self.form[':lastactivity'].value) | 565 d = date.Date(self.form[':lastactivity'].value) |
| 640 props, links = self.client.parsePropsFromForm(create=1) | 656 props, links = self.client.parsePropsFromForm(create=1) |
| 641 except (ValueError, KeyError), message: | 657 except (ValueError, KeyError), message: |
| 642 self.client.error_message.append(self._('Error: %s') | 658 self.client.error_message.append(self._('Error: %s') |
| 643 % str(message)) | 659 % str(message)) |
| 644 return | 660 return |
| 645 | |
| 646 # guard against new user creation that would bypass security checks | |
| 647 for key in props: | |
| 648 if 'user' in key: | |
| 649 return | |
| 650 | 661 |
| 651 # handle the props - edit or create | 662 # handle the props - edit or create |
| 652 try: | 663 try: |
| 653 # when it hits the None element, it'll set self.nodeid | 664 # when it hits the None element, it'll set self.nodeid |
| 654 messages = self._editnodes(props, links) | 665 messages = self._editnodes(props, links) |