Mercurial > p > roundup > code

comparison roundup/cgi/templating.py @ 1136:7e193bbda38e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added generic item editing . much nicer layout of template rendering errors . added context/is_edit_ok and context/is_view_ok convenience methods and implemented use of them in the classic template
author Richard Jones <richard@users.sourceforge.net>
date Fri, 13 Sep 2002 03:31:19 +0000
parents 16874c9b86ad
children db13f46cb5f9
comparison
equal deleted inserted replaced
1135:645a7caa2e9c 1136:7e193bbda38e
153 'instance': client.instance, 153 'instance': client.instance,
154 'utils': TemplatingUtils(client), 154 'utils': TemplatingUtils(client),
155 } 155 }
156 # add in the item if there is one 156 # add in the item if there is one
157 if client.nodeid: 157 if client.nodeid:
158 c['context'] = HTMLItem(client, classname, client.nodeid) 158 if classname == 'user':
159 c['context'] = HTMLUser(client, classname, client.nodeid)
160 else:
161 c['context'] = HTMLItem(client, classname, client.nodeid)
159 else: 162 else:
160 c['context'] = HTMLClass(client, classname) 163 c['context'] = HTMLClass(client, classname)
161 return c 164 return c
162 165
163 def render(self, client, classname, request, **options): 166 def render(self, client, classname, request, **options):
216 l.append(entry) 219 l.append(entry)
217 else: 220 else:
218 l.append(cl.lookup(entry)) 221 l.append(cl.lookup(entry))
219 return l 222 return l
220 223
221 class HTMLClass: 224 class HTMLPermissions:
225 ''' Helpers that provide answers to commonly asked Permission questions.
226 '''
227 def is_edit_ok(self):
228 ''' Is the user allowed to Edit the current class?
229 '''
230 return self._db.security.hasPermission('Edit', self._client.userid,
231 self._classname)
232 def is_view_ok(self):
233 ''' Is the user allowed to View the current class?
234 '''
235 return self._db.security.hasPermission('View', self._client.userid,
236 self._classname)
237 def is_only_view_ok(self):
238 ''' Is the user only allowed to View (ie. not Edit) the current class?
239 '''
240 return self.is_view_ok() and not self.is_edit_ok()
241
242 class HTMLClass(HTMLPermissions):
222 ''' Accesses through a class (either through *class* or *db.<classname>*) 243 ''' Accesses through a class (either through *class* or *db.<classname>*)
223 ''' 244 '''
224 def __init__(self, client, classname): 245 def __init__(self, client, classname):
225 self._client = client 246 self._client = client
226 self._db = client.db 247 self._db = client.db
227 248
228 # we want classname to be exposed 249 # we want classname to be exposed, but _classname gives a
229 self.classname = classname 250 # consistent API for extending Class/Item
251 self._classname = self.classname = classname
230 if classname is not None: 252 if classname is not None:
231 self._klass = self._db.getclass(self.classname) 253 self._klass = self._db.getclass(self.classname)
232 self._props = self._klass.getprops() 254 self._props = self._klass.getprops()
233 255
234 def __repr__(self): 256 def __repr__(self):
397 pt = getTemplate(self._db.config.TEMPLATES, self.classname, name) 419 pt = getTemplate(self._db.config.TEMPLATES, self.classname, name)
398 420
399 # use our fabricated request 421 # use our fabricated request
400 return pt.render(self._client, self.classname, req) 422 return pt.render(self._client, self.classname, req)
401 423
402 class HTMLItem: 424 class HTMLItem(HTMLPermissions):
403 ''' Accesses through an *item* 425 ''' Accesses through an *item*
404 ''' 426 '''
405 def __init__(self, client, classname, nodeid): 427 def __init__(self, client, classname, nodeid):
406 self._client = client 428 self._client = client
407 self._db = client.db 429 self._db = client.db
625 HTMLItem.__init__(self, client, 'user', nodeid) 647 HTMLItem.__init__(self, client, 'user', nodeid)
626 self._default_classname = client.classname 648 self._default_classname = client.classname
627 649
628 # used for security checks 650 # used for security checks
629 self._security = client.db.security 651 self._security = client.db.security
652
630 _marker = [] 653 _marker = []
631 def hasPermission(self, role, classname=_marker): 654 def hasPermission(self, role, classname=_marker):
632 ''' Determine if the user has the Role. 655 ''' Determine if the user has the Role.
633 656
634 The class being tested defaults to the template's class, but may 657 The class being tested defaults to the template's class, but may
635 be overidden for this test by suppling an alternate classname. 658 be overidden for this test by suppling an alternate classname.
636 ''' 659 '''
637 if classname is self._marker: 660 if classname is self._marker:
638 classname = self._default_classname 661 classname = self._default_classname
639 return self._security.hasPermission(role, self._nodeid, classname) 662 return self._security.hasPermission(role, self._nodeid, classname)
663
664 def is_edit_ok(self):
665 ''' Is the user allowed to Edit the current class?
666 Also check whether this is the current user's info.
667 '''
668 return self._db.security.hasPermission('Edit', self._client.userid,
669 self._classname) or self._nodeid == self._client.userid
670
671 def is_view_ok(self):
672 ''' Is the user allowed to View the current class?
673 Also check whether this is the current user's info.
674 '''
675 return self._db.security.hasPermission('Edit', self._client.userid,
676 self._classname) or self._nodeid == self._client.userid
640 677
641 class HTMLProperty: 678 class HTMLProperty:
642 ''' String, Number, Date, Interval HTMLProperty 679 ''' String, Number, Date, Interval HTMLProperty
643 680
644 Has useful attributes: 681 Has useful attributes:
Roundup Issue Tracker: http://roundup-tracker.org/