Mercurial > p > roundup > code
diff roundup/cgi/templating.py @ 1136:7e193bbda38e
added generic item editing
. much nicer layout of template rendering errors
. added context/is_edit_ok and context/is_view_ok convenience methods and
implemented use of them in the classic template
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 13 Sep 2002 03:31:19 +0000 |
| parents | 16874c9b86ad |
| children | db13f46cb5f9 |
line wrap: on
line diff
--- a/roundup/cgi/templating.py Fri Sep 13 01:29:24 2002 +0000 +++ b/roundup/cgi/templating.py Fri Sep 13 03:31:19 2002 +0000 @@ -155,7 +155,10 @@ } # add in the item if there is one if client.nodeid: - c['context'] = HTMLItem(client, classname, client.nodeid) + if classname == 'user': + c['context'] = HTMLUser(client, classname, client.nodeid) + else: + c['context'] = HTMLItem(client, classname, client.nodeid) else: c['context'] = HTMLClass(client, classname) return c @@ -218,15 +221,34 @@ l.append(cl.lookup(entry)) return l -class HTMLClass: +class HTMLPermissions: + ''' Helpers that provide answers to commonly asked Permission questions. + ''' + def is_edit_ok(self): + ''' Is the user allowed to Edit the current class? + ''' + return self._db.security.hasPermission('Edit', self._client.userid, + self._classname) + def is_view_ok(self): + ''' Is the user allowed to View the current class? + ''' + return self._db.security.hasPermission('View', self._client.userid, + self._classname) + def is_only_view_ok(self): + ''' Is the user only allowed to View (ie. not Edit) the current class? + ''' + return self.is_view_ok() and not self.is_edit_ok() + +class HTMLClass(HTMLPermissions): ''' Accesses through a class (either through *class* or *db.<classname>*) ''' def __init__(self, client, classname): self._client = client self._db = client.db - # we want classname to be exposed - self.classname = classname + # we want classname to be exposed, but _classname gives a + # consistent API for extending Class/Item + self._classname = self.classname = classname if classname is not None: self._klass = self._db.getclass(self.classname) self._props = self._klass.getprops() @@ -399,7 +421,7 @@ # use our fabricated request return pt.render(self._client, self.classname, req) -class HTMLItem: +class HTMLItem(HTMLPermissions): ''' Accesses through an *item* ''' def __init__(self, client, classname, nodeid): @@ -627,6 +649,7 @@ # used for security checks self._security = client.db.security + _marker = [] def hasPermission(self, role, classname=_marker): ''' Determine if the user has the Role. @@ -638,6 +661,20 @@ classname = self._default_classname return self._security.hasPermission(role, self._nodeid, classname) + def is_edit_ok(self): + ''' Is the user allowed to Edit the current class? + Also check whether this is the current user's info. + ''' + return self._db.security.hasPermission('Edit', self._client.userid, + self._classname) or self._nodeid == self._client.userid + + def is_view_ok(self): + ''' Is the user allowed to View the current class? + Also check whether this is the current user's info. + ''' + return self._db.security.hasPermission('Edit', self._client.userid, + self._classname) or self._nodeid == self._client.userid + class HTMLProperty: ''' String, Number, Date, Interval HTMLProperty