view MoinMoin/action/ @ 5522:879674c9320a

AttachFile: add ticketing for all operations that do modifications Tickets for upload (POST), also for every (GET) URL except do=get and do=view. Avoid KeyError if there is no ticket (was a minor issues, because there has to be one). Use the same i18n string for all "Please use the interactive user interface" messages.
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 08 Feb 2010 18:56:07 +0100
parents a283079b3f1e
children b0dfed9a569f 37306fba2189
line wrap: on
line source
# -*- coding: iso-8859-1 -*-
    MoinMoin - set values in user profile

    @copyright: 2008 MoinMoin:ThomasWaldmann
    @license: GNU GPL, see COPYING for details.
from MoinMoin.Page import Page
from MoinMoin import user, wikiutil

def execute(pagename, request):
    """ set values in user profile """
    _ = request.getText
    cfg = request.cfg
    form = request.form

    if not request.user.isSuperUser():
        request.theme.add_msg(_("Only superuser is allowed to use this action."), "error")
    elif (request.request_method == 'POST' and
          wikiutil.checkTicket(request, form.get('ticket', [''])[0])):
        user_name = form.get('name', [''])[0]
        key = form.get('key', [''])[0]
        val = form.get('val', [''])[0]
        if key in cfg.user_checkbox_fields:
            val = int(val)
        uid = user.getUserId(request, user_name)
        theuser = user.User(request, uid)
        oldval = getattr(theuser, key)
        setattr(theuser, key, val)
        request.theme.add_msg('%s.%s: %s -> %s' % (user_name, key, oldval, val), "info")

    Page(request, pagename).send_page()