changeset 4744:36d4b0af2213

merged moin/1.7
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 09 Jun 2009 01:02:28 +0200
parents 5eccbe592847 (current diff) 897cdbe9e8f2 (diff)
children 8f913a5ac5f1 4de22494e7c7
files MoinMoin/security/_tests/test_security.py
diffstat 2 files changed, 10 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/security/__init__.py	Mon Jun 01 14:03:15 2009 +0200
+++ b/MoinMoin/security/__init__.py	Tue Jun 09 01:02:28 2009 +0200
@@ -69,6 +69,10 @@
                 allowed = acl.may(request, username, right)
                 if allowed is not None:
                     return allowed
+                # If the item has an acl (even one that doesn't match) we *do not*
+                # check the parents. We only check the parents if there's no acl on
+                # the item at all.
+                break
         if not some_acl:
             allowed = cache.acl_rights_default.may(request, username, right)
             if allowed is not None:
--- a/MoinMoin/security/_tests/test_security.py	Mon Jun 01 14:03:15 2009 +0200
+++ b/MoinMoin/security/_tests/test_security.py	Tue Jun 09 01:02:28 2009 +0200
@@ -245,10 +245,14 @@
     """
     mainpage_name = u'AclTestMainPage'
     subpage_name = u'AclTestMainPage/SubPage'
+    item_rwforall = u'EveryoneMayReadWriteMe'
+    subitem_4boss = u'EveryoneMayReadWriteMe/OnlyTheBossMayWMe'
     pages = [
         # pagename, content
         (mainpage_name, u"#acl JoeDoe:\n#acl JaneDoe:read,write\nFoo!"),
         (subpage_name, u"FooFoo!"),
+        (item_rwforall, u"#acl All:read,write\nMay be read from and written to by anyone"),
+        (subitem_4boss, u"#acl JoeDoe:read,write\nOnly JoeDoe (the boss) may write"),
     ]
 
     from MoinMoin._tests import wikiconfig
@@ -294,6 +298,8 @@
             (True,  self.subpage_name, u'JoeDoe', []), # by inherited acl from main page
             (False, self.subpage_name, u'JaneDoe', ['read', 'write']), # by default acl
             (True,  self.subpage_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main page
+            (True,  self.subitem_4boss, u'AnyUser', ['read']), # by after acl
+            (True,  self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl
         ]
 
         for hierarchic, pagename, username, may in tests: