changeset 3529:f49895210a40

merged main
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 26 Apr 2008 20:54:43 +0200
parents c0a58f8bf01e (current diff) ca50da801291 (diff)
children ceeafb97c152
files
diffstat 5 files changed, 24 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py	Sat Apr 26 20:54:18 2008 +0200
+++ b/MoinMoin/action/AttachFile.py	Sat Apr 26 20:54:43 2008 +0200
@@ -503,11 +503,6 @@
     """ Main dispatcher for the 'AttachFile' action. """
     _ = request.getText
 
-    if action_name in request.cfg.actions_excluded:
-        msg = _('File attachments are not allowed in this wiki!')
-        error_msg(pagename, request, msg)
-        return
-
     do = request.form.get('do', ['upload_form'])
     handler = globals().get('_do_%s' % do[0])
     if handler:
--- a/MoinMoin/action/Despam.py	Sat Apr 26 20:54:18 2008 +0200
+++ b/MoinMoin/action/Despam.py	Sat Apr 26 20:54:43 2008 +0200
@@ -178,10 +178,8 @@
 
 def execute(pagename, request):
     _ = request.getText
-    # be extra paranoid in dangerous actions
-    actname = __name__.split('.')[-1]
-    if actname in request.cfg.actions_excluded or \
-       not request.user.isSuperUser():
+    # check for superuser
+    if not request.user.isSuperUser():
         request.theme.add_msg(_('You are not allowed to use this action.'), "error")
         return Page.Page(request, pagename).send_page()
 
--- a/MoinMoin/action/backup.py	Sat Apr 26 20:54:18 2008 +0200
+++ b/MoinMoin/action/backup.py	Sat Apr 26 20:54:43 2008 +0200
@@ -123,8 +123,7 @@
     """ Return True if backup is allowed """
     action = __name__.split('.')[-1]
     user = request.user
-    return (action not in request.cfg.actions_excluded and
-            user.valid and user.name in request.cfg.backup_users)
+    return user.valid and user.name in request.cfg.backup_users
 
 def execute(pagename, request):
     _ = request.getText
--- a/MoinMoin/action/thread_monitor.py	Sat Apr 26 20:54:18 2008 +0200
+++ b/MoinMoin/action/thread_monitor.py	Sat Apr 26 20:54:43 2008 +0200
@@ -15,10 +15,8 @@
 
 def execute_fs(pagename, request):
     _ = request.getText
-    # be extra paranoid in dangerous actions
-    actname = __name__.split('.')[-1]
-    if actname in request.cfg.actions_excluded or \
-       not request.user.isSuperUser():
+    # check for superuser
+    if not request.user.isSuperUser():
         request.theme.add_msg(_('You are not allowed to use this action.'), "error")
         return Page.Page(request, pagename).send_page()
 
@@ -42,8 +40,7 @@
     _ = request.getText
     # be extra paranoid in dangerous actions
     actname = __name__.split('.')[-1]
-    if actname in request.cfg.actions_excluded or \
-       not request.user.isSuperUser():
+    if not request.user.isSuperUser():
         request.theme.add_msg(_('You are not allowed to use this action.'), "error")
         return Page.Page(request, pagename).send_page()
 
--- a/MoinMoin/theme/__init__.py	Sat Apr 26 20:54:18 2008 +0200
+++ b/MoinMoin/theme/__init__.py	Sat Apr 26 20:54:43 2008 +0200
@@ -277,7 +277,8 @@
                         request.formatter.interwikilink(0, title=title, id="userhome", *interwiki))
             userlinks.append(homelink)
             # link to userprefs action
-            userlinks.append(d['page'].link_to(request, text=_('Settings'),
+            if 'userprefs' not in self.request.cfg.actions_excluded:
+                userlinks.append(d['page'].link_to(request, text=_('Settings'),
                                                querystr={'action': 'userprefs'}, id='userprefs', rel='nofollow'))
 
         if request.user.valid:
@@ -961,6 +962,9 @@
         available = request.getAvailableActions(page)
         for action in menu:
             data = {'action': action, 'disabled': '', 'title': titles[action]}
+            # removes excluded actions from the more actions menu
+            if action in request.cfg.actions_excluded:
+                continue
 
             # Enable delete cache only if page can use caching
             if action == 'refresh':
@@ -1170,6 +1174,9 @@
         If the user want to show both editors, it will display "Edit
         (Text)", otherwise as "Edit".
         """
+        if 'edit' in self.request.cfg.actions_excluded:
+            return ""
+
         if not (page.isWritable() and
                 self.request.user.may.write(page.page_name)):
             return self.disabledEdit()
@@ -1234,6 +1241,9 @@
 
     def infoLink(self, page):
         """ Return link to page information """
+        if 'info' in self.request.cfg.actions_excluded:
+            return ""
+
         _ = self.request.getText
         return page.link_to(self.request,
                             text=_('Info'),
@@ -1253,6 +1263,8 @@
             action, text = 'unsubscribe', _("Unsubscribe")
         else:
             action, text = 'subscribe', _("Subscribe")
+        if action in self.request.cfg.actions_excluded:
+            return ""
         return page.link_to(self.request, text=text, querystr={'action': action}, css_class='nbsubscribe', rel='nofollow')
 
     def quicklinkLink(self, page):
@@ -1269,10 +1281,15 @@
             action, text = 'quickunlink', _("Remove Link")
         else:
             action, text = 'quicklink', _("Add Link")
+        if action in self.request.cfg.actions_excluded:
+            return ""
         return page.link_to(self.request, text=text, querystr={'action': action}, css_class='nbquicklink', rel='nofollow')
 
     def attachmentsLink(self, page):
         """ Return link to page attachments """
+        if 'AttachFile' in self.request.cfg.actions_excluded:
+            return ""
+
         _ = self.request.getText
         return page.link_to(self.request,
                             text=_('Attachments'),