view MoinMoin/templates/itemviews.html @ 1031:64e6be47c4f6

fixes #44. Check for permission in frontend view. Hide link to actions that user is not allowed to do in the history and in the rev_navigation
author Bruno Martin <bruno@hacklab.com.br>
date Sat, 29 Oct 2011 19:32:02 -0200
parents 17132086b9d6
children 578b70ffc60b
line wrap: on
line source
{% set exists = storage.has_item(item_name) %}
<ul class="moin-itemviews">
    {% for endpoint, label, title, check_exists in cfg.item_views if not endpoint in cfg.endpoints_excluded %}
        {% if (not check_exists or check_exists and exists) and endpoint in [
               'frontend.show_item', 'frontend.index',
               'frontend.highlight_item', 'frontend.show_item_meta', 'frontend.download_item',
               'frontend.history', 'frontend.backrefs', 'frontend.sitemap',
               'frontend.similar_names',
               'frontend.copy_item',
           ] -%}
            <li>
            <a href="{{ url_for(endpoint, item_name=item_name) }}" title="{{ title }}" rel="nofollow"> {{ label }}</a>
            </li>
        {%- endif %}

		{% if endpoint in [
            'frontend.modify_item', 'frontend.rename_item', 'frontend.delete_item', 'frontend.rename_item'
           ] and user.may.write(item_name) -%}
            <li>
            <a href="{{ url_for(endpoint, item_name=item_name) }}" title="{{ title }}" rel="nofollow"> {{ label }}</a>
            </li>
        {%- endif %}
        
        {% if endpoint =='frontend.destroy_item' and user.may.destroy(item_name) -%}
            <li>
            <a href="{{ url_for(endpoint, item_name=item_name) }}" title="{{ title }}" rel="nofollow"> {{ label }}</a>
            </li>
        {%- endif %}

        {% if endpoint in [
            'frontend.global_history', 'frontend.global_index', 'frontend.global_tags',
            'admin.index',
           ] -%}
            <li>
            <a href="{{ url_for(endpoint) }}" title="{{ title }}" rel="nofollow"> {{ label }}</a>
            </li>
        {%- endif %}

        {% if endpoint == 'frontend.quicklink_item' and user.valid -%}
            <li>
            <a href="{{ url_for(endpoint, item_name=item_name) }}" title="{{ title }}" rel="nofollow">
                {% if user.isQuickLinkedTo([item_name]) -%}
                    {{ _('Remove Link') }}
                {% else -%}
                    {{ _('Add Link') }}
                {%- endif %}
            </a>
            </li>
        {%- endif %}
        {% if endpoint == 'frontend.subscribe_item' and user.valid -%}
            <li>
            <a href="{{ url_for(endpoint, item_name=item_name) }}" title="{{ title }}" rel="nofollow">
                {% if user.isSubscribedTo([item_name]) %}
                        {{ _('Unsubscribe') }}
                {% else %}
                        {{ _('Subscribe') }}
                {% endif %}
            </a>
            </li>
        {%- endif %}

        {% if endpoint == 'special.comments' -%}
            <li class="toggleCommentsButton" style="display:none;">
            <a href="#" onClick="toggleComments();return false;" title="{{ title }}">{{ label }}</a>
            </li>
        {%- endif %}
        {% if endpoint == 'special.supplementation' -%}
            {%- for sub_item_name in cfg.supplementation_item_names -%}
                {% set current_sub = item_name.rsplit('/', 1)[-1] %}
                {%- if not current_sub in cfg.supplementation_item_names -%}
                    {% set supp_name = '%s/%s' % (item_name, sub_item_name) -%}
                    {% if storage.has_item(supp_name) or user.may.write(supp_name) %}
                        <li>
                            <a href="{{ url_for('frontend.show_item', item_name=supp_name) }}" rel="nofollow">{{ _(sub_item_name) }}</a>
                        </li>
                    {%- endif %}
                {%- endif %}
            {%- endfor -%}
        {%- endif %}
    {% endfor %}
</ul>