changeset 1236:3b723046d80e

First, check if the user has the needed ACLs before allowing the user to enter page content or choose content type for creating a new page
author Bilal Akhtar <bilalakhtar@ubuntu.com>
date Wed, 11 Jan 2012 23:18:26 -0500
parents 82d28d50ef22
children bda50ecd2e35
files MoinMoin/items/__init__.py
diffstat 1 files changed, 4 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/items/__init__.py	Wed Jan 11 13:55:23 2012 +0100
+++ b/MoinMoin/items/__init__.py	Wed Jan 11 23:18:26 2012 -0500
@@ -655,6 +655,10 @@
         abort(404)
 
     def do_modify(self, contenttype, template_name):
+        # First, check if the current user has the required privileges
+        if not flaskg.user.may.create(self.name):
+            abort(403)
+
         # XXX think about and add item template support
         return render_template('modify_show_type_selection.html',
                                item_name=self.name,