changeset 2665:73adb7dfd1bd

Fixed issue #446 The Edit ACL form used to be available for users even with write permissions. Added check for user and now only if user has Admin permission they get access to the Edit ACL form.
author Ajitesh Gupta <ajgupta93@gmail.com>
date Mon, 07 Jul 2014 14:09:46 +0530
parents 772810aa8013
children c04690fb2305
files MoinMoin/themes/basic/templates/modify.html
diffstat 1 files changed, 13 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/themes/basic/templates/modify.html	Sat Jul 05 17:11:57 2014 +0530
+++ b/MoinMoin/themes/basic/templates/modify.html	Mon Jul 07 14:09:46 2014 +0530
@@ -38,7 +38,9 @@
     <ul class="moin-nav nav-tabs moin-shadow">
         <li class="active"><a href="#editor" data-toggle="tab">Edit Content</a></li>
         <li><a href="#meta" data-toggle="tab">Edit Meta</a></li>
-        <li><a href="#acl" data-toggle="tab">Edit ACL</a></li>
+        {% if user.may.admin(fqname) %}
+            <li><a href="#acl" data-toggle="tab">Edit ACL</a></li>
+        {% endif %}
         <li><a href="#help" data-toggle="tab">Help</a></li>
     </ul>
     <div class="tab-content">
@@ -59,17 +61,19 @@
                 </div>
             </div>
         </div>
-        <div class="tab-pane active" id="acl">
-            <div class="row">
-                {% set field = form['meta_form']['acl'] %}
-                <div class="col-lg-6">
-                    <div class="form-group">
-                        {{ gen.label(field) }}
-                        {{ gen.textarea(field, rows='1', class='form-control') }}
+        {% if user.may.admin(fqname) %}
+            <div class="tab-pane active" id="acl">
+                <div class="row">
+                    {% set field = form['meta_form']['acl'] %}
+                    <div class="col-lg-6">
+                        <div class="form-group">
+                            {{ gen.label(field) }}
+                            {{ gen.textarea(field, rows='1', class='form-control') }}
+                        </div>
                     </div>
                 </div>
             </div>
-        </div>
+        {% endif %}
         <div class="tab-pane active" id="help">
             {% if form['content_form'].help %}
                 <pre id="moin-editor-help">{{ form['content_form'].help }}</pre>