changeset 1776:9890a2d41efe

support giving multiple capabilities to require(), one of them must be permitted for it to succeed
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Fri, 07 Sep 2012 21:51:04 +0200
parents 33590c9ffcd6
children 1db99f8f5144
files MoinMoin/storage/middleware/protecting.py
diffstat 1 files changed, 12 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/storage/middleware/protecting.py	Fri Sep 07 21:33:28 2012 +0200
+++ b/MoinMoin/storage/middleware/protecting.py	Fri Sep 07 21:51:04 2012 +0200
@@ -197,9 +197,12 @@
 
         return False
 
-    def require(self, capability):
-        if not self.allows(capability):
-            raise AccessDenied("item does not allow user '{0!r}' to '{1!r}'".format(self.protector.user.name, capability))
+    def require(self, *capabilities):
+        """require that at least one of the capabilities is allowed"""
+        if not any(self.allows(c) for c in capabilities):
+            capability = " or ".join(capabilities)
+            raise AccessDenied("item does not allow user '{0!r}' to '{1!r}' [{2!r}]".format(
+                               self.protector.user.name, capability, self.item.acl))
 
     def iter_revs(self):
         self.require(READ)
@@ -252,9 +255,12 @@
         # to check allowance for a revision, we always ask the item
         return self.item.allows(capability)
 
-    def require(self, capability):
-        if not self.allows(capability):
-            raise AccessDenied("revision does not allow '{0!r}'".format(capability))
+    def require(self, *capabilities):
+        """require that at least one of the capabilities is allowed"""
+        if not any(self.allows(c) for c in capabilities):
+            capability = " or ".join(capabilities)
+            raise AccessDenied("revision does not allow user '{0!r}' to '{1!r}' [{2!r}]".format(
+                               self.protector.user.name, capability, self.item.item.acl))
 
     @property
     def revid(self):