changeset 2788:dde7055f4361

fix #446 ACL Admin Rights Given to Users with Write Authority
author RogerHaase <haaserd@gmail.com>
date Wed, 17 Sep 2014 11:53:01 -0700
parents 55171567f3ed
children 887f5f4d9093
files MoinMoin/config/default.py MoinMoin/storage/__init__.py MoinMoin/storage/middleware/_tests/test_protecting.py MoinMoin/storage/middleware/protecting.py MoinMoin/templates/blog/modify_entry_meta.html MoinMoin/templates/blog/modify_main_meta.html MoinMoin/templates/modify.html MoinMoin/templates/modify_meta.html MoinMoin/themes/basic/templates/modify.html
diffstat 9 files changed, 31 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/config/default.py	Fri Sep 12 14:46:18 2014 -0700
+++ b/MoinMoin/config/default.py	Wed Sep 17 11:53:01 2014 -0700
@@ -454,7 +454,7 @@
          "E.g.: {'default': Backend(), }. Please see HelpOnStorageConfiguration for further reference."),
         ('acl_mapping', None,
          "This needs to point to a list of tuples, each tuple containing: name prefix, acl protection to be applied to matching items. " +
-         "E.g.: [('', dict(default='All:read,write,create')), ]. Please see HelpOnStorageConfiguration for further reference."),
+         "E.g.: [('', dict(default='All:read,write,create,admin')), ]. Please see HelpOnStorageConfiguration for further reference."),
         ('create_storage', False, "Create (initialize) the storage backends before trying to use them."),
         ('create_index', False, "Create (initialize) the index before trying to use them."),
         ('destroy_storage', False, "Destroy (empty) the storage backends after using them."),
--- a/MoinMoin/storage/__init__.py	Fri Sep 12 14:46:18 2014 -0700
+++ b/MoinMoin/storage/__init__.py	Wed Sep 17 11:53:01 2014 -0700
@@ -80,7 +80,7 @@
     """
     # if no acls are given, use something mostly harmless:
     if not default_acl:
-        default_acl = dict(before=u'', default=u'All:read,write,create', after=u'', hierarchic=False)
+        default_acl = dict(before=u'', default=u'All:read,write,create,admin', after=u'', hierarchic=False)
     if not userprofiles_acl:
         userprofiles_acl = dict(before=u'All:', default=u'', after=u'', hierarchic=False)
     namespaces = {
--- a/MoinMoin/storage/middleware/_tests/test_protecting.py	Fri Sep 12 14:46:18 2014 -0700
+++ b/MoinMoin/storage/middleware/_tests/test_protecting.py	Wed Sep 17 11:53:01 2014 -0700
@@ -23,7 +23,7 @@
 PROTECTED_CONTENT = 'protected content'
 
 acl_mapping = [
-    ('', dict(before=u'', default=u'All:read,write,create', after=u'', hierarchic=False)),
+    ('', dict(before=u'', default=u'joe:read,write,create,admin All:read,write,create', after=u'', hierarchic=False)),
 ]
 
 
--- a/MoinMoin/storage/middleware/protecting.py	Fri Sep 12 14:46:18 2014 -0700
+++ b/MoinMoin/storage/middleware/protecting.py	Wed Sep 17 11:53:01 2014 -0700
@@ -21,8 +21,8 @@
 
 from whoosh.util.cache import lru_cache
 
-from MoinMoin.constants.rights import (CREATE, READ, PUBREAD, WRITE, DESTROY, ACL_RIGHTS_CONTENTS)
-from MoinMoin.constants.keys import ALL_REVS, LATEST_REVS, NAME_EXACT, ITEMID
+from MoinMoin.constants.rights import (CREATE, READ, PUBREAD, WRITE, ADMIN, DESTROY, ACL_RIGHTS_CONTENTS)
+from MoinMoin.constants.keys import ACL, ALL_REVS, LATEST_REVS, NAME_EXACT, ITEMID
 
 from MoinMoin.security import AccessControlList
 
@@ -309,6 +309,8 @@
             self.require(CREATE)
         if overwrite:
             self.require(DESTROY)
+        if meta.get(ACL) != self.acl:
+            self.require(ADMIN)
         rev = self.item.store_revision(meta, data, overwrite=overwrite, return_rev=return_rev, fqname=fqname, **kw)
         self.protector._clear_acl_cache()
         if return_rev:
--- a/MoinMoin/templates/blog/modify_entry_meta.html	Fri Sep 12 14:46:18 2014 -0700
+++ b/MoinMoin/templates/blog/modify_entry_meta.html	Wed Sep 17 11:53:01 2014 -0700
@@ -1,15 +1,19 @@
 {% import "forms.html" as forms %}
 
-{% macro meta_editor(form) %}
+{% macro meta_editor(form, may_admin) %}
     <h2>Blog entry metadata</h2>
     <dl>
         {# TODO: Make blog_entry nameless #}
+        {% if may_admin %}
+            {{ forms.render(form['acl']) }}
+        {% else %}
+            {{ forms.raw_input(form['acl'], type='hidden') }}
+        {% endif %}
         {% for e in [
             'summary',
             'itemtype',
             'contenttype',
             'tags',
-            'acl',
             'name',
             'ptime',
             ] %}
--- a/MoinMoin/templates/blog/modify_main_meta.html	Fri Sep 12 14:46:18 2014 -0700
+++ b/MoinMoin/templates/blog/modify_main_meta.html	Wed Sep 17 11:53:01 2014 -0700
@@ -1,8 +1,13 @@
 {% import "forms.html" as forms %}
 
-{% macro meta_editor(form) %}
+{% macro meta_editor(form, may_admin) %}
     <h2>Blog metadata</h2>
     <dl>
+        {% if may_admin %}
+            {{ forms.render(form['acl']) }}
+        {% else %}
+            {{ forms.raw_input(form['acl'], type='hidden') }}
+        {% endif %}
         {% for e in [
             'name',
             'itemtype',
@@ -10,7 +15,6 @@
             'summary',
             'tags',
             'supertags',
-            'acl',
             ] %}
             {{ forms.render(form[e]) }}
         {% endfor %}
--- a/MoinMoin/templates/modify.html	Fri Sep 12 14:46:18 2014 -0700
+++ b/MoinMoin/templates/modify.html	Wed Sep 17 11:53:01 2014 -0700
@@ -49,7 +49,8 @@
             {% if form['content_form'].help %}
                 <pre id="moin-editor-help">{{ form['content_form'].help }}</pre>
             {% endif %}
-            {{ meta_editor(form['meta_form']) }}
+            {% set may_admin = user.may.admin(fqname) %}
+            {{ meta_editor(form['meta_form'], may_admin) }}
             <dl>
                 {{ forms.render(form['extra_meta_text']) }}
             </dl>
--- a/MoinMoin/templates/modify_meta.html	Fri Sep 12 14:46:18 2014 -0700
+++ b/MoinMoin/templates/modify_meta.html	Wed Sep 17 11:53:01 2014 -0700
@@ -1,14 +1,18 @@
 {% import "forms.html" as forms %}
 
-{% macro meta_editor(form) %}
+{% macro meta_editor(form, may_admin) %}
     <h2>General meta</h2>
     <dl>
+        {% if may_admin %}
+            {{ forms.render(form['acl']) }}
+        {% else %}
+            {{ forms.raw_input(form['acl'], type='hidden') }}
+        {% endif %}
         {% for e in [
             'itemtype',
             'contenttype',
             'summary',
             'tags',
-            'acl',
             'name',
             ] %}
             {{ forms.render(form[e]) }}
--- a/MoinMoin/themes/basic/templates/modify.html	Fri Sep 12 14:46:18 2014 -0700
+++ b/MoinMoin/themes/basic/templates/modify.html	Wed Sep 17 11:53:01 2014 -0700
@@ -60,10 +60,11 @@
                         </div>
                     </div>
                 </div>
+
+                {% set field = form['meta_form']['acl'] %}
                 {% if user.may.admin(fqname) %}
                     <div class="tab-pane active" id="acl">
                         <div class="row">
-                            {% set field = form['meta_form']['acl'] %}
                             <div class="col-lg-6">
                                 <div class="form-group">
                                     {{ gen.label(field) }}
@@ -72,6 +73,8 @@
                             </div>
                         </div>
                     </div>
+                {% else %}
+                    {{ gen.input(field, type='hidden', class='form-control') }}
                 {% endif %}
                 <div class="tab-pane active" id="help">
                     {% if form['content_form'].help %}