index 8f63d3a8576c24897cb600d89e3cd194f82144f8..2f2a478f14e570dbe49dc0cae1c0b21f67dfb6a5 100644 (file)
}
# add in the item if there is one
if client.nodeid:
- c['context'] = HTMLItem(client, classname, client.nodeid)
+ if classname == 'user':
+ c['context'] = HTMLUser(client, classname, client.nodeid)
+ else:
+ c['context'] = HTMLItem(client, classname, client.nodeid)
else:
c['context'] = HTMLClass(client, classname)
return c
if self._v_errors:
raise PageTemplate.PTRuntimeError, \
- 'Page Template %s has errors.' % self.id
+ 'Page Template %s has errors.'%self.id
# figure the context
classname = classname or client.classname
l.append(cl.lookup(entry))
return l
-class HTMLClass:
+class HTMLPermissions:
+ ''' Helpers that provide answers to commonly asked Permission questions.
+ '''
+ def is_edit_ok(self):
+ ''' Is the user allowed to Edit the current class?
+ '''
+ return self._db.security.hasPermission('Edit', self._client.userid,
+ self._classname)
+ def is_view_ok(self):
+ ''' Is the user allowed to View the current class?
+ '''
+ return self._db.security.hasPermission('View', self._client.userid,
+ self._classname)
+ def is_only_view_ok(self):
+ ''' Is the user only allowed to View (ie. not Edit) the current class?
+ '''
+ return self.is_view_ok() and not self.is_edit_ok()
+
+class HTMLClass(HTMLPermissions):
''' Accesses through a class (either through *class* or *db.<classname>*)
'''
def __init__(self, client, classname):
self._client = client
self._db = client.db
- # we want classname to be exposed
- self.classname = classname
+ # we want classname to be exposed, but _classname gives a
+ # consistent API for extending Class/Item
+ self._classname = self.classname = classname
if classname is not None:
self._klass = self._db.getclass(self.classname)
self._props = self._klass.getprops()
klass = HTMLUser
else:
klass = HTMLItem
- l = [klass(self._client, self.classname, x) for x in self._klass.list()]
+
+ # get the list and sort it nicely
+ l = self._klass.list()
+ sortfunc = make_sort_function(self._db, self._prop.classname)
+ l.sort(sortfunc)
+
+ l = [klass(self._client, self.classname, x) for x in l]
return l
def csv(self):
# use our fabricated request
return pt.render(self._client, self.classname, req)
-class HTMLItem:
+class HTMLItem(HTMLPermissions):
''' Accesses through an *item*
'''
def __init__(self, client, classname, nodeid):
# used for security checks
self._security = client.db.security
+
_marker = []
def hasPermission(self, role, classname=_marker):
''' Determine if the user has the Role.
classname = self._default_classname
return self._security.hasPermission(role, self._nodeid, classname)
+ def is_edit_ok(self):
+ ''' Is the user allowed to Edit the current class?
+ Also check whether this is the current user's info.
+ '''
+ return self._db.security.hasPermission('Edit', self._client.userid,
+ self._classname) or self._nodeid == self._client.userid
+
+ def is_view_ok(self):
+ ''' Is the user allowed to View the current class?
+ Also check whether this is the current user's info.
+ '''
+ return self._db.security.hasPermission('Edit', self._client.userid,
+ self._classname) or self._nodeid == self._client.userid
+
class HTMLProperty:
''' String, Number, Date, Interval HTMLProperty
return _('*encrypted*')
def field(self, size = 30):
- ''' Render a form edit field for the property
+ ''' Render a form edit field for the property.
'''
return '<input type="password" name="%s" size="%s">'%(self._name, size)
+ def confirm(self, size = 30):
+ ''' Render a second form edit field for the property, used for
+ confirmation that the user typed the password correctly. Generates
+ a field with name "name:confirm".
+ '''
+ return '<input type="password" name="%s:confirm" size="%s">'%(
+ self._name, size)
+
class NumberHTMLProperty(HTMLProperty):
def plain(self):
''' Render a "plain" representation of the property
# sort function
sortfunc = make_sort_function(self._db, self._prop.classname)
- # force the value to be a single choice
- if isinstance(value, type('')):
- value = value[0]
linkcl = self._db.getclass(self._prop.classname)
l = ['<select name="%s">'%self._name]
k = linkcl.labelprop(1)
"form" the CGI form as a cgi.FieldStorage
"env" the CGI environment variables
- "url" the current URL path for this request
"base" the base URL for this instance
"user" a HTMLUser instance for this user
"classname" the current classname (possibly None)
self.form = client.form
self.env = client.env
self.base = client.base
- self.url = client.url
self.user = HTMLUser(client, 'user', client.userid)
# store the current class name and action