[Jifty-commit] r1676 - in wifty/trunk: lib/Wifty share/web/templates share/web/templates/_elements

jifty-commit at lists.jifty.org jifty-commit at lists.jifty.org
Wed Jul 26 10:56:53 EDT 2006


Author: nelhage
Date: Wed Jul 26 10:56:52 2006
New Revision: 1676

Added:
   wifty/trunk/share/web/templates/no_such_page
Modified:
   wifty/trunk/lib/Wifty/Dispatcher.pm
   wifty/trunk/lib/Wifty/Model/Page.pm
   wifty/trunk/share/web/templates/_elements/page_nav
   wifty/trunk/share/web/templates/edit

Log:
Adding simple access controls -- the ability to require users to be logged in to edit and create pages

Modified: wifty/trunk/lib/Wifty/Dispatcher.pm
==============================================================================
--- wifty/trunk/lib/Wifty/Dispatcher.pm	(original)
+++ wifty/trunk/lib/Wifty/Dispatcher.pm	Wed Jul 26 10:56:52 2006
@@ -15,7 +15,13 @@
 on '/create/*', run {
      set page => $1;
      set action => Jifty->web->new_action( class => 'CreatePage' );
-     show("/create");
+
+     my $p = Wifty::Model::Page->new();
+     if($p->current_user_can('create')) {
+         show("/create");
+     } else {
+         show("/no_such_page");
+     }
 };
 
 # View or edit a page

Modified: wifty/trunk/lib/Wifty/Model/Page.pm
==============================================================================
--- wifty/trunk/lib/Wifty/Model/Page.pm	(original)
+++ wifty/trunk/lib/Wifty/Model/Page.pm	Wed Jul 26 10:56:52 2006
@@ -137,7 +137,9 @@
 
 =head2 current_user_can ACTION
 
-Let everybody create, read and update pages, but not delete them.
+Let everybody read pages. If RequireAuth is set in the app config,
+only allow logged-in users to create and edit pages. Otherwise, allow
+anyone.
 
 =cut
 
@@ -145,12 +147,17 @@
     my $self = shift;
     my $type = shift;
 
-    # We probably want something like this eventually:
-    if ($type =~ /(?:create|read|update)/i) {
+    if ($type eq 'create' || $type eq 'update') {
+        return 0 if
+         Jifty->config->app('RequireAuth')
+           && !$self->current_user->is_superuser
+           && !$self->current_user->id;
+        return 1;
+    } elsif($type eq 'read') {
         return 1;
-    } else {
-        return $self->SUPER::current_user_can($type, @_);
     }
+
+    return $self->SUPER::current_user_can($type, @_);
 }
 
 1;

Modified: wifty/trunk/share/web/templates/_elements/page_nav
==============================================================================
--- wifty/trunk/share/web/templates/_elements/page_nav	(original)
+++ wifty/trunk/share/web/templates/_elements/page_nav	Wed Jul 26 10:56:52 2006
@@ -8,9 +8,11 @@
         sort_order => 5
 );
 
+my $page_obj = Wifty::Model::Page->new();
+$page_obj->load_by_cols(name => $page);
 
 $this->child( View => url => '/view/'.$subpath);
-$this->child( Edit => url => '/edit/'.$subpath);
+$this->child( Edit => url => '/edit/'.$subpath) if $page_obj->current_user_can('update');
 $this->child( History => url => '/history/'.$page);
 $this->child( Latest => url => '/view/'.$page) if ($rev);
 

Modified: wifty/trunk/share/web/templates/edit
==============================================================================
--- wifty/trunk/share/web/templates/edit	(original)
+++ wifty/trunk/share/web/templates/edit	Wed Jul 26 10:56:52 2006
@@ -3,12 +3,23 @@
 $revision
 $viewer 
 </%args>
+<%init>
+my $can_edit = $page->current_user_can('update');
+</%init>
 <&/_elements/page_nav, page => $page->name, rev => $revision->id &>
 <&|/_elements/wrapper, title => 'Edit: '.$page->name . ($revision->id ? " as of ".$revision->created : '')  &>
 <% Jifty->web->form->start %>
+% unless($can_edit) {
+  <p> You don't have permission to edit this page. Perhaps
+  <% Jifty->web->tangent(url => '/login', label => 'logging in') %>
+  would help. In the mean time, though, you're welcome to view and
+  copy the source of this page. </p>
+% }
 <% Jifty->web->form->next_page( url => '/view/'.$page->name) %>
 <% $viewer->form_field('content', ($revision->id ? (default_value => $revision->content) : (undef, undef)), rows=> 30, cols => 80 )%>
+% if($can_edit) {
 <% Jifty->web->form->submit( label => 'Save') %>
+% }
 <% Jifty->web->form->end %>
 <& /_elements/markup &>
 </&>

Added: wifty/trunk/share/web/templates/no_such_page
==============================================================================
--- (empty file)
+++ wifty/trunk/share/web/templates/no_such_page	Wed Jul 26 10:56:52 2006
@@ -0,0 +1,11 @@
+<&|/_elements/wrapper, title => 'No such page: '. $page&>
+
+  <p>Unfortunately, you've tried to reach a page that doesn't exist
+    yet, and you don't have permissions to create pages. If you
+    <% Jifty->web->tangent(url => '/login', label => 'login') %>,
+    you'll be able to create new pages of your own.</p>
+    
+</&>
+<%args>
+$page => undef
+</%args>


More information about the Jifty-commit mailing list