[Jifty-commit] r1676 - in wifty/trunk: lib/Wifty
share/web/templates share/web/templates/_elements
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Wed Jul 26 10:56:53 EDT 2006
Author: nelhage
Date: Wed Jul 26 10:56:52 2006
New Revision: 1676
Added:
wifty/trunk/share/web/templates/no_such_page
Modified:
wifty/trunk/lib/Wifty/Dispatcher.pm
wifty/trunk/lib/Wifty/Model/Page.pm
wifty/trunk/share/web/templates/_elements/page_nav
wifty/trunk/share/web/templates/edit
Log:
Adding simple access controls -- the ability to require users to be logged in to edit and create pages
Modified: wifty/trunk/lib/Wifty/Dispatcher.pm
==============================================================================
--- wifty/trunk/lib/Wifty/Dispatcher.pm (original)
+++ wifty/trunk/lib/Wifty/Dispatcher.pm Wed Jul 26 10:56:52 2006
@@ -15,7 +15,13 @@
on '/create/*', run {
set page => $1;
set action => Jifty->web->new_action( class => 'CreatePage' );
- show("/create");
+
+ my $p = Wifty::Model::Page->new();
+ if($p->current_user_can('create')) {
+ show("/create");
+ } else {
+ show("/no_such_page");
+ }
};
# View or edit a page
Modified: wifty/trunk/lib/Wifty/Model/Page.pm
==============================================================================
--- wifty/trunk/lib/Wifty/Model/Page.pm (original)
+++ wifty/trunk/lib/Wifty/Model/Page.pm Wed Jul 26 10:56:52 2006
@@ -137,7 +137,9 @@
=head2 current_user_can ACTION
-Let everybody create, read and update pages, but not delete them.
+Let everybody read pages. If RequireAuth is set in the app config,
+only allow logged-in users to create and edit pages. Otherwise, allow
+anyone.
=cut
@@ -145,12 +147,17 @@
my $self = shift;
my $type = shift;
- # We probably want something like this eventually:
- if ($type =~ /(?:create|read|update)/i) {
+ if ($type eq 'create' || $type eq 'update') {
+ return 0 if
+ Jifty->config->app('RequireAuth')
+ && !$self->current_user->is_superuser
+ && !$self->current_user->id;
+ return 1;
+ } elsif($type eq 'read') {
return 1;
- } else {
- return $self->SUPER::current_user_can($type, @_);
}
+
+ return $self->SUPER::current_user_can($type, @_);
}
1;
Modified: wifty/trunk/share/web/templates/_elements/page_nav
==============================================================================
--- wifty/trunk/share/web/templates/_elements/page_nav (original)
+++ wifty/trunk/share/web/templates/_elements/page_nav Wed Jul 26 10:56:52 2006
@@ -8,9 +8,11 @@
sort_order => 5
);
+my $page_obj = Wifty::Model::Page->new();
+$page_obj->load_by_cols(name => $page);
$this->child( View => url => '/view/'.$subpath);
-$this->child( Edit => url => '/edit/'.$subpath);
+$this->child( Edit => url => '/edit/'.$subpath) if $page_obj->current_user_can('update');
$this->child( History => url => '/history/'.$page);
$this->child( Latest => url => '/view/'.$page) if ($rev);
Modified: wifty/trunk/share/web/templates/edit
==============================================================================
--- wifty/trunk/share/web/templates/edit (original)
+++ wifty/trunk/share/web/templates/edit Wed Jul 26 10:56:52 2006
@@ -3,12 +3,23 @@
$revision
$viewer
</%args>
+<%init>
+my $can_edit = $page->current_user_can('update');
+</%init>
<&/_elements/page_nav, page => $page->name, rev => $revision->id &>
<&|/_elements/wrapper, title => 'Edit: '.$page->name . ($revision->id ? " as of ".$revision->created : '') &>
<% Jifty->web->form->start %>
+% unless($can_edit) {
+ <p> You don't have permission to edit this page. Perhaps
+ <% Jifty->web->tangent(url => '/login', label => 'logging in') %>
+ would help. In the mean time, though, you're welcome to view and
+ copy the source of this page. </p>
+% }
<% Jifty->web->form->next_page( url => '/view/'.$page->name) %>
<% $viewer->form_field('content', ($revision->id ? (default_value => $revision->content) : (undef, undef)), rows=> 30, cols => 80 )%>
+% if($can_edit) {
<% Jifty->web->form->submit( label => 'Save') %>
+% }
<% Jifty->web->form->end %>
<& /_elements/markup &>
</&>
Added: wifty/trunk/share/web/templates/no_such_page
==============================================================================
--- (empty file)
+++ wifty/trunk/share/web/templates/no_such_page Wed Jul 26 10:56:52 2006
@@ -0,0 +1,11 @@
+<&|/_elements/wrapper, title => 'No such page: '. $page&>
+
+ <p>Unfortunately, you've tried to reach a page that doesn't exist
+ yet, and you don't have permissions to create pages. If you
+ <% Jifty->web->tangent(url => '/login', label => 'login') %>,
+ you'll be able to create new pages of your own.</p>
+
+</&>
+<%args>
+$page => undef
+</%args>
More information about the Jifty-commit
mailing list