Beispiel #1
0
 def find_edit_view(self, item):
     view_name = self.request.view_name
     if not view_permitted(item, self.request, view_name):
         view_name = u'edit'
     if not view_permitted(item, self.request, view_name):
         view_name = u''
     return view_name
Beispiel #2
0
 def find_edit_view(self, item):
     view_name = self.request.view_name
     if not view_permitted(item, self.request, view_name):
         view_name = u'edit'
     if not view_permitted(item, self.request, view_name):
         view_name = u''
     return view_name
Beispiel #3
0
    def test_with_post_request(self, view_execution_permitted):
        from kotti.security import view_permitted

        context, request = object(), DummyRequest()
        request.method = "POST"
        calls = []

        def view_execution_permitted_mock(context, request, name):
            calls.append((context, request, name))
            assert request.method == "GET"

        view_execution_permitted.side_effect = view_execution_permitted_mock
        view_permitted(context, request)
        assert len(calls) == 1
        assert request.method == "POST"
    def test_with_post_request(self, view_execution_permitted):
        from kotti.security import view_permitted

        context, request = object(), DummyRequest()
        request.method = 'POST'
        calls = []

        def view_execution_permitted_mock(context, request, name):
            calls.append((context, request, name))
            assert request.method == 'GET'

        view_execution_permitted.side_effect = view_execution_permitted_mock
        view_permitted(context, request)
        assert len(calls) == 1
        assert request.method == 'POST'
Beispiel #5
0
 def addable(self, context, request):
     """Return True if the type described in 'self' may be added to
     'context'.
     """
     if view_permitted(context, request, self.add_view):
         return context.type_info.name in self.addable_to
     else:
         return False
Beispiel #6
0
 def addable(self, context, request):
     """Return True if the type described in 'self' may be added to
     'context'.
     """
     if view_permitted(context, request, self.add_view):
         return context.type_info.name in self.addable_to
     else:
         return False
Beispiel #7
0
    def addable(self, context, request):
        """Return True if
            - the type described in 'self' may be added  *and*
            - no other child of the same type has already be added
           to 'context'."""

        if view_permitted(context, request, self.add_view):
            addable = context.type_info.name in self.addable_to
            child_type_already_added = self in [c.type_info for c in context.children]
            return addable and not child_type_already_added
        else:  # pragma: no cover (this already tested in Kotti itself)
            return False
Beispiel #8
0
    def addable(self, context, request):
        """Return True if
            - the type described in 'self' may be added."""

        if view_permitted(context, request, self.add_view):
            addable = context.type_info.name in self.addable_to
            if context.type_info.name == 'Topic':
                vote_is_addable = True if context.votable else False
                return addable and vote_is_addable
            return False
        else:  # pragma: no cover (this already tested in Kotti itself)
            return False
Beispiel #9
0
    def addable(self, context, request):
        """

        :param context:
        :type context: Content or subclass thereof (or anything that has a
                       type_info attribute of type :class:`TypeInfo`)

        :param request:
        :type request: :class:`pyramid.request.Request`

        :result: True if the type described in 'self' may be added to 'context',
                 False otherwise.
        :rtype: Boolean
        """

        if view_permitted(context, request, self.add_view):
            return context.type_info.name in self.addable_to
        else:
            return False
Beispiel #10
0
    def addable(self, context, request):
        """

        :param context:
        :type context: Content or subclass thereof (or anything that has a
                       type_info attribute of type :class:`TypeInfo`)

        :param request:
        :type request: :class:`pyramid.request.Request`

        :result: True if the type described in 'self' may be added to 'context',
                 False otherwise.
        :rtype: Boolean
        """

        if view_permitted(context, request, self.add_view):
            return context.type_info.name in self.addable_to
        else:
            return False
Beispiel #11
0
    def addable(self, context, request):
        resolver = DottedNameResolver()
        if hasattr(self, 'dotted_class'):
            resource_class = resolver.maybe_resolve(self.dotted_class)

            if resource_class:
                already_exists_action = DBSession.query(resource_class).\
                    filter(resource_class.parent_id == context.id).first()
                if already_exists_action is not None:
                    return False
            else:
                return False
        else:
            return False

        if INavigationRoot.providedBy(context) and \
           view_permitted(context, request, self.add_view):
            return True
        else:
            return False
Beispiel #12
0
    def addable(self, context: "Content", request: Optional[Request]) -> bool:
        """

        :param context:
        :type context: Content or subclass thereof (or anything that has a
                       type_info attribute of type
                       :class:`~kotti.resources.TypeInfo`)

        :param request: current request
        :type request: :class:`kotti.request.Request`

        :result: True if the type described in 'self' may be added to 'context',
                 False otherwise.
        :rtype: Boolean
        """

        if self.add_view is None:
            return False
        if context.type_info.name in self.addable_to:
            return bool(view_permitted(context, request, self.add_view))
        else:
            return False
Beispiel #13
0
    def addable(self, context: "Content", request: Optional[Request]) -> bool:
        """

        :param context:
        :type context: Content or subclass thereof (or anything that has a
                       type_info attribute of type
                       :class:`~kotti.resources.TypeInfo`)

        :param request: current request
        :type request: :class:`kotti.request.Request`

        :result: True if the type described in 'self' may be added to 'context',
                 False otherwise.
        :rtype: Boolean
        """

        if self.add_view is None:
            return False
        if context.type_info.name in self.addable_to:
            return bool(view_permitted(context, request, self.add_view))
        else:
            return False
Beispiel #14
0
    def permitted(self, context, request):
        from kotti.security import view_permitted

        return view_permitted(context, request, self.name)
Beispiel #15
0
def move_node(context, request):
    """This view allows copying, cutting, pasting, deleting of
    'context' and reordering of children of 'context'.
    """
    P = request.POST
    session = DBSession()

    if 'copy' in P:
        request.session['kotti.paste'] = (context.id, 'copy')
        request.session.flash(u'%s copied.' % context.title, 'success')
        if not request.is_xhr:
            return HTTPFound(location=request.url)

    if 'cut' in P:
        request.session['kotti.paste'] = (context.id, 'cut')
        request.session.flash(u'%s cut.' % context.title, 'success')
        if not request.is_xhr:
            return HTTPFound(location=request.url)

    if 'paste' in P:
        id, action = request.session['kotti.paste']
        item = session.query(Node).get(id)
        if action == 'cut':
            if not has_permission('edit', item, request):
                raise Forbidden()
            item.__parent__.children.remove(item)
            context.children.append(item)
            del request.session['kotti.paste']
        elif action == 'copy':
            copy = item.copy()
            name = copy.name
            if not name: # for root
                name = title_to_name(copy.title)
            while name in context.keys():
                name = disambiguate_name(name)
            copy.name = name
            context.children.append(copy)
        request.session.flash(u'%s pasted.' % item.title, 'success')
        if not request.is_xhr:
            return HTTPFound(location=request.url)

    if 'order-up' in P or 'order-down' in P:
        up, down = P.get('order-up'), P.get('order-down')
        id = int(down or up)
        if up is not None:
            mod = -1
        else: # pragma: no cover
            mod = +1

        child = session.query(Node).get(id)
        index = context.children.index(child)
        context.children.pop(index)
        context.children.insert(index+mod, child)
        request.session.flash(u'%s moved.' % child.title, 'success')
        if not request.is_xhr:
            return HTTPFound(location=request.url)

    if 'delete' in P and 'delete-confirm' in P:
        parent = context.__parent__
        request.session.flash(u'%s deleted.' % context.title, 'success')
        parent.children.remove(context)
        location = resource_url(parent, request)
        if view_permitted(parent, request, 'edit'):
            location += '@@edit'
        return HTTPFound(location=location)

    if 'rename' in P:
        name = P['name']
        title = P['title']
        if not name or not title:
            request.session.flash(u'Name and title are required.', 'error')
        else:
            context.name = name
            context.title = title
            request.session.flash(u'Item renamed', 'success')
            location = resource_url(context, request) + '@@move'
            return HTTPFound(location=location)

    return {}
Beispiel #16
0
 def permitted(self, context, request):
     from kotti.security import view_permitted
     return view_permitted(context, request, self.name)