def find_edit_view(self, item):
view_name = self.request.view_name
if not view_permitted(item, self.request, view_name):
view_name = u'edit'
if not view_permitted(item, self.request, view_name):
view_name = u''
return view_name
def find_edit_view(self, item):
view_name = self.request.view_name
if not view_permitted(item, self.request, view_name):
view_name = u'edit'
if not view_permitted(item, self.request, view_name):
view_name = u''
return view_name
def test_with_post_request(self, view_execution_permitted):
from kotti.security import view_permitted
context, request = object(), DummyRequest()
request.method = "POST"
calls = []
def view_execution_permitted_mock(context, request, name):
calls.append((context, request, name))
assert request.method == "GET"
view_execution_permitted.side_effect = view_execution_permitted_mock
view_permitted(context, request)
assert len(calls) == 1
assert request.method == "POST"
def test_with_post_request(self, view_execution_permitted):
from kotti.security import view_permitted
context, request = object(), DummyRequest()
request.method = 'POST'
calls = []
def view_execution_permitted_mock(context, request, name):
calls.append((context, request, name))
assert request.method == 'GET'
view_execution_permitted.side_effect = view_execution_permitted_mock
view_permitted(context, request)
assert len(calls) == 1
assert request.method == 'POST'
def addable(self, context, request):
"""Return True if the type described in 'self' may be added to
'context'.
"""
if view_permitted(context, request, self.add_view):
return context.type_info.name in self.addable_to
else:
return False
def addable(self, context, request):
"""Return True if the type described in 'self' may be added to
'context'.
"""
if view_permitted(context, request, self.add_view):
return context.type_info.name in self.addable_to
else:
return False
def addable(self, context, request):
"""Return True if
- the type described in 'self' may be added *and*
- no other child of the same type has already be added
to 'context'."""
if view_permitted(context, request, self.add_view):
addable = context.type_info.name in self.addable_to
child_type_already_added = self in [c.type_info for c in context.children]
return addable and not child_type_already_added
else: # pragma: no cover (this already tested in Kotti itself)
return False
def addable(self, context, request):
"""Return True if
- the type described in 'self' may be added."""
if view_permitted(context, request, self.add_view):
addable = context.type_info.name in self.addable_to
if context.type_info.name == 'Topic':
vote_is_addable = True if context.votable else False
return addable and vote_is_addable
return False
else: # pragma: no cover (this already tested in Kotti itself)
return False
def addable(self, context, request):
"""
:param context:
:type context: Content or subclass thereof (or anything that has a
type_info attribute of type :class:`TypeInfo`)
:param request:
:type request: :class:`pyramid.request.Request`
:result: True if the type described in 'self' may be added to 'context',
False otherwise.
:rtype: Boolean
"""
if view_permitted(context, request, self.add_view):
return context.type_info.name in self.addable_to
else:
return False
def addable(self, context, request):
"""
:param context:
:type context: Content or subclass thereof (or anything that has a
type_info attribute of type :class:`TypeInfo`)
:param request:
:type request: :class:`pyramid.request.Request`
:result: True if the type described in 'self' may be added to 'context',
False otherwise.
:rtype: Boolean
"""
if view_permitted(context, request, self.add_view):
return context.type_info.name in self.addable_to
else:
return False
def addable(self, context, request):
resolver = DottedNameResolver()
if hasattr(self, 'dotted_class'):
resource_class = resolver.maybe_resolve(self.dotted_class)
if resource_class:
already_exists_action = DBSession.query(resource_class).\
filter(resource_class.parent_id == context.id).first()
if already_exists_action is not None:
return False
else:
return False
else:
return False
if INavigationRoot.providedBy(context) and \
view_permitted(context, request, self.add_view):
return True
else:
return False
def addable(self, context: "Content", request: Optional[Request]) -> bool:
"""
:param context:
:type context: Content or subclass thereof (or anything that has a
type_info attribute of type
:class:`~kotti.resources.TypeInfo`)
:param request: current request
:type request: :class:`kotti.request.Request`
:result: True if the type described in 'self' may be added to 'context',
False otherwise.
:rtype: Boolean
"""
if self.add_view is None:
return False
if context.type_info.name in self.addable_to:
return bool(view_permitted(context, request, self.add_view))
else:
return False
def addable(self, context: "Content", request: Optional[Request]) -> bool:
"""
:param context:
:type context: Content or subclass thereof (or anything that has a
type_info attribute of type
:class:`~kotti.resources.TypeInfo`)
:param request: current request
:type request: :class:`kotti.request.Request`
:result: True if the type described in 'self' may be added to 'context',
False otherwise.
:rtype: Boolean
"""
if self.add_view is None:
return False
if context.type_info.name in self.addable_to:
return bool(view_permitted(context, request, self.add_view))
else:
return False
def permitted(self, context, request):
from kotti.security import view_permitted
return view_permitted(context, request, self.name)
def move_node(context, request):
"""This view allows copying, cutting, pasting, deleting of
'context' and reordering of children of 'context'.
"""
P = request.POST
session = DBSession()
if 'copy' in P:
request.session['kotti.paste'] = (context.id, 'copy')
request.session.flash(u'%s copied.' % context.title, 'success')
if not request.is_xhr:
return HTTPFound(location=request.url)
if 'cut' in P:
request.session['kotti.paste'] = (context.id, 'cut')
request.session.flash(u'%s cut.' % context.title, 'success')
if not request.is_xhr:
return HTTPFound(location=request.url)
if 'paste' in P:
id, action = request.session['kotti.paste']
item = session.query(Node).get(id)
if action == 'cut':
if not has_permission('edit', item, request):
raise Forbidden()
item.__parent__.children.remove(item)
context.children.append(item)
del request.session['kotti.paste']
elif action == 'copy':
copy = item.copy()
name = copy.name
if not name: # for root
name = title_to_name(copy.title)
while name in context.keys():
name = disambiguate_name(name)
copy.name = name
context.children.append(copy)
request.session.flash(u'%s pasted.' % item.title, 'success')
if not request.is_xhr:
return HTTPFound(location=request.url)
if 'order-up' in P or 'order-down' in P:
up, down = P.get('order-up'), P.get('order-down')
id = int(down or up)
if up is not None:
mod = -1
else: # pragma: no cover
mod = +1
child = session.query(Node).get(id)
index = context.children.index(child)
context.children.pop(index)
context.children.insert(index+mod, child)
request.session.flash(u'%s moved.' % child.title, 'success')
if not request.is_xhr:
return HTTPFound(location=request.url)
if 'delete' in P and 'delete-confirm' in P:
parent = context.__parent__
request.session.flash(u'%s deleted.' % context.title, 'success')
parent.children.remove(context)
location = resource_url(parent, request)
if view_permitted(parent, request, 'edit'):
location += '@@edit'
return HTTPFound(location=location)
if 'rename' in P:
name = P['name']
title = P['title']
if not name or not title:
request.session.flash(u'Name and title are required.', 'error')
else:
context.name = name
context.title = title
request.session.flash(u'Item renamed', 'success')
location = resource_url(context, request) + '@@move'
return HTTPFound(location=location)
return {}
def permitted(self, context, request):
from kotti.security import view_permitted
return view_permitted(context, request, self.name)