def check_right(self, req):
""" check if any of login.rights metch any of page.rights """
m = driver(req)
m.load_rights(self, req)
if do_match_right(req, 'pages_modify'):
return True # user is editor
elif do_check_right(req, 'pages_author') \
and self.author_id == req.login.id:
return True # user is author
elif self.rights and do_match_right(req, self.rights):
return True # user has special right which have page
return False
def correct_menu(req, menu, retval=None):
new_menu = retval if ismenu(retval) else Menu.base(menu)
for item in menu:
if isitem(item) and do_match_right(req, item.rights):
new_menu.append(item)
elif ismenu(item):
submenu = correct_menu(req, item)
if len(submenu) > 0:
new_menu.append(submenu)
return new_menu
def admin_pages(req):
check_login(req)
match_right(req, module_rights)
error = req.args.getfirst('error', 0, int)
pager = Pager()
pager.bind(req.args)
if not do_match_right(req, ('pages_modify', 'pages_listall')):
rows = Page.list(req, pager, author_id=req.login.id)
else:
rows = Page.list(req, pager)
return generate_page(req, "admin/pages.html",
token=do_create_token(req, '/admin/pages'),
pager=pager, rows=rows, error=error)
def articles_detail(req, arg):
id = arg if isinstance(arg, int) else None
uri = arg if isinstance(arg, unicode) else None
article = Article(id)
article.uri = uri
if uri and not article.get(req, key='uri'):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if id and not article.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if article.public_date.year == 1970:
if req.login is None:
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
if not do_match_right(req, module_rights):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
if (not do_check_right(req, right_editor)
and article.author_id != req.login.id):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
return articles_detail_internal(req, article)
