incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject [2/5] git commit: [#7014] ticket:524 Added 'admin' value to trovecategories.enableediting setting.
Date Mon, 24 Feb 2014 15:16:57 GMT
[#7014] ticket:524 Added 'admin' value to trovecategories.enableediting setting.

This option allows site admins only to edit trove categories.


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/6ca710e7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/6ca710e7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/6ca710e7

Branch: refs/heads/master
Commit: 6ca710e7dd558d334c7f8aae6e6adf19274a8ddd
Parents: e0d5dd6
Author: Ferens Dmitriy <ferensdima@gmail.com>
Authored: Wed Jan 29 14:53:03 2014 +0200
Committer: Cory Johns <cjohns@slashdotmedia.com>
Committed: Mon Feb 24 15:15:41 2014 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/root.py            |  2 +-
 Allura/allura/controllers/trovecategories.py | 14 +++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/6ca710e7/Allura/allura/controllers/root.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/root.py b/Allura/allura/controllers/root.py
index d43afa4..01420e8 100644
--- a/Allura/allura/controllers/root.py
+++ b/Allura/allura/controllers/root.py
@@ -70,7 +70,7 @@ class RootController(WsgiDispatchController):
     nf = NewForgeController()
     search = SearchController()
     rest = RestController()
-    if config.get('trovecategories.enableediting', 'false') == 'true':
+    if config.get('trovecategories.enableediting', 'false') != 'false':
         categories = TroveCategoryController()
 
     def __init__(self):

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/6ca710e7/Allura/allura/controllers/trovecategories.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/trovecategories.py b/Allura/allura/controllers/trovecategories.py
index 6c57f33..22b161f 100644
--- a/Allura/allura/controllers/trovecategories.py
+++ b/Allura/allura/controllers/trovecategories.py
@@ -15,13 +15,15 @@
 #       specific language governing permissions and limitations
 #       under the License.
 
-from tg import expose, flash, redirect, validate
+from tg import expose, flash, redirect, validate, config
+from pylons import tmpl_context as c
 from string import digits, lowercase
 
-from allura.lib.security import require_authenticated
 from allura import model as M
-from allura.lib.decorators import require_post
 from allura.controllers import BaseController
+from allura.lib import helpers as h
+from allura.lib.decorators import require_post
+from allura.lib.security import require_authenticated, require_access
 from allura.lib.widgets import forms
 
 
@@ -37,6 +39,12 @@ class TroveCategoryController(BaseController):
         cat = M.TroveCategory.query.get(shortname=catshortname)
         return TroveCategoryController(category=cat), remainder
 
+    def _check_security(self):
+        if config.get('trovecategories.enableediting', 'false') == 'admin':
+            with h.push_context(config.get('site_admin_project', 'allura'),
+                                neighborhood=config.get('site_admin_project_nbhd', 'Projects')):
+                require_access(c.project, 'admin')
+
     def __init__(self, category=None):
         self.category = category
         super(TroveCategoryController, self).__init__()


Mime
View raw message