Commits

Benoit Chesneau  committed d4a636a

manage site permissions. we are now features complete.

  • Participants
  • Parent commits b505418

Comments (0)

Files changed (9)

File couchit/application.py

 from couchit.api import *
 from couchit import context_processors
 from couchit import views
-from couchit.template import template_env
+from couchit.template import template_env, url_for
 
 class CouchitApp(object):
     def __init__(self):
         else:
             local.url_adapter = adapter = urls_map.bind_to_environ(environ)
             
+        authenticated = request.session.get('%s_authenticated' % request.site.cname, False)
+        can_edit = True 
+        if request.site.privacy == "public" and not authenticated:
+            can_edit = False
+        request.can_edit = can_edit
+        
         # process urls   
         try:
             endpoint, args = adapter.match()
             )
 
         
+        if request.site.privacy == "private" and not authenticated and endpoint!='site_login':
+            response = redirect(url_for('site_login'))
+        
+        
+            
         return response(environ, start_response)
 
     def __call__(self, environ, start_response):

File couchit/context_processors.py

 @register_contextprocessor
 def authenticated(request):
     authenticated = False
+    can_edit = True
     if hasattr(request, 'site'):
         authenticated = request.session.get('%s_authenticated' % request.site.cname, False)
-    return { 'authenticated': authenticated }
+        if request.site.privacy == "public" and not authenticated:
+            can_edit = False
+            
+    return { 
+        'authenticated': authenticated,
+        'can_edit': can_edit
+     }
         

File couchit/views.py

         return f(request, **kwargs)
     return decorated
              
+def can_edit(f):
+    def decorated(request, **kwargs):
+        if not request.can_edit:
+            redirect_url = local.site_url and local.site_url or "/"
+            return redirect(redirect_url)
+        return f(request, **kwargs)
+    return decorated            
         
 def not_found(request):
     return render_response("not_found.html")
     
     return render_response('page/show.html', page=page, pages=pages, lexers=LEXERS_CHOICE)
 
+@can_edit
 def edit_page(request, pagename=None):
     if pagename is None:
         pagename ='Home'
         return redirect(redirect_url)
     
     return render_response('page/edit.html', page=page)
-  
+
+@can_edit  
 def delete_page(request, pagename):
     if pagename == 'Home': #security reason
         return redirect(url_for('show_page', pagename='Home'))
             'id':page.title.replace(' ', '_')
         })
     return send_json(json)
-    
+
+@can_edit    
 @login_required
 def site_delete(request):
     if request.method == "POST":
         redirect_url = "http://%s" % settings.SERVER_NAME
         return redirect(redirect_url)
     return render_response('site/delete.html')
-    
+
+@can_edit 
 @not_claimed
 def site_claim(request):
     if request.method == "POST":
         return redirect(redirect_url)
         
     return render_response('site/claim.html')
-    
+
+@can_edit    
 @login_required
 def site_settings(request):
     if request.is_xhr and request.method == "POST":
     pages = all_pages(local.db, request.site.id)
     return render_response('site/settings.html', pages=pages, site_address=site_address)
 
+@can_edit
 @login_required
 def site_address(request):
     error = None
     return render_response('site/change_password.html', token=token, 
                 error=error, invalid_token=invalid_token)
     
-                
+@can_edit                
 def change_password_authenticated(request):
     error = None
     if request.method == 'POST':
         
     return render_response('site/forgot_password.html', back=back)
 
+@can_edit
 def site_design(request):
     DEFAULT_COLORS = dict(
         background_color = 'E7E7E7',

File static/js/src/page.js

             }
         });
         
-
         Event.observe(window, 'resize', function(e) {
             var new_height = document.viewport.getHeight() - 150;
             $('content').setStyle({'height': new_height + 'px'});

File templates/page/diff.html

 <script type="text/javascript">
     Site.name = "{{ site.cname }}";
     Site.url = "{{ site_url }}";
+    {% if can_edit %}
     new Create();
+    {% endif %}
     new Diff();
 </script>
 {% endblock %}

File templates/page/history.html

 <script type="text/javascript">
     Site.name = "{{ site.cname }}";
     Site.url = "{{ site_url }}"
+    {% if can_edit %}
     new Create();
+    {% endif %}
     new Compare();
 </script>
 {% endblock %}

File templates/page/show.html

 {% endif %}
 
 <ul id="tabs_wiki" class="subsection_tabs">  
-     <li class="tab tab-view"><a href="#pview">VIEW</a></li>  
-     <li class="tab tab-edit"><a href="#pedit">EDIT</a></li>  
+     <li class="tab tab-view"><a href="#pview">VIEW</a></li>
+     {% if can_edit %}
+     <li class="tab tab-edit"><a href="#pedit">EDIT</a></li> 
+     {% endif %}
+       
 </ul>
 <section id="pview">
     {% if page.id %}
             <h2>{{ page.title }}</h2>
             <ul class="page_infos">
                 <li><time title="GMT" datetime="{{ page.updated|rfc3339 }}">{{ page.updated|formatdatetime }}</time></li>
-                {% if page.title != "Home" %}
+                {% if page.title != "Home" and can_edit %}
                 <li><a id="page_delete" href="{{ url_for('delete_page', pagename=page.title|replace(" ", "_")) }}">delete</a></li>   
                 {% endif %}
                 <li class="last"><a class="page_history" href="{{ url_for('show_page', pagename=page.title|replace(" ", "_")) }}/history">history</a></li>
     </article>
     {% endif %}
 </section>
+{% if can_edit %}
+    
+
 <section id="pedit">
     <div id="pedit_wrapper">
         <form name="fedit" id="fedit" action="{{ url_for('edit_page', pagename=page.title|replace(" ", "_")) }}" method="POST">
         <p><input type="submit" id="ssnippet" name="ssnippet" value="Insert snippet" /><input type="submit" id="cancelSnippet" name="cancelSnippet" value="Cancel" /></p>
      </form>
  </div>
- 
+ {% endif %}
 {% endblock %}
 
 {% block sidebar %}
 <script type="text/javascript">
 Site.name = "{{ site.cname }}";
 Site.url = "{{ site_url }}";
+{% if can_edit %}
 {% if not page.id %}
 Page.created = true;
 {% endif %}
 new Create();
 new PageUI();
+{% endif %}
 </script>
 {% endblock %}

File templates/sidebar.html

+
+{% if can_edit %}
 <div id="createPage">
     <a href="#" id="doCreate">Create new page</a>
     <form id="fnewpage" name="fnewpage" method="get">
         <p><input type="submit" name="screate" id="screate" value="Create" /> or <a href="#" class="cancelCreate">Cancel</a></p>
     </form>
 </div>
+{% endif %}
+
 
 <nav>
     <ul>
         <li><a href="{{ url_for('site_changes') }}">recent changes</a></li>
-        <li><a href="{{ url_for('site_settings') }}">settings</a></li>
-        <li><a href="{{ url_for('site_design') }}">design</a></li>
+        {% if can_edit %}
+         <li><a href="{{ url_for('site_settings') }}">settings</a></li>
+         <li><a href="{{ url_for('site_design') }}">design</a></li> 
+        {% endif %}
+        
     </ul>
 </nav>
 

File templates/site/changes.html

 {% block footer %}
 <script type="text/javascript">
     Site.name = "{{ site.cname }}";
-    Site.url = "/" + "{{ site.cname }}";
+    Site.url = "{{ site_url }}";
+    {% if can_edit %}
     new Create();
+    {% endif %}
 </script>
 {% endblock %}