1. Ivan Melnikov
  2. gae-wiki

Commits

Ivan Melnikov  committed 976c47f Draft

Implement inherent access permissions

  • Participants
  • Parent commits d611663
  • Branches default

Comments (0)

Files changed (3)

File page.py

View file
  • Ignore whitespace
 	user_id = db.IntegerProperty()
 	# title = db.StringProperty()
 	
-	access = db.StringProperty(default=Access.ALL)
+	access = db.StringProperty(default=Access.PARENT)
 
 	# url path
 	# for root return empty string to avoid //.edit urls
 	return len(l) > 0
 
 def check_access(page):
-	# TODO: add cache
+	if page is None:
+		return True
+
+	if page.access == Access.PARENT:
+		user = get_user()
+		parents = index_path(page.path)
+		if len(parents) == 1: 
+			return True
+		parents.reverse()
+		for path in parents[1:]:
+			log.info(path)
+			page = get_page(path)
+			if page is not None:
+				if page.access == Access.PARENT:
+					continue
+				if page.access == Access.PRIVATE:
+					if user.key().id() != page.user_id:
+						return False
+				if page.access == Access.ALL:
+					return True
+		
+		return True
+
 	if page.access == Access.PRIVATE:
 		user = get_user()
 		# TODO: store private user list in separate entity
 			access = Access.ALL
 		if param == 'private':
 			access = Access.PRIVATE
+		if param == 'parent':
+			access = Access.PARENT
 		
 		page.access = access
 		page.user_id = get_user().key().id()

File template/page/access.html

View file
  • Ignore whitespace
 
 <form method="POST">
 
-Страницу могут просматривать	
+Доступ к этой странице: 	
 <select name="access">
-	<option value="all" {% if page.access == 'ALL' %}selected{% endif %} >
-		Все
+	<option value="parent" {% if page.access == 'PARENT' %}selected{% endif %}>
+		Наследуется
 	</option>
 	<option value="private" {% if page.access == 'PRIVATE' %}selected{% endif %}>
 		Приватный
 	</option>
+	<option value="all" {% if page.access == 'ALL' %}selected{% endif %} >
+		Все
+	</option>
 </select>
 <br/>
 <input type="submit" value="Сохранить"/>

File template/page/get.html

View file
  • Ignore whitespace
 </div>
 
 {# check access #}
-{% if page is access %}
+{% if page is not access %}
+	
+	<h2>Доступ к данной странице закрыт</h2>
+
+{% else %}
 
 	{% block get_content %}
 	{% if not page %}
 	{% endif %}
 	{% endblock %}
 
-{% else %}
-	
-	<h2>Доступ к данной странице закрыт</h2>
-
 {% endif %}
 
 {% endblock %}