Commits

Bilal Akhtar committed 3b72304

First, check if the user has the needed ACLs before allowing the user to enter page content or choose content type for creating a new page

Comments (0)

Files changed (1)

MoinMoin/items/__init__.py

         abort(404)
 
     def do_modify(self, contenttype, template_name):
+        # First, check if the current user has the required privileges
+        if not flaskg.user.may.create(self.name):
+            abort(403)
+
         # XXX think about and add item template support
         return render_template('modify_show_type_selection.html',
                                item_name=self.name,