Bilal Akhtar committed 3b72304

First, check if the user has the needed ACLs before allowing the user to enter page content or choose content type for creating a new page

Comments (0)

Files changed (1)


     def do_modify(self, contenttype, template_name):
+        # First, check if the current user has the required privileges
+        if not flaskg.user.may.create(
+            abort(403)
         # XXX think about and add item template support
         return render_template('modify_show_type_selection.html',