Commits

Thomas Waldmann  committed 9890a2d

support giving multiple capabilities to require(), one of them must be permitted for it to succeed

  • Participants
  • Parent commits 33590c9

Comments (0)

Files changed (1)

File MoinMoin/storage/middleware/protecting.py

 
         return False
 
-    def require(self, capability):
-        if not self.allows(capability):
-            raise AccessDenied("item does not allow user '{0!r}' to '{1!r}'".format(self.protector.user.name, capability))
+    def require(self, *capabilities):
+        """require that at least one of the capabilities is allowed"""
+        if not any(self.allows(c) for c in capabilities):
+            capability = " or ".join(capabilities)
+            raise AccessDenied("item does not allow user '{0!r}' to '{1!r}' [{2!r}]".format(
+                               self.protector.user.name, capability, self.item.acl))
 
     def iter_revs(self):
         self.require(READ)
         # to check allowance for a revision, we always ask the item
         return self.item.allows(capability)
 
-    def require(self, capability):
-        if not self.allows(capability):
-            raise AccessDenied("revision does not allow '{0!r}'".format(capability))
+    def require(self, *capabilities):
+        """require that at least one of the capabilities is allowed"""
+        if not any(self.allows(c) for c in capabilities):
+            capability = " or ".join(capabilities)
+            raise AccessDenied("revision does not allow user '{0!r}' to '{1!r}' [{2!r}]".format(
+                               self.protector.user.name, capability, self.item.item.acl))
 
     @property
     def revid(self):