blog

changeset 146:61ff294df22f trunk

find changesets by author, revision, files, or words in the commit message
added permission checks
author Thomas Jollans <thomas@jollans.com>
date Mon Aug 20 18:12:29 2007 +0200 (2007-08-20)
parents d6abad2f7c7f
children aa8bf9e86b6b
files modules/blog.py
line diff
     1.1 --- a/modules/blog.py	Fri Aug 17 22:44:05 2007 +0200
     1.2 +++ b/modules/blog.py	Mon Aug 20 18:12:29 2007 +0200
     1.3 @@ -251,6 +251,7 @@
     1.4  
     1.5      def _rdraw(self,n):
     1.6          req = self._req
     1.7 +        if not n.checkperm(READ): return req['session'].auth_error()
     1.8          if n['type'] in ('blog', 'blog:tag'):
     1.9              page = int(req.get_fields().get('blog.page', 0))
    1.10              postsperpage = req.config.get('BLOG_POSTSPERPAGE', 10)
    1.11 @@ -282,7 +283,7 @@
    1.12              if req.config.get('BLOG_USE_CAPTCHA'):
    1.13                  req['captcha'].enable(t)
    1.14              flds = req.get_fields()
    1.15 -            if 'post' in flds:
    1.16 +            if 'post' in flds and n.checkperm(WRITE):
    1.17                  # comment saving time
    1.18                  if not flds['subject']:
    1.19                      t.kw_set_vars(error=req.xlate('blog_set_subject'))