浏览代码

Fix access for attachments

master
Dirk Alders 2 个月前
父节点
当前提交
e7c60df5df
共有 1 个文件被更改,包括 7 次插入4 次删除
  1. 7
    4
      pages/access.py

+ 7
- 4
pages/access.py 查看文件

@@ -1,5 +1,6 @@
1 1
 from django.conf import settings
2 2
 import logging
3
+import os
3 4
 
4 5
 from .models import PikiPage
5 6
 
@@ -31,11 +32,11 @@ class access_control(object):
31 32
             elif self._page is None:
32 33
                 if self._user.is_staff:
33 34
                     # Page creation is allowed for staff users
34
-                    logger.debug("Page does not exist and user is staff -> full access granted")
35
+                    logger.debug("Page %s does not exist and user is staff -> full access granted", repr(self._rel_path))
35 36
                     self._read = True
36 37
                     self._write = True
37 38
                 else:
38
-                    logger.debug("Page does not exist and user is not staff -> no access granted")
39
+                    logger.debug("Page %s does not exist and user is not staff -> no access granted", repr(self._rel_path))
39 40
             else:
40 41
                 user_is_owner = self._page.owner == self._user
41 42
                 user_in_page_group = self._page.group in self._user.groups.all()
@@ -75,11 +76,13 @@ class access_control(object):
75 76
         return self.may_write()
76 77
 
77 78
 
78
-def read_attachment(request, rel_path):
79
+def read_attachment(request, path):
79 80
     # Interface for external module mycreole
81
+    rel_path = os.path.dirname(path)
80 82
     return access_control(request, rel_path).may_read_attachment()
81 83
 
82 84
 
83
-def modify_attachment(request, rel_path):
85
+def modify_attachment(request, path):
84 86
     # Interface for external module mycreole
87
+    rel_path = os.path.dirname(path)
85 88
     return access_control(request, rel_path).may_modify_attachment()

正在加载...
取消
保存