← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to www/common/studpath.py

  • Committer: mattgiuca
  • Date: 2008-01-22 23:41:29 UTC
  • Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:267
Changed semantics of "published" property: Now applies to directories, not
files, and causes everything in the directory to get published.

fileservice: Listing only shows "published" for directories.
studpath.authorized_public: Checks parent directory for publish permission
    instead of the file itself.

(This comes out of a series of meetings with Tom and Steven, where we decided
that file-level access is too fine grained; you can't control user-generated
files).

Show diffs side-by-side

added added

removed removed

Lines of Context:
www/common/studpath.py
134
134
 
135
135
def authorize_public(req):
136
136
    """A different kind of authorization. Rather than making sure the
137
 
    logged-in user owns the file, this checks if the file has been published
138
 
    (ignoring the user). This is for the "public mode" of the serve app.
 
137
    logged-in user owns the file, this checks if the file is in a published
 
138
    directory.
 
139
 
 
140
    This is for the "public mode" of the serve app.
139
141
 
140
142
    Same interface as "authorize" - None on success, HTTP_FORBIDDEN exception
141
143
    raised on failure.
142
144
    """
143
145
    _, path = url_to_local(req.path)
144
 
    if not published(path):
 
146
    dirpath, _ = os.path.split(path)
 
147
    if not published(dirpath):
145
148
        req.throw_error(req.HTTP_FORBIDDEN)