FormGenerator: Add ACL to forced authentification

Author: Taverne Sylvain

forms_generator.py

@@ -24,7 +24,7 @@
 
 # Import from ikaaro
 from ikaaro.forms import AutoForm, SelectWidget, TextWidget, BooleanCheckBox
-from ikaaro.forms import RTEWidget, XHTMLBody, DateWidget
+from ikaaro.forms import RTEWidget, XHTMLBody, BooleanRadio
 from ikaaro.table import OrderedTable, OrderedTableFile
 from ikaaro.table_views import OrderedTable_View
 
@@ -33,7 +33,6 @@
 
 # Import from shop
 from cross_selling_views import AddProduct_View
-from datatypes import ProductPathDataType
 from products.models import get_real_datatype
 from products.enumerate import Datatypes
 from registry import shop_widgets
@@ -62,8 +61,7 @@ def get_widget(cls, widget_name):
 
 class ShopForm_Display(AutoForm):
 
-    access = True
-
+    access = 'is_allowed_to_view_for_authenticated'
 
     def get_submit_value(self):
         context = get_context()
@@ -72,7 +70,6 @@ def get_submit_value(self):
     submit_value = property(get_submit_value, None, None, '')
 
 
-
     def get_title(self, context):
         return context.resource.get_title()
 
@@ -177,7 +174,7 @@ class ShopForm(OrderedTable):
     class_views = ['display', 'edit', 'view', 'add_record']
 
     display = ShopForm_Display()
-    view = OrderedTable_View(search_template=None)
+    view = OrderedTable_View(search_template=None, access='is_admin')
     edit = AutomaticEditView()
 
     add_product = AddProduct_View()
@@ -191,15 +188,19 @@ class ShopForm(OrderedTable):
         SelectWidget('widget', title=MSG(u'Widget')),
         ]
 
-    edit_widgets = [TextWidget('submit_value', title=MSG(u'Submit value')),
-                    TextWidget('to_addr', title=MSG(u'To addr')),
-                    RTEWidget('introduction', title=MSG(u'Introduction')),
-                    RTEWidget('final_message', title=MSG(u'Final message'))]
+    edit_widgets = [
+        TextWidget('submit_value', title=MSG(u'Submit value')),
+        TextWidget('to_addr', title=MSG(u'To addr')),
+        RTEWidget('introduction', title=MSG(u'Introduction')),
+        RTEWidget('final_message', title=MSG(u'Final message')),
+        BooleanRadio('must_be_authentificated',
+                     title=MSG(u'Must be authentificated to see form'))]
 
     edit_schema = {'submit_value': Unicode(multilingual=True, mandatory=True),
                    'to_addr': Email(mandatory=True),
                    'introduction': XHTMLBody(multilingual=True),
-                   'final_message': XHTMLBody(multilingual=True)}
+                   'final_message': XHTMLBody(multilingual=True),
+                   'must_be_authentificated': Boolean}
 
     @classmethod
     def get_metadata_schema(cls):

website.py

@@ -143,6 +143,13 @@ def search_on_website(self, queries):
         return self.parent.search(query)
 
 
+    def is_allowed_to_view_for_authenticated(self, user, resource):
+        if (resource.has_property('must_be_authentificated') and
+            resource.get_property('must_be_authentificated')):
+            return self.is_authenticated(user, resource)
+        return self.is_allowed_to_view(user, resource)
+
+
 register_resource_class(ShopWebSite)
 register_document_type(ShopWebSite, WebSite.class_id)