Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

wiki: Verify that a user may view a revision on a revision listing. #713

Closed
wants to merge 2 commits into from

2 participants

@andre-d

No description provided.

@andre-d

tailed syslog while browsing, only got hit while viewing the revision listings.

@andre-d

:haircut: fixed batch lookups

r2/r2/models/wiki.py
((6 lines not shown))
id = getattr(sr, '_id36', None)
if not id:
raise tdb_cassandra.NotFound
- return cls._byID(wiki_id(id, name))
+ return wiki_id(id, name)
+
+ @classmethod
+ def get_multiple(cls, pages):
+ """ Takes a list of tuples in the form of [(sr, name),..] """
+ return cls._byID([cls.id_for(*page) for page in pages])
@spladug Owner
spladug added a note

i think this would be clearer with explicit tuple unpacking, e.g. [cls.id_for(sr, name) for sr, name in pages]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
r2/r2/models/wiki.py
((6 lines not shown))
id = getattr(sr, '_id36', None)
if not id:
raise tdb_cassandra.NotFound
- return cls._byID(wiki_id(id, name))
+ return wiki_id(id, name)
+
+ @classmethod
+ def get_multiple(cls, pages):
+ """ Takes a list of tuples in the form of [(sr, name),..] """
@spladug Owner
spladug added a note

please check PEP-257 for this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@spladug
Owner

:nail_care:

r2/r2/models/builder.py
@@ -611,13 +615,15 @@ def wrap_items(self, items):
return wrapped
def keep_item(self, item):
- return not item.is_hidden
+ from r2.lib.validator.wiki import may_view
+ return ((not item.is_hidden) and
+ may_view(c.site, self.wikiuser, item.wikipage))
@spladug Owner
spladug added a note

what's the point of threading wikiuser through everything here if it's just c.user if c.user_is_loggedin? (and you're using c.site in this function anyway)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@spladug
Owner

:nail_care: looks mostly great

@andre-d

:fish: Moved self.wikipage to "self.page" and c.site to "self.sr"

@andre-d

errr :haircut:

@andre-d

This could be a set instead of a dict.

@spladug
Owner

:fish:

@spladug spladug closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
10 r2/r2/controllers/wiki.py
@@ -144,7 +144,11 @@ def GET_wiki_page(self, pv, page_name):
@validate(page=VWikiPage(('page'), restricted=False))
def GET_wiki_revisions(self, num, after, reverse, count, page):
revisions = page.get_revisions()
- builder = WikiRevisionBuilder(revisions, num=num, reverse=reverse, count=count, after=after, skip=not c.is_wiki_mod, wrap=default_thing_wrapper())
+ wikiuser = c.user if c.user_is_loggedin else None
+ builder = WikiRevisionBuilder(revisions, user=wikiuser, sr=c.site,
+ num=num, reverse=reverse, count=count,
+ after=after, skip=not c.is_wiki_mod,
+ wrap=default_thing_wrapper())
listing = WikiRevisionListing(builder).listing()
return WikiRevisions(listing, page=page.name, may_revise=this_may_revise(page)).render()
@@ -187,10 +191,12 @@ def GET_wiki_revise(self, wp, page, message=None, **kw):
@paginated_listing(max_page_size=100, backend='cassandra')
def GET_wiki_recent(self, num, after, reverse, count):
revisions = WikiRevision.get_recent(c.site)
+ wikiuser = c.user if c.user_is_loggedin else None
builder = WikiRecentRevisionBuilder(revisions, num=num, count=count,
reverse=reverse, after=after,
wrap=default_thing_wrapper(),
- skip=not c.is_wiki_mod)
+ skip=not c.is_wiki_mod,
+ user=wikiuser, sr=c.site)
listing = WikiRevisionListing(builder).listing()
return WikiRecent(listing).render()
View
13 r2/r2/models/builder.py
@@ -41,7 +41,7 @@
from copy import deepcopy
from r2.lib.utils import Storage
-from r2.models.wiki import WIKI_RECENT_DAYS
+from r2.models import wiki
from collections import defaultdict
import time
@@ -595,6 +595,11 @@ def keep_item(self,item):
class WikiRevisionBuilder(QueryBuilder):
show_extended = True
+ def __init__(self, *k, **kw):
+ self.user = kw.pop('user', None)
+ self.sr = kw.pop('sr', None)
+ QueryBuilder.__init__(self, *k, **kw)
+
def wrap_items(self, items):
types = {}
wrapped = []
@@ -611,13 +616,15 @@ def wrap_items(self, items):
return wrapped
def keep_item(self, item):
- return not item.is_hidden
+ from r2.lib.validator.wiki import may_view
+ return ((not item.is_hidden) and
+ may_view(self.sr, self.user, item.wikipage))
class WikiRecentRevisionBuilder(WikiRevisionBuilder):
show_extended = False
def must_skip(self, item):
- return (datetime.datetime.now(g.tz) - item.date).days >= WIKI_RECENT_DAYS
+ return (datetime.datetime.now(g.tz) - item.date).days >= wiki.WIKI_RECENT_DAYS
def empty_listing(*things):
View
22 r2/r2/models/wiki.py
@@ -82,7 +82,7 @@ class WikiRevision(tdb_cassandra.UuidThing, Printable):
_str_props = ('pageid', 'content', 'author', 'reason')
_bool_props = ('hidden')
- cache_ignore = set(list(_str_props)).union(Printable.cache_ignore)
+ cache_ignore = set(list(_str_props)).union(Printable.cache_ignore).union(['wikipage'])
def get_author(self):
author = self._get('author')
@@ -104,9 +104,12 @@ def get_printable_authors(cls, revisions):
@classmethod
def add_props(cls, user, wrapped):
authors = cls.get_printable_authors(wrapped)
+ pages = {r.page: None for r in wrapped}
+ pages = WikiPage.get_multiple((c.site, page) for page in pages)
for item in wrapped:
item._hidden = item.is_hidden
item._spam = False
+ item.wikipage = pages[item.pageid]
author = item._get('author')
item.printable_author = authors.get(author, '[unknown]')
item.reported = False
@@ -187,11 +190,24 @@ def get_author(self):
return None
@classmethod
- def get(cls, sr, name):
+ def id_for(cls, sr, name):
id = getattr(sr, '_id36', None)
if not id:
raise tdb_cassandra.NotFound
- return cls._byID(wiki_id(id, name))
+ return wiki_id(id, name)
+
+ @classmethod
+ def get_multiple(cls, pages):
+ """Get multiple wiki pages.
+
+ Arguments:
+ pages -- list of tuples in the form of [(sr, names),..]
+ """
+ return cls._byID([cls.id_for(sr, name) for sr, name in pages])
+
+ @classmethod
+ def get(cls, sr, name):
+ return cls._byID(cls.id_for(sr, name))
@classmethod
def create(cls, sr, name):
Something went wrong with that request. Please try again.