Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
logging.debug("Excluding %s" % watcher)
continue
+ # Check permissions
+ if not self.backend.wiki.check_acl(self.page, watcher):
+ logging.debug("Watcher %s does not have permissions" % watcher)
+ continue
+
logging.debug("Sending watcher email to %s" % watcher)
# Compose message
if not page:
raise tornado.web.HTTPError(404, "Page does not exist: %s" % path)
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
with self.db.transaction():
if action == "watch":
page.add_watcher(self.current_user)