diff --git a/controller/Notebooks.py b/controller/Notebooks.py index 52dacb9..edf3fb8 100644 --- a/controller/Notebooks.py +++ b/controller/Notebooks.py @@ -772,9 +772,17 @@ class Notebooks( object ): if not notebook: raise Access_error() + # prevent renaming of the trash notebook to anything + if notebook.name == u"trash": + raise Access_error() + # prevent just anyone from making official Luminotes notebooks if name.startswith( u"Luminotes" ) and not notebook.name.startswith( u"Luminotes" ): - raise Access_error( "That notebook name is not available. Please try a different one." ) + raise Access_error() + + # prevent renaming of another notebook to "trash" + if name == u"trash": + raise Access_error() notebook.name = name self.__database.save( notebook, commit = False ) diff --git a/controller/test/Test_notebooks.py b/controller/test/Test_notebooks.py index 8ea7f97..0e9a86c 100644 --- a/controller/test/Test_notebooks.py +++ b/controller/test/Test_notebooks.py @@ -1727,7 +1727,18 @@ class Test_notebooks( Test_controller ): assert result[ u"error" ] - def test_rename_with_reserved_name( self ): + def test_rename_trash( self ): + self.login() + + new_name = u"renamed notebook" + result = self.http_post( "/notebooks/rename", dict( + notebook_id = self.notebook.trash_id, + name = new_name, + ), session_id = self.session_id ) + + assert u"error" in result + + def test_rename_with_reserved_luminotes_name( self ): self.login() new_name = u"Luminotes blog" @@ -1738,6 +1749,17 @@ class Test_notebooks( Test_controller ): assert result[ u"error" ] + def test_rename_with_reserved_trash_name( self ): + self.login() + + new_name = u" trash " + result = self.http_post( "/notebooks/rename", dict( + notebook_id = self.notebook.object_id, + name = new_name, + ), session_id = self.session_id ) + + assert result[ u"error" ] + def test_recent_notes( self ): result = cherrypy.root.notebooks.load_recent_notes( self.notebook.object_id, diff --git a/static/js/Wiki.js b/static/js/Wiki.js index 6493d0f..9fa5951 100644 --- a/static/js/Wiki.js +++ b/static/js/Wiki.js @@ -1396,7 +1396,7 @@ Wiki.prototype.end_notebook_rename = function () { if ( /^\s*$/.test( new_notebook_name ) ) new_notebook_name = this.notebook.name; - if ( /^\s*Luminotes/.test( new_notebook_name ) ) { + if ( /^\s*Luminotes/.test( new_notebook_name ) || /^\s*trash\s*$/.test( new_notebook_name ) ) { new_notebook_name = this.notebook.name; this.display_error( "That notebook name is not available. Please try a different one." ); } diff --git a/view/Link_area.py b/view/Link_area.py index 62ac025..0c7ffcc 100644 --- a/view/Link_area.py +++ b/view/Link_area.py @@ -3,7 +3,7 @@ from Rounded_div import Rounded_div class Link_area( Div ): - def __init__( self, notebooks, notebook, total_notes_count, parent_id, notebook_path ): + def __init__( self, notebooks, notebook, total_notes_count, parent_id, notebook_path, user ): linked_notebooks = [ nb for nb in notebooks if nb.read_write and nb.name not in ( u"trash" ) ] Div.__init__( @@ -99,7 +99,7 @@ class Link_area( Div ): ), class_ = u"link_area_item", ) for nb in linked_notebooks ], - Div( + ( user.username != u"anonymous" ) and Div( A( u"add new notebook", href = u"#", @@ -107,7 +107,7 @@ class Link_area( Div ): title = u"Create a new wiki notebook.", ), class_ = u"link_area_item", - ), + ) or None, id = u"notebooks_area" ), diff --git a/view/Main_page.py b/view/Main_page.py index 7520ad7..e9a8d81 100644 --- a/view/Main_page.py +++ b/view/Main_page.py @@ -103,7 +103,7 @@ class Main_page( Page ): Toolbar( hide_toolbar = not notebook.read_write ), id = u"toolbar_area", ), - Link_area( notebooks, notebook, total_notes_count, parent_id, notebook_path ), + Link_area( notebooks, notebook, total_notes_count, parent_id, notebook_path, user ), Div( Div( Div(