* looking for arch@arch.thinkmo.de--2003-archives/moin--main--1.5--patch-376 to compare with * comparing to arch@arch.thinkmo.de--2003-archives/moin--main--1.5--patch-376 M MoinMoin/multiconfig.py M MoinMoin/security.py A MoinMoin/securityrule.py * modified files --- orig/MoinMoin/multiconfig.py +++ mod/MoinMoin/multiconfig.py @@ -10,6 +10,8 @@ from MoinMoin import error import MoinMoin.auth as authmodule +import MoinMoin.securityrule as SecurityRule + _url_re_cache = None _farmconfig_mtime = None _config_cache = {} @@ -168,6 +170,9 @@ acl_rights_before = u"" acl_rights_after = u"" acl_rights_valid = ['read', 'write', 'delete', 'revert', 'admin'] + security_rules = [SecurityRule.just_vaild_user_can_write, + SecurityRule.check_acl] + security_rules_fifo = 0 actions_excluded = [] # ['DeletePage', 'AttachFile', 'RenamePage'] allow_xslt = 0 --- orig/MoinMoin/security.py +++ mod/MoinMoin/security.py @@ -18,6 +18,7 @@ ### Basic Permissions Interface -- most features enabled by default ############################################################################# +#import MoinMoin.securityrule as SecurityRule class Permissions: """ Basic interface for user permissions and system policy. @@ -43,16 +44,19 @@ return self.write(editor.page_name) def __getattr__(self, attr): - """ if attr is one of the rights in acl_rights_valid, then return a - checking function for it. Else raise an error. - """ + rules = [] request = self.request - Page = self.Page - if attr in request.cfg.acl_rights_valid: - return lambda pagename, Page=Page, request=request, attr=attr: Page(request, pagename).getACL(request).may(request, self.name, attr) - else: - raise AttributeError, attr - + for sr in request.cfg.security_rules: + security_rule = sr(request.user) + attr_security_rule = getattr(security_rule, attr, 0) + if attr_security_rule: + rules.append(attr_security_rule) + if getattr(security_rule, attr + '_non_continue', 0): + return lambda pagename, **kw: attr_security_rule(pagename, **kw) + if len(rules) > 0: + if request.cfg.security_rules_fifo: + return lambda pagename, **kw: rules[0](pagename, **kw) + else: return lambda pagename, **kw: rules[-1](pagename, **kw) # make an alias for the default policy Default = Permissions --- orig/MoinMoin/securityrule.py +++ mod/MoinMoin/securityrule.py @@ -0,0 +1,48 @@ +# -*- coding: iso-8859-1 -*- +""" +@copyright: (c) Bastian Blank, Florian Festi, Thomas Waldmann +@copyright: MoinMoin:FrankieChow +@license: GNU GPL, see COPYING for details. +""" + +class security_rules_obj: + """ Template of SecurityRules Object + """ + + def __init__(self, user): + """ Calculate the permissons `user` has. + """ + self.user = user + self.name = user.name + self.request = user._request + def true(self, pagename, **kw): + return 1 + def false(self, pagename, **kw): + return 0 + +class check_acl(security_rules_obj): + """ Basic interface for user permissions and system policy. + + Note that you still need to allow some of the related actions, this + just controls their behaviour, not their activation. + """ + + def __getattr__(self, attr): + """ if attr is one of the rights in acl_rights_valid, then return a + checking function for it. Else raise an error. + """ + from MoinMoin.Page import Page + request = self.request + if attr in request.cfg.acl_rights_valid: + return lambda pagename, Page=Page, request=request, attr=attr: Page(request, pagename).getACL(request).may(request, self.name, attr) + else: + raise AttributeError, attr + +class just_vaild_user_can_write(security_rules_obj): + def __getattr__(self, attr): + if not self.user.valid: + self.write_non_continue = 1 + if attr == 'write': + return lambda pagename, **kw: self.false(pagename, **kw) + else: raise AttributeError, attr + else: raise AttributeError, attr