* looking for arch@arch.thinkmo.de--2003-archives/moin--main--1.5--patch-376 to compare with
* comparing to arch@arch.thinkmo.de--2003-archives/moin--main--1.5--patch-376
M  MoinMoin/multiconfig.py
M  MoinMoin/security.py
A  MoinMoin/securityrule.py

* modified files

--- orig/MoinMoin/multiconfig.py
+++ mod/MoinMoin/multiconfig.py
@@ -168,7 +168,8 @@
     acl_rights_before = u""
     acl_rights_after = u""
     acl_rights_valid = ['read', 'write', 'delete', 'revert', 'admin']
-    
+    # import MoinMoin.securityrule as SecurityRule
+    security_rules = [] #Test by: [{'rule' :SecurityRule.vaild_user, "is_non": 1, "write": 0}]
     actions_excluded = [] # ['DeletePage', 'AttachFile', 'RenamePage']
     allow_xslt = 0
     attachments = None # {'dir': path, 'url': url-prefix}


--- orig/MoinMoin/security.py
+++ mod/MoinMoin/security.py
@@ -43,11 +43,28 @@
         return self.write(editor.page_name)
 
     def __getattr__(self, attr):
-        """ if attr is one of the rights in acl_rights_valid, then return a
-            checking function for it. Else raise an error.
-        """
         request = self.request
         Page = self.Page
+
+        # check right in security_rules
+        for s in request.cfg.security_rules:
+            # Make Sure the SecurityRules have 'rule' and attr
+            # and the SecurityRules is a Dict.
+            try:
+                if s.has_key('rule') and s.has_key(attr):
+                   valid_security_rule = 1
+                else:
+                   valid_security_rule = 0
+            except AttributeError:
+                valid_security_rule = 0
+            if valid_security_rule:
+                sr = s['rule']
+                security_rule = sr(request.user, s)
+                # Check dict again, Is it developer like ?
+                if security_rule.check_dict(attr):
+                    return lambda pagename, **kw: getattr(security_rule, attr)(pagename, **kw)
+
+        # If cann't check in security_rules, try it in moin_acl
         if attr in request.cfg.acl_rights_valid:
             return lambda pagename, Page=Page, request=request, attr=attr: Page(request, pagename).getACL(request).may(request, self.name, attr)
         else:


--- orig/MoinMoin/securityrule.py
+++ mod/MoinMoin/securityrule.py
@@ -0,0 +1,56 @@
+# -*- coding: iso-8859-1 -*-
+"""
+@copyright: (c) Bastian Blank, Florian Festi, Thomas Waldmann
+@copyright: MoinMoin:FrankieChow
+@license: GNU GPL, see COPYING for details.
+"""
+
+class security_rules_obj:
+    """ Template of SecurityRules Object
+    """
+
+    def __init__(self, user, dict):
+        """ Calculate the permissons `user` has.
+        """
+        self.user = user
+        self.name = user.name
+        self.request = user._request
+        self.dict = dict
+
+    def cal_rule_result(self):
+        """ Cal the dict('is_non') and set the rule_result.
+        """
+        if self.dict.has_key('is_non'):
+            self.rule_result = self.dict['is_non'] * self.match_rule()
+        else:
+            self.rule_result = self.match_rule()
+
+    def check_dict(self):
+        """
+        Developer can override it to check pass dict.
+        """
+        self.cal_rule_result()
+        if getattr(self, attr, 0):
+            return 1
+
+    def true(self, pagename, **kw):
+        return 1
+    def false(self, pagename, **kw):
+        return 0
+
+    def __getattr__(self, attr):
+        if not self.rule_result: raise AttributeError, attr
+        if self.dict[attr]:
+            return lambda pagename, **kw: self.true(pagename, **kw)
+        else:
+            return lambda pagename, **kw: self.false(pagename, **kw)
+
+class vaild_user(security_rules_obj):
+    """
+    Maybe Developer must need to write this module.
+    """
+    def match_rule(self):
+        if self.user.valid:
+            return 1
+        else:
+            return 0