"""
Subwiki Security Policy
=======================

Creates hierarchal-like ACL by dividing the wiki to sub wikis, and
allowing only members of WikiNameGroup to visit WikiName of any sub
page of it. 

This module is not related in any way to SubWiki or Subversion :-)


How to use
----------
1. Create a main page for each sub wiki e.g WikiOne. All the sub wiki
   pages will be sub pages of this page.
   
2. Create a group named after the wiki e.g. WikiOneGroup. List the
   users that may read the sub wiki pages in the group page. Do not
   forget to list yourself, becuase this policy does not respect
   acl_rights_before.
   
4. Add proper ACL to the group page - so only those in
   acl_rights_before can add users to the group::

    #acl All:read

3. Put this module where your wiki or farm config are located.

4. Add this line to wiki or farm config::

    from subwiki_policy import SecurityPolicy


Problems
--------

acl_rights_before ignored
~~~~~~~~~~~~~~~~~~~~~~~~~

This policy ignores acl_rights_before for non members of the sub wiki
group. A simple workaround is to list yourself and other admins in the
sub wikis group pages. A full solution requires major changes in the
ACL class.


Legal
-----

@copyright: (c) 2005 by Nir Soffer

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
"""

# If you want to use antispam, sub class from antispam:
# from MoinMoin.util.antispam import SecurityPolicy as Permissions
from MoinMoin.security import Permissions


class SecurityPolicy(Permissions):

    def read(self, pagename):
        """ Let only members of a wiki to read sub pages

        Members use the base class policy - if the page has acl, it
        will be respected.
        
        Pages in the main wiki e.g RecentChanges are handled as usuall.
        """
        wikiName = pagename.split('/')[0]
        if wikiName in ['WikiOne', 'WikiTwo', 'WikiThree']:
            # TODO: check acl_rights_before before the member test!
            if not self.userIsMemberOf(wikiName + 'Group'):
                return False
        
        return self.defaultPolicy('read', pagename)

    def defaultPolicy(self, action, *args):
        return Permissions.__getattr__(self, action)(*args)

    def userIsMemberOf(self, group):
        return self.request.user.name in self.request.dicts.members(group)