MoinMoinChat/Logs/moin-dev/2009-07-23

2009-07-23T00:52:50  *** moinBot has joined #moin-dev
2009-07-23T00:54:17  <ThomasWaldmann> aigarius: yes, acl protected pages are a big problem then
2009-07-23T00:54:33  <ThomasWaldmann> so why not the trashbin approach?
2009-07-23T00:58:07  <aigarius> you ar eright, the trashbin approach, if done right can solve this problem cleaner
2009-07-23T01:00:01  <aigarius> There must be support for multiple deleted versions of the same pagename , like making ThisPage to be deleted to Trash/23842-ThisPage so that ACLs for deleted pages can not be overwritten
2009-07-23T01:00:21  <ThomasWaldmann> ok, wiki and repo is back
2009-07-23T01:00:48  <aigarius> by simply making a new page of the same and then deleting it
2009-07-23T01:01:50  <ThomasWaldmann> yes, that's not a problem. could be just some random name. and the old name in a metadata field.
2009-07-23T01:02:25  <aigarius> It would be useful to store the old name for renames as well, along with a revision number of when the rename took place
2009-07-23T01:05:59  <ThomasWaldmann> i thought about maybe we should store the current name into any revision we save.
2009-07-23T01:06:22  <aigarius> in any case I think it would be prudent security-wise to check read ACLs of old revisions when viewing those old revision or making diffs against them
2009-07-23T01:06:36  <aigarius> ThomasWaldmann: that would be most consistent for sure
2009-07-23T01:17:28  *** grzywacz has quit IRC
2009-07-23T01:17:47  <ThomasWaldmann> ok, need to sleep now, gn
2009-07-23T01:18:37  <aigarius> gn
2009-07-23T07:21:29  <CIA-45> Alexandre Martani <amartani AT gmail DOT com> default * 6166:c532bee20298 2.0-storage-editor-amartani/MoinMoin/web/static/htdocs/ (2 files in 2 dirs): Real-time editor: make loadXMLHttp pass xmlhttp object to callback function and call getLastRevision only after save is completed.
2009-07-23T07:21:32  <CIA-45> Alexandre Martani <amartani AT gmail DOT com> default * 6167:bf3e86abeb23 2.0-storage-editor-amartani/MoinMoin/ (4 files in 3 dirs): Real-time editor: Move updateLastRevisionDisplay to text_editor and make it independent of mobwrite. Created ajax_info that currently only answers the item's last revision number.
2009-07-23T08:42:41  * ThomasWaldmann plays with wave
2009-07-23T11:06:23  *** aigarius has quit IRC
2009-07-23T14:00:00  *** devilsadvocate has quit IRC
2009-07-23T14:00:17  *** devilsadvocate has joined #moin-dev
2009-07-23T15:16:21  <dennda> ThomasWaldmann: So trashbin then?
2009-07-23T16:08:45  *** TheSheep has quit IRC
2009-07-23T17:07:12  *** moinBot` has joined #moin-dev
2009-07-23T17:08:33  *** moinBot has quit IRC
2009-07-23T18:11:47  <dimazest> how should behave macro_GetVal, when it gets name of not existing page?
2009-07-23T19:01:08  *** grzywacz has joined #moin-dev
2009-07-23T20:22:13  <ThomasWaldmann> re
2009-07-23T20:40:01  <ThomasWaldmann> dennda: on what are you working currently?
2009-07-23T20:41:20  <ThomasWaldmann> dimazest: what's the result of your API usage review/API comparison?
2009-07-23T21:00:34  *** TheSheep has joined #moin-dev
2009-07-23T22:27:57  <ThomasWaldmann> dimazest:     def test_intended_list(self):
2009-07-23T22:28:08  <ThomasWaldmann> -> indented
2009-07-23T22:36:59  <ThomasWaldmann> dimazest: +                    'MoinMoin.formtter.groups',
2009-07-23T22:39:04  <ThomasWaldmann> +        # TODO Code from MoinMoin/script/maint/cleancache.py may be used
2009-07-23T22:39:04  <ThomasWaldmann> +        page.clean_acl_cache() # It is not necessary should be removed.
2009-07-23T23:00:37  <dreimark> re
2009-07-23T23:00:59  <dreimark> another one at http://www.adobe.com/support/security/advisories/apsa09-03.html
2009-07-23T23:09:18  <dreimark> dimazest: the macro_GetVal should return an empty string if the user has no access to a page (either not existing or protected by acls)
2009-07-23T23:10:48  <dreimark> if it returns an error message it should be understandable but it should not expose pages which are protected for the requesting user
2009-07-23T23:11:59  <dreimark> e.g. it could tell something similiar to: this var %s does not exist the page %s.
2009-07-23T23:12:09  <dreimark> +on
2009-07-23T23:13:53  <dreimark> dimazest: please prepare tommorow a wiki page about the xapwrap/xappy API exchange
2009-07-23T23:14:41  <dreimark> it must not be totally completed
MoinMoin: MoinMoinChat/Logs/moin-dev/2009-07-23 (last edited 2009-07-22 23:00:01 by IrcLogImporter)