[15:07] StellarsHenson: hi guys, can anyone suggest any python IDE suitable for moinmoin plugins etc... development? For my published patches and plugins i still use vim, but it's very cumbersome...
[15:10] TheSheep: vim cumbersome? hearsay!
[15:10] • TheSheep uses vim, vim and only vim
[15:11] TheSheep: StellarsHenson: there is also eclipse with the pydev plugin...
[15:11] StellarsHenson: guys, i'm in the programming world for 12 years now, i grew up on vi and vim
[15:11] StellarsHenson: but i need class names, automatic imports and functions expansions
[15:12] StellarsHenson: pydev, is it good?
[15:12] • ThomasWaldmann uses mc and vim for smaller stuff, and eclipse/pydev for more widespread/bigger work
[15:12] StellarsHenson: ok, thx man
[15:12] StellarsHenson: does it work properly? i mean, does it import all packages etc the way i can use it?
[15:12] ThomasWaldmann: it was good enough to even convince me as a java hater
[15:13] StellarsHenson: ok, great. thank you
[15:13] StellarsHenson: did anyone use autoadmin security policy for moin?
[15:13] StellarsHenson: i have published a patch recently, we use it in production for some time already but needed to discuss it with someone who has opinion on the subject
[15:14] ThomasWaldmann: I have to add that I early registered for the pydev extensions, so I have not much experience with the free-only parts of it
[15:14] StellarsHenson: patch allows for autoadmin users to also be able to create their home pages
[15:14] StellarsHenson: and to use special groups: Known and Trusted
[15:14] StellarsHenson: hm, so it's propriety plugin, isn't it?
[15:14] ThomasWaldmann: I had a very quick look at the patch, but not much time for deeper inspection / thoughts.
[15:15] ThomasWaldmann: btw, for vim I use the pep8 plugin from our CodingStyle page
[15:15] StellarsHenson: any chance to merge it (the patch)  with mainstream moin ?
[15:16] ThomasWaldmann: i have to review it first
[15:16] StellarsHenson: ok, brilliant
[15:16] StellarsHenson: it's working on http://nobleprog.net/wiki
[15:16] ThomasWaldmann: could you do some style cleanup?
[15:16] StellarsHenson: yes, shouldn't be a problem
[15:17] StellarsHenson: btw - mac rocks. switched 3y ago and cannot go back
[15:17] ThomasWaldmann: e.g. if you break a line within a () you don't need \ at the end
[15:17] StellarsHenson: ah, ok, wasn't familiar with it
[15:17] ThomasWaldmann: ah, good to have a mac tester
[15:18] StellarsHenson: i'll get it cleaned in notime
[15:18] StellarsHenson:
[15:18] StellarsHenson: well, i run two instances, my company wiki (the address mentioned) and my private one
[15:18] StellarsHenson: on mac
[15:18] StellarsHenson: for experiments and develpment
[15:19] ThomasWaldmann: why do you give the current user implicit Known and Trusted membership?
[15:19] StellarsHenson: 2 months ago me and my partner have decided to publish all patches and macros we have develped, so it's gonna be some new suff comming
[15:19] StellarsHenson: i don't. It works only if you add Known or Trusted to AutoAdminGroup
[15:20] StellarsHenson: previously it didn't wirk
[15:20] StellarsHenson: work
[15:20] StellarsHenson: you just checked whether the person is a member or not
[15:20] StellarsHenson: but you didn't check for special users memberships
[15:20] StellarsHenson: i have added this feature
[15:21] ThomasWaldmann: but if there is Trusted or Known on the AutoAdminGroup, you give every user those rights
[15:21] ThomasWaldmann: you don't check if the user is really trusted
[15:21] StellarsHenson: that is correct
[15:21] StellarsHenson: what?
[15:22] ThomasWaldmann: well, the difference between All, Known and Trusted is this:
[15:22] StellarsHenson: i don't get you. I don't have to check - if you add Known to AutoAdminGroup, you allow registered users to have their home pages
[15:22] StellarsHenson: if you add Trusted, then it's Trusted
[15:22] ThomasWaldmann: All is everybody. Even when not logged in.
[15:22] StellarsHenson: indeed
[15:22] ThomasWaldmann: Known is someone who is logged in somehow. (you don't check that)
[15:22] StellarsHenson: indeed
[15:23] ThomasWaldmann: Trusted is someone who is logged in via some login method that is specially trusted. (you don't check that)
[15:23] StellarsHenson: Ok, let me explain in detail the changes i have made. Obviously i didn't do the explanation correctly
[15:23] ThomasWaldmann: I admit that the Known vs. Trusted difference is a bit strange.
[15:24] ThomasWaldmann: But this comes from the users usualy ability to create his own account and then log in.
[15:24] StellarsHenson: You can add special groups to any group: you can add Known or Trusted to your FriendsGroup
[15:24] StellarsHenson: and allow this group to modify , say, HomePage
[15:24] henk left the chat room.
[15:24] ThomasWaldmann: btw, do you need to do those Known/Trusted/All checks at all?
[15:24] StellarsHenson: The current AutoAdminGroup feature allows for users added to be able to administer their home pages (and project pages if added)
[15:25] StellarsHenson: let me finish, please
[15:25] ThomasWaldmann: Doesn't the first has_member call do it for you?
[15:25] StellarsHenson: no, it doesn't - that's the WHOLE point
[15:25] StellarsHenson: in the security/__init__ we check special membership separately
[15:26] StellarsHenson: that's why i needed to check it explicitly
[15:26] StellarsHenson: but let me finish
[15:27] StellarsHenson: If we have added Known special user group to AutoAdminGroup, theoretically we are granting all Known users admin rights on their home pages
[15:27] StellarsHenson: same with Trusted
[15:27] StellarsHenson: then we grant all Trused users admin rights on their home pages
[15:27] StellarsHenson: problem is - it doesn't work, because our mechanizm (has_member) doesn't check it
[15:27] StellarsHenson: so i needed to add it myself
[15:27] StellarsHenson: that's first thing
[15:27] ThomasWaldmann: ok
[15:27] StellarsHenson: second:
[15:28] StellarsHenson: there's no point for administering your page if you cannot create it
[15:28] StellarsHenson: and, as an administrator, you can modify any page you have admin rights on to allow you for edit
[15:29] StellarsHenson: so, in short, why not add AutoAdminGroup write rights on their pages
[15:29] ThomasWaldmann: yes, if write rights are not in default acl, you have a problem
[15:29] StellarsHenson: indeed
[15:29] StellarsHenson: that's what is happening on nobleprog.net/wiki
[15:29] StellarsHenson: so, my patch fixes those issues
[15:29] StellarsHenson: it works for 5 months now
[15:29] StellarsHenson: so, heavily tested
[15:29] StellarsHenson: but i guess you have to run tests on your own
[15:30] StellarsHenson: and then we are all agreed
[15:30] ThomasWaldmann: the point is not that much that I don't trust you that it works
[15:30] StellarsHenson: that's why i mentioned - you have to try and review it for yourself
[15:30] ThomasWaldmann: but after thinking about it, i somehow feels that our group code is rather missing a feature
[15:31] ThomasWaldmann: (that All/Known/Trusted members specialcasing)
[15:31] StellarsHenson: indeed, internally we should check special membership
[15:31] StellarsHenson: i agree
[15:31] StellarsHenson: i can make certain core changes
[15:31] StellarsHenson: but for the time being it's better to have it this way or none at all
[15:31] • ThomasWaldmann looks at acl code
[15:32] StellarsHenson: and we can make the group code change urgent
[15:32] StellarsHenson: for 2.0 release
[15:32] StellarsHenson: btw - can you add transcript to the patch page?
[15:33] ThomasWaldmann: i can, you can, everybody can
[15:33] StellarsHenson: dunno how :-$
[15:33] ThomasWaldmann: copy and paste?
[15:33] StellarsHenson: lemme try
[15:34] ThomasWaldmann: hmm, we need virtual groups for All, Known and Trusted.
[15:34] ThomasWaldmann: then all would be easier.
[15:35] ThomasWaldmann: but you are right, this is not for 1.8 or 1.9
[15:35] StellarsHenson: it's just a matter of urgency
[15:36] ThomasWaldmann: so please look into security/__init__ and take the _special_ stuff from there
[15:36] ThomasWaldmann: for 2.0 there will be some acl work anyway (maybe as some sort of storage middleware)
[15:36] ThomasWaldmann: i have to do some other stuff for a while. bbl.
[15:37] StellarsHenson: hm. sure. i'm looking forward to ldap integration
[15:37] StellarsHenson:
[15:37] StellarsHenson: our company SSO would work fine then
[15:40] the_gamer left the chat room. (Remote closed the connection)

was too late for the discussion, but I think it needs to be carefully checked if it could be used to create pages by abusing the login account.

i agree. you definitely need to run some tests. in the meantime i'll polish the solution to the point, where we are not using 'Known' and 'Trusted' groups explicitly -- StellarsHenson 2009-03-25 19:00:50