:D If it have bug, Please let me know <frankie AT NONSPAM openworkshop DOT org>

Details

Applies to
  •   M  MoinMoin/multiconfig.py
      M  MoinMoin/security.py
      A  MoinMoin/securityrule.py
Purpose

Can Handle multi rules, in SecurityPolicy.

Description
I define the security_rules object and howto query them.

TODO

DONE

Patch

   1 * looking for arch@arch.thinkmo.de--2003-archives/moin--main--1.5--patch-376 to compare with
   2 * comparing to arch@arch.thinkmo.de--2003-archives/moin--main--1.5--patch-376
   3 M  MoinMoin/multiconfig.py
   4 M  MoinMoin/security.py
   5 A  MoinMoin/securityrule.py
   6 
   7 * modified files
   8 
   9 --- orig/MoinMoin/multiconfig.py
  10 +++ mod/MoinMoin/multiconfig.py
  11 @@ -168,7 +168,8 @@
  12      acl_rights_before = u""
  13      acl_rights_after = u""
  14      acl_rights_valid = ['read', 'write', 'delete', 'revert', 'admin']
  15 -    
  16 +    # import MoinMoin.securityrule as SecurityRule
  17 +    security_rules = [] #Test by: [{'rule' :SecurityRule.vaild_user, "is_non": 1, "write": 0}]
  18      actions_excluded = [] # ['DeletePage', 'AttachFile', 'RenamePage']
  19      allow_xslt = 0
  20      attachments = None # {'dir': path, 'url': url-prefix}
  21 
  22 
  23 --- orig/MoinMoin/security.py
  24 +++ mod/MoinMoin/security.py
  25 @@ -43,11 +43,28 @@
  26          return self.write(editor.page_name)
  27  
  28      def __getattr__(self, attr):
  29 -        """ if attr is one of the rights in acl_rights_valid, then return a
  30 -            checking function for it. Else raise an error.
  31 -        """
  32          request = self.request
  33          Page = self.Page
  34 +
  35 +        # check right in security_rules
  36 +        for s in request.cfg.security_rules:
  37 +            # Make Sure the SecurityRules have 'rule' and attr
  38 +            # and the SecurityRules is a Dict.
  39 +            try:
  40 +                if s.has_key('rule') and s.has_key(attr):
  41 +                   valid_security_rule = 1
  42 +                else:
  43 +                   valid_security_rule = 0
  44 +            except AttributeError:
  45 +                valid_security_rule = 0
  46 +            if valid_security_rule:
  47 +                sr = s['rule']
  48 +                security_rule = sr(request.user, s)
  49 +                # Check dict again, Is it developer like ?
  50 +                if security_rule.check_dict(attr):
  51 +                    return lambda pagename, **kw: getattr(security_rule, attr)(pagename, **kw)
  52 +
  53 +        # If cann't check in security_rules, try it in moin_acl
  54          if attr in request.cfg.acl_rights_valid:
  55              return lambda pagename, Page=Page, request=request, attr=attr: Page(request, pagename).getACL(request).may(request, self.name, attr)
  56          else:
  57 
  58 
  59 --- orig/MoinMoin/securityrule.py
  60 +++ mod/MoinMoin/securityrule.py
  61 @@ -0,0 +1,56 @@
  62 +# -*- coding: iso-8859-1 -*-
  63 +"""
  64 +@copyright: (c) Bastian Blank, Florian Festi, Thomas Waldmann
  65 +@copyright: MoinMoin:FrankieChow
  66 +@license: GNU GPL, see COPYING for details.
  67 +"""
  68 +
  69 +class security_rules_obj:
  70 +    """ Template of SecurityRules Object
  71 +    """
  72 +
  73 +    def __init__(self, user, dict):
  74 +        """ Calculate the permissons `user` has.
  75 +        """
  76 +        self.user = user
  77 +        self.name = user.name
  78 +        self.request = user._request
  79 +        self.dict = dict
  80 +
  81 +    def cal_rule_result(self):
  82 +        """ Cal the dict('is_non') and set the rule_result.
  83 +        """
  84 +        if self.dict.has_key('is_non'):
  85 +            self.rule_result = self.dict['is_non'] * self.match_rule()
  86 +        else:
  87 +            self.rule_result = self.match_rule()
  88 +
  89 +    def check_dict(self):
  90 +        """
  91 +        Developer can override it to check pass dict.
  92 +        """
  93 +        self.cal_rule_result()
  94 +        if getattr(self, attr, 0):
  95 +            return 1
  96 +
  97 +    def true(self, pagename, **kw):
  98 +        return 1
  99 +    def false(self, pagename, **kw):
 100 +        return 0
 101 +
 102 +    def __getattr__(self, attr):
 103 +        if not self.rule_result: raise AttributeError, attr
 104 +        if self.dict[attr]:
 105 +            return lambda pagename, **kw: self.true(pagename, **kw)
 106 +        else:
 107 +            return lambda pagename, **kw: self.false(pagename, **kw)
 108 +
 109 +class vaild_user(security_rules_obj):
 110 +    """
 111 +    Maybe Developer must need to write this module.
 112 +    """
 113 +    def match_rule(self):
 114 +        if self.user.valid:
 115 +            return 1
 116 +        else:
 117 +            return 0
 118 

security_rules5.patch

Discussion

Why need define the security_rules not just using Security``Policy ?

Comments

The purose of this patch is quite unclear. I had put some comments at the bottom of FeatureRequests/SecurityRules but I'm not sure anybody's looking at that page anymore. Can someone/frankie read it and try to write a clearer "purpose" for this so other people can follow this discussion. Thanks. -- DeronMeranda 2006-01-13 15:48:25

Plan


CategoryMoinMoinPatch

MoinMoin: MoinMoinPatch/SecurityRules (last edited 2007-10-29 19:08:45 by localhost)