Check SecurityPolicy to learn how security policies work and see more solutions.
This security policy may work nicely for an organization that want to have one big wiki with different sub wikis, where each sub wikis can be accessed by only certain groups of users.
A member of one of the groups will see only the main wiki pages and his own sub wiki pages in RecentChanges or other operations that list pages. It may be less efficient than separate wikis, but it works with 1.3 and is quite easy to setup.
1 """
2 Subwiki Security Policy
3 =======================
4
5 Creates hierarchal-like ACL by dividing the wiki to sub wikis, and
6 allowing only members of WikiNameGroup to visit WikiName of any sub
7 page of it.
8
9 This module is not related in any way to SubWiki or Subversion :-)
10
11
12 How to use
13 ----------
14 1. Create a main page for each sub wiki e.g WikiOne. All the sub wiki
15 pages will be sub pages of this page.
16
17 2. Create a group named after the wiki e.g. WikiOneGroup. List the
18 users that may read the sub wiki pages in the group page. Do not
19 forget to list yourself, becuase this policy does not respect
20 acl_rights_before.
21
22 4. Add proper ACL to the group page - so only those in
23 acl_rights_before can add users to the group::
24
25 #acl All:read
26
27 3. Put this module where your wiki or farm config are located.
28
29 4. Add this line to wiki or farm config::
30
31 from subwiki_policy import SecurityPolicy
32
33
34 Problems
35 --------
36
37 acl_rights_before ignored
38 ~~~~~~~~~~~~~~~~~~~~~~~~~
39
40 This policy ignores acl_rights_before for non members of the sub wiki
41 group. A simple workaround is to list yourself and other admins in the
42 sub wikis group pages. A full solution requires major changes in the
43 ACL class.
44
45
46 Legal
47 -----
48
49 @copyright: (c) 2005 by Nir Soffer
50
51 This program is free software; you can redistribute it and/or modify
52 it under the terms of the GNU General Public License as published by
53 the Free Software Foundation; either version 2 of the License, or
54 (at your option) any later version.
55
56 This program is distributed in the hope that it will be useful,
57 but WITHOUT ANY WARRANTY; without even the implied warranty of
58 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
59 GNU General Public License for more details.
60
61 You should have received a copy of the GNU General Public License
62 along with this program; if not, write to the Free Software
63 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
64 """
65
66 # If you want to use antispam, sub class from antispam:
67 # from MoinMoin.util.antispam import SecurityPolicy as Permissions
68 from MoinMoin.security import Permissions
69
70
71 class SecurityPolicy(Permissions):
72
73 def read(self, pagename):
74 """ Let only members of a wiki to read sub pages
75
76 Members use the base class policy - if the page has acl, it
77 will be respected.
78
79 Pages in the main wiki e.g RecentChanges are handled as usuall.
80 """
81 wikiName = pagename.split('/')[0]
82 if wikiName in ['WikiOne', 'WikiTwo', 'WikiThree']:
83 # TODO: check acl_rights_before before the member test!
84 if not self.userIsMemberOf(wikiName + 'Group'):
85 return False
86
87 return self.defaultPolicy('read', pagename)
88
89 def defaultPolicy(self, action, *args):
90 return Permissions.__getattr__(self, action)(*args)
91
92 def userIsMemberOf(self, group):
93 return self.request.user.name in self.request.dicts.members(group)