Check SecurityPolicy to learn how security policies work and see more solutions.

This security policy may work nicely for an organization that want to have one big wiki with different sub wikis, where each sub wikis can be accessed by only certain groups of users.

A member of one of the groups will see only the main wiki pages and his own sub wiki pages in RecentChanges or other operations that list pages. It may be less efficient than separate wikis, but it works with 1.3 and is quite easy to setup. 

   1 """
   2 Subwiki Security Policy
   3 =======================
   4 
   5 Creates hierarchal-like ACL by dividing the wiki to sub wikis, and
   6 allowing only members of WikiNameGroup to visit WikiName of any sub
   7 page of it. 
   8 
   9 This module is not related in any way to SubWiki or Subversion :-)
  10 
  11 
  12 How to use
  13 ----------
  14 1. Create a main page for each sub wiki e.g WikiOne. All the sub wiki
  15    pages will be sub pages of this page.
  16    
  17 2. Create a group named after the wiki e.g. WikiOneGroup. List the
  18    users that may read the sub wiki pages in the group page. Do not
  19    forget to list yourself, becuase this policy does not respect
  20    acl_rights_before.
  21    
  22 4. Add proper ACL to the group page - so only those in
  23    acl_rights_before can add users to the group::
  24 
  25     #acl All:read
  26 
  27 3. Put this module where your wiki or farm config are located.
  28 
  29 4. Add this line to wiki or farm config::
  30 
  31     from subwiki_policy import SecurityPolicy
  32 
  33 
  34 Problems
  35 --------
  36 
  37 acl_rights_before ignored
  38 ~~~~~~~~~~~~~~~~~~~~~~~~~
  39 
  40 This policy ignores acl_rights_before for non members of the sub wiki
  41 group. A simple workaround is to list yourself and other admins in the
  42 sub wikis group pages. A full solution requires major changes in the
  43 ACL class.
  44 
  45 
  46 Legal
  47 -----
  48 
  49 @copyright: (c) 2005 by Nir Soffer
  50 
  51 This program is free software; you can redistribute it and/or modify
  52 it under the terms of the GNU General Public License as published by
  53 the Free Software Foundation; either version 2 of the License, or
  54 (at your option) any later version.
  55 
  56 This program is distributed in the hope that it will be useful,
  57 but WITHOUT ANY WARRANTY; without even the implied warranty of
  58 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  59 GNU General Public License for more details.
  60 
  61 You should have received a copy of the GNU General Public License
  62 along with this program; if not, write to the Free Software
  63 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  64 """
  65 
  66 # If you want to use antispam, sub class from antispam:
  67 # from MoinMoin.util.antispam import SecurityPolicy as Permissions
  68 from MoinMoin.security import Permissions
  69 
  70 
  71 class SecurityPolicy(Permissions):
  72 
  73     def read(self, pagename):
  74         """ Let only members of a wiki to read sub pages
  75 
  76         Members use the base class policy - if the page has acl, it
  77         will be respected.
  78         
  79         Pages in the main wiki e.g RecentChanges are handled as usuall.
  80         """
  81         wikiName = pagename.split('/')[0]
  82         if wikiName in ['WikiOne', 'WikiTwo', 'WikiThree']:
  83             # TODO: check acl_rights_before before the member test!
  84             if not self.userIsMemberOf(wikiName + 'Group'):
  85                 return False
  86         
  87         return self.defaultPolicy('read', pagename)
  88 
  89     def defaultPolicy(self, action, *args):
  90         return Permissions.__getattr__(self, action)(*args)
  91 
  92     def userIsMemberOf(self, group):
  93         return self.request.user.name in self.request.dicts.members(group)
subwiki_policy.py

MoinMoin: SubWikiSecurityPolicy (last edited 2007-10-29 19:06:58 by localhost)