1
# -*- coding: iso-8859-1 -*-
3
MoinMoin - SecurityPolicy implementing auto admin rights for some users and some groups.
5
AutoAdminGroup page contains users which automatically get admin rights
6
on their homepage and subpages of it. E.g. if ThomasWaldmann is in
7
AutoAdminGroup (or in a group contained in AutoAdminGroup), he gets
8
admin rights on pages ThomasWaldmann and ThomasWaldmann/*.
10
AutoAdminGroup page also contains groups which members automatically get
11
admin rights on the group's basename.
12
E.g. if SomeProject/AdminGroup is in AutoAdminGroup and ThomasWaldmann is
13
in SomeProject/AdminGroup, then ThomasWaldmann gets admin rights on pages
14
SomeProject and SomeProject/*.
16
Further, it can autocreate the UserName/XxxxGroup (see grouppages var) when
17
a user save his homepage. Alternatively, this could be also done manually by
18
the user using *Template pages.
20
Usage (for wiki admin):
21
* Create an AutoAdminGroup page. If you don't know better, create an empty
23
* Enabling a home page for AutoAdmin: just add the user name to the
24
AutoAdminGroup page. After that, this user can create or change ACLs on
25
his homepage or subpages of it.
26
* Enabling another (project) page for AutoAdmin: add <PageName>/AdminGroup
27
to AutoAdminGroup. Also create that <PageName>/AdminGroup page and add
28
at least one user or one group to that page, enabling him or them to
29
create or change ACLs on <PageName> or subpages of it.
30
Those pages edited by wiki admin should be ACL protected with write access
31
limited to allowed people. They are used as source for some ACL
32
information and thus should be treated like the ACLs they get fed into.
34
Usage (for homepage owners):
35
* see if there is a HomepageTemplate with a prepared ACL line and some
36
other magic already on it. It is a good idea to have your homepage
37
read- and writeable for everybody as a means of open communication.
39
* For creating personal (or private) subpages of your homepage, use the
40
ReadWritePageTemplate, ReadPageTemplate or PrivatePageTemplate.
41
They usually have some prepared ACL line on them, e.g.:
42
#acl @ME@/ReadWriteGroup:read,write @ME@/ReadGroup:read
43
That @ME@ from the template will be expanded to your name when saving,
44
thus using those 2 subpages (YourName/ReadWriteGroup and
45
YourName/ReadGroup) for allowing read/write or read-only access to
46
Now you only have to maintain 2 subpages (maybe they even have been
47
auto- created for you)
49
Usage (for project people):
50
* see if there is some <ProjectName>Template with a prepared ACL line for
51
your project pages and use it for creating new subpages.
52
Use <ProjectName>/ReadWriteGroup and /ReadGroup etc. as you would do for
53
a homepage (see above).
55
@copyright: 2005-2006 Bastian Blank, Florian Festi, Thomas Waldmann
56
@license: GNU GPL, see COPYING for details.
59
grouppage_autocreate = False # autocreate the group pages - alternatively use templates
60
grouppages = ['AdminGroup', 'ReadGroup', 'ReadWriteGroup', ] # names of the subpages defining ACL groups
62
from MoinMoin.security import Permissions
63
from MoinMoin.Page import Page
64
from MoinMoin.PageEditor import PageEditor
66
class SecurityPolicy(Permissions):
67
""" Extend the default security policy with autoadmin feature """
69
def admin(self, pagename):
71
request = self.request
72
has_member = request.dicts.has_member
73
username = request.user.name
74
pagename = request.page.page_name
75
mainpage = pagename.split('/')[0]
76
if username == mainpage and has_member('AutoAdminGroup', username):
78
groupname = "%s/AdminGroup" % mainpage
79
if has_member(groupname, username) and has_member('AutoAdminGroup', groupname):
81
except AttributeError:
82
pass # when we get called from xmlrpc, there is no request.page
83
return Permissions.__getattr__(self, 'admin')(pagename)
85
def save(self, editor, newtext, rev, **kw):
86
request = self.request
87
username = request.user.name
88
pagename = editor.page_name
90
if grouppage_autocreate and username == pagename:
91
# create group pages when a user saves his own homepage
92
for page in grouppages:
93
grouppagename = "%s/%s" % (username, page)
94
grouppage = Page(request, grouppagename)
95
if not grouppage.exists():
97
#acl %(username)s:read,write,delete,revert
100
editor = PageEditor(request, grouppagename)
101
editor._write_file(text)
103
parts = pagename.split('/')
106
if subpage in grouppages and not self.admin(pagename):
109
# No problem to save if my base class agrees
110
return Permissions.save(self, editor, newtext, rev, **kw)