Back to index

moin  1.9.0~rc2
autoadmin.py
Go to the documentation of this file.
00001 # -*- coding: iso-8859-1 -*-
00002 """
00003     MoinMoin - SecurityPolicy implementing auto admin rights for some users and some groups.
00004 
00005     AutoAdminGroup page contains users which automatically get admin rights
00006     on their homepage and subpages of it. E.g. if ThomasWaldmann is in
00007     AutoAdminGroup (or in a group contained in AutoAdminGroup), he gets
00008     admin rights on pages ThomasWaldmann and ThomasWaldmann/*.
00009 
00010     AutoAdminGroup page also contains groups which members automatically get
00011     admin rights on the group's basename.
00012     E.g. if SomeProject/AdminGroup is in AutoAdminGroup and ThomasWaldmann is
00013     in SomeProject/AdminGroup, then ThomasWaldmann gets admin rights on pages
00014     SomeProject and SomeProject/*.
00015 
00016     Further, it can autocreate the UserName/XxxxGroup (see grouppages var) when
00017     a user save his homepage. Alternatively, this could be also done manually by
00018     the user using *Template pages.
00019 
00020     Usage (for wiki admin):
00021      * Create an AutoAdminGroup page. If you don't know better, create an empty
00022        page for starting.
00023      * Enabling a home page for AutoAdmin: just add the user name to the
00024        AutoAdminGroup page. After that, this user can create or change ACLs on
00025        his homepage or subpages of it.
00026      * Enabling another (project) page for AutoAdmin: add <PageName>/AdminGroup
00027        to AutoAdminGroup. Also create that <PageName>/AdminGroup page and add
00028        at least one user or one group to that page, enabling him or them to
00029        create or change ACLs on <PageName> or subpages of it.
00030      Those pages edited by wiki admin should be ACL protected with write access
00031      limited to allowed people. They are used as source for some ACL
00032      information and thus should be treated like the ACLs they get fed into.
00033 
00034     Usage (for homepage owners):
00035      * see if there is a HomepageTemplate with a prepared ACL line and some
00036        other magic already on it. It is a good idea to have your homepage
00037        read- and writeable for everybody as a means of open communication.
00038 
00039      * For creating personal (or private) subpages of your homepage, use the
00040        ReadWritePageTemplate, ReadPageTemplate or PrivatePageTemplate.
00041        They usually have some prepared ACL line on them, e.g.:
00042        #acl @ME@/ReadWriteGroup:read,write @ME@/ReadGroup:read
00043        That @ME@ from the template will be expanded to your name when saving,
00044        thus using those 2 subpages (YourName/ReadWriteGroup and
00045        YourName/ReadGroup) for allowing read/write or read-only access to
00046        Now you only have to maintain 2 subpages (maybe they even have been
00047        auto- created for you)
00048 
00049     Usage (for project people):
00050      * see if there is some <ProjectName>Template with a prepared ACL line for
00051        your project pages and use it for creating new subpages.
00052        Use <ProjectName>/ReadWriteGroup and /ReadGroup etc. as you would do for
00053        a homepage (see above).
00054 
00055     @copyright: 2005-2006 Bastian Blank, Florian Festi, Thomas Waldmann
00056     @license: GNU GPL, see COPYING for details.
00057 """
00058 
00059 grouppage_autocreate = False # autocreate the group pages - alternatively use templates
00060 grouppages = ['AdminGroup', 'ReadGroup', 'ReadWriteGroup', ] # names of the subpages defining ACL groups
00061 
00062 from MoinMoin.security import Permissions
00063 from MoinMoin.Page import Page
00064 from MoinMoin.PageEditor import PageEditor
00065 
00066 class SecurityPolicy(Permissions):
00067     """ Extend the default security policy with autoadmin feature """
00068 
00069     def admin(self, pagename):
00070         try:
00071             request = self.request
00072             groups = request.groups
00073             username = request.user.name
00074             pagename = request.page.page_name
00075             mainpage = pagename.split('/')[0]
00076             if username == mainpage and username in groups.get(u'AutoAdminGroup', []):
00077                 return True
00078             group_name = "%s/AdminGroup" % mainpage
00079             if (username in groups.get(group_name, []) and
00080                 group_name in groups.get(u'AutoAdminGroup', [])):
00081                 return True
00082         except AttributeError:
00083             pass # when we get called from xmlrpc, there is no request.page
00084         return Permissions.__getattr__(self, 'admin')(pagename)
00085 
00086     def save(self, editor, newtext, rev, **kw):
00087         request = self.request
00088         username = request.user.name
00089         pagename = editor.page_name
00090 
00091         if grouppage_autocreate and username == pagename:
00092             # create group pages when a user saves his own homepage
00093             for page in grouppages:
00094                 grouppagename = "%s/%s" % (username, page)
00095                 grouppage = Page(request, grouppagename)
00096                 if not grouppage.exists():
00097                     text = """\
00098 #acl %(username)s:read,write,delete,revert
00099  * %(username)s
00100 """ % locals()
00101                     editor = PageEditor(request, grouppagename)
00102                     editor._write_file(text)
00103 
00104         parts = pagename.split('/')
00105         if len(parts) == 2:
00106             subpage = parts[1]
00107             if subpage in grouppages and not self.admin(pagename):
00108                 return False
00109 
00110         # No problem to save if my base class agrees
00111         return Permissions.save(self, editor, newtext, rev, **kw)
00112 
00113