Back to index

moin  1.9.0~rc2
Namespaces | Classes | Functions | Variables
MoinMoin.security Namespace Reference

Namespaces

namespace  antispam
namespace  autoadmin
namespace  textcha

Classes

class  Permissions
class  AccessControlList
class  ACLStringIterator

Functions

def _check
 Basic Permissions Interface -- most features enabled by default.
def parseACL

Variables

 Default = Permissions

Function Documentation

def MoinMoin.security._check (   request,
  pagename,
  username,
  right 
) [private]

Basic Permissions Interface -- most features enabled by default.

Check <right> access permission for user <username> on page <pagename>

For cfg.acl_hierarchic=False we just check the page in question.

For cfg.acl_hierarchic=True we, we check each page in the hierarchy. We
start with the deepest page and recurse to the top of the tree.
If one of those permits, True is returned.

For both configurations, we check acl_rights_before before the page/default
acl and acl_rights_after after the page/default acl, of course.

This method should not be called by users, use __getattr__ instead.

@param request: the current request object
@param pagename: pagename to get permissions from
@param username: the user name
@param right: the right to check

@rtype: bool
@return: True if you have permission or False

Definition at line 31 of file __init__.py.

00031 
00032 def _check(request, pagename, username, right):
00033     """ Check <right> access permission for user <username> on page <pagename>
00034 
00035     For cfg.acl_hierarchic=False we just check the page in question.
00036 
00037     For cfg.acl_hierarchic=True we, we check each page in the hierarchy. We
00038     start with the deepest page and recurse to the top of the tree.
00039     If one of those permits, True is returned.
00040 
00041     For both configurations, we check acl_rights_before before the page/default
00042     acl and acl_rights_after after the page/default acl, of course.
00043 
00044     This method should not be called by users, use __getattr__ instead.
00045 
00046     @param request: the current request object
00047     @param pagename: pagename to get permissions from
00048     @param username: the user name
00049     @param right: the right to check
00050 
00051     @rtype: bool
00052     @return: True if you have permission or False
00053     """
00054     cache = request.cfg.cache
00055     allowed = cache.acl_rights_before.may(request, username, right)
00056     if allowed is not None:
00057         return allowed
00058 
00059     if request.cfg.acl_hierarchic:
00060         pages = pagename.split('/') # create page hierarchy list
00061         some_acl = False
00062         for i in range(len(pages), 0, -1):
00063             # Create the next pagename in the hierarchy
00064             # starting at the leaf, going to the root
00065             name = '/'.join(pages[:i])
00066             # Get page acl and ask for permission
00067             acl = Page(request, name).getACL(request)
00068             if acl.acl:
00069                 some_acl = True
00070                 allowed = acl.may(request, username, right)
00071                 if allowed is not None:
00072                     return allowed
00073                 # If the item has an acl (even one that doesn't match) we *do not*
00074                 # check the parents. We only check the parents if there's no acl on
00075                 # the item at all.
00076                 break
00077         if not some_acl:
00078             allowed = cache.acl_rights_default.may(request, username, right)
00079             if allowed is not None:
00080                 return allowed
00081     else:
00082         if request.page is not None and pagename == request.page.page_name:
00083             p = request.page # reuse is good
00084         else:
00085             p = Page(request, pagename)
00086         acl = p.getACL(request) # this will be fast in a reused page obj
00087         allowed = acl.may(request, username, right)
00088         if allowed is not None:
00089             return allowed
00090 
00091     allowed = cache.acl_rights_after.may(request, username, right)
00092     if allowed is not None:
00093         return allowed
00094 
00095     return False
00096 

Here is the caller graph for this function:

def MoinMoin.security.parseACL (   request,
  text 
)
Parse acl lines from text and return ACL object 

Definition at line 454 of file __init__.py.

00454 
00455 def parseACL(request, text):
00456     """ Parse acl lines from text and return ACL object """
00457     pi, dummy = wikiutil.get_processing_instructions(text)
00458     acl_lines = [args for verb, args in pi if verb == 'acl']
00459     return AccessControlList(request.cfg, acl_lines)

Variable Documentation

Definition at line 154 of file __init__.py.