2009-07-23T00:52:50 *** moinBot has joined #moin-dev
2009-07-23T00:54:17 <ThomasWaldmann> aigarius: yes, acl protected pages are a big problem then
2009-07-23T00:54:33 <ThomasWaldmann> so why not the trashbin approach?
2009-07-23T00:58:07 <aigarius> you ar eright, the trashbin approach, if done right can solve this problem cleaner
2009-07-23T01:00:01 <aigarius> There must be support for multiple deleted versions of the same pagename , like making ThisPage to be deleted to Trash/23842-ThisPage so that ACLs for deleted pages can not be overwritten
2009-07-23T01:00:21 <ThomasWaldmann> ok, wiki and repo is back
2009-07-23T01:00:48 <aigarius> by simply making a new page of the same and then deleting it
2009-07-23T01:01:50 <ThomasWaldmann> yes, that's not a problem. could be just some random name. and the old name in a metadata field.
2009-07-23T01:02:25 <aigarius> It would be useful to store the old name for renames as well, along with a revision number of when the rename took place
2009-07-23T01:05:59 <ThomasWaldmann> i thought about maybe we should store the current name into any revision we save.
2009-07-23T01:06:22 <aigarius> in any case I think it would be prudent security-wise to check read ACLs of old revisions when viewing those old revision or making diffs against them
2009-07-23T01:06:36 <aigarius> ThomasWaldmann: that would be most consistent for sure
2009-07-23T01:17:28 *** grzywacz has quit IRC
2009-07-23T01:17:47 <ThomasWaldmann> ok, need to sleep now, gn
2009-07-23T01:18:37 <aigarius> gn
2009-07-23T07:21:29 <CIA-45> Alexandre Martani <amartani AT gmail DOT com> default * 6166:c532bee20298 2.0-storage-editor-amartani/MoinMoin/web/static/htdocs/ (2 files in 2 dirs): Real-time editor: make loadXMLHttp pass xmlhttp object to callback function and call getLastRevision only after save is completed.
2009-07-23T07:21:32 <CIA-45> Alexandre Martani <amartani AT gmail DOT com> default * 6167:bf3e86abeb23 2.0-storage-editor-amartani/MoinMoin/ (4 files in 3 dirs): Real-time editor: Move updateLastRevisionDisplay to text_editor and make it independent of mobwrite. Created ajax_info that currently only answers the item's last revision number.
2009-07-23T08:42:41 * ThomasWaldmann plays with wave
2009-07-23T11:06:23 *** aigarius has quit IRC
2009-07-23T14:00:00 *** devilsadvocate has quit IRC
2009-07-23T14:00:17 *** devilsadvocate has joined #moin-dev
2009-07-23T15:16:21 <dennda> ThomasWaldmann: So trashbin then?
2009-07-23T16:08:45 *** TheSheep has quit IRC
2009-07-23T17:07:12 *** moinBot` has joined #moin-dev
2009-07-23T17:08:33 *** moinBot has quit IRC
2009-07-23T18:11:47 <dimazest> how should behave macro_GetVal, when it gets name of not existing page?
2009-07-23T19:01:08 *** grzywacz has joined #moin-dev
2009-07-23T20:22:13 <ThomasWaldmann> re
2009-07-23T20:40:01 <ThomasWaldmann> dennda: on what are you working currently?
2009-07-23T20:41:20 <ThomasWaldmann> dimazest: what's the result of your API usage review/API comparison?
2009-07-23T21:00:34 *** TheSheep has joined #moin-dev
2009-07-23T22:27:57 <ThomasWaldmann> dimazest: def test_intended_list(self):
2009-07-23T22:28:08 <ThomasWaldmann> -> indented
2009-07-23T22:36:59 <ThomasWaldmann> dimazest: + 'MoinMoin.formtter.groups',
2009-07-23T22:39:04 <ThomasWaldmann> + # TODO Code from MoinMoin/script/maint/cleancache.py may be used
2009-07-23T22:39:04 <ThomasWaldmann> + page.clean_acl_cache() # It is not necessary should be removed.
2009-07-23T23:00:37 <dreimark> re
2009-07-23T23:00:59 <dreimark> another one at http://www.adobe.com/support/security/advisories/apsa09-03.html
2009-07-23T23:09:18 <dreimark> dimazest: the macro_GetVal should return an empty string if the user has no access to a page (either not existing or protected by acls)
2009-07-23T23:10:48 <dreimark> if it returns an error message it should be understandable but it should not expose pages which are protected for the requesting user
2009-07-23T23:11:59 <dreimark> e.g. it could tell something similiar to: this var %s does not exist the page %s.
2009-07-23T23:12:09 <dreimark> +on
2009-07-23T23:13:53 <dreimark> dimazest: please prepare tommorow a wiki page about the xapwrap/xappy API exchange
2009-07-23T23:14:41 <dreimark> it must not be totally completed
MoinMoin: MoinMoinChat/Logs/moin-dev/2009-07-23 (last edited 2009-07-22 23:00:01 by IrcLogImporter)