[15:07] StellarsHenson: hi guys, can anyone suggest any python IDE suitable for moinmoin plugins etc... development? For my published patches and plugins i still use vim, but it's very cumbersome... [15:10] TheSheep: vim cumbersome? hearsay! [15:10] • TheSheep uses vim, vim and only vim [15:11] TheSheep: StellarsHenson: there is also eclipse with the pydev plugin... [15:11] StellarsHenson: guys, i'm in the programming world for 12 years now, i grew up on vi and vim [15:11] StellarsHenson: but i need class names, automatic imports and functions expansions [15:12] StellarsHenson: pydev, is it good? [15:12] • ThomasWaldmann uses mc and vim for smaller stuff, and eclipse/pydev for more widespread/bigger work [15:12] StellarsHenson: ok, thx man [15:12] StellarsHenson: does it work properly? i mean, does it import all packages etc the way i can use it? [15:12] ThomasWaldmann: it was good enough to even convince me as a java hater [15:13] StellarsHenson: ok, great. thank you [15:13] StellarsHenson: did anyone use autoadmin security policy for moin? [15:13] StellarsHenson: i have published a patch recently, we use it in production for some time already but needed to discuss it with someone who has opinion on the subject [15:14] ThomasWaldmann: I have to add that I early registered for the pydev extensions, so I have not much experience with the free-only parts of it [15:14] StellarsHenson: patch allows for autoadmin users to also be able to create their home pages [15:14] StellarsHenson: and to use special groups: Known and Trusted [15:14] StellarsHenson: hm, so it's propriety plugin, isn't it? [15:14] ThomasWaldmann: I had a very quick look at the patch, but not much time for deeper inspection / thoughts. [15:15] ThomasWaldmann: btw, for vim I use the pep8 plugin from our CodingStyle page [15:15] StellarsHenson: any chance to merge it (the patch) with mainstream moin ? [15:16] ThomasWaldmann: i have to review it first [15:16] StellarsHenson: ok, brilliant [15:16] StellarsHenson: it's working on http://nobleprog.net/wiki [15:16] ThomasWaldmann: could you do some style cleanup? [15:16] StellarsHenson: yes, shouldn't be a problem [15:17] StellarsHenson: btw - mac rocks. switched 3y ago and cannot go back [15:17] ThomasWaldmann: e.g. if you break a line within a () you don't need \ at the end [15:17] StellarsHenson: ah, ok, wasn't familiar with it [15:17] ThomasWaldmann: ah, good to have a mac tester [15:18] StellarsHenson: i'll get it cleaned in notime [15:18] StellarsHenson: [15:18] StellarsHenson: well, i run two instances, my company wiki (the address mentioned) and my private one [15:18] StellarsHenson: on mac [15:18] StellarsHenson: for experiments and develpment [15:19] ThomasWaldmann: why do you give the current user implicit Known and Trusted membership? [15:19] StellarsHenson: 2 months ago me and my partner have decided to publish all patches and macros we have develped, so it's gonna be some new suff comming [15:19] StellarsHenson: i don't. It works only if you add Known or Trusted to AutoAdminGroup [15:20] StellarsHenson: previously it didn't wirk [15:20] StellarsHenson: work [15:20] StellarsHenson: you just checked whether the person is a member or not [15:20] StellarsHenson: but you didn't check for special users memberships [15:20] StellarsHenson: i have added this feature [15:21] ThomasWaldmann: but if there is Trusted or Known on the AutoAdminGroup, you give every user those rights [15:21] ThomasWaldmann: you don't check if the user is really trusted [15:21] StellarsHenson: that is correct [15:21] StellarsHenson: what? [15:22] ThomasWaldmann: well, the difference between All, Known and Trusted is this: [15:22] StellarsHenson: i don't get you. I don't have to check - if you add Known to AutoAdminGroup, you allow registered users to have their home pages [15:22] StellarsHenson: if you add Trusted, then it's Trusted [15:22] ThomasWaldmann: All is everybody. Even when not logged in. [15:22] StellarsHenson: indeed [15:22] ThomasWaldmann: Known is someone who is logged in somehow. (you don't check that) [15:22] StellarsHenson: indeed [15:23] ThomasWaldmann: Trusted is someone who is logged in via some login method that is specially trusted. (you don't check that) [15:23] StellarsHenson: Ok, let me explain in detail the changes i have made. Obviously i didn't do the explanation correctly [15:23] ThomasWaldmann: I admit that the Known vs. Trusted difference is a bit strange. [15:24] ThomasWaldmann: But this comes from the users usualy ability to create his own account and then log in. [15:24] StellarsHenson: You can add special groups to any group: you can add Known or Trusted to your FriendsGroup [15:24] StellarsHenson: and allow this group to modify , say, HomePage [15:24] henk left the chat room. [15:24] ThomasWaldmann: btw, do you need to do those Known/Trusted/All checks at all? [15:24] StellarsHenson: The current AutoAdminGroup feature allows for users added to be able to administer their home pages (and project pages if added) [15:25] StellarsHenson: let me finish, please [15:25] ThomasWaldmann: Doesn't the first has_member call do it for you? [15:25] StellarsHenson: no, it doesn't - that's the WHOLE point [15:25] StellarsHenson: in the security/__init__ we check special membership separately [15:26] StellarsHenson: that's why i needed to check it explicitly [15:26] StellarsHenson: but let me finish [15:27] StellarsHenson: If we have added Known special user group to AutoAdminGroup, theoretically we are granting all Known users admin rights on their home pages [15:27] StellarsHenson: same with Trusted [15:27] StellarsHenson: then we grant all Trused users admin rights on their home pages [15:27] StellarsHenson: problem is - it doesn't work, because our mechanizm (has_member) doesn't check it [15:27] StellarsHenson: so i needed to add it myself [15:27] StellarsHenson: that's first thing [15:27] ThomasWaldmann: ok [15:27] StellarsHenson: second: [15:28] StellarsHenson: there's no point for administering your page if you cannot create it [15:28] StellarsHenson: and, as an administrator, you can modify any page you have admin rights on to allow you for edit [15:29] StellarsHenson: so, in short, why not add AutoAdminGroup write rights on their pages [15:29] ThomasWaldmann: yes, if write rights are not in default acl, you have a problem [15:29] StellarsHenson: indeed [15:29] StellarsHenson: that's what is happening on nobleprog.net/wiki [15:29] StellarsHenson: so, my patch fixes those issues [15:29] StellarsHenson: it works for 5 months now [15:29] StellarsHenson: so, heavily tested [15:29] StellarsHenson: but i guess you have to run tests on your own [15:30] StellarsHenson: and then we are all agreed [15:30] ThomasWaldmann: the point is not that much that I don't trust you that it works [15:30] StellarsHenson: that's why i mentioned - you have to try and review it for yourself [15:30] ThomasWaldmann: but after thinking about it, i somehow feels that our group code is rather missing a feature [15:31] ThomasWaldmann: (that All/Known/Trusted members specialcasing) [15:31] StellarsHenson: indeed, internally we should check special membership [15:31] StellarsHenson: i agree [15:31] StellarsHenson: i can make certain core changes [15:31] StellarsHenson: but for the time being it's better to have it this way or none at all [15:31] • ThomasWaldmann looks at acl code [15:32] StellarsHenson: and we can make the group code change urgent [15:32] StellarsHenson: for 2.0 release [15:32] StellarsHenson: btw - can you add transcript to the patch page? [15:33] ThomasWaldmann: i can, you can, everybody can [15:33] StellarsHenson: dunno how :-$ [15:33] ThomasWaldmann: copy and paste? [15:33] StellarsHenson: lemme try [15:34] ThomasWaldmann: hmm, we need virtual groups for All, Known and Trusted. [15:34] ThomasWaldmann: then all would be easier. [15:35] ThomasWaldmann: but you are right, this is not for 1.8 or 1.9 [15:35] StellarsHenson: it's just a matter of urgency [15:36] ThomasWaldmann: so please look into security/__init__ and take the _special_ stuff from there [15:36] ThomasWaldmann: for 2.0 there will be some acl work anyway (maybe as some sort of storage middleware) [15:36] ThomasWaldmann: i have to do some other stuff for a while. bbl. [15:37] StellarsHenson: hm. sure. i'm looking forward to ldap integration [15:37] StellarsHenson: [15:37] StellarsHenson: our company SSO would work fine then [15:40] the_gamer left the chat room. (Remote closed the connection)
was too late for the discussion, but I think it needs to be carefully checked if it could be used to create pages by abusing the login account.
i agree. you definitely need to run some tests. in the meantime i'll polish the solution to the point, where we are not using 'Known' and 'Trusted' groups explicitly -- StellarsHenson 2009-03-25 19:00:50