Details

Applies to

MoinMoin security core (autoadmin.py) v1.8.2, v1.9beta2

Purpose

To allow AutoAdminGroup members to create their pages, to allow AutoAdminGroup have special users members (like Known and Trusted)

Description

This patch adds write security policy to allow AutoAdminGroup members to create pages for which they have their admin rights. It also allows this group to have special users members - Known and Trusted groups

Patch

   1 --- autoadmin.py.old	2009-01-07 01:26:52.000000000 +0100
   2 +++ autoadmin.py	2009-03-25 01:34:56.000000000 +0100
   3 @@ -66,6 +66,24 @@
   4  class SecurityPolicy(Permissions):
   5      """ Extend the default security policy with autoadmin feature """
   6  
   7 +    def write(self, pagename):
   8 +        try:
   9 +            request = self.request
  10 +            has_member = request.dicts.has_member
  11 +            username = request.user.name
  12 +            pagename = request.page.page_name
  13 +            mainpage = pagename.split('/')[0]
  14 +            if username == mainpage and (has_member('AutoAdminGroup', username) or \
  15 +                has_member('AutoAdminGroup', 'Known') or has_member('AutoAdminGroup', 'Trusted')):
  16 +                return True
  17 +            groupname = "%s/AdminGroup" % mainpage
  18 +            if (has_member(groupname, username) or has_member(groupname, 'Known') or \
  19 +                has_member(groupname, 'Trusted')) and has_member('AutoAdminGroup', groupname):
  20 +                return True
  21 +        except AttributeError:
  22 +            pass # when we get called from xmlrpc, there is no request.page
  23 +        return Permissions.__getattr__(self, 'write')(pagename)
  24 +
  25      def admin(self, pagename):
  26          try:
  27              request = self.request
  28 @@ -73,10 +91,12 @@
  29              username = request.user.name
  30              pagename = request.page.page_name
  31              mainpage = pagename.split('/')[0]
  32 -            if username == mainpage and has_member('AutoAdminGroup', username):
  33 +            if username == mainpage and (has_member('AutoAdminGroup', username) or \
  34 +                has_member('AutoAdminGroup', 'Known') or has_member('AutoAdminGroup', 'Trusted')):
  35                  return True
  36              groupname = "%s/AdminGroup" % mainpage
  37 -            if has_member(groupname, username) and has_member('AutoAdminGroup', groupname):
  38 +            if (has_member(groupname, username) or has_member(groupname, 'Known') or \
  39 +                has_member(groupname, 'Trusted')) and has_member('AutoAdminGroup', groupname):
  40                  return True
  41          except AttributeError:
  42              pass # when we get called from xmlrpc, there is no request.page

autoadmin.py-1.8+1.9.patch

   1 --- autoadmin.py.dist	2010-06-26 23:46:44.000000000 +0200
   2 +++ autoadmin.py	2010-09-01 15:29:17.000000000 +0200
   3 @@ -73,7 +73,7 @@
   4              username = request.user.name
   5              pagename = request.page.page_name
   6              mainpage = pagename.split('/')[0]
   7 -            if username == mainpage and username in groups.get(u'AutoAdminGroup', []):
   8 +            if username == mainpage and (username in groups.get(u'AutoAdminGroup', []) or u'Known' in groups.get(u'AutoAdminGroup', [])):
   9                  return True
  10              group_name = "%s/AdminGroup" % mainpage
  11              if (username in groups.get(group_name, []) and
autoadmin.py.1.9.3.patch

Discussion

[15:07] StellarsHenson: hi guys, can anyone suggest any python IDE suitable for moinmoin plugins etc... development? For my published patches and plugins i still use vim, but it's very cumbersome...
[15:10] TheSheep: vim cumbersome? hearsay!
[15:10] • TheSheep uses vim, vim and only vim
[15:11] TheSheep: StellarsHenson: there is also eclipse with the pydev plugin...
[15:11] StellarsHenson: guys, i'm in the programming world for 12 years now, i grew up on vi and vim
[15:11] StellarsHenson: but i need class names, automatic imports and functions expansions
[15:12] StellarsHenson: pydev, is it good?
[15:12] • ThomasWaldmann uses mc and vim for smaller stuff, and eclipse/pydev for more widespread/bigger work
[15:12] StellarsHenson: ok, thx man
[15:12] StellarsHenson: does it work properly? i mean, does it import all packages etc the way i can use it?
[15:12] ThomasWaldmann: it was good enough to even convince me as a java hater
[15:13] StellarsHenson: ok, great. thank you
[15:13] StellarsHenson: did anyone use autoadmin security policy for moin?
[15:13] StellarsHenson: i have published a patch recently, we use it in production for some time already but needed to discuss it with someone who has opinion on the subject
[15:14] ThomasWaldmann: I have to add that I early registered for the pydev extensions, so I have not much experience with the free-only parts of it
[15:14] StellarsHenson: patch allows for autoadmin users to also be able to create their home pages
[15:14] StellarsHenson: and to use special groups: Known and Trusted
[15:14] StellarsHenson: hm, so it's propriety plugin, isn't it?
[15:14] ThomasWaldmann: I had a very quick look at the patch, but not much time for deeper inspection / thoughts.
[15:15] ThomasWaldmann: btw, for vim I use the pep8 plugin from our CodingStyle page
[15:15] StellarsHenson: any chance to merge it (the patch)  with mainstream moin ?
[15:16] ThomasWaldmann: i have to review it first
[15:16] StellarsHenson: ok, brilliant
[15:16] StellarsHenson: it's working on http://nobleprog.net/wiki
[15:16] ThomasWaldmann: could you do some style cleanup?
[15:16] StellarsHenson: yes, shouldn't be a problem
[15:17] StellarsHenson: btw - mac rocks. switched 3y ago and cannot go back
[15:17] ThomasWaldmann: e.g. if you break a line within a () you don't need \ at the end
[15:17] StellarsHenson: ah, ok, wasn't familiar with it
[15:17] ThomasWaldmann: ah, good to have a mac tester
[15:18] StellarsHenson: i'll get it cleaned in notime
[15:18] StellarsHenson:
[15:18] StellarsHenson: well, i run two instances, my company wiki (the address mentioned) and my private one
[15:18] StellarsHenson: on mac
[15:18] StellarsHenson: for experiments and develpment
[15:19] ThomasWaldmann: why do you give the current user implicit Known and Trusted membership?
[15:19] StellarsHenson: 2 months ago me and my partner have decided to publish all patches and macros we have develped, so it's gonna be some new suff comming
[15:19] StellarsHenson: i don't. It works only if you add Known or Trusted to AutoAdminGroup
[15:20] StellarsHenson: previously it didn't wirk
[15:20] StellarsHenson: work
[15:20] StellarsHenson: you just checked whether the person is a member or not
[15:20] StellarsHenson: but you didn't check for special users memberships
[15:20] StellarsHenson: i have added this feature
[15:21] ThomasWaldmann: but if there is Trusted or Known on the AutoAdminGroup, you give every user those rights
[15:21] ThomasWaldmann: you don't check if the user is really trusted
[15:21] StellarsHenson: that is correct
[15:21] StellarsHenson: what?
[15:22] ThomasWaldmann: well, the difference between All, Known and Trusted is this:
[15:22] StellarsHenson: i don't get you. I don't have to check - if you add Known to AutoAdminGroup, you allow registered users to have their home pages
[15:22] StellarsHenson: if you add Trusted, then it's Trusted
[15:22] ThomasWaldmann: All is everybody. Even when not logged in.
[15:22] StellarsHenson: indeed
[15:22] ThomasWaldmann: Known is someone who is logged in somehow. (you don't check that)
[15:22] StellarsHenson: indeed
[15:23] ThomasWaldmann: Trusted is someone who is logged in via some login method that is specially trusted. (you don't check that)
[15:23] StellarsHenson: Ok, let me explain in detail the changes i have made. Obviously i didn't do the explanation correctly
[15:23] ThomasWaldmann: I admit that the Known vs. Trusted difference is a bit strange.
[15:24] ThomasWaldmann: But this comes from the users usualy ability to create his own account and then log in.
[15:24] StellarsHenson: You can add special groups to any group: you can add Known or Trusted to your FriendsGroup
[15:24] StellarsHenson: and allow this group to modify , say, HomePage
[15:24] henk left the chat room.
[15:24] ThomasWaldmann: btw, do you need to do those Known/Trusted/All checks at all?
[15:24] StellarsHenson: The current AutoAdminGroup feature allows for users added to be able to administer their home pages (and project pages if added)
[15:25] StellarsHenson: let me finish, please
[15:25] ThomasWaldmann: Doesn't the first has_member call do it for you?
[15:25] StellarsHenson: no, it doesn't - that's the WHOLE point
[15:25] StellarsHenson: in the security/__init__ we check special membership separately
[15:26] StellarsHenson: that's why i needed to check it explicitly
[15:26] StellarsHenson: but let me finish
[15:27] StellarsHenson: If we have added Known special user group to AutoAdminGroup, theoretically we are granting all Known users admin rights on their home pages
[15:27] StellarsHenson: same with Trusted
[15:27] StellarsHenson: then we grant all Trused users admin rights on their home pages
[15:27] StellarsHenson: problem is - it doesn't work, because our mechanizm (has_member) doesn't check it
[15:27] StellarsHenson: so i needed to add it myself
[15:27] StellarsHenson: that's first thing
[15:27] ThomasWaldmann: ok
[15:27] StellarsHenson: second:
[15:28] StellarsHenson: there's no point for administering your page if you cannot create it
[15:28] StellarsHenson: and, as an administrator, you can modify any page you have admin rights on to allow you for edit
[15:29] StellarsHenson: so, in short, why not add AutoAdminGroup write rights on their pages
[15:29] ThomasWaldmann: yes, if write rights are not in default acl, you have a problem
[15:29] StellarsHenson: indeed
[15:29] StellarsHenson: that's what is happening on nobleprog.net/wiki
[15:29] StellarsHenson: so, my patch fixes those issues
[15:29] StellarsHenson: it works for 5 months now
[15:29] StellarsHenson: so, heavily tested
[15:29] StellarsHenson: but i guess you have to run tests on your own
[15:30] StellarsHenson: and then we are all agreed
[15:30] ThomasWaldmann: the point is not that much that I don't trust you that it works
[15:30] StellarsHenson: that's why i mentioned - you have to try and review it for yourself
[15:30] ThomasWaldmann: but after thinking about it, i somehow feels that our group code is rather missing a feature
[15:31] ThomasWaldmann: (that All/Known/Trusted members specialcasing)
[15:31] StellarsHenson: indeed, internally we should check special membership
[15:31] StellarsHenson: i agree
[15:31] StellarsHenson: i can make certain core changes
[15:31] StellarsHenson: but for the time being it's better to have it this way or none at all
[15:31] • ThomasWaldmann looks at acl code
[15:32] StellarsHenson: and we can make the group code change urgent
[15:32] StellarsHenson: for 2.0 release
[15:32] StellarsHenson: btw - can you add transcript to the patch page?
[15:33] ThomasWaldmann: i can, you can, everybody can
[15:33] StellarsHenson: dunno how :-$
[15:33] ThomasWaldmann: copy and paste?
[15:33] StellarsHenson: lemme try
[15:34] ThomasWaldmann: hmm, we need virtual groups for All, Known and Trusted.
[15:34] ThomasWaldmann: then all would be easier.
[15:35] ThomasWaldmann: but you are right, this is not for 1.8 or 1.9
[15:35] StellarsHenson: it's just a matter of urgency
[15:36] ThomasWaldmann: so please look into security/__init__ and take the _special_ stuff from there
[15:36] ThomasWaldmann: for 2.0 there will be some acl work anyway (maybe as some sort of storage middleware)
[15:36] ThomasWaldmann: i have to do some other stuff for a while. bbl.
[15:37] StellarsHenson: hm. sure. i'm looking forward to ldap integration
[15:37] StellarsHenson:
[15:37] StellarsHenson: our company SSO would work fine then
[15:40] the_gamer left the chat room. (Remote closed the connection)

was too late for the discussion, but I think it needs to be carefully checked if it could be used to create pages by abusing the login account.

i agree. you definitely need to run some tests. in the meantime i'll polish the solution to the point, where we are not using 'Known' and 'Trusted' groups explicitly -- StellarsHenson 2009-03-25 19:00:50

Just confirmed, that patch works fine with version 1.9beta2 -- StellarsHenson 2009-03-27 03:50:34

Two questions:

  1. What about the situation in which the home page is not at the root?
  2. Why isn't getInterwikiHomePage being used?

It seems to me that something like the following snippet would be appropriate (not including the patch here but for the idea from 1.8.2):

class SecurityPolicy(Permissions):
    ...

    def admin(self, pagename):
        ...
        homepage = getInterwikiHomePage(request, username)
        if homepage:
            homepage = "/".join(homepage)
        if homepage and pagename.startswith(homepage) and has_member('AutoAdminGroup', username):
            return True
...

-- JohnMarshall 2009-04-03 10:46:00

Minor but needed fixes to above snippet:

@Stellars: Once I'm done, I'll propose a patch. Thanks.

-- JohnMarshall 2009-04-03 13:43:00

Hi, John. I believe you're right, however my patch didn't intend to modify the existing behavior that much. I just wanted to allow 'special groups' to be evaluated and make the homepage 'writable' in case you have administrative rights on it. I'm afraid, you have to prepare the patch and upload it for community evaluation. If you're asking for my opinion - i have no experience with interwiki homepages, therefore i can't really tell you anything about it :-) -- StellarsHenson 2009-04-03 15:26:46

Plan


CategoryMoinMoinPatch

MoinMoin: MoinMoinPatch/AutoAdminWrite (last edited 2010-09-01 15:41:48 by StellarsHenson)