Contents
High Level Requirements
Required operations
Group requirements :
- set-like api : an api that all the methods work like in the set api, foe example update, in, ..
_update(members)
- handle updating and adding members of a group (add one member, a list of members, or just update group with new and old members)
- example if the group is a set
>>> group = Set(['GroupName1', 'GroupName2']) >>> group Set(['GroupName2', 'GroupName1']) >>> group._update(['GroupName3']) >>> group Set(['GroupName2', 'GroupName3', 'GroupName1'])
GroupManager requirements :
- data type: dictionary
is_group(groupname)
check if the string groupname is a group_name, returns True/False
it is used in admin.py
__contains__(groupname,user)
- check if a user is a member of a group
- sometimes it is needed to return only True/False,and sometimes need to return all the list in some parts of code, but the decision needs to be done
addgroup - method for adding group to a dict (it is called by Page.py, mkpages.py, serveropenid.py)
reset() - reset group dict
scan_dicts - call the lower level code
expand_groups - keep it for now, then deal when
ThomasWaldmann> btw, i think you can keep groups in groups handling for a bit later, when you are more clear about the simpler parts
_data - get all groups
load_dict - leave this to the lower level code
Generic group requirements
- tell what backend to use and in which order:
group_backend = [LdapGroup(),MMGroup(), ]
- this will be put in wikiconfig
Config backend requirements
- define admin group - can change acls
- define predefined groups and users in groups like Thomas said
admin_group = set(u'UserName', u'SomeOther', ) editor_group = set(u"JoeDoe", ) groups = { u'AdminGroup': admin_group u"EditorGroup": editor_group, }
Group backend
- define what to do with anonymous users ("Before moin shows acl protected content, it will check user.may.read().") and anonymous users sometimes can read - if there is anonymous user there is not an LDAP record for the user - and it cannot be proceed by LDAP checking
- need's to be an admin for LDAP - needs to check it in the LDAP backend