Description

If a page has an ACL rule that prevents it from being read by users who are not logged in, then the moin dump command creates an output page saying "You are not authorized to view this page." This command is used to generate a static version of a wiki.

The task is to fix the problem by introducing a commandline argument, so the username that "reads" the pages can be specified. Do NOT hack acl_rights_before as described below.

To finish this task, you will need about 10h. This task should be completed in 7 days.

Steps to reproduce

  1. Create a page with an ACL rule like:
    •    #acl Trusted:read,write,delete Known:read,write,delete All:
  2. Run the dump.py program in /script/export/

Example

Component selection

Details

If you have the authority to run the dump.py program, you probably have authority to read all pages. I could not determine a way to pass a login ID to dump.py.

Workaround

The easiest way to fix the problem seems to be to modify the dump.py program to add an acl_rights_before rule giving itself authority to read all pages. Find the following code near line 114 on Moin 1.5.8:

        # fix url_prefix so we get relative paths in output html
        request.cfg.url_prefix = url_prefix

and add a line to change the acl_rights_before value.

        # fix url_prefix so we get relative paths in output html
        request.cfg.url_prefix = url_prefix
        
        # ensure Moin Dump can read all files
        request.cfg.acl_rights_before = "All:read"

Discussion

Plan


CategoryMoinMoinBugFixed

MoinMoin: MoinMoinBugs/AclBlockMoinDump (last edited 2008-03-06 17:30:57 by ThomasWaldmann)