1 2012-09-03T00:01:58 <ThomasWaldmann> guess we have to think about how to handle PTIME metadata entry
2 2012-09-03T00:02:03 *** jaiditya
3 2012-09-03T00:03:05 <spy_> you mean UI?
4 2012-09-03T00:08:57 <ThomasWaldmann> no. normal wiki items (at least in 1.9) do not have PTIME
5 2012-09-03T00:09:48 <ThomasWaldmann> and i would like to avoid adding redundant (and not really needed) metadata
6 2012-09-03T00:10:28 <ThomasWaldmann> so the rule could be: if there is no PTIME, it is the same as the MTIME
7 2012-09-03T00:15:58 <ThomasWaldmann> the whoosh-based filtering you do now would get removed (done by acl check then)
8 2012-09-03T00:18:41 *** RogerHaase
9 2012-09-03T00:54:59 *** spy
10 2012-09-03T01:06:24 <ThomasWaldmann> dreimark: can you check whether members like All or Known or Trusted work in groups used in ACLs?
11 2012-09-03T01:07:35 * ThomasWaldmann maybe found a bug
12 2012-09-03T05:42:28 *** RogerHaase
13 2012-09-03T06:07:17 *** RogerHaase
14 2012-09-03T08:51:34 <dreimark> moin
15 2012-09-03T08:52:33 * dreimark adds checkink acls on today todo list
16 2012-09-03T08:52:43 <dreimark> s/k/g/
17 2012-09-03T10:09:58 *** spy
18 2012-09-03T10:52:21 *** CIA-77
19 2012-09-03T10:56:15 *** CIA-74
20 2012-09-03T12:23:52 *** MattMaker
21 2012-09-03T13:00:56 *** greg_f
22 2012-09-03T14:38:52 <ThomasWaldmann> dreimark: http://paste.ubuntu.com/1183444/
23 2012-09-03T14:39:52 <ThomasWaldmann> this fix would make the code "work as intended". but i am not sure anymore whether that is what we really want.
24 2012-09-03T14:44:43 <ThomasWaldmann> hmm, while thinking about it, it could be used to first have a limited few people group and later just add All/Known/Trusted to the group to "publish" all pages having that group acl
25 2012-09-03T14:45:28 <ThomasWaldmann> (without having to change all ACLs)
26 2012-09-03T14:47:58 <ThomasWaldmann> dreimark: http://paste.ubuntu.com/1183463/
27 2012-09-03T15:31:42 <CIA-74> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 5870:7b9f39289e16 1.9/MoinMoin/security/ (__init__.py _tests/test_security.py): (log message trimmed)
28 2012-09-03T15:31:42 <CIA-74> security fix: fix virtual group bug in ACL evaluation, add a test for it
29 2012-09-03T15:31:42 <CIA-74> affected moin releases: all 1.9 releases up to and including 1.9.4
30 2012-09-03T15:31:42 <CIA-74> moin releases < 1.9 are NOT affected.
31 2012-09-03T15:31:42 <CIA-74> You can find out the moin version by looking at SystemInfo page or at the
32 2012-09-03T15:31:42 <CIA-74> output of <<SystemInfo>> macro.
33 2012-09-03T15:31:43 <CIA-74> Issue description:
34 2012-09-03T15:50:49 *** spy
35 2012-09-03T16:08:10 <dreimark> ThomasWaldmann: I never used Trusted or All on a Group page
36 2012-09-03T16:08:42 <ThomasWaldmann> do you have any groupname with All or Trusted or Known?
37 2012-09-03T16:08:48 <dreimark> no
38 2012-09-03T16:08:50 <ThomasWaldmann> like TrustedEditorGroup ? :)
39 2012-09-03T16:09:14 <dreimark> yes but it point to an existing UserGroup
40 2012-09-03T16:09:29 <ThomasWaldmann> ok
41 2012-09-03T16:09:50 <ThomasWaldmann> if you want to verify the bug, just run the test without the bugfix. it's real. :)
42 2012-09-03T16:12:29 <dreimark> I had not expected that it is or was possible to use these names inside a group definition
43 2012-09-03T16:16:40 <ThomasWaldmann> well, the code was intended to do that and before 1.9 i guess it even worked
44 2012-09-03T16:17:03 <ThomasWaldmann> since the dicts/groups project merge it was broken
45 2012-09-03T16:19:38 <dreimark> that explains why i have not cared on it. good that now a test is also in place
46 2012-09-03T16:20:01 <dreimark> but i think we need to verify that noone has a user with these names now, or?
47 2012-09-03T16:21:54 <ThomasWaldmann> it first checks for groups then for users, but yes, having such a name would be a bad idea
48 2012-09-03T16:23:04 <dreimark> i have not looked up if we already have blocked it. We should do so, if not
49 2012-09-03T16:23:45 <dreimark> (and maybe disable if someone used such a name)
50 2012-09-03T16:53:01 * ThomasWaldmann checks the email account verification patch for 1.9.4
51 2012-09-03T16:56:22 *** spy
52 2012-09-03T17:36:21 *** CIA-74
53 2012-09-03T17:46:09 *** RogerHaase
54 2012-09-03T17:48:05 <dreimark> ThomasWaldmann: what is the reason to have in xstatic this pkg layer?
55 2012-09-03T18:00:02 <dreimark> bbl
56 2012-09-03T18:01:14 <ThomasWaldmann> xstatic has the code of the xstatic package, all xstatic-* packages put their stuff under xstatic.pkg
57 2012-09-03T18:01:21 *** CIA-75
58 2012-09-03T18:01:45 <dreimark> yes, but why not below xstatic.
59 2012-09-03T18:03:07 <dreimark> i have no problem with it i just don't know if that is needed and i better should copy it
60 2012-09-03T18:03:21 <dreimark> if i do something similar
61 2012-09-03T18:04:22 <dreimark> ah yes I see
62 2012-09-03T18:04:57 <dreimark> I missed the xstatic main
63 2012-09-03T18:06:23 <dreimark> bbl
64 2012-09-03T18:07:16 <ThomasWaldmann> maybe it had something to do with the namespace packages, don't rememeber
65 2012-09-03T18:11:28 <RogerHaase> ThomasWaldmann: dreimark: autoscroll edit textarea ready for code review: http://codereview.appspot.com/6488072/
66 2012-09-03T18:26:55 <ThomasWaldmann> didn't we review that already?
67 2012-09-03T18:27:18 <ThomasWaldmann> RogerHaase: ^
68 2012-09-03T18:28:54 <RogerHaase> You reviewed an earlier version and asked that I move duplicate code into _Util.py. This version adds autoscroll on creole and mediawiki.
69 2012-09-03T18:30:39 <ThomasWaldmann> ah, right. so reusing the same codereview id is maybe no good.
70 2012-09-03T18:30:48 <RogerHaase> right
71 2012-09-03T18:32:09 <ThomasWaldmann> btw, if you run 1.9.4 and rely on acl groups, have a look at 1.9 repo
72 2012-09-03T18:33:01 <RogerHaase> yes, I saw
73 2012-09-03T18:51:37 <ThomasWaldmann> review done.
74 2012-09-03T18:52:09 <ThomasWaldmann> you checked that line numbers within AND after such separate-Iter-blocks are correct?
75 2012-09-03T18:55:37 <RogerHaase> yes, I had a trace to print line number. It was confusing as there were two and even 3 _Iter instances going at same time.
76 2012-09-03T18:57:42 <ThomasWaldmann> ok
77 2012-09-03T19:12:25 <RogerHaase> ThomasWaldmann: I disagree that a separate file and license is nesessary. IMHO public domain code can be freely used for derivative works without permission or acknowledgement.
78 2012-09-03T19:23:08 <ThomasWaldmann> i considered it "nice to have", not required
79 2012-09-03T19:23:43 <ThomasWaldmann> RogerHaase: ^
80 2012-09-03T19:24:06 <RogerHaase> ok
81 2012-09-03T19:31:01 <ThomasWaldmann> btw, in some jurisdictions, there is no formal concept of "public domain".
82 2012-09-03T19:32:20 <ThomasWaldmann> so, if you do not license it, there will be the problem that one can not use it.
83 2012-09-03T19:33:13 * ThomasWaldmann fixes the same acl group issue in moin2 now
84 2012-09-03T19:37:21 <RogerHaase> agree public domain causes problems, is better and easier all around to copyright and license.
85 2012-09-03T19:37:54 *** greg_f
86 2012-09-03T19:42:54 <ThomasWaldmann> RogerHaase: so, as we are allowed to and you are one of the authors anyway: license it! :D
87 2012-09-03T20:02:01 *** RogerHaase1
88 2012-09-03T20:04:59 *** MattMaker
89 2012-09-03T20:06:27 <CIA-75> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 1770:c64d3d8d16cb 2.0/MoinMoin/security/ (__init__.py _tests/test_security.py): (log message trimmed)
90 2012-09-03T20:06:28 <CIA-75> security fix: fix virtual group bug in ACL evaluation, add a test for it
91 2012-09-03T20:06:28 <CIA-75> Note: same issue has been fixed in moin/1.9 repo also, see cs 7b9f39289e16.
92 2012-09-03T20:06:28 <CIA-75> This changeset was just ported to moin/2.0.
93 2012-09-03T20:06:28 <CIA-75> Issue description:
94 2012-09-03T20:06:28 <CIA-75> We have code that checks whether a group has special members "All" or "Known"
95 2012-09-03T20:06:29 <CIA-75> or "Trusted", but there was a bug that checked whether these are present in
96 2012-09-03T20:07:15 *** RogerHaase
97 2012-09-03T20:33:11 *** RogerHaase1
98 2012-09-03T20:33:24 *** RogerHaase1
99 2012-09-03T20:35:02 <RogerHaase1> \nick RogerHaase
100 2012-09-03T20:40:28 *** RogerHaase1
101 2012-09-03T21:19:04 * ThomasWaldmann cleans up some security policy stuff
102 2012-09-03T22:34:24 <CIA-75> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 1771:dbfad38a4cdc 2.0/MoinMoin/ (config/default.py security/__init__.py user.py):
103 2012-09-03T22:34:24 <CIA-75> SecurityPolicy: some simplifications and cleanups
104 2012-09-03T22:34:24 <CIA-75> change the config default from None (which triggered the use of the default
105 2012-09-03T22:34:24 <CIA-75> security policy class) to directly put the default security policy class there.
106 2012-09-03T22:34:24 <CIA-75> renamed "Permissions" to more clear "DefaultSecurityPolicy".
107 2012-09-03T22:34:25 <CIA-75> updated / fixed some docstrings
108 2012-09-03T22:48:46 *** jaiditya
109 2012-09-03T23:09:49 * ThomasWaldmann tries to implement weakread capability
110 2012-09-03T23:47:40 *** spy
111