|
Details
- Applies to
M MoinMoin/multiconfig.py M MoinMoin/security.py A MoinMoin/securityrule.py
- Purpose
Can Handle multi rules, in SecurityPolicy.
- Description
- I define the security_rules object and howto query them.
TODO
- Base tested.
- Test it heavy.
DONE
Modify the code follow SecurityPolicy syntax.
Redesign SecurityRules Obj, and better for Administrator
Patch
1 * looking for arch@arch.thinkmo.de--2003-archives/moin--main--1.5--patch-376 to compare with
2 * comparing to arch@arch.thinkmo.de--2003-archives/moin--main--1.5--patch-376
3 M MoinMoin/multiconfig.py
4 M MoinMoin/security.py
5 A MoinMoin/securityrule.py
6
7 * modified files
8
9 --- orig/MoinMoin/multiconfig.py
10 +++ mod/MoinMoin/multiconfig.py
11 @@ -168,7 +168,8 @@
12 acl_rights_before = u""
13 acl_rights_after = u""
14 acl_rights_valid = ['read', 'write', 'delete', 'revert', 'admin']
15 -
16 + # import MoinMoin.securityrule as SecurityRule
17 + security_rules = [] #Test by: [{'rule' :SecurityRule.vaild_user, "is_non": 1, "write": 0}]
18 actions_excluded = [] # ['DeletePage', 'AttachFile', 'RenamePage']
19 allow_xslt = 0
20 attachments = None # {'dir': path, 'url': url-prefix}
21
22
23 --- orig/MoinMoin/security.py
24 +++ mod/MoinMoin/security.py
25 @@ -43,11 +43,28 @@
26 return self.write(editor.page_name)
27
28 def __getattr__(self, attr):
29 - """ if attr is one of the rights in acl_rights_valid, then return a
30 - checking function for it. Else raise an error.
31 - """
32 request = self.request
33 Page = self.Page
34 +
35 + # check right in security_rules
36 + for s in request.cfg.security_rules:
37 + # Make Sure the SecurityRules have 'rule' and attr
38 + # and the SecurityRules is a Dict.
39 + try:
40 + if s.has_key('rule') and s.has_key(attr):
41 + valid_security_rule = 1
42 + else:
43 + valid_security_rule = 0
44 + except AttributeError:
45 + valid_security_rule = 0
46 + if valid_security_rule:
47 + sr = s['rule']
48 + security_rule = sr(request.user, s)
49 + # Check dict again, Is it developer like ?
50 + if security_rule.check_dict(attr):
51 + return lambda pagename, **kw: getattr(security_rule, attr)(pagename, **kw)
52 +
53 + # If cann't check in security_rules, try it in moin_acl
54 if attr in request.cfg.acl_rights_valid:
55 return lambda pagename, Page=Page, request=request, attr=attr: Page(request, pagename).getACL(request).may(request, self.name, attr)
56 else:
57
58
59 --- orig/MoinMoin/securityrule.py
60 +++ mod/MoinMoin/securityrule.py
61 @@ -0,0 +1,56 @@
62 +# -*- coding: iso-8859-1 -*-
63 +"""
64 +@copyright: (c) Bastian Blank, Florian Festi, Thomas Waldmann
65 +@copyright: MoinMoin:FrankieChow
66 +@license: GNU GPL, see COPYING for details.
67 +"""
68 +
69 +class security_rules_obj:
70 + """ Template of SecurityRules Object
71 + """
72 +
73 + def __init__(self, user, dict):
74 + """ Calculate the permissons `user` has.
75 + """
76 + self.user = user
77 + self.name = user.name
78 + self.request = user._request
79 + self.dict = dict
80 +
81 + def cal_rule_result(self):
82 + """ Cal the dict('is_non') and set the rule_result.
83 + """
84 + if self.dict.has_key('is_non'):
85 + self.rule_result = self.dict['is_non'] * self.match_rule()
86 + else:
87 + self.rule_result = self.match_rule()
88 +
89 + def check_dict(self):
90 + """
91 + Developer can override it to check pass dict.
92 + """
93 + self.cal_rule_result()
94 + if getattr(self, attr, 0):
95 + return 1
96 +
97 + def true(self, pagename, **kw):
98 + return 1
99 + def false(self, pagename, **kw):
100 + return 0
101 +
102 + def __getattr__(self, attr):
103 + if not self.rule_result: raise AttributeError, attr
104 + if self.dict[attr]:
105 + return lambda pagename, **kw: self.true(pagename, **kw)
106 + else:
107 + return lambda pagename, **kw: self.false(pagename, **kw)
108 +
109 +class vaild_user(security_rules_obj):
110 + """
111 + Maybe Developer must need to write this module.
112 + """
113 + def match_rule(self):
114 + if self.user.valid:
115 + return 1
116 + else:
117 + return 0
118
Discussion
Why need define the security_rules not just using Security``Policy ?
- Keep it easy to modules.
- It is good for Developer and Administrator.
- For Developer
Easy to Develop, Maybe he just define the security_rule's match_rule module and design a Dict pass to his security_rule. He don't need to care it is using by write , read or admin ...
- For Administrator
Easy to Using SecurityRules. he can use it in any case and anyway for write or read ... , control by match match_rule or don't match match_rule.
Comments
The purose of this patch is quite unclear. I had put some comments at the bottom of FeatureRequests/SecurityRules but I'm not sure anybody's looking at that page anymore. Can someone/frankie read it and try to write a clearer "purpose" for this so other people can follow this discussion. Thanks. -- DeronMeranda 2006-01-13 15:48:25
Plan
- Priority:
- Assigned to:
- Status: unclear why this should be necessary and not just inheritance is used. So please first try to use inheritance the right way and if you can't get it working, describe the exact problem. Then we can start at looking how to extend the code - not before.
Yes, I known your point. ( so I wrote MoinMoinPatch/SecurityString patch more then TWO week. ) 
Security_Rule is better then SecurityPolicy for Administrator and Developer. 
Always Administrator hasn't a good programming skill in chinese. I think them cann't easy to handle inheritance in python.