Differences between revisions 21 and 22
Revision 21 as of 2006-01-18 08:42:20
Size: 2462
Editor: FrankieChow
Comment: has bug.
Revision 22 as of 2007-10-29 19:08:45
Size: 2470
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
||<#ff99ff> :D If it have bug, Please let me know [[MailTo(frankie AT NONSPAM openworkshop DOT org)]] || ||<#ff99ff> :D If it have bug, Please let me know <<MailTo(frankie AT NONSPAM openworkshop DOT org)>> ||
Line 30: Line 30:
inline:security_rules5.patch {{attachment:security_rules5.patch}}
Line 47: Line 47:
discussion. Thanks. -- DeronMeranda [[DateTime(2006-01-13T15:48:25Z)]] discussion. Thanks. -- DeronMeranda <<DateTime(2006-01-13T15:48:25Z)>>
Line 56: Line 56:
 ||<#ffffaa> :-? Yes, I known your point. ( so I wrote ["MoinMoinPatch/SecurityString"] patch more then '''TWO''' week. ) ||  ||<#ffffaa> :-? Yes, I known your point. ( so I wrote [[MoinMoinPatch/SecurityString]] patch more then '''TWO''' week. ) ||

:D If it have bug, Please let me know <frankie AT NONSPAM openworkshop DOT org>

Details

Applies to
  •   M  MoinMoin/multiconfig.py
  M  MoinMoin/security.py
  A  MoinMoin/securityrule.py
Purpose

Can Handle multi rules, in SecurityPolicy.

Description
I define the security_rules object and howto query them.

TODO

  • Base tested.
  • Test it heavy.

DONE

  • Modify the code follow SecurityPolicy syntax.

  • Redesign SecurityRules Obj, and better for Administrator

Patch

Toggle line numbers 
   1 * looking for arch@arch.thinkmo.de--2003-archives/moin--main--1.5--patch-376 to compare with
   2 * comparing to arch@arch.thinkmo.de--2003-archives/moin--main--1.5--patch-376
   3 M  MoinMoin/multiconfig.py
   4 M  MoinMoin/security.py
   5 A  MoinMoin/securityrule.py
   6 
   7 * modified files
   8 
   9 --- orig/MoinMoin/multiconfig.py
  10 +++ mod/MoinMoin/multiconfig.py
  11 @@ -168,7 +168,8 @@
  12      acl_rights_before = u""
  13      acl_rights_after = u""
  14      acl_rights_valid = ['read', 'write', 'delete', 'revert', 'admin']
  15 -    
  16 +    # import MoinMoin.securityrule as SecurityRule
  17 +    security_rules = [] #Test by: [{'rule' :SecurityRule.vaild_user, "is_non": 1, "write": 0}]
  18      actions_excluded = [] # ['DeletePage', 'AttachFile', 'RenamePage']
  19      allow_xslt = 0
  20      attachments = None # {'dir': path, 'url': url-prefix}
  21 
  22 
  23 --- orig/MoinMoin/security.py
  24 +++ mod/MoinMoin/security.py
  25 @@ -43,11 +43,28 @@
  26          return self.write(editor.page_name)
  27  
  28      def __getattr__(self, attr):
  29 -        """ if attr is one of the rights in acl_rights_valid, then return a
  30 -            checking function for it. Else raise an error.
  31 -        """
  32          request = self.request
  33          Page = self.Page
  34 +
  35 +        # check right in security_rules
  36 +        for s in request.cfg.security_rules:
  37 +            # Make Sure the SecurityRules have 'rule' and attr
  38 +            # and the SecurityRules is a Dict.
  39 +            try:
  40 +                if s.has_key('rule') and s.has_key(attr):
  41 +                   valid_security_rule = 1
  42 +                else:
  43 +                   valid_security_rule = 0
  44 +            except AttributeError:
  45 +                valid_security_rule = 0
  46 +            if valid_security_rule:
  47 +                sr = s['rule']
  48 +                security_rule = sr(request.user, s)
  49 +                # Check dict again, Is it developer like ?
  50 +                if security_rule.check_dict(attr):
  51 +                    return lambda pagename, **kw: getattr(security_rule, attr)(pagename, **kw)
  52 +
  53 +        # If cann't check in security_rules, try it in moin_acl
  54          if attr in request.cfg.acl_rights_valid:
  55              return lambda pagename, Page=Page, request=request, attr=attr: Page(request, pagename).getACL(request).may(request, self.name, attr)
  56          else:
  57 
  58 
  59 --- orig/MoinMoin/securityrule.py
  60 +++ mod/MoinMoin/securityrule.py
  61 @@ -0,0 +1,56 @@
  62 +# -*- coding: iso-8859-1 -*-
  63 +"""
  64 +@copyright: (c) Bastian Blank, Florian Festi, Thomas Waldmann
  65 +@copyright: MoinMoin:FrankieChow
  66 +@license: GNU GPL, see COPYING for details.
  67 +"""
  68 +
  69 +class security_rules_obj:
  70 +    """ Template of SecurityRules Object
  71 +    """
  72 +
  73 +    def __init__(self, user, dict):
  74 +        """ Calculate the permissons `user` has.
  75 +        """
  76 +        self.user = user
  77 +        self.name = user.name
  78 +        self.request = user._request
  79 +        self.dict = dict
  80 +
  81 +    def cal_rule_result(self):
  82 +        """ Cal the dict('is_non') and set the rule_result.
  83 +        """
  84 +        if self.dict.has_key('is_non'):
  85 +            self.rule_result = self.dict['is_non'] * self.match_rule()
  86 +        else:
  87 +            self.rule_result = self.match_rule()
  88 +
  89 +    def check_dict(self):
  90 +        """
  91 +        Developer can override it to check pass dict.
  92 +        """
  93 +        self.cal_rule_result()
  94 +        if getattr(self, attr, 0):
  95 +            return 1
  96 +
  97 +    def true(self, pagename, **kw):
  98 +        return 1
  99 +    def false(self, pagename, **kw):
 100 +        return 0
 101 +
 102 +    def __getattr__(self, attr):
 103 +        if not self.rule_result: raise AttributeError, attr
 104 +        if self.dict[attr]:
 105 +            return lambda pagename, **kw: self.true(pagename, **kw)
 106 +        else:
 107 +            return lambda pagename, **kw: self.false(pagename, **kw)
 108 +
 109 +class vaild_user(security_rules_obj):
 110 +    """
 111 +    Maybe Developer must need to write this module.
 112 +    """
 113 +    def match_rule(self):
 114 +        if self.user.valid:
 115 +            return 1
 116 +        else:
 117 +            return 0
 118

security_rules5.patch

Discussion

Why need define the security_rules not just using Security``Policy ?

  • Keep it easy to modules.
  • It is good for Developer and Administrator.
    For Developer

    Easy to Develop, Maybe he just define the security_rule's match_rule module and design a Dict pass to his security_rule. He don't need to care it is using by write , read or admin ...

    For Administrator

    Easy to Using SecurityRules. he can use it in any case and anyway for write or read ... , control by match match_rule or don't match match_rule.

Comments

The purose of this patch is quite unclear. I had put some comments at the bottom of FeatureRequests/SecurityRules but I'm not sure anybody's looking at that page anymore. Can someone/frankie read it and try to write a clearer "purpose" for this so other people can follow this discussion. Thanks. -- DeronMeranda 2006-01-13 15:48:25

Plan

  • Priority:
  • Assigned to:
  • Status: unclear why this should be necessary and not just inheritance is used. So please first try to use inheritance the right way and if you can't get it working, describe the exact problem. Then we can start at looking how to extend the code - not before.

    :-? Yes, I known your point. ( so I wrote MoinMoinPatch/SecurityString patch more then TWO week. )

    :D Security_Rule is better then SecurityPolicy for Administrator and Developer.

    <!> Always Administrator hasn't a good programming skill in chinese. I think them cann't easy to handle inheritance in python.

CategoryMoinMoinPatch

MoinMoin: MoinMoinPatch/SecurityRules (last edited 2007-10-29 19:08:45 by localhost)