changeset 1546:27093deecd9f

security fix: fixed wrong group membership check in ACL code (it ignored group rights defined in config ACLs)
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Thu, 14 Sep 2006 15:32:19 +0200
parents 97bf8559829a
children e74f46dbe7c8
files MoinMoin/security/__init__.py
diffstat 1 files changed, 2 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/security/__init__.py	Thu Sep 14 14:32:36 2006 +0200
+++ b/MoinMoin/security/__init__.py	Thu Sep 14 15:32:19 2006 +0200
@@ -172,7 +172,7 @@
     def __init__(self, cfg, lines=[]):
         """Initialize an ACL, starting from <nothing>.
         """
-        self._is_group = {}
+        self._group_re = re.compile(cfg.page_group_regex, re.UNICODE)
         if lines:
             self.acl = [] # [ ('User', {"read": 0, ...}), ... ]
             self.acl_lines = []
@@ -191,7 +191,6 @@
         @param aclstring: acl string from page or cfg
         @param remember: should add the line to self.acl_lines
         """
-        group_re = re.compile(cfg.page_group_regex)
 
         # Remember lines
         if remember:
@@ -204,8 +203,6 @@
                 self._addLine(cfg, cfg.acl_rights_default, remember=0)
             else:
                 for entry in entries:
-                    if group_re.search(entry):
-                        self._is_group[entry] = 1
                     rightsdict = {}
                     if modifier:
                         # Only user rights are added to the right dict.
@@ -234,7 +231,7 @@
             if entry in self.special_users:
                 handler = getattr(self, "_special_"+entry, None)
                 allowed = handler(request, name, dowhat, rightsdict)
-            elif self._is_group.get(entry):
+            elif self._group_re.search(entry):
                 if is_group_member(entry, name):
                     allowed = rightsdict.get(dowhat)
                 else: