Mercurial > moin > 1.9

changeset 5995:2beb3bd18d53

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
make globaledit put ACLs that take away All:read for slow pages
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 08 Jun 2013 23:16:08 +0200
parents 50e82729b826
children 524db6237b48
files MoinMoin/script/maint/globaledit.py
diffstat 1 files changed, 28 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/script/maint/globaledit.py	Sat Jun 08 19:03:07 2013 +0200
+++ b/MoinMoin/script/maint/globaledit.py	Sat Jun 08 23:16:08 2013 +0200
@@ -11,6 +11,22 @@
 from MoinMoin import PageEditor
 from MoinMoin.script import MoinScript
 
+# there are pages that are rather expensive to render, thus we
+# disallow reading them for anon users / bots / crawlers via ACL:
+SLOWPAGES = set([
+        u"PageHits",
+        u"PageSize",
+        u"WordIndex",  # we keep TitleIndex, though
+        u"EditedSystemPages",
+        u"WantedPages",
+        u"OrphanedPages",
+        u"AbandonedPages",
+        u"EventStats/HitCounts",
+        u"EventStats/Languages",
+        u"EventStats/UserAgents",
+])
+
+
 class PluginScript(MoinScript):
     """\
 Purpose:
@@ -73,13 +89,23 @@
             language_line = '#language en'
         if not format_line:
             format_line = '#format wiki'
-        aclold = '#acl MoinPagesEditorGroup:read,write,delete,revert All:read'
+        if masterpage is None or masterpage not in SLOWPAGES:
+            aclold = '#acl -All:write Default'
+            aclnew = '#acl -All:write Default'
+        elif masterpage in SLOWPAGES:
+            aclold = '#acl -All:write Default'
+            # the following page acl for slow pages requires a specific acl configuration:
+            # if you want to allow read usually, allow it via the "after" acl, so we
+            # can take it away with -All:read at the end of the page ACL.
+            # do NOT use All:read in the "default" ACL, we can't take that away.
+            # if you don't want to allow read usually, do not allow it in the "after" ACL.
+            aclnew = '#acl -All:write Default -All:read'
         if aclold in acl_lines:
             acl_lines.remove(aclold)
         if not acl_lines and (
             masterpage is None and not pagename.endswith('Template') or
             masterpage not in ['FrontPage', 'WikiSandBox', ] and not (pagename.endswith('Template') or masterpage.endswith('Template'))):
-            acl_lines = ['#acl -All:write Default']
+            acl_lines = [aclnew]
         if not master_lines:
             master_lines = ['##master-page:Unknown-Page', '##master-date:Unknown-Date', ]