changeset 4161:67f0fc696d97

Factored out setuid-code
author Florian Krupicka <florian.krupicka@googlemail.com>
date Wed, 11 Jun 2008 12:13:30 +0200
parents 1ea1d69b28e8
children b36478ce3a0e
files MoinMoin/web/utils.py MoinMoin/wsgiapp.py
diffstat 2 files changed, 18 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/web/utils.py	Wed Jun 11 12:02:18 2008 +0200
+++ b/MoinMoin/web/utils.py	Wed Jun 11 12:13:30 2008 +0200
@@ -28,6 +28,22 @@
         is_spider = cfg.cache.ua_spiders.search(useragent.browser) is not None
     return is_spider
 
+def check_setuid(request):
+    """ Check for setuid conditions and set user accordingly
+    
+    @param request: a moin request object
+    @rtype: boolean
+    @return: Wether a UID change took place
+    """
+    if 'setuid' in request.session and request.user.isSuperUser():
+        request._setuid_real_user = request.user
+        uid = request.session['setuid']
+        request.user = user.User(request, uid, auth_method='setuid')
+        request.user.valid = True
+        return True
+    else:
+        return False
+
 def check_forbidden(request):
     args = request.args
     action = args.get('action')
--- a/MoinMoin/wsgiapp.py	Wed Jun 11 12:02:18 2008 +0200
+++ b/MoinMoin/wsgiapp.py	Wed Jun 11 12:13:30 2008 +0200
@@ -12,7 +12,7 @@
 
 from MoinMoin.web.contexts import HTTPContext
 from MoinMoin.web.request import Request
-from MoinMoin.web.utils import check_spider, check_forbidden
+from MoinMoin.web.utils import check_spider, check_forbidden, check_setuid
 from MoinMoin.web.utils import check_surge_protect, handle_auth_form
 from MoinMoin.web.apps import HTTPExceptionsMiddleware
 
@@ -56,11 +56,7 @@
     if not request.user:
         request.user = user.User(request, auth_method='request:invalid')
 
-    if 'setuid' in request.session and request.user.isSuperUser():
-        request._setuid_real_user = request.user
-        uid = request.session['setuid']
-        request.user = user.User(request, uid, auth_method='setuid')
-        request.user.valid = True
+    check_setuid(request)
 
     if request.action != 'xmlrpc':
         check_forbidden(request)