changeset 2795:f24afde03048

xmlrpc_putPage: call depends on acls and wiki auth or http auth, identical to wikisync, wiki auth see following example import xmlrpclib name = "TestUser" password = "secret" wikiurl = "http://localhost:8080" homewiki = xmlrpclib.ServerProxy(wikiurl + "?action=xmlrpc2", allow_none=True) auth_token = homewiki.getAuthToken(name, password) mc = xmlrpclib.MultiCall(homewiki) mc.applyAuthToken(auth_token) pagename = 'ExamplePage' text = 'Just an example line' mc.putPage(pagename, text) result = mc()
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Sun, 02 Sep 2007 19:33:57 +0200
parents e56f68a6f0fa
children feb3c6fca9d4
files MoinMoin/config/multiconfig.py MoinMoin/xmlrpc/UpdateGroup.py MoinMoin/xmlrpc/__init__.py
diffstat 3 files changed, 5 insertions(+), 46 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Sat Sep 01 23:13:24 2007 +0200
+++ b/MoinMoin/config/multiconfig.py	Sun Sep 02 19:33:57 2007 +0200
@@ -658,9 +658,6 @@
     unzip_attachments_space = 200.0 * 1000 ** 2
     unzip_attachments_count = 101 # 1 zip file + 100 files contained in it
 
-    xmlrpc_putpage_enabled = False # if False, putpage will write to a test page only
-    xmlrpc_putpage_trusted_only = True # if True, you will need to be http auth authenticated
-
     SecurityPolicy = None
 
     def __init__(self, siteid):
--- a/MoinMoin/xmlrpc/UpdateGroup.py	Sat Sep 01 23:13:24 2007 +0200
+++ b/MoinMoin/xmlrpc/UpdateGroup.py	Sun Sep 02 19:33:57 2007 +0200
@@ -22,21 +22,8 @@
     @rtype: bool
     @return: true on success
     """
-    if self.request.cfg.xmlrpc_putpage_enabled:
-        pagename = self._instr(groupname)
-    else:
-        pagename = u"TestUpdateGroup"
 
-    # By default, only authenticated (trusted) users may use putPage!
-    # Trusted currently means being authenticated by http auth.
-    # if you also want untrusted users to be able to write pages, then
-    # change your wikiconfig to have xmlrpc_putpage_trusted_only = 0
-    # and make very very sure that nobody untrusted can access your wiki
-    # via network or somebody will raid your wiki some day!
-
-    if (self.request.cfg.xmlrpc_putpage_trusted_only and
-        not self.request.user.auth_method in self.request.cfg.trusted_auth_methods):
-        return xmlrpclib.Fault(1, "You are not allowed to edit this page")
+    pagename = self._instr(groupname)
 
     # also check ACLs
     if not self.request.user.may.write(pagename):
--- a/MoinMoin/xmlrpc/__init__.py	Sat Sep 01 23:13:24 2007 +0200
+++ b/MoinMoin/xmlrpc/__init__.py	Sun Sep 02 19:33:57 2007 +0200
@@ -2,9 +2,6 @@
 """
     MoinMoin - Wiki XMLRPC v1 and v2 Interface + plugin extensions
 
-    If you want to use wikirpc function "putPage", read the comments in
-    xmlrpc_putPage or it won't work!
-
     Parts of this code are based on Juergen Hermann's wikirpc.py,
     Les Orchard's "xmlrpc.cgi" and further work by Gustavo Niemeyer.
 
@@ -512,33 +509,16 @@
         @rtype: bool
         @return: true on success
         """
-        # READ THIS OR IT WILL NOT WORK ===================================
-
-        # we use a test page instead of using the requested pagename, if
-        # xmlrpc_putpage_enabled was not set in wikiconfig.
-
-        if self.request.cfg.xmlrpc_putpage_enabled:
-            pagename = self._instr(pagename)
-        else:
-            pagename = u"PutPageTestPage"
 
-        # By default, only authenticated (trusted) users may use putPage!
-        # Trusted currently means being authenticated by http auth.
-        # if you also want untrusted users to be able to write pages, then
-        # change your wikiconfig to have xmlrpc_putpage_trusted_only = 0
-        # and make very very sure that nobody untrusted can access your wiki
-        # via network or somebody will raid your wiki some day!
+        pagename = self._instr(pagename)
 
-        if (self.request.cfg.xmlrpc_putpage_trusted_only and
-            not self.request.user.auth_method in self.request.cfg.trusted_auth_methods):
-            return xmlrpclib.Fault(1, "You are not allowed to edit this page")
+        # Only authenticated (trusted) users may use putPage!
+        # Trusted currently means being authenticated by http auth or wiki auth.
+        # You could control access to pages by using ACLs
 
-        # also check ACLs
         if not self.request.user.may.write(pagename):
             return xmlrpclib.Fault(1, "You are not allowed to edit this page")
 
-        # =================================================================
-
         page = PageEditor(self.request, pagename)
         try:
             if self.version == 2:
@@ -1001,11 +981,6 @@
         if not self.request.user.may.read(pagename):
             return self.notAllowedFault()
 
-        if not self.request.cfg.xmlrpc_putpage_enabled:
-            return xmlrpclib.Boolean(0)
-        if (self.request.cfg.xmlrpc_putpage_trusted_only and
-            not self.request.user.auth_method in self.request.cfg.trusted_auth_methods):
-            return xmlrpclib.Fault(1, "You are not allowed to edit this page")
         # also check ACLs
         if not self.request.user.may.write(pagename):
             return xmlrpclib.Fault(1, "You are not allowed to edit this page")