changeset 386:2305be335d83

merged
author Michael Mayorov <marchael@kb.csu.ru>
date Tue, 02 Aug 2011 01:40:37 +0000
parents c5cc63fd82f6 (current diff) 7ed1945aeb03 (diff)
children 05657b355ce4
files MoinMoin/app.py
diffstat 9 files changed, 28 insertions(+), 47 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/_tests/__init__.py	Tue Aug 02 01:38:04 2011 +0000
+++ b/MoinMoin/_tests/__init__.py	Tue Aug 02 01:40:37 2011 +0000
@@ -39,6 +39,7 @@
 def become_trusted(username=u"TrustedUser"):
     """ modify flaskg.user to make the user valid and trusted, so it is in acl group Trusted """
     become_valid(username)
+    flaskg.user.auth_trusted = True
     flaskg.user.auth_method = app.cfg.auth_methods_trusted[0]
 
 
--- a/MoinMoin/app.py	Tue Aug 02 01:38:04 2011 +0000
+++ b/MoinMoin/app.py	Tue Aug 02 01:40:37 2011 +0000
@@ -264,6 +264,10 @@
         userobj = user.User(auth_method='invalid')
     # if we have a valid user we store it in the session
     if userobj.valid:
+        # TODO: auth_trusted should be set by the auth method (auth class
+        # could have a param where the admin could tell whether he wants to
+        # trust it)
+        userobj.auth_trusted = userobj.auth_method in app.cfg.auth_methods_trusted
         session['user.id'] = userobj.id
         session['user.auth_method'] = userobj.auth_method
         session['user.auth_attribs'] = userobj.auth_attribs
--- a/MoinMoin/config/default.py	Tue Aug 02 01:38:04 2011 +0000
+++ b/MoinMoin/config/default.py	Tue Aug 02 01:40:37 2011 +0000
@@ -23,7 +23,7 @@
 from MoinMoin import datastruct
 from MoinMoin.auth import MoinAuth
 from MoinMoin.util import plugins
-from MoinMoin.security import FunctionACL
+from MoinMoin.security import AccessControlList
 
 
 class CacheClass(object):
@@ -71,7 +71,7 @@
         self.cache.item_group_regexact = re.compile(u'^%s$' % self.item_group_regex, re.UNICODE)
 
         # compiled functions ACL
-        self.cache.acl_functions = FunctionACL(self, [self.acl_functions])
+        self.cache.acl_functions = AccessControlList([self.acl_functions], valid=self.acl_rights_functions)
 
         plugins._loadPluginModule(self)
 
--- a/MoinMoin/datastruct/backends/_tests/__init__.py	Tue Aug 02 01:38:04 2011 +0000
+++ b/MoinMoin/datastruct/backends/_tests/__init__.py	Tue Aug 02 01:40:37 2011 +0000
@@ -14,7 +14,7 @@
 from flask import current_app as app
 from flask import g as flaskg
 
-from MoinMoin.security import ContentACL
+from MoinMoin.security import AccessControlList
 from MoinMoin.datastruct import GroupDoesNotExistError
 
 
@@ -91,7 +91,7 @@
         Check user which has rights.
         """
         acl_rights = ["AdminGroup:admin,read,write"]
-        acl = ContentACL(app.cfg, acl_rights)
+        acl = AccessControlList(acl_rights, valid=app.cfg.acl_rights_contents)
 
         for user in self.expanded_groups['AdminGroup']:
             for permission in ["read", "write", "admin"]:
@@ -103,7 +103,7 @@
         Check user which does not have rights.
         """
         acl_rights = ["AdminGroup:read,write"]
-        acl = ContentACL(app.cfg, acl_rights)
+        acl = AccessControlList(acl_rights, valid=app.cfg.acl_rights_contents)
 
         assert u"SomeUser" not in flaskg.groups['AdminGroup']
         for permission in ["read", "write"]:
@@ -114,7 +114,7 @@
 
     def test_backend_acl_with_all(self):
         acl_rights = ["EditorGroup:read,write,admin All:read"]
-        acl = ContentACL(app.cfg, acl_rights)
+        acl = AccessControlList(acl_rights, valid=app.cfg.acl_rights_contents)
 
         for member in self.expanded_groups[u'EditorGroup']:
             for permission in ["read", "write", "admin"]:
@@ -128,7 +128,7 @@
         assert u'NotExistingGroup' not in flaskg.groups
 
         acl_rights = ["NotExistingGroup:read,write,admin All:read"]
-        acl = ContentACL(app.cfg, acl_rights)
+        acl = AccessControlList(acl_rights, valid=app.cfg.acl_rights_contents)
 
         assert not acl.may(u"Someone", "write")
 
--- a/MoinMoin/datastruct/backends/_tests/test_wiki_groups.py	Tue Aug 02 01:38:04 2011 +0000
+++ b/MoinMoin/datastruct/backends/_tests/test_wiki_groups.py	Tue Aug 02 01:40:37 2011 +0000
@@ -18,7 +18,7 @@
 from MoinMoin.datastruct.backends._tests import GroupsBackendTest
 from MoinMoin.datastruct import GroupDoesNotExistError
 from MoinMoin.config import USERGROUP
-from MoinMoin.security import ContentACL
+from MoinMoin.security import AccessControlList
 from MoinMoin.user import User
 from MoinMoin._tests import become_trusted, create_random_string_list, update_item
 
@@ -110,7 +110,7 @@
         update_item(u'NewGroup', 0, {USERGROUP: ["ExampleUser"]}, DATA)
 
         acl_rights = ["NewGroup:read,write"]
-        acl = ContentACL(app.cfg, acl_rights)
+        acl = AccessControlList(acl_rights, valid=app.cfg.acl_rights_contents)
 
         has_rights_before = acl.may(u"AnotherUser", "read")
 
--- a/MoinMoin/security/__init__.py	Tue Aug 02 01:38:04 2011 +0000
+++ b/MoinMoin/security/__init__.py	Tue Aug 02 01:40:37 2011 +0000
@@ -169,12 +169,12 @@
 
     special_users = ["All", "Known", "Trusted"] # order is important
 
-    def __init__(self, cfg, lines=[], default='', valid=None):
-        """ Initialize an ACL, starting from <nothing>. """
+    def __init__(self, lines=[], default='', valid=None):
+        """ Initialize an ACL, starting from <nothing>.
+        """
         assert valid is not None
         self.acl_rights_valid = valid
         self.default = default
-        self.auth_methods_trusted = cfg.auth_methods_trusted
         assert isinstance(lines, (list, tuple))
         if lines:
             self.acl = [] # [ ('User', {"read": 0, ...}), ... ]
@@ -270,8 +270,7 @@
             Does not work for subsription emails that should be sent to <user>,
             as he is not logged in in that case.
         """
-        if (flaskg.user.name == name and
-            flaskg.user.auth_method in self.auth_methods_trusted):
+        if flaskg.user.name == name and flaskg.user.auth_trusted:
             return rightsdict.get(dowhat)
         return None
 
@@ -282,30 +281,6 @@
         return self.acl_lines != other.acl_lines
 
 
-class ContentACL(AccessControlList):
-    """
-    Content AccessControlList
-
-    Uses cfg.acl_rights_contents if no list of valid rights is explicitly given.
-    """
-    def __init__(self, cfg, lines=[], default='', valid=None):
-        if valid is None:
-            valid = cfg.acl_rights_contents
-        super(ContentACL, self).__init__(cfg, lines, default, valid)
-
-
-class FunctionACL(AccessControlList):
-    """
-    Function AccessControlList
-
-    Uses cfg.acl_rights_functions if no list of valid rights is explicitly given.
-    """
-    def __init__(self, cfg, lines=[], default='', valid=None):
-        if valid is None:
-            valid = cfg.acl_rights_functions
-        super(FunctionACL, self).__init__(cfg, lines, default, valid)
-
-
 class ACLStringIterator(object):
     """ Iterator for acl string
 
--- a/MoinMoin/security/_tests/test_security.py	Tue Aug 02 01:38:04 2011 +0000
+++ b/MoinMoin/security/_tests/test_security.py	Tue Aug 02 01:40:37 2011 +0000
@@ -12,7 +12,7 @@
 
 from flask import current_app as app
 
-from MoinMoin.security import ContentACL, ACLStringIterator
+from MoinMoin.security import AccessControlList, ACLStringIterator
 
 from MoinMoin.user import User
 from MoinMoin.config import ACL
@@ -218,7 +218,7 @@
             "BadGuy:  "
             "All:read  "
             ]
-        acl = ContentACL(app.cfg, acl_rights)
+        acl = AccessControlList(acl_rights, valid=app.cfg.acl_rights_contents)
 
         # Should apply these rights:
         users = (
--- a/MoinMoin/storage/backends/acl.py	Tue Aug 02 01:38:04 2011 +0000
+++ b/MoinMoin/storage/backends/acl.py	Tue Aug 02 01:40:37 2011 +0000
@@ -47,7 +47,7 @@
 from flask import current_app as app
 from flask import g as flaskg
 
-from MoinMoin.security import ContentACL
+from MoinMoin.security import AccessControlList
 
 from MoinMoin.storage import Item, NewRevision, StoredRevision
 from MoinMoin.storage.error import NoSuchItemError, NoSuchRevisionError, AccessDeniedError
@@ -85,10 +85,10 @@
         self.cfg = cfg
         self.backend = backend
         self.hierarchic = hierarchic
-        self.valid = valid
-        self.before = ContentACL(cfg, [before], default=default, valid=valid)
-        self.default = ContentACL(cfg, [default], default=default, valid=valid)
-        self.after = ContentACL(cfg, [after], default=default, valid=valid)
+        self.valid = valid if valid is not None else cfg.acl_rights_contents
+        self.before = AccessControlList([before], default=default, valid=self.valid)
+        self.default = AccessControlList([default], default=default, valid=self.valid)
+        self.after = AccessControlList([after], default=default, valid=self.valid)
 
     def __getattr__(self, attr):
         # Attributes that this backend does not define itself are just looked
@@ -176,7 +176,7 @@
             # do not use default acl here
             acls = []
         default = self.default.default
-        return ContentACL(self.cfg, tuple(acls), default=default, valid=self.valid)
+        return AccessControlList(tuple(acls), default=default, valid=self.valid)
 
     def _may(self, itemname, right, username=None):
         """ Check if username may have <right> access on item <itemname>.
--- a/MoinMoin/user.py	Tue Aug 02 01:38:04 2011 +0000
+++ b/MoinMoin/user.py	Tue Aug 02 01:40:37 2011 +0000
@@ -399,7 +399,8 @@
     def persistent_items(self):
         """ items we want to store into the user profile """
         nonpersistent_keys = ['id', 'valid', 'may', 'auth_username',
-                              'password', 'password2', 'auth_method', 'auth_attribs',
+                              'password', 'password2',
+                              'auth_method', 'auth_attribs', 'auth_trusted',
                              ]
         return [(key, value) for key, value in vars(self).items()
                     if key not in nonpersistent_keys and key[0] != '_' and value is not None]