changeset 189:2a51aa7fe632

updated (c), docstring cosmetics
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 24 Apr 2011 15:51:19 +0200
parents cad306a58919
children 31ab0478c637
files MoinMoin/security/__init__.py MoinMoin/storage/backends/acl.py
diffstat 2 files changed, 42 insertions(+), 54 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/security/__init__.py	Sun Apr 24 15:44:43 2011 +0200
+++ b/MoinMoin/security/__init__.py	Sun Apr 24 15:51:19 2011 +0200
@@ -1,21 +1,21 @@
 # Copyright: 2000-2004 Juergen Hermann <jh@web.de>
-# Copyright: 2003-2008 MoinMoin:ThomasWaldmann
+# Copyright: 2003-2008,2011 MoinMoin:ThomasWaldmann
 # Copyright: 2003 Gustavo Niemeyer
 # Copyright: 2005 Oliver Graf
 # Copyright: 2007 Alexander Schremmer
 # License: GNU GPL v2 (or any later version), see LICENSE.txt for details.
 
 """
-    MoinMoin - Wiki Security Interface and Access Control Lists
+MoinMoin - Wiki Security Interface and Access Control Lists
 
 
-    This implements the basic interface for user permissions and
-    system policy. If you want to define your own policy, inherit
-    from the base class 'Permissions', so that when new permissions
-    are defined, you get the defaults.
+This implements the basic interface for user permissions and
+system policy. If you want to define your own policy, inherit
+from the base class 'Permissions', so that when new permissions
+are defined, you get the defaults.
 
-    Then assign your new class to "SecurityPolicy" in wikiconfig;
-    and I mean the class, not an instance of it!
+Then assign your new class to "SecurityPolicy" in wikiconfig;
+and I mean the class, not an instance of it!
 """
 
 
@@ -30,6 +30,11 @@
 
 
 def require_permission(permission):
+    """
+    view decorator to require a specific permission
+
+    if the permission is not granted, abort with 403
+    """
     def wrap(f):
         @wraps(f)
         def wrapped_f(*args, **kw):
@@ -60,7 +65,6 @@
             # This call will return correct permissions by checking ACLs:
             return Permissions.read(itemname)
     """
-
     def __init__(self, user):
         self.name = user.name
 
@@ -161,22 +165,6 @@
         Note that you probably would not want to use the second and
         third examples in ACL entries of some item. They are very
         useful in the wiki configuration though.
-
-   Configuration options
-       For each backend in the namespace, you can configure the following
-       ACL presets:
-
-       default acls:
-           These are ONLY used when no item ACLs are found.
-           Default: "Known:read,write,create All:read,write",
-
-       before acls:
-           This will be inserted BEFORE any item/default ACL entries.
-           Default: ""
-
-       after acls:
-           This will be inserted AFTER any item/default ACL entries.
-           Default: ""
     """
 
     special_users = ["All", "Known", "Trusted"] # order is important
--- a/MoinMoin/storage/backends/acl.py	Sun Apr 24 15:44:43 2011 +0200
+++ b/MoinMoin/storage/backends/acl.py	Sun Apr 24 15:51:19 2011 +0200
@@ -1,4 +1,4 @@
-# Copyright: 2003-2010 MoinMoin:ThomasWaldmann
+# Copyright: 2003-2011 MoinMoin:ThomasWaldmann
 # Copyright: 2000-2004 Juergen Hermann <jh@web.de>
 # Copyright: 2003 Gustavo Niemeyer
 # Copyright: 2005 Oliver Graf
@@ -7,38 +7,38 @@
 # License: GNU GPL v2 (or any later version), see LICENSE.txt for details.
 
 """
-    MoinMoin - ACL Middleware
+MoinMoin - ACL Middleware
 
-    This backend is a middleware implementing access control using ACLs (access
-    control lists) and is referred to as AMW (ACL MiddleWare) hereafter.
-    It does not store any data, but uses a given backend for this.
-    This middleware is injected between the user of the storage API and the actual
-    backend used for storage. It is independent of the backend being used.
-    Instances of the AMW are bound to individual request objects. The user whose
-    permissions the AMW checks is hence obtained by a lookup on the request object.
-    The backend itself (and the objects it returns) need to be wrapped in order
-    to make sure that no object of the real backend is (directly or indirectly)
-    made accessible to the user of the API.
-    The real backend is still available as an attribute of the request and can
-    be used by conversion utilities or for similar tasks (flaskg.unprotected_storage).
-    Regular users of the storage API, such as the views that modify an item,
-    *MUST NOT*, in any way, use the real backend unless the author knows *exactly*
-    what he's doing (as this may introduce security bugs without the code actually
-    being broken).
+This backend is a middleware implementing access control using ACLs (access
+control lists) and is referred to as AMW (ACL MiddleWare) hereafter.
+It does not store any data, but uses a given backend for this.
+This middleware is injected between the user of the storage API and the actual
+backend used for storage. It is independent of the backend being used.
+Instances of the AMW are bound to individual request objects. The user whose
+permissions the AMW checks is hence obtained by a lookup on the request object.
+The backend itself (and the objects it returns) need to be wrapped in order
+to make sure that no object of the real backend is (directly or indirectly)
+made accessible to the user of the API.
+The real backend is still available as an attribute of the request and can
+be used by conversion utilities or for similar tasks (flaskg.unprotected_storage).
+Regular users of the storage API, such as the views that modify an item,
+*MUST NOT*, in any way, use the real backend unless the author knows *exactly*
+what he's doing (as this may introduce security bugs without the code actually
+being broken).
 
-    The classes wrapped are:
-        * AclWrapperBackend (wraps MoinMoin.storage.Backend)
-        * AclWrapperItem (wraps MoinMoin.storage.Item)
-        * AclWrapperRevision (wraps MoinMoin.storage.Revision)
+The classes wrapped are:
+    * AclWrapperBackend (wraps MoinMoin.storage.Backend)
+    * AclWrapperItem (wraps MoinMoin.storage.Item)
+    * AclWrapperRevision (wraps MoinMoin.storage.Revision)
 
-    When an attribute is 'wrapped' it means that, in this context, the user's
-    permissions are checked prior to attribute usage. If the user may not perform
-    the action he intended to perform, an AccessDeniedError is raised.
-    Otherwise the action is performed on the respective attribute of the real backend.
-    It is important to note here that the outcome of such an action may need to
-    be wrapped itself, as is the case when items or revisions are returned.
+When an attribute is 'wrapped' it means that, in this context, the user's
+permissions are checked prior to attribute usage. If the user may not perform
+the action he intended to perform, an AccessDeniedError is raised.
+Otherwise the action is performed on the respective attribute of the real backend.
+It is important to note here that the outcome of such an action may need to
+be wrapped itself, as is the case when items or revisions are returned.
 
-    All wrapped classes must, of course, adhere to the normal storage API.
+All wrapped classes must, of course, adhere to the normal storage API.
 """