changeset 598:9e82360a5592

bbb: security policy snippet for controlling who can use other actions than show for a readonly page.
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Wed, 13 Jun 2012 14:44:05 +0200
parents 0b31dafef3cf
children 31ef7dc6168a
files data/plugin/security/__init__.py data/plugin/security/bbb_access_data.snippet
diffstat 2 files changed, 28 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/data/plugin/security/__init__.py	Wed Jun 13 14:44:05 2012 +0200
@@ -0,0 +1,1 @@
+# dummy
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/data/plugin/security/bbb_access_data.snippet	Wed Jun 13 14:44:05 2012 +0200
@@ -0,0 +1,27 @@
+# -*- coding: iso-8859-1 -*-
+"""
+    MoinMoin - SecurityPolicy implementing limitation for bbb_create parser
+
+    Example:
+    you have to copy this snippet below your Config definition in wikiconfig.py 
+    or you add it to the main security folder and import it into your Config definition.
+
+
+    @copyright: 2012 MoinMoin:ReimarBauer
+    @license: GNU GPL, see COPYING for details.
+"""
+
+from MoinMoin.Page import Page
+from MoinMoin.security import Permissions
+
+
+class SecurityPolicy(Permissions):
+    def read(self, page_name):
+        request = self.request
+        page = Page(request, page_name)
+        format = page.pi['format']
+        if format == "bbb_create":
+            if request.action == u"show" or request.user.may.write(page_name):
+                return True
+            return False
+        return True
\ No newline at end of file