Commits

Thomas Waldmann  committed dbfad38

SecurityPolicy: some simplifications and cleanups

change the config default from None (which triggered the use of the default
security policy class) to directly put the default security policy class there.

renamed "Permissions" to more clear "DefaultSecurityPolicy".

updated / fixed some docstrings

  • Participants
  • Parent commits c64d3d8

Comments (0)

Files changed (3)

File MoinMoin/config/default.py

 from MoinMoin import datastruct
 from MoinMoin.auth import MoinAuth
 from MoinMoin.util import plugins
-from MoinMoin.security import AccessControlList
+from MoinMoin.security import AccessControlList, DefaultSecurityPolicy
 
 
 class CacheClass(object):
      "list of auth objects, to be called in this order (see HelpOnAuthentication)"),
     ('secrets', None, """Either a long shared secret string used for multiple purposes or a dict {"purpose": "longsecretstring", ...} for setting up different shared secrets for different purposes."""),
     ('SecurityPolicy',
-     None,
+     DefaultSecurityPolicy,
      "Class object hook for implementing security restrictions or relaxations"),
     ('endpoints_excluded',
      [],

File MoinMoin/security/__init__.py

 # Copyright: 2000-2004 Juergen Hermann <jh@web.de>
-# Copyright: 2003-2008,2011 MoinMoin:ThomasWaldmann
+# Copyright: 2003-2008,2011-2012 MoinMoin:ThomasWaldmann
 # Copyright: 2003 Gustavo Niemeyer
 # Copyright: 2005 Oliver Graf
 # Copyright: 2007 Alexander Schremmer
 
 """
 MoinMoin - Wiki Security Interface and Access Control Lists
-
-
-This implements the basic interface for user permissions and
-system policy. If you want to define your own policy, inherit
-from the base class 'Permissions', so that when new permissions
-are defined, you get the defaults.
-
-Then assign your new class to "SecurityPolicy" in wikiconfig;
-and I mean the class, not an instance of it!
 """
 
 
     return wrap
 
 
-class Permissions(object):
-    """ Basic interface for user permissions and system policy.
+class DefaultSecurityPolicy(object):
+    """Basic interface for user permissions and system policy.
 
-    Note that you still need to allow some of the related actions, this
-    just controls their behavior, not their activation.
+    If you want to define your own policy, inherit from DefaultSecurityPolicy,
+    so that when new permissions are defined later, you will inherit their
+    default behaviour.
 
-    When sub classing this class, you must extend the class methods, not
-    replace them, or you might break the ACLs in the wiki.
-    Correct sub classing looks like this::
+    Then assign your new class (not an instance!) to "SecurityPolicy" in the
+    wiki configuration.
 
+    When subclassing this class, you must extend the class methods, not replace
+    them, or you might break the ACLs in the wiki.
+
+    Correct subclassing looks like this::
+
+    class MySecPol(DefaultSecurityPolicy):
         def read(self, itemname):
             # Your special security rule
             if something:
 
             # Do not just return True or you break (ignore) ACLs!
             # This call will return correct permissions by checking ACLs:
-            return Permissions.read(itemname)
+            return super(MySecPol, self).read(itemname)
     """
     def __init__(self, user):
         self.name = user.name
         raise AttributeError(attr)
 
 
-# make an alias for the default policy
-Default = Permissions
-
-
 class AccessControlList(object):
     """
     Access Control List - controls who may do what.

File MoinMoin/user.py

                 self.set_password(password)
 
         # "may" so we can say "if user.may.read(pagename):"
-        if self._cfg.SecurityPolicy:
-            self.may = self._cfg.SecurityPolicy(self)
-        else:
-            from MoinMoin.security import Default
-            self.may = Default(self)
+        self.may = self._cfg.SecurityPolicy(self)
 
     def __repr__(self):
         # In rare cases we might not have these profile settings when the __repr__ is called.