[Moin-devel] alternate user identification methods
Jeff Kunce
jeff at corrt.com
Tue Aug 27 15:41:06 EDT 2002
First, I want to thank Juergen for adding support for user/page
access permissions to the CVS version of MoinMoin. However, I don't
think the system ever actually checks to see if a user has permission
to read a page. The patch Page.py.diff (attached) is a simple way to
add that feature.
Now, I'd like to request again :), a hook in user.py to allow optional
ways of identifying a user (besides the standard cookie procedure). Any
way of doing this is fine with me, but I've attached a patch as a
suggestion. The patch user.diff.py (attached) does two things:
1) allows plug-in user identification (similar to plugin SecurityPolicy)
2) creates valid user file names from any kind of username
I've also attached a sample plugin user identifier (userid.py), which
identifies the user from the REMOTE_USER environment variable.
Thanks.
--Jeff
-------------- next part --------------
Index: Page.py
===================================================================
RCS file: /cvsroot/moin/MoinMoin/Page.py,v
retrieving revision 1.131
diff -r1.131 Page.py
389a390,391
> elif not user.current.may.read(self.page_name): #(JJK)
> print "<br><b>You are not allowed to read this page</b><br>"
-------------- next part --------------
Index: user.py
===================================================================
RCS file: /cvsroot/moin/MoinMoin/user.py,v
retrieving revision 1.62
diff -r1.62 user.py
82a83,86
> # identify user by external means, if specified in moin_config (JJK)
> if hasattr(config, 'UserIdentifier'):
> config.UserIdentifier(self)
>
107c111,119
< return os.path.join(config.user_dir, self.id or "...NONE...")
---
> # mungs any username to an acceptable filename (JJK)
> safe = string.letters + string.digits + '.'
> res = list(self.id or "...NONE...")
> for i in range(len(res)):
> c = res[i]
> if c not in safe:
> res[i] = '_%02x' % ord(c)
> filename = string.joinfields(res, '')
> return os.path.join(config.user_dir, filename)
-------------- next part --------------
"""
MoinMoin - User Identification
determine the user's id
$Id: userid.py,v 1.1 2002/08/27 15:30:15 jeff Exp $
"""
import os, time, string
class BaseUserIdentifier:
'''Base class for user Identification - must be subclassed
jjk 03/05/02'''
def __init__(self, user):
if not user.id:
self._identifyUser(user)
def _identifyUser(self, user):
'''set user.id - reimplement in subclass
jjk 03/05/02'''
raise NotImplementedError, 'must be implemented in subclass'
class Remote_UserIdentifier(BaseUserIdentifier):
'''user identification with REMOTE_USER environment variable.
(includes .htaccess identification)
To use, add these lines to moin_config.py:
# user identification
from MoinMoin.userid import Remote_UserIdentifier
UserIdentifier = Remote_UserIdentifier
jjk 03/05/02'''
envkey = 'REMOTE_USER'
def _identifyUser(self, user):
'''set user.id - reimplement in subclass
jjk 04/12/02'''
if os.environ.has_key(self.envkey) and os.environ[self.envkey]!='-':
user.id = os.environ[self.envkey]
if not user.exists():
user.name = user.id
user.valid = 1
More information about the Moin-devel
mailing list