From laroche at redhat.com Sat Aug 7 14:54:01 2004 From: laroche at redhat.com (Florian La Roche) Date: Sat Aug 7 14:54:01 2004 Subject: [Moin-devel] moin-1.2.3 changes Message-ID: <20040807215330.GA3757@dudweiler.stuttgart.redhat.com> I have done the below changes to my moin src.rpm: - If anyone can send in changes to a page, I at least don't want them to disable sending diffs to people watching the page. Removed support for this and also changed the docu file. - Config changes to personal taste, probably not something you want to add as defaults: - The page trail list confuses me. (Yeah, I'm getting old.) - SiteNavigation is also good at the top, not easy enough to find this in the footer. - No reason to show a random page in RecentChanges - README.redhat to clarify what needs doing on a Red Hat system, no need to include this anywhere and just FYI Thanks a lot, I like moinmoin a lot since I have looked closer at it due to http://wiki.specifixinc.com, regards, Florian La Roche --- moin-1.2.3/MoinMoin/config.py.lr 2004-08-07 13:31:06.994436691 +0200 +++ moin-1.2.3/MoinMoin/config.py 2004-08-07 14:11:34.161641447 +0200 @@ -43,7 +43,7 @@ # default config values _cfg_defaults = { - 'acl_enabled': 0, + 'acl_enabled': 1, 'acl_rights_default': "Trusted:read,write,delete,revert Known:read,write,delete,revert All:read,write", 'acl_rights_before': "", 'acl_rights_after': "", @@ -55,7 +55,7 @@ 'allow_xslt': 0, 'attachments': None, # {'dir': path, 'url': url-prefix} 'auth_http_enabled': 0, - 'bang_meta': 0, + 'bang_meta': 1, 'backtick_meta': 1, 'caching_formats' : ['text_html'], 'changed_time_fmt': '%H:%M', @@ -64,20 +64,20 @@ # chart_options = {'width': 720, 'height': 540} 'chart_options': None, 'cookie_lifetime': 12, # 12 hours from now - 'data_dir': './wiki/data/', + 'data_dir': './data/', 'date_fmt': '%Y-%m-%d', 'datetime_fmt': '%Y-%m-%d %H:%M:%S', 'default_lang': 'en', 'default_markup': 'wiki', 'edit_locking': 'warn 10', # None, 'warn ', 'lock ' - 'edit_rows': 30, + 'edit_rows': 25, 'hosts_deny': [], 'html_head': '', 'html_pagetitle': None, 'httpd_host': 'localhost', 'httpd_port': 8080, 'httpd_user': 'nobody', - 'httpd_docs': './wiki-moinmoin', + 'httpd_docs': '/usr/share/moin/wiki/htdocs', 'interwikiname': None, 'logo_string': 'MoinMoin', # XXX UNICODE fix @@ -90,6 +90,7 @@ 'FrontPage', 'RecentChanges', 'FindPage', + 'SiteNavigation', 'HelpContents', ], 'nonexist_qm': 0, @@ -141,7 +142,7 @@ 'refresh': None, # (minimum_delay, type), e.g.: (2, 'internal') 'shared_intermap': None, # can be string or list of strings (filenames) 'show_hosts': 1, - 'show_section_numbers': 1, + 'show_section_numbers': 0, 'show_timings': 0, 'show_version': 0, 'sitename': 'An Unnamed MoinMoin Wiki', --- moin-1.2.3/MoinMoin/PageEditor.py.lr 2004-08-07 14:40:39.782661552 +0200 +++ moin-1.2.3/MoinMoin/PageEditor.py 2004-08-07 14:40:05.112986653 +0200 @@ -366,12 +366,6 @@

''' % (save_button_text, _('Preview'), button_spellcheck, cancel_button_text,)) - if config.mail_smarthost: - self.request.write('''''' % ( - ('', ' checked="checked"')[preview is None or (form.get('notify',['0'])[0] == '1')], - _('Send mail notification'), - )) - self.request.write(''' @@ -705,7 +699,6 @@ @param newtext: text to save for this page @param datestamp: ... @keyword stripspaces: strip whitespace from line ends (default: 0) - @keyword notify: send email notice tp subscribers (default: 0) @keyword comment: comment field (when preview is true) @keyword action: action for editlog (default: SAVE) @rtype: string @@ -793,8 +786,8 @@ eventlog.EventLog().add(self.request, 'SAVEPAGE', {'pagename': self.page_name}) - # send notification mails - if config.mail_smarthost and kw.get('notify', 0): + # send notification mails, never allow to not send emails + if config.mail_smarthost: msg = msg + self._notifySubscribers(kw.get('comment', '')) # remove lock (forcibly if we were allowed to break it by the UI) --- moin-1.2.3/wiki/cgi-bin/moin_config.py.lr 2004-08-07 14:12:08.394385057 +0200 +++ moin-1.2.3/wiki/cgi-bin/moin_config.py 2004-08-07 14:30:23.752296769 +0200 @@ -38,11 +38,18 @@ nonexist_qm = 0 # show '?' for nonexistent? backtick_meta = 1 # allow `inline typewriter`? allow_extended_names = 1 # allow ["..."] markup? -edit_rows = 20 # editor size +edit_rows = 25 # editor size max_macro_size = 50 # max size of RecentChanges in KB (0=unlimited) bang_meta = 1 # use ! to escape WikiNames? show_section_numbers = 0 # enumerate headlines? +mail_from = None # "user at example.com" +mail_smarthost = None # "127.0.0.1" +acl_enabled = 1 +acl_rights_before = "" # 'AdminName:read,write,admin,delete,revert' +acl_rights_default = 'Trusted:read,write,delete,revert Known:read,write,delete,revert All:read,write' +acl_rights_after = "" + # charting needs "gdchart" installed! # you can remove the test and gain a little speed (i.e. keep only # the chart_options assignment, or remove this code section altogether) @@ -55,6 +62,7 @@ # values that depend on above configuration settings logo_string = '%s' % (logo_url, sitename) +allowed_actions = ['DeletePage'] # security critical actions (deactivated by default) if 0: allowed_actions = ['DeletePage', 'AttachFile'] @@ -62,7 +70,7 @@ # for standalone server (see cgi-bin/moin.py) httpd_host = "localhost" -httpd_port = 80 +httpd_port = 8080 httpd_user = "nobody" httpd_docs = "/usr/share/moin/wiki/htdocs/" --- moin-1.2.3/wiki/data/text/RecentChanges.lr 2004-08-07 14:28:37.073659239 +0200 +++ moin-1.2.3/wiki/data/text/RecentChanges 2004-08-07 14:28:53.516137342 +0200 @@ -3,8 +3,6 @@ [[RecentChanges]] -last, but not least, a randomly chosen page: [[RandomPage(1)]] - ||<:> [[Icon(diffrc)]] || marks older pages that have at least one backup version stored (click for an author diff)|| ||<:> [[Icon(updated)]] || marks pages edited since you set your bookmark (click for a bookmark diff)|| ||<:> [[Icon(new)]] || marks pages created since you set your bookmark, and were not edited after creation|| --- moin-1.2.3/README.redhat.lr 2004-08-07 14:46:37.429735899 +0200 +++ moin-1.2.3/README.redhat 2004-08-07 14:52:51.933237798 +0200 @@ -0,0 +1,10 @@ +Steps to setup moin for your apache server: +- mkdir /var/www/mywiki +- cp -a /usr/share/moin/data /var/www/mywiki +- cp -a /usr/share/moin/cgi-bin/* /var/www/mywiki +- chown -R apache.apache /var/www/wiki/data +- vi /etc/httpd/conf.d/mywiki.conf + Alias /wiki/ "/usr/share/moin/htdocs/" + ScriptAlias /mywiki "/var/www/mywiki/moin.cgi" +- vi /var/www/mywiki/moin_config.py # to set the default configuration +- service httpd restart --- moin-1.2.3/wiki/data/text/HelpOnConfiguration_2fEmailSupport.lr 2004-08-07 22:01:54.362395817 +0200 +++ moin-1.2.3/wiki/data/text/HelpOnConfiguration_2fEmailSupport 2004-08-07 22:02:40.387253351 +0200 @@ -19,4 +19,4 @@ === Change Notification === -Any user can subscribe to changes of wiki pages by either clicking on the envelope icon [[Icon(subscribe)]], or by adding a regex to the "Subscribed wiki pages" field of his UserPreferences. The system then sends, whenever a page is changed and the author doesn't uncheck the "[[GetText(Send mail notification)]]" checkbox, an email with the author, a link to the page, and the diff of the change. +Any user can subscribe to changes of wiki pages by either clicking on the envelope icon [[Icon(subscribe)]], or by adding a regex to the "Subscribed wiki pages" field of his UserPreferences. The system then sends, whenever a page is changed, an email with the author, a link to the page, and the diff of the change. --- moin-1.2.3/MoinMoin/user.py.lr 2004-08-07 23:25:53.285373103 +0200 +++ moin-1.2.3/MoinMoin/user.py 2004-08-07 23:26:59.146401968 +0200 @@ -167,7 +167,7 @@ # create checkbox fields (with default 0) for key, label in self._checkbox_fields: setattr(self, key, 0) - self.show_page_trail = 1 + self.show_page_trail = 0 self.show_fancy_links = 1 self.show_emoticons = 1 self.show_toolbar = 1 From tw-public at gmx.de Mon Aug 9 09:42:05 2004 From: tw-public at gmx.de (Thomas Waldmann) Date: Mon Aug 9 09:42:05 2004 Subject: [Moin-devel] moin-1.2.3 changes In-Reply-To: <20040807215330.GA3757@dudweiler.stuttgart.redhat.com> References: <20040807215330.GA3757@dudweiler.stuttgart.redhat.com> Message-ID: <4117C4F9.60002@gmx.de> Hi Florian, > - If anyone can send in changes to a page, I at least don't want them > to disable sending diffs to people watching the page. Removed support > for this and also changed the docu file. This change has positive and negative aspects. Maybe we should leave that choice to the one doing the subscription. > - Config changes to personal taste, probably not something you want to > add as defaults: Quite some of them are like I also configure it. But if we change that, we force people to reconfigure their stuff if they used the defaults. So this is maybe for moin_config.py, rather not for config.py. > - The page trail list confuses me. (Yeah, I'm getting old.) Isn't that a userpref option? > - SiteNavigation is also good at the top, not easy enough to > find this in the footer. You already can add this globally to navi_bar or to userpref per user. > - No reason to show a random page in RecentChanges ;) > - README.redhat to clarify what needs doing on a Red Hat system, no need > to include this anywhere and just FYI Good 8) From matt.price at utoronto.ca Wed Aug 18 21:20:02 2004 From: matt.price at utoronto.ca (Matt Price) Date: Wed Aug 18 21:20:02 2004 Subject: [Moin-devel] macro question Message-ID: <20040819041911.GA21313@utoronto.ca> Hi, not surethis belongs in the -devel list, but just quick: It's not at all obvious to me whether there's a function that returns the name of a particular page. So fori nstance, if I want to make a form & put the name (not the full url) of the page into one of the input fields, is there a function I should call? More generally, is there a good way to review the documentation on the MoiMoin module? Right now I am using the command-line python interpreter & cycling laboriously through the x.__doc__ info at the command line; bt this is not such a good way to understnad the code! Any suggestions for a better way? I'm something of a python newbie. thanks much!! matt ------------------------------------------- Matt Price matt.price at utoronto.ca History Department, University of Toronto (416) 978-2094 -------------------------------------------- From kleiweg at let.rug.nl Sat Aug 21 12:17:07 2004 From: kleiweg at let.rug.nl (Peter Kleiweg) Date: Sat Aug 21 12:17:07 2004 Subject: [Moin-devel] AssertionError Message-ID: I am trying to save a page on MoinMoin, and get "AssertionErrorsorry, but this version only supports 100 named groups". The error is in the spam check. Uses regex with named groups. Why do you need named groups in spam checking? -- Peter Kleiweg http://www.let.rug.nl/~kleiweg/ From david at dgreaves.com Sun Aug 22 14:49:01 2004 From: david at dgreaves.com (David Greaves) Date: Sun Aug 22 14:49:01 2004 Subject: [Moin-devel] moin-1.2.3 changes In-Reply-To: <4117C4F9.60002@gmx.de> References: <20040807215330.GA3757@dudweiler.stuttgart.redhat.com> <4117C4F9.60002@gmx.de> Message-ID: <4129148C.3050700@dgreaves.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas Waldmann wrote: | Hi Florian, | |> - If anyone can send in changes to a page, I at least don't want them |> to disable sending diffs to people watching the page. Removed |> support |> for this and also changed the docu file. | | | This change has positive and negative aspects. Maybe we should leave | that choice to the one doing the subscription. I like to run an open wiki but having missed a few changes adding porn links and obscenities I would like to see this as at least a subscriber option. ie I want email and diffs (or the new text) for _all_ changes. I like a user prefs option to subscribe (eg: "Subscribe sends trivial changes"). No need to make it 'per subscription regexp' as I think it's mainly of interest to those of us with .* :) More questionable - although mail is sent, I'd like vandals not to know - so if they tick 'no email' then, as now, maybe tell them you didn't send email. They'll hopefully just think you're more vigilant ;) If you're looking at this then I'll hold back - otherwise let me know and I'll start working on a patch. Thanks David Greaves www.mythtv.info -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBKRSM8LvjTle4P1gRAnxZAJ9iRSxz16ay4DPWXrS3Mmxz9iau1wCfSxS9 DWkcze6s/SjwMnd/Hc13nxo= =RRmn -----END PGP SIGNATURE----- From crosseyedpenguin at yahoo.com Mon Aug 23 08:45:03 2004 From: crosseyedpenguin at yahoo.com (Roger Haase) Date: Mon Aug 23 08:45:03 2004 Subject: [Moin-devel] moin-1.2.3 changes In-Reply-To: <4129148C.3050700@dgreaves.com> Message-ID: <20040823154435.50751.qmail@web14306.mail.yahoo.com> --- David Greaves wrote: > I like to run an open wiki but having missed a few changes adding > porn > links and obscenities I would like to see this as at least a > subscriber option. ie I want email and diffs (or the new text) for > _all_ changes. > > I like a user prefs option to subscribe (eg: "Subscribe sends trivial > changes"). No need to make it 'per subscription regexp' as I think > it's mainly of interest to those of us with .* :) > > More questionable - although mail is sent, I'd like vandals not to > know - so if they tick 'no email' then, as now, maybe tell them you > didn't send email. They'll hopefully just think you're more vigilant > ;) > > If you're looking at this then I'll hold back - otherwise let me know > and I'll start working on a patch. > > Thanks > > David Greaves > www.mythtv.info > I agree with your thinking David. Tools which assist administrators in watching a site are very beneficial. I would certainly apply your patch if it were available. Roger Haase __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail From R.Bauer at fz-juelich.de Mon Aug 23 13:03:05 2004 From: R.Bauer at fz-juelich.de (Reimar Bauer) Date: Mon Aug 23 13:03:05 2004 Subject: [Moin-devel] many attachments at once Message-ID: <200408231914.26552.R.Bauer@fz-juelich.de> Dear all, sometimes we like to add a bunch of data files to a wiki page. The attachment rules are restricted to upload these files one by one. Is there a chance to get this changed? Alternative we could pack these files to a tar archive and I would write a macro to unpack it after it is uploaded. cheers Reimar -- Forschungszentrum Juelich email: R.Bauer at fz-juelich.de http://www.fz-juelich.de/icg/icg-i/ ================================================================== a IDL library at ForschungsZentrum Juelich http://www.fz-juelich.de/icg/icg-i/idl_icglib/idl_lib_intro.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature URL: From Andrew.Premdas at man.ac.uk Wed Aug 25 08:37:09 2004 From: Andrew.Premdas at man.ac.uk (Andrew Premdas) Date: Wed Aug 25 08:37:09 2004 Subject: [Moin-devel] Problem with ACL and groups Message-ID: Have created a page AdminGroup which contains * AndrewPremdas My account is AndrewPremdas If I give permissions either globally or locally (on a page) to AndrewPremdas things work fine. If I give the same permissions to AdminGroup they do not. I really need to get Group pages working, anyone offer any ideas or help? Example: From rl03 at gentoo.org Fri Aug 27 13:51:07 2004 From: rl03 at gentoo.org (Renat Lumpau) Date: Fri Aug 27 13:51:07 2004 Subject: [Moin-devel] Permissions Message-ID: <20040827205033.GA6627@toucan.gentoo.org> Moin devs, I am cleaning up the Gentoo ebuild for moinmoin, and I have a quick question I hope you can help me with. What files does the httpd need write access to? Right now I'm doing the equivalent of chown -R apache:apache * , and I'd really like something cleaner. Please CC me in replies, as I am not on the list. Thanks, -- Renat Lumpau Gentoo developer GPG key id #C6A838DA on http://pgp.mit.edu Key fingerprint = 04AF B5EE 17CB 1000 DDA5 D3FC 1338 ADC2 C6A8 38DA -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From festifn at rupert.informatik.uni-stuttgart.de Fri Aug 27 14:09:04 2004 From: festifn at rupert.informatik.uni-stuttgart.de (Florian Festi) Date: Fri Aug 27 14:09:04 2004 Subject: [Moin-devel] Permissions In-Reply-To: <20040827205033.GA6627@toucan.gentoo.org> References: <20040827205033.GA6627@toucan.gentoo.org> Message-ID: > I am cleaning up the Gentoo ebuild for moinmoin, and I have a quick > question I hope you can help me with. What files does the httpd need > write access to? Right now I'm doing the equivalent of chown -R > apache:apache * , and I'd really like something cleaner. You need write acces to the whole data directory of each wiki instance with all files included. It is possible to configure Moin to serve attachments thrugh the web server. If you do this another writable directory is needed. But this setup is a bit exotic and this is not needed. cu MoinMoin:FlorianFesti From guo198010 at tom.com Fri Aug 27 18:55:05 2004 From: guo198010 at tom.com (guo198010 at tom.com) Date: Fri Aug 27 18:55:05 2004 Subject: [Moin-devel] Software for Search-Engine, Mail, DNS, and more Message-ID: <000001c48ca1$e99bed70$6301a8c0@allfagp> Software for Search-Engine, Mail, DNS, and more http://cn.1618.net http://hk.1618.net http://tw.1618.net http://us.1618.net ftp://1618NET:E171BB2D873546689C770BCBE415B3F6 at ftp.1618.net SORRY: this message is created by robot! From tw-public at gmx.de Mon Aug 30 03:48:04 2004 From: tw-public at gmx.de (Thomas Waldmann) Date: Mon Aug 30 03:48:04 2004 Subject: [Moin-devel] Permissions In-Reply-To: <20040827205033.GA6627@toucan.gentoo.org> References: <20040827205033.GA6627@toucan.gentoo.org> Message-ID: <413304FE.9040908@gmx.de> > I am cleaning up the Gentoo ebuild for moinmoin, and I have a quick question I hope you can help me with. What files does the httpd need write access to? Right now I'm doing the equivalent of chown -R apache:apache * , and I'd really like something cleaner. Additionally to what Florian already said, try to do it without giving world access to data/ - there are critical informations inside there like ACL protected pages and user accounts, so they shouldnt be readable to everybody on FS level. From tw-public at gmx.de Mon Aug 30 03:50:19 2004 From: tw-public at gmx.de (Thomas Waldmann) Date: Mon Aug 30 03:50:19 2004 Subject: [Moin-devel] AssertionError In-Reply-To: References: Message-ID: <4133058B.3040906@gmx.de> > I am trying to save a page on MoinMoin, and get > "AssertionErrorsorry, but this version only supports 100 named > groups". The error is in the spam check. Uses regex with named > groups. Why do you need named groups in spam checking? This also applies to not-named groups, if you just do spammer.(de|com), this counts as 1 group. In current BadContent page this is already fixed, it is below 100 groups. Long term I will change the code to iterate over the lines instead of making one big RE out of them. From noreply at sourceforge.net Mon Aug 30 07:15:01 2004 From: noreply at sourceforge.net (SourceForge.net) Date: Mon Aug 30 07:15:01 2004 Subject: [Moin-devel] [ moin-Bugs-1019102 ] rightsidebar.py displays userid escaped Message-ID: Bugs item #1019102, was opened at 2004-08-30 10:13 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108482&aid=1019102&group_id=8482 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Patrick Mueller (pmuellr) Assigned to: Nobody/Anonymous (nobody) Summary: rightsidebar.py displays userid escaped Initial Comment: In the rightsidebar.py theme, when the userid has characters that moin will escape to create the actual page name for the user, that escaped version of the userid is displayed under the user section. The fix seems simple enough. In rightsidebar.py, line 75, change: html.append('%s' % wikiutil.link_tag(self.request, wikiutil.quoteWikiname(self.request.user.name))) to the following: html.append('%s' % wikiutil.link_tag(self.request, wikiutil.quoteWikiname(self.request.user.name),wikiutil.escape(self.request.user.name))) What this does is call quote Wikiname with a specific piece of text to display (the HTML escaped userid), instead of using the default which is the Moin-escaped userid. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108482&aid=1019102&group_id=8482 From david at dgreaves.com Mon Aug 30 08:42:04 2004 From: david at dgreaves.com (David Greaves) Date: Mon Aug 30 08:42:04 2004 Subject: [Moin-devel] Permissions In-Reply-To: <413304FE.9040908@gmx.de> References: <20040827205033.GA6627@toucan.gentoo.org> <413304FE.9040908@gmx.de> Message-ID: <41334AA5.4050208@dgreaves.com> Thomas Waldmann wrote: >> I am cleaning up the Gentoo ebuild for moinmoin, and I have a quick >> question I hope you can help me with. What files does the httpd need >> write access to? Right now I'm doing the equivalent of chown -R >> apache:apache * , and I'd really like something cleaner. > > > Additionally to what Florian already said, try to do it without giving > world access to data/ - there are critical informations inside there > like ACL protected pages and user accounts, so they shouldnt be > readable to everybody on FS level. > > I run like this: my admin/shell user is moin in group moin apache runs as 'www-data.www-data' as normal however user www-data is also a member of group moin (in /etc/groups) umask is 007 Every directory underneath ~moin/ is setguid and either 660 or 770 This means that any new files or directories created by either moin or www-data are in group moin and mode g+rw(x) So user moin isn't prevented from accessing anything created by www-data and vice-versa. Nothing is in any way world accessible at all. I think this is as close as I can figure to a 'proper' way to set things up. (I don't have root on my hosting box and this works fine so I'm pretty confident too!) HTH David From david at dgreaves.com Mon Aug 30 08:45:02 2004 From: david at dgreaves.com (David Greaves) Date: Mon Aug 30 08:45:02 2004 Subject: [Moin-devel] [PATCH] Fix PageEditor puts message div inside content div Message-ID: <41334B46.3080103@dgreaves.com> Can I ask for this change to PageEditor please. I think there are a set of

elements that should always be top level. This patch fixes an instance where 'message' is not at the top level. There should be a DTD :) I started something ages ago here: http://moinmoin.wikiwikiweb.de/MoinMoinTodo_2fSkinPlugins_2fThemeCssSpecification Without this patch, message behave differently in the editor page (where they are within the content div) and other pages (where they are outside it). Thanks David --- PageEditor.py.orig 2004-07-21 21:02:15.000000000 +0100 +++ PageEditor.py 2004-08-29 22:36:21.000000000 +0100 @@ -199,8 +199,6 @@ }) or '' ) - self.request.write('
\n') # start content div - # get request parameters try: text_rows = int(form['rows'][0]) @@ -259,6 +257,8 @@ if edit_lock_message or message: self.request.write('
%s%s
' % (message, edit_lock_message)) + self.request.write('
\n') # start content div + # get the text body for the editor field if form.has_key('template'): # "template" parameter contains the name of the template page From david at dgreaves.com Mon Aug 30 08:54:16 2004 From: david at dgreaves.com (David Greaves) Date: Mon Aug 30 08:54:16 2004 Subject: [Moin-devel] [PATCH] Allow subscribers to see 'trivial' changes In-Reply-To: <20040823154435.50751.qmail@web14306.mail.yahoo.com> References: <20040823154435.50751.qmail@web14306.mail.yahoo.com> Message-ID: <41334D6C.7010702@dgreaves.com> As discussed (briefly!) recently. This patch adds a 'want_trivial' to the User object (and preferences) that indicates that the users would like to see all changes, no matter how trivial. It also sends the entire body of a page if there is no history (ie a new page). The current 'behaviour' is mimicked. In other words, if a user unticks 'Send mail notification' then it appears as if no notifications have been sent. This a) lets 'nice' users think they're not bothering people with emails about trivial changes (so they don't feel shy about correcting typos) b) may fool the abusers into thinking the admins are 'on the ball' :) c) most importantly - doesn't let abusers add p0rn links etc and stop notification emails. This applies to 1.2.3 David PS please let me know if there are any issues. Roger Haase wrote: >--- David Greaves wrote: > > >I agree with your thinking David. Tools which assist administrators in >watching a site are very beneficial. I would certainly apply your patch >if it were available. > >Roger Haase > > --- PageEditor.py.orig 2004-08-30 16:47:31.000000000 +0100 +++ PageEditor.py 2004-08-30 11:02:02.000000000 +0100 @@ -465,13 +465,14 @@ cache.remove() - def _sendNotification(self, comment, emails, email_lang, oldversions): + def _sendNotification(self, comment, emails, email_lang, oldversions, trivial): """ Send notification email for a single language. @param comment: editor's comment given when saving the page @param emails: list of email addresses @param email_lang: language of emails @param oldversions: old versions of this page + @param trivial: the change is marked as trivial @rtype: int @return: sendmail result """ @@ -493,7 +494,8 @@ # append a diff if not oldversions: mailBody = mailBody + \ - _("No older revisions of the page stored, diff not available.") + _("New page:\n") + \ + Page(self.page_name).get_raw_body() else: newpage = os.path.join(config.text_dir, wikiutil.quoteFilename(self.page_name)) oldpage = os.path.join(config.backup_dir, oldversions[0]) @@ -509,7 +511,8 @@ _('The diff function returned with error code %(rc)s!') % {'rc': rc} return util.mail.sendmail(self.request, emails, - _('[%(sitename)s] Update of "%(pagename)s"') % { + _('[%(sitename)s]%(trivial)s Update of "%(pagename)s"') % { + 'trivial' : (trivial or "") and " Trivial", 'sitename': config.sitename or "Wiki", 'pagename': self.page_name, }, @@ -517,16 +520,17 @@ # was: self.request.user.email, but we don't want to disclose email - def _notifySubscribers(self, comment): + def _notifySubscribers(self, comment, trivial): """ Send email to all subscribers of this page. @param comment: editor's comment given when saving the page + @param trivial: editor's suggestion that the change is trivial (Subscribers may ignore this) @rtype: string @return: message, indicating success or errors. """ _ = self._ - subscribers = self.getSubscribers(self.request, return_users=1) + subscribers = self.getSubscribers(self.request, return_users=1, trivial=trivial) wiki_is_smarter_than_its_users = _("You will not be notified of your own changes!") + '
' @@ -539,11 +543,18 @@ for lang in subscribers.keys(): emails = map(lambda u: u.email, subscribers[lang]) names = map(lambda u: u.name, subscribers[lang]) - mailok, status = self._sendNotification(comment, emails, lang, oldversions) + mailok, status = self._sendNotification(comment, emails, lang, oldversions, trivial) recipients = ", ".join(names) results.append(_('[%(lang)s] %(recipients)s: %(status)s') % { 'lang': lang, 'recipients': recipients, 'status': status}) + if trivial: + # lie about not sending email (so abusers think their actions are hidden) + # This is a bit inconsistent with having this as a user option - maybe reconsider u.want_trivia + # to be memberOfGroup(WantTrivia) + # FIXME also maybe make this a wiki configurable? + return _('') + return wiki_is_smarter_than_its_users + '
'.join(results) return wiki_is_smarter_than_its_users + _('Nobody subscribed to this page, no mail sent.') @@ -794,8 +805,8 @@ {'pagename': self.page_name}) # send notification mails - if config.mail_smarthost and kw.get('notify', 0): - msg = msg + self._notifySubscribers(kw.get('comment', '')) + if config.mail_smarthost: + msg = msg + self._notifySubscribers(kw.get('comment', ''), not kw.get('notify', 0)) # remove lock (forcibly if we were allowed to break it by the UI) # !!! this is a little fishy, since the lock owner might not notice --- Page.py.orig 2004-08-30 16:47:20.000000000 +0100 +++ Page.py 2004-08-30 10:09:40.000000000 +0100 @@ -333,11 +333,13 @@ @param request: the request object @keyword include_self: if 1, include current user (default: 0) @keyword return_users: if 1, return user instances (default: 0) + @keyword trivial: if 1, only include users who want trivial changes (default: 0) @rtype: dict @return: lists of subscribed email addresses in a dict by language key """ include_self = kw.get('include_self', 0) return_users = kw.get('return_users', 0) + trivial = kw.get('trivial', 0) # extract categories of this page pageList = self.getCategories(request) @@ -353,24 +355,31 @@ # get email addresses of the all wiki user which have a profile stored; # add the address only if the user has subscribed to the page and # the user is not the current editor + # Also, if the change is trivial (send email isn't ticked) only send email to users + # who want_trivial changes (typically Admins on public sites) userlist = user.getUserList() - emails = {} + subscriber_list = {} for uid in userlist: if uid == request.user.id and not include_self: continue # no self notification subscriber = user.User(request, uid) - if not subscriber.email: continue # skip empty email address + + # This is a bit wrong if return_users=1 (which implies that the caller will process + # user attributes and may, for example choose to send an SMS) + # So it _should_ be "not (subscriber.email and return_users)" but that breaks at the moment. + if not subscriber.email: continue # skip empty email addresses + if trivial and not subscriber.want_trivial: continue # skip uninterested subscribers if not UserPerms(subscriber).read(self.page_name): continue - if subscriber.isSubscribedTo(pageList): + if subscriber.isSubscribedTo(pageList): lang = subscriber.language or 'en' - if not emails.has_key(lang): emails[lang] = [] + if not subscriber_list.has_key(lang): subscriber_list[lang] = [] if return_users: - emails[lang].append(subscriber) + subscriber_list[lang].append(subscriber) else: - emails[lang].append(subscriber.email) + subscriber_list[lang].append(subscriber.email) - return emails + return subscriber_list def send_page(self, request, msg=None, **keywords): --- user.py.orig 2004-08-30 16:47:42.000000000 +0100 +++ user.py 2004-08-30 10:17:29.000000000 +0100 @@ -110,6 +110,7 @@ ('show_fancy_diff', lambda _: _('Show fancy diffs')), ('wikiname_add_spaces', lambda _: _('Add spaces to displayed wiki names')), ('remember_me', lambda _: _('Remember login information forever')), + ('want_trivial', lambda _: _('Subscribe to trivial changes')), ('disabled', lambda _: _('Disable this account forever')), ] _transient_fields = ['id', 'valid', 'may', 'auth_username', 'trusted'] @@ -173,6 +174,7 @@ self.show_toolbar = 1 self.show_nonexist_qm = config.nonexist_qm self.show_fancy_diff = 1 + self.want_trivial = 0 self.remember_me = 1 if not self.id and not self.auth_username: From rl03 at gentoo.org Mon Aug 30 10:48:17 2004 From: rl03 at gentoo.org (Renat Lumpau) Date: Mon Aug 30 10:48:17 2004 Subject: [Moin-devel] Permissions In-Reply-To: <413304FE.9040908@gmx.de> References: <20040827205033.GA6627@toucan.gentoo.org> <413304FE.9040908@gmx.de> Message-ID: <20040830174733.GA20353@toucan.gentoo.org> On Mon, Aug 30, 2004 at 12:44:14PM +0200, Thomas Waldmann wrote: > >I am cleaning up the Gentoo ebuild for moinmoin, and I have a quick > >question I hope you can help me with. What files does the httpd need > >write access to? Right now I'm doing the equivalent of chown -R > >apache:apache * , and I'd really like something cleaner. > > Additionally to what Florian already said, try to do it without giving > world access to data/ - there are critical informations inside there > like ACL protected pages and user accounts, so they shouldnt be readable > to everybody on FS level. Gentoo uses webapp-config [1][2] to install web applications. Files that the webserver needs write access to are processed by webapp_serverowned(), which installs them with user-specified permissions, and always writeable by the httpd (apache:apache in the most common case). Thus, our users can set permissions on data/ according to their needs. Best, [1] http://dev.gentoo.org/~rl03/webapp-config.html [2] http://dev.gentoo.org/~rl03/webapp.eclass.html -- Renat Lumpau Gentoo developer GPG key id #C6A838DA on http://pgp.mit.edu Key fingerprint = 04AF B5EE 17CB 1000 DDA5 D3FC 1338 ADC2 C6A8 38DA -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: