[Moin-user] Questions about attachments

Zbynek Winkler zbynek.winkler at gmail.com
Mon Jul 10 08:04:21 EDT 2006 

On 7/10/06, Thomas Waldmann <tw-public at gmx.de> wrote:

> > PS. Please Cc me as I am not on the list.
> Next time write this at the BEGINNING of your mail, please.


Ok.

> How do ACLs affect attachments? Can I allow only certain users to
> > upload the
> > site? It seems I cannot but I'd like to be sure. This would be IMHO
> quite
> > useful feature.
> We check the page's ACL and re-use it for attachments attached to this
> page.
>
> So if you don't have write rights on a page, you won't be able to put a
> new attachment there.
> Same for read and delete.
>
> > It seems that adding or removing attachment does not send notification
> > emails. Is this a bug or a misconfiguration on our part?
> Maybe neither. Usually, you should link to your attachments from
> somewhere (often from the same page) by using attachment:yourfile.txt -
> and this page change will be sent out by a notify.


Yes, but was afraid that malicious user might use my wiki to distribute
unwanted content. This user would likely not make a link to the attachment.
So I wanted either to be notified of each upload or allow only some very
trusted users to upload.

I went ahead and dove into the sources and implemented a solution that works
for me. I've added line
acl_rights_valid = DefaultConfig.acl_rights_valid + ['attach']
to my wikiconfig.py and copied over MoinMoin/action/AttachFile.py to
data/plugin/action/ and replaced the checks to may.write and may.delete to
may.attach.

This way the users that have 'read' access can read the attachments but only
users with 'attach' right may upload files or delete them.

The only thing that is missing now is the email notification of manipulation
with the attachments but I am not sure how to do that. I do not know 'who'
is responsible for sending the notification. I kind of expected that since
the actions can be seen on RecentChanges a corresponding email would be sent
anyway... Where would be the best place to look into this?

Thanks for your time.
Zbynek Winkler

-- 
http://zw.matfyz.cz/     http://robotika.cz/
Faculty of Mathematics and Physics, Charles University, Prague, Czech
Republic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20060710/31b89c26/attachment.html>

More information about the Moin-user mailing list