[Moin-user] Wiki server ignoring ACLs *followup*

Paul Boddie paul at boddie.org.uk
Wed Mar 9 16:25:32 EST 2016 

On Wednesday 9. March 2016 21.46.08 Chris Freemesser wrote:
> 
> If I add *anything* or *anybody* to the "acl_rights_default" line in the
> config file, *none* of the rights are recognized by the wiki pages.
> 
> So, the "acl_rights_default" line doesn't work at all.

Maybe someone will reply to your mail, but looking at the MoinMoin.security 
module, the acl_rights_default setting does appear to be influenced by the 
cache. Although you've run the maintenance commands to clean that, it might 
still be interesting to try adding the "Default" keyword to an explicit ACL, 
just to see what happens.

Also, I'd be tempted to add some debugging statements to the 
AccessControlList.may method; something like...

print >>open("/tmp/debug.txt", "a"), repr(acl)

...after the acl variable has been initialised. If anything, it would help 
check the data involved.

> For the next test, I added WikiAdministrator to the "acl_rights_before"
> line, and commented out the "acl_rights_default" line.
> 
> I then add an #acl line on a wiki page.  If I set the line to "All:" or
> "All:read", both settings function as intended.
> 
> If I add WikiUser to the #acl line, any rights I give that user (read,
> write, etc.) function as intended.
> 
> However, if I change the #acl line to only include WikiGroup, any rights
> assigned to WikiGroup are ignored.
> 
> So, the rights assigned via the #acl line work only for ALL or a USER, not
> for a GROUP.
> 
> Any thoughts as to why this may be happening?

The one thing that came to mind was the page_group_regex setting, which should 
be set to a sensible default. I presume that the format of your group pages is 
still correct, too. Again, some tracing in the AccessControlList.may method 
might indicate whether the groups are being recognised...

print >>open("/tmp/debug.txt", "a"), repr(groups)

...and so on.

Unfortunately, Moin isn't the friendliest thing to interactively test, just to 
see if the basics are functioning, but printing stuff out to a temporary file 
and seeing what is happening tends to provide a few answers.

Paul

More information about the Moin-user mailing list