projects
/
geekigeeki.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix ACLs
[geekigeeki.git]
/
geekigeeki.py
diff --git
a/geekigeeki.py
b/geekigeeki.py
index 46c61c55ad5343f95bbf6541eb959a6cab0f0638..0c1423a97d7534e64d9e9da53cf64e3578e641a5 100755
(executable)
--- a/
geekigeeki.py
+++ b/
geekigeeki.py
@@
-154,8
+154,7
@@
def link_tag(params, text=None, ss_class=None, authentication=False):
classattr = ''
if ss_class:
classattr += 'class="%s" ' % ss_class
classattr = ''
if ss_class:
classattr += 'class="%s" ' % ss_class
- # Prevent crawlers from following links to generated pages
- # and links added by potential spammers
+ # Prevent crawlers from following links potentially added by spammers or to generated pages
if ss_class == 'external' or ss_class == 'navlink':
classattr += 'rel="nofollow" '
if authentication:
if ss_class == 'external' or ss_class == 'navlink':
classattr += 'rel="nofollow" '
if authentication:
@@
-220,9
+219,6
@@
def do_raw(pagename):
Page(pagename).send_raw()
def do_savepage(pagename):
Page(pagename).send_raw()
def do_savepage(pagename):
- if privileged_url is None:
- raise 'editing disallowed for ' + pagename
-
global form
pg = Page(pagename)
if 'preview' in form:
global form
pg = Page(pagename)
if 'preview' in form:
@@
-231,7
+227,7
@@
def do_savepage(pagename):
pg.save_text(form['savetext'].value)
pg.send_page()
elif 'cancel' in form:
pg.save_text(form['savetext'].value)
pg.send_page()
elif 'cancel' in form:
- pg.msg = 'Editing cancel
l
ed'
+ pg.msg = 'Editing canceled'
pg.msg_type = 'notice'
pg.send_page()
else:
pg.msg_type = 'notice'
pg.send_page()
else:
@@
-355,12
+351,12
@@
class PageFormatter:
def _tit_repl(self, word):
if self.h_level:
def _tit_repl(self, word):
if self.h_level:
- result =
"</h%d></a>"
% self.h_level
+ result =
'</h%d>'
% self.h_level
self.h_level = 0
else:
self.h_level = len(word) - 1
self.h_count += 1
self.h_level = 0
else:
self.h_level = len(word) - 1
self.h_count += 1
- result = '<
a href="#%d"><h%d id="%d">' % (self.h_count, self.h_level
, self.h_count)
+ result = '<
h%d id="%d"><a class="heading" href="#%d">*</a> ' % (self.h_level, self.h_count
, self.h_count)
return result
def _rule_repl(self, word):
return result
def _rule_repl(self, word):
@@
-487,7
+483,7
@@
class PageFormatter:
raise "Can't handle match " + `match`
def print_html(self):
raise "Can't handle match " + `match`
def print_html(self):
- print
"<div class='wiki'><p>"
+ print
'<div class="wiki"><p>'
# For each line, we scan through looking for magic
# strings, outputting verbatim any intervening text
# For each line, we scan through looking for magic
# strings, outputting verbatim any intervening text
@@
-552,7
+548,7
@@
class PageFormatter:
if self.in_pre: print '</pre>'
if self.in_table: print '</tbody></table><p>'
print self._undent()
if self.in_pre: print '</pre>'
if self.in_table: print '</tbody></table><p>'
print self._undent()
- print
"</p></div>"
+ print
'</p></div>'
# ----------------------------------------------------------
class Page:
# ----------------------------------------------------------
class Page:
@@
-593,7
+589,6
@@
class Page:
else:
return link_tag(word, word, 'nonexistent')
else:
return link_tag(word, word, 'nonexistent')
-
def get_raw_body(self):
try:
return open(self._text_filename(), 'rt').read()
def get_raw_body(self):
try:
return open(self._text_filename(), 'rt').read()
@@
-621,27
+616,38
@@
class Page:
raise er
return self.attrs
raise er
return self.attrs
- def can
_edit(self
):
+ def can
(self, action, default=True
):
attrs = self.get_attrs()
try:
# SomeUser:read,write All:read
acl = attrs["acl"]
for rule in acl.split():
attrs = self.get_attrs()
try:
# SomeUser:read,write All:read
acl = attrs["acl"]
for rule in acl.split():
- (user,perms) =
acl
.split(':')
+ (user,perms) =
rule
.split(':')
if user == remote_user() or user == "All":
if user == remote_user() or user == "All":
- if
'write'
in perms.split(','):
+ if
action
in perms.split(','):
return True
return True
+ else:
+ return False
return False
return False
- except:
+ except
Exception, er
:
pass
pass
- return True
+ return default
+
+ def can_write(self):
+ return self.can("write", True)
+
+ def can_read(self):
+ return self.can("read", True)
def send_page(self):
page_name = None
def send_page(self):
page_name = None
- if self.can_
edit
():
+ if self.can_
write
():
page_name = self.page_name
send_title(page_name, self.split_title(), msg=self.msg, msg_type=self.msg_type)
page_name = self.page_name
send_title(page_name, self.split_title(), msg=self.msg, msg_type=self.msg_type)
- PageFormatter(self.get_raw_body()).print_html()
+ if self.can_read():
+ PageFormatter(self.get_raw_body()).print_html()
+ else:
+ send_guru("Read access denied by ACLs", "notice")
send_footer(page_name, self._last_modified())
def _last_modified(self):
send_footer(page_name, self._last_modified())
def _last_modified(self):
@@
-653,6
+659,9
@@
class Page:
def send_editor(self, preview=None):
send_title(None, 'Edit ' + self.split_title(), msg=self.msg, msg_type=self.msg_type)
def send_editor(self, preview=None):
send_title(None, 'Edit ' + self.split_title(), msg=self.msg, msg_type=self.msg_type)
+ if not self.can_write():
+ send_guru("Write access denied by ACLs", "error")
+ return
print ('<p><b>Editing ' + self.page_name
+ ' for ' + cgi.escape(remote_user())
print ('<p><b>Editing ' + self.page_name
+ ' for ' + cgi.escape(remote_user())
@@
-677,6
+686,9
@@
class Page:
send_footer(self.page_name)
def send_raw(self):
send_footer(self.page_name)
def send_raw(self):
+ if not self.can_read():
+ send_title(None, msg='Read access denied by ACLs', msg_type='notice')
+ return
emit_header("text/plain")
print self.get_raw_body()
emit_header("text/plain")
print self.get_raw_body()
@@
-693,6
+705,11
@@
class Page:
os.rename(tmp_filename, text)
def save_text(self, newtext):
os.rename(tmp_filename, text)
def save_text(self, newtext):
+ if not self.can_write():
+ self.msg = 'Write access denied by ACLs'
+ self.msg_type = 'error'
+ return
+
self._write_file(newtext)
rc = 0
if post_edit_hook:
self._write_file(newtext)
rc = 0
if post_edit_hook:
@@
-711,7
+728,7
@@
class Page:
if msg:
self.msg += 'Output follows:\n' + msg
else:
if msg:
self.msg += 'Output follows:\n' + msg
else:
- self.msg = 'Thankyou for your contribution. Your attention to detail is appreciated.'
+ self.msg = 'Thank
you for your contribution. Your attention to detail is appreciated.'
self.msg_type = 'success'
def send_verbatim(filename, mime_type='application/octet-stream'):
self.msg_type = 'success'
def send_verbatim(filename, mime_type='application/octet-stream'):
@@
-725,8
+742,7
@@
try:
# Configuration values
site_name = 'Codewiz'
# Configuration values
site_name = 'Codewiz'
- # set to None for read-only sites
- # leave empty ('') to allow anonymous edits
+ # set to None for read-only sites, leave empty ('') to allow anonymous edits
# otherwise, set to a URL that requires authentication
privileged_url = 'https://www.codewiz.org/~bernie/wiki'
# otherwise, set to a URL that requires authentication
privileged_url = 'https://www.codewiz.org/~bernie/wiki'