X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=geekigeeki.py;h=e6cfeca70ef5501177e27af3711418b1636cb81c;hb=05e3e729c0e20765f418c5efd35ab4426afb2fb7;hp=ec64ca9f42d41eebedeaf7e7f385b77429be360a;hpb=2d4c364b47b01894842b7ae21535ea00cf420722;p=geekigeeki.git
diff --git a/geekigeeki.py b/geekigeeki.py
index ec64ca9..e6cfeca 100755
--- a/geekigeeki.py
+++ b/geekigeeki.py
@@ -19,7 +19,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
' if msg_type == 'error': print ' Software Failure. Press left mouse button to continue.\n' @@ -104,7 +107,7 @@ def send_title(name, text="Limbo", msg=None, msg_type='error'): """ print "%s: %s " % (site_name, text) - print ' ' + print ' ' if not name: print ' ' if css_url: @@ -117,10 +120,11 @@ def send_title(name, text="Limbo", msg=None, msg_type='error'): else: print '' + title_done = True send_guru(msg, msg_type) # Navbar - print ' ' def link_tag(params, text=None, ss_class=None, authentication=False): if text is None: @@ -152,8 +154,7 @@ def link_tag(params, text=None, ss_class=None, authentication=False): classattr = '' if ss_class: classattr += 'class="%s" ' % ss_class - # Prevent crawlers from following links to generated pages - # and links added by potential spammers + # Prevent crawlers from following links potentially added by spammers or to generated pages if ss_class == 'external' or ss_class == 'navlink': classattr += 'rel="nofollow" ' if authentication: @@ -218,9 +219,6 @@ def do_raw(pagename): Page(pagename).send_raw() def do_savepage(pagename): - if privileged_url is None: - raise 'editing disallowed for ' + pagename - global form pg = Page(pagename) if 'preview' in form: @@ -229,7 +227,7 @@ def do_savepage(pagename): pg.save_text(form['savetext'].value) pg.send_page() elif 'cancel' in form: - pg.msg = 'Editing cancelled' + pg.msg = 'Editing canceled' pg.msg_type = 'notice' pg.send_page() else: @@ -253,18 +251,22 @@ def send_footer(name, mod_string=None): cgi.print_arguments() cgi.print_form(cgi.FieldStorage()) cgi.print_environ() - print ' " + print '' # ---------------------------------------------------------- class Page: @@ -540,11 +587,7 @@ class Page: if self.exists(): return link_tag(word, word, 'wikilink') else: - if nonexist_qm: - return link_tag(word, '?', 'nonexistent') + word - else: - return link_tag(word, word, 'nonexistent') - + return link_tag(word, nonexist_pfx + word, 'nonexistent') def get_raw_body(self): try: @@ -573,27 +616,38 @@ class Page: raise er return self.attrs - def can_edit(self): + def can(self, action, default=True): attrs = self.get_attrs() try: # SomeUser:read,write All:read acl = attrs["acl"] for rule in acl.split(): - (user,perms) = acl.split(':') + (user,perms) = rule.split(':') if user == remote_user() or user == "All": - if 'write' in perms.split(','): + if action in perms.split(','): return True + else: + return False return False - except: + except Exception, er: pass - return True + return default + + def can_write(self): + return self.can("write", True) + + def can_read(self): + return self.can("read", True) def send_page(self): page_name = None - if self.can_edit(): + if self.can_write(): page_name = self.page_name send_title(page_name, self.split_title(), msg=self.msg, msg_type=self.msg_type) - PageFormatter(self.get_raw_body()).print_html() + if self.can_read(): + PageFormatter(self.get_raw_body()).print_html() + else: + send_guru("Read access denied by ACLs", "notice") send_footer(page_name, self._last_modified()) def _last_modified(self): @@ -605,6 +659,9 @@ class Page: def send_editor(self, preview=None): send_title(None, 'Edit ' + self.split_title(), msg=self.msg, msg_type=self.msg_type) + if not self.can_write(): + send_guru("Write access denied by ACLs", "error") + return print ('Editing ' + self.page_name + ' for ' + cgi.escape(remote_user()) @@ -629,6 +686,9 @@ class Page: send_footer(self.page_name) def send_raw(self): + if not self.can_read(): + send_title(None, msg='Read access denied by ACLs', msg_type='notice') + return emit_header("text/plain") print self.get_raw_body() @@ -645,6 +705,11 @@ class Page: os.rename(tmp_filename, text) def save_text(self, newtext): + if not self.can_write(): + self.msg = 'Write access denied by ACLs' + self.msg_type = 'error' + return + self._write_file(newtext) rc = 0 if post_edit_hook: @@ -663,7 +728,7 @@ class Page: if msg: self.msg += 'Output follows:\n' + msg else: - self.msg = 'Thankyou for your contribution. Your attention to detail is appreciated.' + self.msg = 'Thank you for your contribution. Your attention to detail is appreciated.' self.msg_type = 'success' def send_verbatim(filename, mime_type='application/octet-stream'): @@ -677,19 +742,19 @@ try: # Configuration values site_name = 'Codewiz' - # set to None for read-only sites - # leave empty ('') to allow anonymous edits + # set to None for read-only sites, leave empty ('') to allow anonymous edits # otherwise, set to a URL that requires authentication privileged_url = 'https://www.codewiz.org/~bernie/wiki' data_dir = '/home/bernie/public_html/wiki' text_dir = path.join(data_dir, 'text') css_url = '../wikidata/geekigeeki.css' # optional stylesheet link + history_url = '../wikigit/wiki.git' post_edit_hook = './post_edit_hook.sh' datetime_fmt = '%a %d %b %Y %I:%M %p' allow_edit = True # Is it possible to edit pages? show_hosts = True # show hostnames? - nonexist_qm = False # show '?' for nonexistent? + nonexist_pfx = '' # prefix before nonexistent link (usually '?') debug_cgi = False # Set to True for CGI var dump form = cgi.FieldStorage()