projects
/
geekigeeki.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
488a024
)
Check for privileged access
author
Bernie Innocenti
<bernie@codewiz.org>
Tue, 22 Sep 2009 02:07:20 +0000
(
04:07
+0200)
committer
Bernie Innocenti
<bernie@codewiz.org>
Tue, 22 Sep 2009 02:12:09 +0000
(
04:12
+0200)
geekigeeki.py
patch
|
blob
|
history
diff --git
a/geekigeeki.py
b/geekigeeki.py
index 263c4829187a28dd11e3fd3cd0eff068eabedaf1..aa54781073b62048ff81f144243ecebfca6f9ae8 100755
(executable)
--- a/
geekigeeki.py
+++ b/
geekigeeki.py
@@
-36,6
+36,7
@@
def config_get(key, default=None):
def script_name():
return os.environ.get('SCRIPT_NAME', '')
def script_name():
return os.environ.get('SCRIPT_NAME', '')
+#TODO: move post-edit hook into wiki, then kill this
def script_path():
return os.path.split(os.environ.get('SCRIPT_FILENAME', ''))[0]
def script_path():
return os.path.split(os.environ.get('SCRIPT_FILENAME', ''))[0]
@@
-46,8
+47,9
@@
def query_string():
else:
return os.environ.get('QUERY_STRING', '') or 'FrontPage'
else:
return os.environ.get('QUERY_STRING', '') or 'FrontPage'
-def privileged_path():
- return config_get('privileged_url') or script_name()
+def is_privileged():
+ purl = config_get('privileged_url')
+ return (purl is not None) and os.environ.get('SCRIPT_URI', '').startswith(purl)
def remote_user():
user = os.environ.get('REMOTE_USER', '')
def remote_user():
user = os.environ.get('REMOTE_USER', '')
@@
-71,7
+73,7
@@
def is_external_url(pathname):
def relative_url(pathname, privileged=False):
if not is_external_url(pathname):
if privileged:
def relative_url(pathname, privileged=False):
if not is_external_url(pathname):
if privileged:
- url =
privileged_path
()
+ url =
config_get('privileged_url') or script_name
()
else:
url = script_name()
pathname = url + '/' + pathname
else:
url = script_name()
pathname = url + '/' + pathname
@@
-143,7
+145,7
@@
def send_title(name, text="Limbo", msg_text=None, msg_type='error', writable=Fal
rel, href = link
print(' <link rel="%s" href="%s" />' % (rel, relative_url(href)))
rel, href = link
print(' <link rel="%s" href="%s" />' % (rel, relative_url(href)))
- editable = name and writable and
config_get('privileged_url') is not None
+ editable = name and writable and
is_privileged()
if editable:
print(' <link rel="alternate" type="application/x-wiki" title="Edit this page" href="%s" />' \
% relative_url('?a=edit&q=' + name, privileged=True))
if editable:
print(' <link rel="alternate" type="application/x-wiki" title="Edit this page" href="%s" />' \
% relative_url('?a=edit&q=' + name, privileged=True))
@@
-791,8
+793,10
@@
class Page:
def save(self, newdata, changelog):
if not self.can_write():
def save(self, newdata, changelog):
if not self.can_write():
- self.msg_text = 'Write access denied by ACLs'
- self.msg_type = 'error'
+ self.msg_text = 'Write access denied by Access Control List'
+ return
+ if not is_privileged():
+ self.msg_text = 'Unauthenticated access denied'
return
self._write_file(newdata)
return
self._write_file(newdata)