From 2d4c364b47b01894842b7ae21535ea00cf420722 Mon Sep 17 00:00:00 2001 From: Bernardo Innocenti Date: Mon, 10 Sep 2007 04:44:36 +0200 Subject: [PATCH] Implement URL switch mechanism for authentication. --- geekigeeki.py | 73 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 28 deletions(-) diff --git a/geekigeeki.py b/geekigeeki.py index 1909644..ec64ca9 100755 --- a/geekigeeki.py +++ b/geekigeeki.py @@ -36,9 +36,12 @@ title_done = False # CGI stuff --------------------------------------------------------- -def get_scriptname(): +def script_name(): return environ.get('SCRIPT_NAME', '') +def privileged_path(): + return privileged_url or script_name() + def remote_user(): return environ.get('REMOTE_USER', 'AnonymousCoward') @@ -67,7 +70,7 @@ def send_guru(msg, msg_type): if msg_type == 'error': print ' Guru Meditation #DEADBEEF.ABADC0DE' print '' - # FIXME: This simple JS code is harder to pass than ACID 3.0 + # FIXME: This simple JS snippet is harder to pass than ACID 3.0 print """ """ -def send_title(name, text="Limbo", msg=None, msg_type = 'error'): +def send_title(name, text="Limbo", msg=None, msg_type='error'): global title_done if title_done: return @@ -103,14 +106,14 @@ def send_title(name, text="Limbo", msg=None, msg_type = 'error'): print "%s: %s" % (site_name, text) print ' ' if not name: - print ' ' + print ' ' if css_url: print ' ' % css_url print '' # Body - if name and allow_edit: - print '' + if name and privileged_url is not None: + print '' else: print '' @@ -118,7 +121,7 @@ def send_title(name, text="Limbo", msg=None, msg_type = 'error'): # Navbar print '' - title_done = True + title_done = True -def link_tag(params, text=None, ss_class=None): +def link_tag(params, text=None, ss_class=None, authentication=False): if text is None: text = params # default classattr = '' - # Prevent crawlers from following links to generated pages - # and links added by potential spammers - if ss_class == 'external' or ss_class == 'navlink': - classattr += 'rel="nofollow" ' if ss_class: classattr += 'class="%s" ' % ss_class - return '%s' % (classattr, get_scriptname(), - params, text) + # Prevent crawlers from following links to generated pages + # and links added by potential spammers + if ss_class == 'external' or ss_class == 'navlink': + classattr += 'rel="nofollow" ' + if authentication: + path = privileged_path() + else: + path = script_name() + return '%s' % (classattr, path, params, text) # Search --------------------------------------------------- @@ -212,7 +218,7 @@ def do_raw(pagename): Page(pagename).send_raw() def do_savepage(pagename): - if not allow_edit: + if privileged_url is None: raise 'editing disallowed for ' + pagename global form @@ -243,6 +249,10 @@ def page_list(): def send_footer(name, mod_string=None): + if debug_cgi: + cgi.print_arguments() + cgi.print_form(cgi.FieldStorage()) + cgi.print_environ() print '