Move to Sunjammer

[geekigeeki.git] / geekigeeki.py

diff --git a/geekigeeki.py b/geekigeeki.py
index 263c4829187a28dd11e3fd3cd0eff068eabedaf1..b6e802c8277f9e67be9e118c0a3eaef9cdc25fc7 100755 (executable)
--- a/geekigeeki.py
+++ b/geekigeeki.py
@@ -1,16 +1,16 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 #
-# Copyright 1999, 2000 Martin Pool <mbp@humbug.org.au>
-# Copyright 2002 Gerardo Poggiali
-# Copyright 2007, 2008, 2009 Bernie Innocenti <bernie@codewiz.org>
+# Copyright (C) 1999, 2000 Martin Pool <mbp@humbug.org.au>
+# Copyright (C) 2002 Gerardo Poggiali
+# Copyright (C) 2007, 2008, 2009 Bernie Innocenti <bernie@codewiz.org>
 #
 # This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.  You should have received a copy
-# of the GNU General Public License along with this program.
-# If not, see <http://www.gnu.org/licenses/>.
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 __version__ = '4.0-' + '$Id$'[4:11]
 
@@ -36,6 +36,7 @@ def config_get(key, default=None):
 def script_name():
     return os.environ.get('SCRIPT_NAME', '')
 
+#TODO: move post-edit hook into wiki, then kill this
 def script_path():
     return os.path.split(os.environ.get('SCRIPT_FILENAME', ''))[0]
 
@@ -46,8 +47,9 @@ def query_string():
     else:
         return os.environ.get('QUERY_STRING', '') or 'FrontPage'
 
-def privileged_path():
-    return config_get('privileged_url') or script_name()
+def is_privileged():
+    purl = config_get('privileged_url')
+    return (purl is not None) and os.environ.get('SCRIPT_URI', '').startswith(purl)
 
 def remote_user():
     user = os.environ.get('REMOTE_USER', '')
@@ -71,7 +73,7 @@ def is_external_url(pathname):
 def relative_url(pathname, privileged=False):
     if not is_external_url(pathname):
         if privileged:
-            url = privileged_path()
+            url = config_get('privileged_url') or script_name()
         else:
             url = script_name()
         pathname = url + '/' + pathname
@@ -143,7 +145,7 @@ def send_title(name, text="Limbo", msg_text=None, msg_type='error', writable=Fal
         rel, href = link
         print(' <link rel="%s" href="%s" />' % (rel, relative_url(href)))
 
-    editable = name and writable and config_get('privileged_url') is not None
+    editable = name and writable and is_privileged()
     if editable:
         print(' <link rel="alternate" type="application/x-wiki" title="Edit this page" href="%s" />' \
             % relative_url('?a=edit&q=' + name, privileged=True))
@@ -791,8 +793,10 @@ class Page:
 
     def save(self, newdata, changelog):
         if not self.can_write():
-            self.msg_text = 'Write access denied by ACLs'
-            self.msg_type = 'error'
+            self.msg_text = 'Write access denied by Access Control List'
+            return
+        if not is_privileged():
+            self.msg_text = 'Unauthenticated access denied'
             return
 
         self._write_file(newdata)