From: Bernie Innocenti Date: Tue, 22 Sep 2009 02:07:20 +0000 (+0200) Subject: Check for privileged access X-Git-Url: https://codewiz.org/gitweb?p=geekigeeki.git;a=commitdiff_plain;h=021fb390a791a3f990df0a4b9a51527cc47fb69b Check for privileged access --- diff --git a/geekigeeki.py b/geekigeeki.py index 263c482..aa54781 100755 --- a/geekigeeki.py +++ b/geekigeeki.py @@ -36,6 +36,7 @@ def config_get(key, default=None): def script_name(): return os.environ.get('SCRIPT_NAME', '') +#TODO: move post-edit hook into wiki, then kill this def script_path(): return os.path.split(os.environ.get('SCRIPT_FILENAME', ''))[0] @@ -46,8 +47,9 @@ def query_string(): else: return os.environ.get('QUERY_STRING', '') or 'FrontPage' -def privileged_path(): - return config_get('privileged_url') or script_name() +def is_privileged(): + purl = config_get('privileged_url') + return (purl is not None) and os.environ.get('SCRIPT_URI', '').startswith(purl) def remote_user(): user = os.environ.get('REMOTE_USER', '') @@ -71,7 +73,7 @@ def is_external_url(pathname): def relative_url(pathname, privileged=False): if not is_external_url(pathname): if privileged: - url = privileged_path() + url = config_get('privileged_url') or script_name() else: url = script_name() pathname = url + '/' + pathname @@ -143,7 +145,7 @@ def send_title(name, text="Limbo", msg_text=None, msg_type='error', writable=Fal rel, href = link print(' ' % (rel, relative_url(href))) - editable = name and writable and config_get('privileged_url') is not None + editable = name and writable and is_privileged() if editable: print(' ' \ % relative_url('?a=edit&q=' + name, privileged=True)) @@ -791,8 +793,10 @@ class Page: def save(self, newdata, changelog): if not self.can_write(): - self.msg_text = 'Write access denied by ACLs' - self.msg_type = 'error' + self.msg_text = 'Write access denied by Access Control List' + return + if not is_privileged(): + self.msg_text = 'Unauthenticated access denied' return self._write_file(newdata)