[Moin-user] Howto: edit security, ACLs?

Skip Montanaro skip at pobox.com
Tue Jul 1 08:13:17 EDT 2003


I have a couple questions.  Someone recently began scribbling on a bunch of
Python-related Wikis, inserting a link to a porn site, presumably in the
hope that the site's Google page rank would increase.  I run the Python VM
Wiki: <http://manatee.mojam.com/pyvmwiki>, which keeps getting scribbled on
in the same way.

To try and thwart this person/organization, I just modified moin_config.py
like so:

    # security (deactivated by default)
    if 1:
        allowed_actions = ['DeletePage', 'AttachFile']

        from MoinMoin.security import Permissions
        class SecurityPolicy(Permissions):
            edit = 1
            delete = 1
            def __init__(self, user):
                self.user = user
                self.edit = self.edit and user.valid
                self.delete = self.delete and user.valid

If I log out, I lose the EditPage links and I see that I'm not allowed to
edit pages.  I realize that requiring user logins is not the WikiWay, but
I'm tired of having to repeatedly correct the page this bozo keeps
scribbling on.  Is my change above the correct (technical) change?

A second related question.  Poking around SF with viewcvs I saw mention of
ACLs in a couple checkin messages.  Is there some other security scheme in
the works?

Thx,

-- 
Skip Montanaro
skip at pobox.com
Got spam? http://spambayes.sf.net/




More information about the Moin-user mailing list