[Moin-user] account management without shell access?

Sat Jan 10 08:50:50 EST 2009

On Sat, 2009-01-10 at 17:25 +1100, Karl Auer wrote:
> Is there any way to apply an ACL to the newaccount action?
> [...]
> An alternative would be to code the action so that it looks for a
> particular account, or refuses to operate except for (say) superuser
> accounts.

I've added these lines to ./MoinMoin/actions/newaccount.py, in
_create_user(), just after the check for POST:

    # KA 10/1/2009 - only allow logged in superusers to do this!
    if not request.user.isSuperUser():
        return _('Only a superuser can create new accounts.')

It seems to work. If I am not logged in or I am logged in as a
non-superuser, I can't create accounts and I see my error message. Is
this the only place I need to do this check?

There are so many ways this could be better - for example, the code
could check a preferences setting to see if the restriction should be
applied (how do I add such a preference?). Or there could be a list of
account admins instead of just re-using the superuser list. The perfect
solution IMHO would be being able to apply ACLs to actions.

Anyway, this works well enough for my needs, but it would be nice to see
an official solution (not necessarily this one) in a future version of
MoinMoin.

Still happy to hear any better ideas, especially if my very minimal
Python skills are likely to be up to implementing them :-)

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://mail.python.org/pipermail/moin-user/attachments/20090111/16a5e38e/attachment.sig>