Wikkid Wiki

Merge lp:~xaav/wikkid/auth-provider into lp:wikkid

  1. auth-provider
  2. Merge into trunk
Proposed by xaav
Status: Needs review
Proposed branch: lp:~xaav/wikkid/auth-provider
Merge into: lp:wikkid
Diff against target: 204 lines (+71/-6)
8 files modified
wikkid/app.py (+8/-2)
wikkid/dispatcher.py (+3/-2)
wikkid/interface/provider.py (+15/-0)
wikkid/provider/__init__.py (+7/-0)
wikkid/provider/openprovider.py (+20/-0)
wikkid/view/base.py (+6/-2)
wikkid/view/edit.py (+5/-0)
wikkid/view/wiki.py (+7/-0)
To merge this branch: bzr merge lp:~xaav/wikkid/auth-provider
Reviewer Review Type Date Requested Status
Wikkid Hackers Pending
Review via email: mp+63755@code.launchpad.net

Description of the change

Implements authentication support.

To post a comment you must log in.
Revision history for this message
xaav (xaav) wrote :

This is sort-of done, but a bit messy.

Reply
Revision history for this message
Tim Penhey (thumper) wrote :

I think the idea of an authorization provider is a good idea. But not convinced on determining authorisation based on view name. I feel that it could end up with a lot of different authorisation checks needed.

How do you feel this would be used?

What about some general roles? Like View and Edit? I was considering the possibility of having "locked" pages, using the first line of of the wiki page, a little like he way moin does it.

Reply
Revision history for this message
xaav (xaav) wrote :

>
> How do you feel this would be used?

Basically wikkid would just verify whether an action was allowed or not, and
if not display an access denied page.

What about some general roles? Like View and Edit? I was considering the
> possibility of having "locked" pages, using the first line of of the wiki
> page, a little like he way moin does it.

The way it is now is that it is up to the authorization provider to manage
roles, allowing the most flexibility.

I sort of need to clean this up, the way it is now it's sort of hackish.

On Tue, Jun 14, 2011 at 5:59 PM, Tim Penhey <email address hidden>wrote:

> I think the idea of an authorization provider is a good idea. But not
> convinced on determining authorisation based on view name. I feel that it
> could end up with a lot of different authorisation checks needed.
>
> How do you feel this would be used?
>
> What about some general roles? Like View and Edit? I was considering the
> possibility of having "locked" pages, using the first line of of the wiki
> page, a little like he way moin does it.
> --
> https://code.launchpad.net/~xaav/wikkid/auth-provider/+merge/63755
> You are the owner of lp:~xaav/wikkid/auth-provider.
>

Reply
Revision history for this message
Tim Penhey (thumper) wrote :

On Wed, 15 Jun 2011 13:31:04 you wrote:
> > How do you feel this would be used?
>
> Basically wikkid would just verify whether an action was allowed or not,
> and if not display an access denied page.
>
> What about some general roles? Like View and Edit? I was considering the
>
> > possibility of having "locked" pages, using the first line of of the wiki
> > page, a little like he way moin does it.
>
> The way it is now is that it is up to the authorization provider to manage
> roles, allowing the most flexibility.

Well... we probably don't want that entirely.

If you think about what we want people to do, there isn't really much.

Pretty much just View and Edit.

By passing through the View name, we are expecting all providers to handle all
views, and by adding a view this would require a change to all providers.

We don't want that.

Reply
Revision history for this message
xaav (xaav) wrote :

>
> By passing through the View name, we are expecting all providers to handle
> all
> views, and by adding a view this would require a change to all providers.

That's the "hackiness" that I was referring to.

On Tue, Jun 14, 2011 at 8:55 PM, Tim Penhey <email address hidden>wrote:

> On Wed, 15 Jun 2011 13:31:04 you wrote:
> > > How do you feel this would be used?
> >
> > Basically wikkid would just verify whether an action was allowed or not,
> > and if not display an access denied page.
> >
> > What about some general roles? Like View and Edit? I was considering
> the
> >
> > > possibility of having "locked" pages, using the first line of of the
> wiki
> > > page, a little like he way moin does it.
> >
> > The way it is now is that it is up to the authorization provider to
> manage
> > roles, allowing the most flexibility.
>
> Well... we probably don't want that entirely.
>
> If you think about what we want people to do, there isn't really much.
>
> Pretty much just View and Edit.
>
> By passing through the View name, we are expecting all providers to handle
> all
> views, and by adding a view this would require a change to all providers.
>
> We don't want that.
>
> --
> https://code.launchpad.net/~xaav/wikkid/auth-provider/+merge/63755
> You are the owner of lp:~xaav/wikkid/auth-provider.
>

Reply
Revision history for this message
Tim Penhey (thumper) wrote :

On Wed, 15 Jun 2011 14:13:27 you wrote:
> > By passing through the View name, we are expecting all providers to
> > handle all
> > views, and by adding a view this would require a change to all providers.
>
> That's the "hackiness" that I was referring to.

OK, how about a slight change then.

What about an expected "permission" attribute to the base view class.
Initialised to something boring like None

The view registration code then makes sure that the permission is set.

We use 'view' and 'edit' for now, and add the appropriate permission to all
the views.

Reply
lp:~xaav/wikkid/auth-provider updated
71. By xaav

Revised authorization.

Revision history for this message
xaav (xaav) wrote :

I changed it so that the authorization was removed from the base view and added to each individual view.

Reply

Unmerged revisions

71. By xaav

Revised authorization.

70. By xaav

Cleaned up authorization.

69. By xaav

Completed auth provider.

68. By xaav

Completed auth provider.

67. By xaav

Changed to Authorization Provider.

66. By xaav

Added OpenProvider.

65. By xaav

Added auth provider.

64. By xaav <email address hidden>

Linked bug

63. By xaav

Added provider interface.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'wikkid/app.py'
--- wikkid/app.py 2010-11-22 00:00:31 +0000
+++ wikkid/app.py 2011-06-15 02:41:34 +0000
@@ -17,6 +17,7 @@
17from webob.exc import HTTPException, HTTPNotFound17from webob.exc import HTTPException, HTTPNotFound
1818
19from wikkid.context import ExecutionContext19from wikkid.context import ExecutionContext
20from wikkid.provider.openprovider import OpenProvider
20from wikkid.dispatcher import get_view21from wikkid.dispatcher import get_view
21from wikkid.fileutils import FileIterable22from wikkid.fileutils import FileIterable
22from wikkid.model.factory import ResourceFactory23from wikkid.model.factory import ResourceFactory
@@ -47,10 +48,14 @@
47class WikkidApp(object):48class WikkidApp(object):
48 """The main wikkid application."""49 """The main wikkid application."""
4950
50 def __init__(self, filestore, skin_name=None, execution_context=None):51 def __init__(self, filestore, skin_name=None,
52 authorization_provider=None, execution_context=None):
53 if authorization_provider is None:
54 authorization_provider = OpenProvider()
51 if execution_context is None:55 if execution_context is None:
52 execution_context = ExecutionContext()56 execution_context = ExecutionContext()
53 self.execution_context = execution_context57 self.execution_context = execution_context
58 self.authorization_provider = authorization_provider
54 self.filestore = filestore59 self.filestore = filestore
55 self.resource_factory = ResourceFactory(self.filestore)60 self.resource_factory = ResourceFactory(self.filestore)
56 # Need to load the initial templates for the skin.61 # Need to load the initial templates for the skin.
@@ -85,7 +90,8 @@
85 resource_path, action = parse_url(path)90 resource_path, action = parse_url(path)
86 model = self.resource_factory.get_resource_at_path(resource_path)91 model = self.resource_factory.get_resource_at_path(resource_path)
87 try:92 try:
88 view = get_view(model, action, request, self.execution_context)93 view = get_view(model, action, request, self.execution_context,
94 self.authorization_provider)
89 response = view.render(self.skin)95 response = view.render(self.skin)
90 except HTTPException, e:96 except HTTPException, e:
91 response = e97 response = e
9298
=== modified file 'wikkid/dispatcher.py'
--- wikkid/dispatcher.py 2010-11-12 09:00:42 +0000
+++ wikkid/dispatcher.py 2011-06-15 02:41:34 +0000
@@ -18,12 +18,13 @@
18from zope.interface import providedBy18from zope.interface import providedBy
1919
20from wikkid.context import ExecutionContext20from wikkid.context import ExecutionContext
21from wikkid.provider.openprovider import OpenProvider
2122
22# The view registry needs to map an Interface and a name to a class.23# The view registry needs to map an Interface and a name to a class.
23_VIEW_REGISTRY = {}24_VIEW_REGISTRY = {}
2425
2526
26def get_view(obj, view_name, request, ec=ExecutionContext()):27def get_view(obj, view_name, request, ec=ExecutionContext(), ap=OpenProvider()):
27 """Get the most relevant view for the object for the specified name.28 """Get the most relevant view for the object for the specified name.
2829
29 Iterate through the provided interfaces of the object and look in the view30 Iterate through the provided interfaces of the object and look in the view
@@ -33,7 +34,7 @@
33 for interface in interfaces:34 for interface in interfaces:
34 try:35 try:
35 klass = _VIEW_REGISTRY[(interface, view_name)]36 klass = _VIEW_REGISTRY[(interface, view_name)]
36 instance = klass(obj, request, ec)37 instance = klass(obj, request, ec, ap)
37 instance.initialize()38 instance.initialize()
38 return instance39 return instance
39 except KeyError:40 except KeyError:
4041
=== added file 'wikkid/interface/provider.py'
--- wikkid/interface/provider.py 1970-01-01 00:00:00 +0000
+++ wikkid/interface/provider.py 2011-06-15 02:41:34 +0000
@@ -0,0 +1,15 @@
1#
2# Copyright (C) 2010 Wikkid Developers.
3#
4# This software is licensed under the GNU Affero General Public License
5# version 3 (see the file LICENSE).
6
7"""Interface for the authorization provider."""
8
9from zope.interface import Interface
10
11class IAuthorizationProvider(Interface):
12 """Verifies if a user is allowed to do an action."""
13
14 def action_allowed(action):
15 """Verifies whether an action is allowed"""
0\ No newline at end of file16\ No newline at end of file
117
=== added directory 'wikkid/provider'
=== added file 'wikkid/provider/__init__.py'
--- wikkid/provider/__init__.py 1970-01-01 00:00:00 +0000
+++ wikkid/provider/__init__.py 2011-06-15 02:41:34 +0000
@@ -0,0 +1,7 @@
1#
2# Copyright (C) 2010 Wikkid Developers.
3#
4# This software is licensed under the GNU Affero General Public License
5# version 3 (see the file LICENSE).
6
7"""Contains authentication providers."""
0\ No newline at end of file8\ No newline at end of file
19
=== added file 'wikkid/provider/openprovider.py'
--- wikkid/provider/openprovider.py 1970-01-01 00:00:00 +0000
+++ wikkid/provider/openprovider.py 2011-06-15 02:41:34 +0000
@@ -0,0 +1,20 @@
1# -*- coding: utf-8 -*-
2#
3# Copyright (C) 2010 Wikkid Developers.
4#
5# This software is licensed under the GNU Affero General Public License
6# version 3 (see the file LICENSE).
7
8"""Allows all to edit the wiki."""
9
10from zope.interface import implements
11from wikkid.interface.provider import IAuthorizationProvider
12
13
14class OpenProvider(object):
15 """Allow all to perform all actions."""
16
17 implements(IAuthorizationProvider)
18
19 def action_allowed(self, action):
20 return True
0\ No newline at end of file21\ No newline at end of file
122
=== modified file 'wikkid/view/base.py'
--- wikkid/view/base.py 2010-11-22 09:23:40 +0000
+++ wikkid/view/base.py 2011-06-15 02:41:34 +0000
@@ -45,8 +45,10 @@
4545
46 __metaclass__ = BaseViewMetaClass46 __metaclass__ = BaseViewMetaClass
4747
48 def __init__(self, context, request, execution_context):48 def __init__(self, context, request, execution_context,
49 authorization_provider):
49 self.execution_context = execution_context50 self.execution_context = execution_context
51 self.authorization_provider = authorization_provider
50 self.context = context52 self.context = context
51 self.request = request53 self.request = request
52 if request is not None:54 if request is not None:
@@ -120,13 +122,15 @@
120 :return: A `Response` object.122 :return: A `Response` object.
121 """123 """
122 return Response(body)124 return Response(body)
123125
124 def render(self, skin):126 def render(self, skin):
125 """Render the page.127 """Render the page.
126128
127 Return a tuple of content type and content.129 Return a tuple of content type and content.
128 """130 """
131
129 self.before_render()132 self.before_render()
133
130 return self._render(skin)134 return self._render(skin)
131135
132136
133137
=== modified file 'wikkid/view/edit.py'
--- wikkid/view/edit.py 2010-06-17 10:45:52 +0000
+++ wikkid/view/edit.py 2011-06-15 02:41:34 +0000
@@ -9,6 +9,7 @@
9from wikkid.view.base import BaseView9from wikkid.view.base import BaseView
10from wikkid.view.urls import canonical_url10from wikkid.view.urls import canonical_url
11from wikkid.view.utils import expand_wiki_name11from wikkid.view.utils import expand_wiki_name
12from webob.exc import HTTPUnauthorized
1213
1314
14class BaseEditView(BaseView):15class BaseEditView(BaseView):
@@ -30,3 +31,7 @@
30 def cancel_url(self):31 def cancel_url(self):
31 """The link for the cancel button."""32 """The link for the cancel button."""
32 return self.context.preferred_path33 return self.context.preferred_path
34
35 def before_render(self):
36 if(not self.authorization_provider.action_allowed('edit')):
37 raise HTTPUnauthorized()
3338
=== modified file 'wikkid/view/wiki.py'
--- wikkid/view/wiki.py 2011-04-23 08:49:27 +0000
+++ wikkid/view/wiki.py 2011-06-15 02:41:34 +0000
@@ -32,6 +32,10 @@
32 name = 'view'32 name = 'view'
33 is_default = True33 is_default = True
34 template = 'view_page'34 template = 'view_page'
35
36 def before_render(self):
37 if(not self.authorization_provider.action_allowed('view')):
38 raise HTTPUnauthorized()
3539
36 @property40 @property
37 def content(self):41 def content(self):
@@ -44,6 +48,9 @@
4448
45 For example, /FrontPage.txt will redirect to /FrontPage49 For example, /FrontPage.txt will redirect to /FrontPage
46 """50 """
51
52 self.before_render()
53
47 preferred = self.context.preferred_path54 preferred = self.context.preferred_path
48 if self.context.path != preferred:55 if self.context.path != preferred:
49 raise HTTPTemporaryRedirect(location=preferred)56 raise HTTPTemporaryRedirect(location=preferred)

Subscribers

People subscribed via source and target branches