|
Posted by Per Strandberg  |
|
|
Hello again,
we intend to using the sphene wiki for a community building project. The "problem" is that we have implemented our own user-extension and "projects" (similar to community.groups). In order to the wikis going (we want one wiki per project) I ran into some permissions problems. I made a little script that syncs our "project members" with a "sphene group" - now I had hoped that this would be enough for the wiki to work properly but I ran into permissions problems. I think my problems are caused by __has_permission. The method only returns true (for permission 1 - member of group) if pref != None and pref.snip != None. I think this might be a bug. In the code below (that seems to work for me) I have a new test of membership that only tests if the user is a group member in the group of self (the snip).
def __has_permission(self, user, pref, permission):
# ...
# member of group 1
if permission == 1:
if self.group.get_member(user) != None:
return True
# member of group 2
if permission == 1 and pref != None and pref.snip != None:
if pref.snip.group.get_member(user) != None: return True
# ...
Does this seem reasonable? Thanks, Per |
|
|
Posted by Herbert Poul  |
|
|
hi,
the method is itself a bit weird.. but.. if you look in has_edit_permission and has_view_permission (the only two instances where it is called) it seems that a user never gets edit permission just because there is no preference object... (and the default behavior for view is .. everyone can view it) .. so i'm not sure if the __has_permission method is really the problem.. if you don't want everyone to have view permission you could simply - when creating a Group object - also create a WikiSnip instance with the name: ROOT .. and then create a WikiPreference for it with view and edit set to 1 what do you think ? Hey, we have Signatures !!! Great, isn't it ? ;) |
|
|
Posted by Per Strandberg |
|
|
Let's walk through this together. (See the *** for comments.)
1 - we enter has_view_permission
def has_edit_permission(self):
user = get_current_user()
# *** - here pref is None in my case
pref = self.get_wiki_preference()
if pref == None:
permission = 1
else:
permission = pref.edit
# *** called with (user, None, 1)
return self.__has_permission(user, pref, permission)
2 - __has_permission is called with (self, user, None, 1)
def __has_permission(self, user, pref, permission):
# *** does not apply
if permission == None or permission <= -1:
return True
# *** does not apply
if user == None or not user.is_authenticated():
return False
# *** does not apply
# Noone has permission ..
if permission >= 3: return False
# *** does not apply
if user.is_superuser or user.is_staff: return True
# *** does not apply
if permission == 0: return True
# *** this SHOULD apply but does not since pref == None
if permission == 1 and pref != None and pref.snip != None:
if pref.snip.group.get_member(user) != None: return True
return False
What I would like to include in this function is this test for the case where there are no prefs - it does not have to replace the other test:
if permission == 1:
if self.group.get_member(user) != None:
return True
Hope you see what I see :) /Per |
|
|
Posted by Herbert Poul |
|
|
woops .. i somehow mixed the pref and permission arguments..
this method is very weird :) i don't really understand why i decided that i need to check for pref.snip.group in the first place.. instead of self.snip anyhoo.. what do you think of this:
kahless@sphene:/opt/python/communitytools/sphenecoll/sphene/sphwiki$ svn diff
Index: models.py
===================================================================
--- models.py (revision 620)
+++ models.py (working copy)
@@ -274,6 +274,10 @@
if permission == 0: return True
+ # if pref is None check for the group of the current snip.
+ if permission == 1 and pref == None and self.group.get_member(user) != None:
+ return True
+
if permission == 1 and pref != None and pref.snip != None:
if pref.snip.group.get_member(user) != None: return True
should be pretty much the same as your code ? Hey, we have Signatures !!! Great, isn't it ? ;) |
|
|
Posted by Per Strandberg |
|
Looks great, thanks!
/Per |
|
|
Posted by Herbert Poul |
|
ok, it's committed then ... but.. completely untested :) let me know if it works Hey, we have Signatures !!! Great, isn't it ? ;) |
|
|
Posted by Per Strandberg |
|
Group members (and not only staff) can now create wiki pages, so this works for me!
:) :) :) /Per |
Please login to post a reply.
