This file is indexed.

/usr/share/pyshared/MoinMoin/security/autoadmin.py is in python-moinmoin 1.9.3-1ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
# -*- coding: iso-8859-1 -*-
"""
    MoinMoin - SecurityPolicy implementing auto admin rights for some users and some groups.

    AutoAdminGroup page contains users which automatically get admin rights
    on their homepage and subpages of it. E.g. if ThomasWaldmann is in
    AutoAdminGroup (or in a group contained in AutoAdminGroup), he gets
    admin rights on pages ThomasWaldmann and ThomasWaldmann/*.

    AutoAdminGroup page also contains groups which members automatically get
    admin rights on the group's basename.
    E.g. if SomeProject/AdminGroup is in AutoAdminGroup and ThomasWaldmann is
    in SomeProject/AdminGroup, then ThomasWaldmann gets admin rights on pages
    SomeProject and SomeProject/*.

    Further, it can autocreate the UserName/XxxxGroup (see grouppages var) when
    a user save his homepage. Alternatively, this could be also done manually by
    the user using *Template pages.

    Usage (for wiki admin):
     * Create an AutoAdminGroup page. If you don't know better, create an empty
       page for starting.
     * Enabling a home page for AutoAdmin: just add the user name to the
       AutoAdminGroup page. After that, this user can create or change ACLs on
       his homepage or subpages of it.
     * Enabling another (project) page for AutoAdmin: add <PageName>/AdminGroup
       to AutoAdminGroup. Also create that <PageName>/AdminGroup page and add
       at least one user or one group to that page, enabling him or them to
       create or change ACLs on <PageName> or subpages of it.
     Those pages edited by wiki admin should be ACL protected with write access
     limited to allowed people. They are used as source for some ACL
     information and thus should be treated like the ACLs they get fed into.

    Usage (for homepage owners):
     * see if there is a HomepageTemplate with a prepared ACL line and some
       other magic already on it. It is a good idea to have your homepage
       read- and writeable for everybody as a means of open communication.

     * For creating personal (or private) subpages of your homepage, use the
       ReadWritePageTemplate, ReadPageTemplate or PrivatePageTemplate.
       They usually have some prepared ACL line on them, e.g.:
       #acl @ME@/ReadWriteGroup:read,write @ME@/ReadGroup:read
       That @ME@ from the template will be expanded to your name when saving,
       thus using those 2 subpages (YourName/ReadWriteGroup and
       YourName/ReadGroup) for allowing read/write or read-only access to
       Now you only have to maintain 2 subpages (maybe they even have been
       auto- created for you)

    Usage (for project people):
     * see if there is some <ProjectName>Template with a prepared ACL line for
       your project pages and use it for creating new subpages.
       Use <ProjectName>/ReadWriteGroup and /ReadGroup etc. as you would do for
       a homepage (see above).

    @copyright: 2005-2006 Bastian Blank, Florian Festi, Thomas Waldmann
    @license: GNU GPL, see COPYING for details.
"""

grouppage_autocreate = False # autocreate the group pages - alternatively use templates
grouppages = ['AdminGroup', 'ReadGroup', 'ReadWriteGroup', ] # names of the subpages defining ACL groups

from MoinMoin.security import Permissions
from MoinMoin.Page import Page
from MoinMoin.PageEditor import PageEditor

class SecurityPolicy(Permissions):
    """ Extend the default security policy with autoadmin feature """

    def admin(self, pagename):
        try:
            request = self.request
            groups = request.groups
            username = request.user.name
            pagename = request.page.page_name
            mainpage = pagename.split('/')[0]
            if username == mainpage and username in groups.get(u'AutoAdminGroup', []):
                return True
            group_name = "%s/AdminGroup" % mainpage
            if (username in groups.get(group_name, []) and
                group_name in groups.get(u'AutoAdminGroup', [])):
                return True
        except AttributeError:
            pass # when we get called from xmlrpc, there is no request.page
        return Permissions.__getattr__(self, 'admin')(pagename)

    def save(self, editor, newtext, rev, **kw):
        request = self.request
        username = request.user.name
        pagename = editor.page_name

        if grouppage_autocreate and username == pagename:
            # create group pages when a user saves his own homepage
            for page in grouppages:
                grouppagename = "%s/%s" % (username, page)
                grouppage = Page(request, grouppagename)
                if not grouppage.exists():
                    text = """\
#acl %(username)s:read,write,delete,revert
 * %(username)s
""" % locals()
                    editor = PageEditor(request, grouppagename)
                    editor._write_file(text)

        parts = pagename.split('/')
        if len(parts) == 2:
            subpage = parts[1]
            if subpage in grouppages and not self.admin(pagename):
                return False

        # No problem to save if my base class agrees
        return Permissions.save(self, editor, newtext, rev, **kw)