ALTLinuxEdu

The security policy autoadmin included in MoinMoin distribution (but NOT active by default, see below) is useful when you want to automatically and implicitely give some users or user groups admin rights on some pages.

Having admin rights means to be able to create or change ACLs, see HelpOnAccessControlLists.

AutoAdmin usage

for a personal homepage

See if there is a HomepageTemplate with a prepared ACL line and some other magic already on it.

It is a good idea to have your homepage read- and writeable for everybody as a means of open communication.

For creating personal (or private) subpages of your homepage, it is the easiest way to use the MyPages action. It will show some form to you, enabling easy creation of those pages.

Alternatively you can also do it manually, using the ReadWritePageTemplate, ReadPageTemplate or PrivatePageTemplate. They usually have some prepared ACL line on them, e.g.:

#acl @ ME@/ReadWriteGroup:read,write @ ME@/ReadGroup:read

That @ME@ in the template will be expanded to your name when saving, so those 2 subpages (YourName/ReadWriteGroup and YourName/ReadGroup) of your homepage will be used for allowing read/write or read-only access.

Now you only have to maintain those 2 subpages of your homepage (maybe they even have been auto- created for you) and put the people on them for allowing them access.

for a project page

See if there is some <ProjectName>Template with a prepared ACL line for your project pages and use it for creating new subpages.

Use <ProjectName>/ReadWriteGroup and <ProjectName>/ReadGroup etc. as you would do for a homepage (see above).

AutoAdmin configuration and administration

Configuration

Add this to your wiki's configuration file:

    from MoinMoin.util.autoadmin import SecurityPolicy

Create an AutoAdminGroup page. If you don't know better, create an empty page for starting.

That page (and also other group pages used with autoadmin, see below) should be ACL protected with write access limited to allowed people. They are used as source for some ACL information and thus should be treated like the ACLs they get fed into.

Administration

Enabling a home page for AutoAdmin

Just add the user name (same as home page name) to the AutoAdminGroup page. Alternatively, if you want to enable this feature for all users of some specific group, add the group page name to AutoAdminGroup.

All users directly or indirectly on AutoAdminGroup will get admin rights on their own homepage or subpages of it.

This is needed for the MyPages action, but can also get used for manual ACL changes.

You also can define some page templates with pre-made ACLs for them to use for new homepages or subpages of it.

Enabling another (project) page for AutoAdmin

  1. Add <PageName>/AdminGroup to AutoAdminGroup.

  2. Also create that <PageName>/AdminGroup group definition page and add at least one user or one group to that page, giving them admin rights on <PageName> or subpages of it.

ALTLinuxEdu: HelpOnAutoAdmin (last modified 2006-11-02 14:06:49)