#format wiki #language en #pragma section-numbers off #acl IanRiley:read,write,delete,revert,admin All:read,attach,detach #pragma supplementation-page on = GuestPass, GuestPasses and GuestPassFile = <> == Background and rationale == MoinMoin pages can be protected from being viewed by unauthorised users by Access Control Lists (ACL). ACL can be used to grant individuals or groups access to a page. However, it could be handy to occasionally give people (without user accounts) read access to an otherwise restricted page. Of course, a static copy of a page could be sent to them, but if the page is subject to change, this might not be the ideal solution, and would not be overly convenient. A mechanism to issue guest passes would be a more elegant solution. == Description == The !GuestPass action allows the creation and retirement of guest passes for individual, non-public pages for which the creator has write privileges. A link is created that can be given to anyone the user wishes to read the page. This link gives access to the page and attachments with links on the page created by the !GuestPassFile macro. Guest passes expire after 30 days. Access checking by in `MoinMoin.action.__init__.py` prevents actions (both inbuilt and plugin) from being being invoked for pages for with the user does not have read access. So, by design, an anonymous user cannot gain access to a non-public page by using a URL with an action parameter. Consequently to facilitate the !GuestPass action, `MoinMoin.action.__init__.py` must be modified to allow this action to pass and for it to take over responsibility for anonymous user access to a page. !GuestPass action will only allow read access to a page, and only when the user is anonymous or a logged in user does not already have read access to the page (including the creator of the guest pass). Access to attached files is controlled by the !GuestPassFile macro, which only allows views and downloads. Guest pass users cannot upload, delete, move, unzip or perform any other such action on attached files. The !GuestPasses macro allows the user to obtain a listing of all currently valid guest passes they have created. The superuser can obtain a listing of all currently valid guest passes including the name of the user that created them. == Usage == The !GuestPass dialog is opened by selecting !GuestPass from the "More actions" menu. Although it is possible to put a link in the pages with the `<>` macro, this makes no sense, as it would be visible to, but not usable by, the guest pass user. If there is no currently valid guest pass for the page, the !GuestPass dialog offers only the options to create a guest pass or cancel the action. When valid guest passes exist, they are listed, and one or more can be selected for retirement. Guest passes that are retired are not deleted but superseded by passes with 0 days till expiry. !GuestPass action has two companion macros and requires a logfile module. `<>` inserts a table of currently valid guest passes created by the current user for all pages (or a particular page, if specified). The links can be copied and sent to someone to invite them to view the page. For security reasons, the table can only be displayed on a page writable by the current user and not readable publicly. The superuser, however, can view passes created by all users. `<>` inserts a link to an attached file when the page has been accessed using a guest pass. If the page is accessed normally, it creates a link equivalent to `[[attachment:filename]]`. If the file is not attached, a message that the file is not available is given to a guest pass user, or an upload file link for a normal user. Embedding attached files (e.g. {{attachment:filename}}) work on a guest pass accessed page, so no special arrangements are needed. The module `passlog.py`, installed in `wiki.data.pulugin.logfile` (see [[#Prerequisites]] below) handles the access to the log of guest passes created. Guest passes are never deleted, they are either expired or retired. So `pass-log` contains a complete history of guest pass creation/retirement. When a page is accessed using a guest pass, a message in the header provides the guest pass link to the page, the number of days till expiry, and links for print view and PDF creation. For PDF creation to work, the [[PDF.py|PDF]] action needs to be installed and preferably, a slight modification to `MoinMoin.page.py` made (see under prerequisites). == Prerequisites == To allow !GuestPass action to be recognised as an available action for non-readable pages in `MoinMoin.action.__init__.py`, the initial code in `MoinMoin.action.__init__.get_available_actions` function needs to be modified. '''Original''' {{{#!python if not user.may.read(page.page_name): return [] }}} '''Modified''' {{{#!python if not user.may.read(page.page_name): #return [] return [u'GuestPass'] # original returned empty list }}} For this action and the companion macros to work the !PassLog class is imported from `passlog.py` in `wiki/data/plugin/logfile`. This folder must also contain the standard `__init__.py` for plugin modules. The file is provided for download as `psslog-1.0.py` and must be renamed to `viewlog.py` when installing. This plugin parallels the inbuilt logfile modules `eventlog.py` and `editlog.py` found in `MoinMoin/logfile`. To allow !TableOfContents macro to find headings in the page, it needs to be modified. To do this, copy `MoinMoin.macro.TableOfContents.py` to wiki.data.plugin.macro, and edit as follows. Add the following function. {{{#!python def send_special(request): """ Check if GuestPass used and OK to send_special """ pname = request.page.page_name action = request.values.get('action', '') passcode = request.values.get('pass', '') send = action == 'GuestPass' and passcode and not request.user.may.read(pname) return send }}} Modify the following line. '''Original''' {{{#!python output = macro.request.redirectedOutput(p.send_page, content_only=True, count_hit=False, omit_footnotes=True) }}} '''Modified''' {{{#!python output = macro.request.redirectedOutput(p.send_page, content_only=True, count_hit=False, send_special=send_special(macro.request), omit_footnotes=True) }}} To have !GuestPass action call the [[PDF.py|PDF]] action to create a PDF of the page, it is best make a slight modification to `MoinMoin.page.py`. !GuestPass action calls `MoinMoin.page.send_page` function with send_special=True, which allows pages that the user could not otherwise read to be displayed. However, this function sets the status code in the HTML headers to 403 even though send_special=True allows the page to be displayed. [[PDF.py|PDF]] calls [[http://code.google.com/p/wkhtmltopdf/|wkhtmltopdf]] as a subprocess and it will return an error if a forbidden error (403) is received. This does not prevent the PDF being created but will litter log files. '''Original''' {{{#!python if not request.user.may.read(self.page_name): request.status_code = 403 else: request.status_code = 200 }}} '''Modified''' {{{#!python if not request.user.may.read(self.page_name) and \ not send_special: #added for wkhtmltopdf with guestpass request.status_code = 403 else: request.status_code = 200 }}} == Download & Release Notes == || Download || Release Version || Moin Version || Release Notes || || [[attachment:GuestPass-1.2.py]] || 1.1 || 1.9.2 || || || [[attachment:passlog-1.1.py]] || 1.1 || 1.9.2 || || || [[attachment:GuestPasses-1.1.py]] || 1.1 || 1.9.2 || || || [[attachment:GuestPassFile-1.1.py]] || 1.1 || 1.9.2 || || For installation, rename files to remove version number (e.g. `-1.0`). == Examples == The URL examples below would all be created automatically by the action or its macros. === Guest pass URL === Created by !GuestPass action. {{{ http://domain/wiki/PrivatePage?action=GuestPass&pass=MsM1y9KJ6m8yvNkb }}} === Guest pass attachment URLs === Inserted by `<>` into a page when accessed by a guest pass. {{{ http://domain/wiki/PrivatePage?action=GuestPass&pass=MsM1y9KJ6m8yvNkb&do=view&show=filename }}} This is to '''view''' files with download link (equivalent to the inbuilt !AttachFile action but without the upload form). Text files are show with highlighting if possible, images are display and zip file contents listed. Other file types are redirected to '''get'''. The download link is the '''do=get''' link. {{{ http://domain/wiki/PrivatePage?action=GuestPass&pass=MsM1y9KJ6m8yvNkb&do=get&show=filename }}} This link might still simplely display the file contents in the browser (such as PDFs in Safari) depending on the file type and browser settings. In such cases, the file can be downloaded by saving that page, or using the appropriate option in the browsers pop-up menu on the download link. === Guest pass table === {{{ <> }}} When run by the superuser generates: ||{{attachment:GuestPasses.py example.png}}|| == History == See individual source files for details of version history. Developed with inspiration and MoinMoin code from: . @copyright: 2000-2004 Juergen Hermann . @copyright: 2000-2001 Richard Jones . @copyright: 2001 Ken Sugino (sugino@mediaone.net) . @copyright: 2005-2010 MoinMoin:ReimarBauer . @copyright: 2005 MoinMoin:AlexanderSchremmer . @copyright: 2005 !DiegoOngaro at ETSZONE (diego@etszone.com) . @copyright: 2006-2008 MoinMoin:ThomasWaldmann, == Copyright == . @copyright: 2013 Ian Riley == License == GNU GPL, see COPYING for details. == Known issues and limitations == * The links created in the page header (title and trail) do not include !GuestPass parameters and will not provide the guest pass user access to the page. This might confuse some users. They should be advised to only use the link provided for guest access to the page. * Re-displaying a page accessed by a guest pass by using the back arrow in Safari can cause some links not to operate as expected. This does not happen if the page is refreshed. This does not appear to be an issue for Firefox. ----- Hits:: <>