«
»

Creating a private wiki with MoinMoin

By donc

MoinMoin has Access Control Lists (ACLs) so I figured it would work for creating a private wiki on the internet.

Unfortunately this is against the MoinMoin philosophy so it took a little work.

MoinMoin pages can be protected by adding a processing instruction to the top of the page


#acl Known:read,write

This would work but is not what I was looking for since I want all pages to be protected. I don’t want the users to have to remember to add the acl to every page.

In the Security section of wikiconfig.py I changed the default acl rights so a user must be logged in to read or write wiki pages.


# the user must be logged in to view or write pages
acl_rights_default = u'Known:read,write'

This works great except that anyone can just create an account and view pages. So I also needed to disable user registration. MoinMoin uses the same form for user creation and editing users, so a file system hack worked the best.


$ cd /path/to/wiki/instance/data
$ chmod -w users

This allows users with existing accounts to edit them, but if someone attempts to create a user account, they get a nice IOError since MoinMoin can’t create the file. Effective but ugly.

Last I hacked userform.py to catch this error and display an message

When user registration was disabled the IOError was on line 155 of userform.py. theuser.save() became


try:
  theuser.save()
except IOError:
  return _("User registration is disabled")

This solution seems to work fine. Adding users is a bit of a pain, but it doesn’t happen often. Since users can’t register, I need to create the new accounts. I enable user creation (chmod +w users), use the UI to create users and then disable user registration again (chmod -w users).

This entry was posted on August 2, 2006 at 1:56 am and is filed under moinmoin, python, wiki. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

12 Responses to “Creating a private wiki with MoinMoin”

  1. Andre Ruiz Says:
    October 2, 2006 at 3:41 pm | Reply

    You rock man!!! I have been in search of a good solution for a private wiki for some weeks now. Having tested more than 6 apparently good solutions, I sticked with MoinMoin. But quickly I realized the problems you addressed here. A little googling before putting hands on dirty work, and you have already done it. Thank you.

  2. Rabe Ralf Says:
    November 3, 2006 at 1:25 pm | Reply

    Hi, if you use

    acl_rights_before = u’+Known:read,write All:’

    then unknown users can’t access any page, not even the UserPreference page to create an account. You used acl_rights_default, which is only applied to pages that doesn’t have an acl set on its own. But the UserPreferences page has. See HelpOnAccessControlLists. At least, this is true for version 1.5+.

  3. donc Says:
    November 3, 2006 at 2:19 pm | Reply

    Rabe: For my wiki I don’t want unknown users to access any page including the UserPreferences page. Setting acl_rights_before is a good way for me to enforce this policy.

  4. Joseph Armbruster Says:
    December 9, 2006 at 3:33 pm | Reply

    I did not want users to be able to access User Preferences to register… So, for UserPreferences, I set:

    #acl MoinPagesEditorGroup:read,write,delete,revert

    Any thoughts?

  5. Cornelius Puschmann Says:
    December 12, 2006 at 10:59 am | Reply

    Hey, thanks a bunch! Just the information I was looking for :-)

  6. Marcus Goldfish Says:
    December 18, 2006 at 10:17 am | Reply

    I modified this like Joseph did:

    (1) in wikiconfig (farmconfig.py for me, as I run multipl wikis):

    acl_rights_before = u”MyName:read,write,delete,revert,admin
    acl_rights_default = u”+Known:read,write All:”

    (2) in UserPreferences

    #acl MoinPagesEditorGroup:read,write,delete,revert

    This seems to work fine.

  7. Rafael Santos Says:
    February 28, 2007 at 2:31 pm | Reply

    As superuser I’ve edited the UserPreferences page and changed the ACL from
    #acl MoinPagesEditorGroup:read,write,delete,revert All:read
    to
    #acl MoinPagesEditorGroup:read,write,delete,revert Known:read

    And it worked as expected.

    So far it is working, please try that.

  8. Ted Says:
    August 3, 2007 at 1:46 pm | Reply

    I put the following right after “newuser” is determined, within userform.py so that only a particular IP-address is allowed to create new users.

    if newuser and self.request.remote_addr != “1.1.1.23″:
    return _(“You have enountered a security flaw, user cannot be created. (%s)” % self.request.remot
    e_addr)

    Then, in wikiconfig.py I assign

    acl_rights_default = u”Known:read,write All:read”

    This makes a wiki that can be updated by those who log in and have Ids (which can only be created in a controlled way), yet everyone can read the wiki.

  9. Eduardo Pinetti Says:
    September 10, 2008 at 2:44 pm | Reply

    Is it possible to have disable the search engine form to not logged users?

    My idea is to have a private wiki limiting a only logging form as FrontPage. without any buttons

    some idea??? thank

  10. WennaIllece Says:
    October 27, 2008 at 3:42 pm | Reply

    Is that a new way? There are very few things like my nutritious ideas Wanna good joke? How many Microsoft employees does it take to screw in a lightbulb? None. We’ll just declare darkness the new standard.

  11. Instalacja MoinMoina - Jaws 0.8.9 Says:
    February 26, 2009 at 4:20 am | Reply

    [...] nowych użytkowników mniej więcej tak jak zostało to opisane na wygooglanej przeze mnie tej oto stronie. Jaws Administrator | 26 February 2009 | General | 0 komentarze Trackback URI: [...]

  12. Vasily Eremenko Says:
    April 23, 2009 at 11:53 am | Reply

    Thanks! Very useful information! But now the line “theuser.save()” is at the file “MoinMoin/action/newuser.py”. Thanks!

Leave a Reply