Re: [Mailman-Developers] Authorization System in Core

[Ankush Sharma]

Hi Harshit,

Their is no authentication system(OAuth etc.) set up between core and
client for now. The client uses plain HTTP calls to communicate to the
core. So, anyone with the credentials can alter any such permissions in the
core. So, for now core and client should reside on the same host. So, I
guess it would be better to implement the permissions stuff on the
postorius side as others pointed out !

PS : I worked on the Node.js mailman client last year. You can refer it here
.

Thanks !

Ankush Sharma
ECE IV
IIT-BHU
Varanasi-221005
http://black-perl.in
Linkedin 

On Sun, May 22, 2016 at 3:20 AM, Harshit Bansal  wrote:

> Hi,
> Earlier, while discussing the permission system for manging styles, it was
> decided that the permissions system should be enforced in the core rather
> than in the postorius since otherwise it can be bypassed(deliberately or
> undeliberately). But one thing that I think I forgot to discuss was that
> currently there is no authorisation system in the core and now I am unable
> to figure out that how could the permissions be enforced in the core
> without an authorisation system.
> Should I workout an authorisation system for the core first or enforce
> permissions in postorius only?
>
> Thanks,
> Harshit Bansal
> ___
> Mailman-Developers mailing list
> Mailman-Developers@python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-developers/ankush.sharma.ece12%40itbhu.ac.in
>
> Security Policy: http://wiki.list.org/x/QIA9
>
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] Authorization System in Core

[Andrew Stuart]

You are most welcome to do as you wish with Mailmania, rename, fork, rebuild, 
whatever - I’m not precious about it - it is owned by the FSF and GPL licensed. 
 It might be just a good “first try” and point the way to a better solution.  

It certainly would benefit from a cleanup from a more experienced Python 
developer than me - whilst I did everything I could to make it consistent I 
have no doubt much could be done to improve it.

As Barry says, Mailmania puts a server layer in front of the Mailman REST API 
that allows authenticated public access to the Mailman REST server.  It uses 
the Mailman conceptual authorisation model and implements that as a concrete 
set of authorisation rules.

It also includes an unfinished solution for archiving inbound mail to sqlite 
for full text indexing and integration with Apache Tika for extraction of text 
from documents attached to emails.

I apologise for effectively having abandoned it but I would say it is (or was 
last I looked) fully working with over 700 tests.  I just don’t have time to 
fit it in to everything in life right now..

If anyone does want to do any work on it I’ll do my level best to help them get 
it running, understand it and problem solve any issues.

I’m working on other stuff but still watching this list so I’ll try to respond 
ASAP to any questions….

thanks

as

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9