Mercurial > p > roundup > code

annotate detectors/creator_resolution.py @ 5220:14d8f61e6ef2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Reimplemented anti-csrf measures by raising exceptions rather than returning booleans. Redoing it using exceptions was the easiest way to return proper xmlrpc fault messages to the clients. Also this code should now properly make values set in the form override values from the database. So no lost work under some circumstances if the csrf requirements are not met. Also this code does a better job of cleaning up old csrf tokens.
author John Rouillard <rouilj@ieee.org>
date Wed, 05 Apr 2017 20:56:08 -0400
parents b3f46759b4d1
children 35ea9b1efc14
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4627
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
1 # This detector was written by richard@mechanicalcat.net and it's been
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
2 # placed in the Public Domain. Copy and modify to your heart's content.
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
3
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
4 from roundup.exceptions import Reject
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
5
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
6 def creator_resolution(db, cl, nodeid, newvalues):
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
7 '''Catch attempts to set the status to "resolved" - if the assignedto
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
8 user isn't the creator, then set the status to "in-progress" (try
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
9 "confirm-done" first though, but "classic" Roundup doesn't have that
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
10 status)
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
11 '''
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
12 if not newvalues.has_key('status'):
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
13 return
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
14
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
15 # get the resolved state ID
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
16 resolved_id = db.status.lookup('resolved')
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
17
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
18 if newvalues['status'] != resolved_id:
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
19 return
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
20
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
21 # check the assignedto
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
22 assignedto = newvalues.get('assignedto', cl.get(nodeid, 'assignedto'))
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
23 creator = cl.get(nodeid, 'creator')
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
24 if assignedto == creator:
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
25 if db.getuid() != creator:
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
26 name = db.user.get(creator, 'username')
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
27 raise Reject, 'Only the creator (%s) may close this issue'%name
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
28 return
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
29
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
30 # set the assignedto and status
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
31 newvalues['assignedto'] = creator
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
32 try:
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
33 status = db.status.lookup('confirm-done')
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
34 except KeyError:
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
35 status = db.status.lookup('in-progress')
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
36 newvalues['status'] = status
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
37
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
38 def init(db):
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
39 db.issue.audit('set', creator_resolution)
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
40
6b32e9dac625 Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
41 # vim: set filetype=python ts=4 sw=4 et si
Roundup Issue Tracker: http://roundup-tracker.org/