Mercurial > p > roundup > code
annotate share/roundup/templates/devel/schema.py @ 7800:2d4684e4702d
fix: enhancement to history command output and % template fix.
Rather than using the key field, use the label field for descriptions.
Call cls.labelprop(default_to_id=True) so it returns id rather than
the first sorted property name.
If labelprop() returns 'id' or 'title', we return nothing. 'id' means
there is no label set and no properties named 'name' or 'title'. So
have the caller do whatever it wants (prepend classname for example)
when there is no human readable name. This prevents %(name)s%(key)s
from producing: 23(23).
Also don't accept the 'title' property. Titles can be too
long. Arguably we could: '%(name)20s' to limit the title
length. However without ellipses or something truncating the title
might be confusing. So again pretend there is no human readable name.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 12 Mar 2024 11:52:17 -0400 |
| parents | 670ab365e76f |
| children | 984bc9f94ec6 |
| rev | line source |
|---|---|
| 4434 | 1 |
| 2 # | |
| 3 # TRACKER SCHEMA | |
| 4 # | |
| 5 | |
| 6 # Class automatically gets these properties: | |
| 7 # creation = Date() | |
| 8 # activity = Date() | |
| 9 # creator = Link('user') | |
| 10 # actor = Link('user') | |
| 11 | |
| 12 | |
| 13 # This is the repository class, then you can see/edit repositories in pages like | |
| 14 # "http://tracker/url/vcs_repo1" | |
| 15 vcs_repo = Class(db, "vcs_repo", | |
| 16 name=String(), | |
| 17 host=String(), | |
| 18 path=String(), | |
| 19 webview_url=String()) | |
| 20 vcs_repo.setkey('name') | |
| 21 | |
| 22 # Stores revision data, lets you see/edit revisions in pages like | |
| 23 # "http://tracker/url/vcs_rev1". The vcs_rev.item.html template is currently | |
| 24 # broken, but this works fine without it. | |
| 25 vcs_rev = Class(db, "vcs_rev", | |
| 26 repository=Link('vcs_repo'), | |
| 27 revision=String()) | |
| 28 | |
| 29 | |
| 30 | |
| 31 # Component | |
| 32 component = Class(db, 'component', | |
| 33 name=String(), | |
| 34 description=String(), | |
| 35 order=Number(), | |
| 36 assign_to=Link('user')) | |
| 37 component.setkey('name') | |
| 38 | |
| 39 # Version | |
| 40 version = Class(db, 'version', | |
| 41 name=String(), | |
| 42 description=String(), | |
| 43 order=Number()) | |
| 44 version.setkey('name') | |
| 45 | |
| 46 # Severity | |
| 47 severity = Class(db, 'severity', | |
| 48 name=String(), | |
| 49 description=String(), | |
| 50 order=Number()) | |
| 51 severity.setkey('name') | |
| 52 | |
| 53 # Priority | |
| 54 priority = Class(db, 'priority', | |
| 55 name=String(), | |
| 56 description=String(), | |
| 57 order=Number()) | |
| 58 priority.setkey('name') | |
| 59 | |
| 60 # Status | |
| 61 status = Class(db, "status", | |
| 62 name=String(), | |
| 63 description=String(), | |
| 64 order=Number()) | |
| 65 status.setkey("name") | |
| 66 | |
| 67 # Resolution | |
| 68 resolution = Class(db, "resolution", | |
| 69 name=String(), | |
| 70 description=String(), | |
| 71 order=Number()) | |
| 72 resolution.setkey('name') | |
| 73 | |
| 74 # Keyword | |
| 75 keyword = Class(db, "keyword", | |
| 76 name=String(), | |
| 77 description=String()) | |
| 78 keyword.setkey("name") | |
| 79 | |
| 80 | |
| 81 # User-defined saved searches | |
| 82 query = Class(db, "query", | |
| 83 klass=String(), | |
| 84 name=String(), | |
| 85 url=String(), | |
| 86 private_for=Link('user')) | |
| 87 | |
| 88 # add any additional database schema configuration here | |
| 89 | |
| 90 user = Class(db, "user", | |
| 91 username=String(), | |
| 92 password=Password(), | |
| 93 address=String(), | |
| 94 realname=String(), | |
| 95 phone=String(), | |
| 96 organisation=String(), | |
| 97 alternate_addresses=String(), | |
| 98 queries=Multilink('query'), | |
| 99 roles=String(), # comma-separated string of Role names | |
| 100 timezone=String(), | |
| 101 vcs_name=String()) | |
| 102 | |
| 103 user.setkey("username") | |
|
7213
670ab365e76f
Finish adding anyonymous Register role in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7132
diff
changeset
|
104 db.security.addPermission(name='Register', klass='user', |
|
670ab365e76f
Finish adding anyonymous Register role in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7132
diff
changeset
|
105 description='User is allowed to register new user') |
| 4434 | 106 |
| 107 # Permissions for revision creation and repository viewing. | |
| 108 for role in ('User',): | |
| 109 db.security.addPermissionToRole(role, 'Create', 'vcs_rev') | |
| 110 db.security.addPermissionToRole(role, 'View', 'vcs_repo') | |
| 111 | |
| 112 # FileClass automatically gets this property in addition to the Class ones: | |
| 113 # content = String() [saved to disk in <tracker home>/db/files/] | |
| 114 # type = String() [MIME type of the content, default 'text/plain'] | |
| 115 msg = FileClass(db, "msg", | |
| 116 author=Link("user", do_journal='no'), | |
| 117 recipients=Multilink("user", do_journal='no'), | |
| 118 date=Date(), | |
| 119 summary=String(), | |
| 120 files=Multilink("file"), | |
| 121 messageid=String(), | |
| 122 inreplyto=String(), | |
| 123 revision=Link("vcs_rev")) | |
| 124 | |
| 125 # File | |
| 126 file = FileClass(db, "file", | |
| 127 name=String(), | |
| 128 description=String(indexme='yes')) | |
| 129 | |
| 130 # Patch | |
|
5136
602d544e3a93
fixing some mismatched patches/patch references that I borked in a prior checkin. Patch support was not and still is not working. But at least this tracker runs without errors with demo.py -t devel, just missing features.
John Rouillard <rouilj@ieee.org>
parents:
5134
diff
changeset
|
131 patches = FileClass(db, "patches", |
| 4434 | 132 name=String(), |
| 133 description=String(indexme='yes'), | |
| 134 repository=String(), | |
| 135 revision=String()) | |
| 136 | |
| 137 # Bug Type | |
| 138 bug_type = Class(db, 'bug_type', | |
| 139 name=String(), | |
| 140 description=String(), | |
| 141 order=Number()) | |
| 142 bug_type.setkey('name') | |
| 143 | |
| 144 # IssueClass automatically gets these properties in addition to the Class ones: | |
| 145 # title = String() | |
| 146 # messages = Multilink("msg") | |
| 147 # files = Multilink("file") | |
| 148 # patches = Multilink("patches") | |
| 149 # nosy = Multilink("user") | |
| 150 # superseder = Multilink("issue") | |
| 151 bug = IssueClass(db, "bug", | |
| 152 type=Link('bug_type'), | |
| 153 components=Multilink('component'), | |
| 154 versions=Multilink('version'), | |
| 155 severity=Link('severity'), | |
| 156 priority=Link('priority'), | |
| 157 dependencies=Multilink('bug'), | |
| 158 assignee=Link('user'), | |
| 159 status=Link('status'), | |
| 160 resolution=Link('resolution'), | |
| 161 superseder=Link('bug'), | |
|
5049
29bd12331b86
issue2550601: add multilink to patches to the bug issue. The doc string above the definition already included the code.
John Rouillard <rouilj@ieee.org>
parents:
4902
diff
changeset
|
162 keywords=Multilink('keyword'), |
|
29bd12331b86
issue2550601: add multilink to patches to the bug issue. The doc string above the definition already included the code.
John Rouillard <rouilj@ieee.org>
parents:
4902
diff
changeset
|
163 patches=Multilink('patches')) |
| 4434 | 164 |
| 165 # Task Type | |
| 166 task_type = Class(db, 'task_type', | |
| 167 name=String(), | |
| 168 description=String(), | |
| 169 order=Number()) | |
| 170 task_type.setkey('name') | |
| 171 | |
| 172 # IssueClass automatically gets these properties in addition to the Class ones: | |
| 173 # title = String() | |
| 174 # messages = Multilink("msg") | |
| 175 # files = Multilink("file") | |
| 176 # nosy = Multilink("user") | |
| 177 # superseder = Multilink("issue") | |
| 178 task = IssueClass(db, "task", | |
| 179 type=Link('task_type'), | |
| 180 components=Multilink('component'), | |
| 181 priority=Link('priority'), | |
| 182 dependencies=Multilink('task'), | |
| 183 assignee=Multilink('user'), | |
| 184 status=Link('status'), | |
| 185 resolution=Link('resolution'), | |
| 186 solves=Link('bug')) | |
| 187 | |
| 188 milestone = IssueClass(db, "milestone", | |
| 189 bugs=Multilink("bug"), | |
| 190 tasks=Multilink("task"), | |
| 191 status=Link("status"), | |
| 192 release_date=String()) | |
| 193 | |
| 194 # | |
| 195 # TRACKER SECURITY SETTINGS | |
| 196 # | |
| 197 # See the configuration and customisation document for information | |
| 198 # about security setup. | |
| 199 | |
| 200 db.security.addRole(name='Developer', description='A developer') | |
| 201 db.security.addRole(name='Coordinator', description='A coordinator') | |
| 202 | |
| 203 # | |
| 204 # REGULAR USERS | |
| 205 # | |
| 206 # Give the regular users access to the web and email interface | |
| 207 for r in 'User', 'Developer', 'Coordinator': | |
| 208 db.security.addPermissionToRole(r, 'Web Access') | |
| 209 db.security.addPermissionToRole(r, 'Email Access') | |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5136
diff
changeset
|
210 db.security.addPermissionToRole(r, 'Rest Access') |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5136
diff
changeset
|
211 db.security.addPermissionToRole(r, 'Xmlrpc Access') |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5136
diff
changeset
|
212 |
| 4434 | 213 ########################## |
| 214 # User permissions | |
| 215 ########################## | |
| 216 | |
| 217 for cl in ('severity', 'component', | |
| 218 'version', 'priority', 'status', 'resolution', | |
| 219 'bug_type', 'bug', 'task_type', 'task', 'milestone', | |
| 220 'keyword', 'file', 'msg'): | |
| 221 db.security.addPermissionToRole('User', 'View', cl) | |
| 222 db.security.addPermissionToRole('Anonymous', 'View', cl) | |
|
4457
89dd446af2a8
Don't allow users to create tasks and milestones.
Stefan Seefeld <stefan@seefeld.name>
parents:
4454
diff
changeset
|
223 |
|
89dd446af2a8
Don't allow users to create tasks and milestones.
Stefan Seefeld <stefan@seefeld.name>
parents:
4454
diff
changeset
|
224 for cl in ('severity', 'component', |
|
89dd446af2a8
Don't allow users to create tasks and milestones.
Stefan Seefeld <stefan@seefeld.name>
parents:
4454
diff
changeset
|
225 'version', 'priority', 'status', 'resolution', |
|
89dd446af2a8
Don't allow users to create tasks and milestones.
Stefan Seefeld <stefan@seefeld.name>
parents:
4454
diff
changeset
|
226 'bug_type', 'bug', 'file', 'msg'): |
| 4434 | 227 db.security.addPermissionToRole('User', 'Create', cl) |
| 228 | |
| 229 | |
| 230 def may_edit_file(db, userid, itemid): | |
| 231 return userid == db.file.get(itemid, "creator") | |
| 232 | |
| 233 p = db.security.addPermission(name='Edit', klass='file', check=may_edit_file, | |
| 234 description="User is allowed to remove their own files") | |
| 235 db.security.addPermissionToRole('User', p) | |
| 236 | |
| 237 p = db.security.addPermission(name='Create', klass='bug', | |
| 238 properties=('title', 'bug_type', | |
| 239 'components', 'versions', | |
| 240 'severity', | |
| 241 'messages', 'files', 'nosy'), | |
| 242 description='User can report and discuss bugs') | |
| 243 db.security.addPermissionToRole('User', p) | |
| 244 | |
| 245 p = db.security.addPermission(name='Edit', klass='bug', | |
| 246 properties=('title', 'bug_type', | |
| 247 'components', 'versions', | |
| 248 'severity', | |
| 249 'messages', 'files', 'nosy'), | |
| 250 description='User can report and discuss bugs') | |
| 251 db.security.addPermissionToRole('User', p) | |
| 252 | |
| 253 p = db.security.addPermission(name='Create', klass='task', | |
| 254 properties=('title', 'task_type', | |
| 255 'components', | |
| 256 'messages', 'files', 'nosy'), | |
| 257 description='Developer can create and discuss tasks') | |
| 258 db.security.addPermissionToRole('Developer', p) | |
| 259 | |
| 260 p = db.security.addPermission(name='Edit', klass='task', | |
| 261 properties=('title', 'task_type', | |
| 262 'components', | |
| 263 'messages', 'files', 'nosy'), | |
| 264 description='Developer can create and discuss tasks') | |
| 265 db.security.addPermissionToRole('Developer', p) | |
| 266 | |
| 267 p = db.security.addPermission(name='Create', klass='milestone', | |
| 268 description='Coordinator can create and discuss milestones') | |
| 269 db.security.addPermissionToRole('Coordinator', p) | |
| 270 | |
| 271 p = db.security.addPermission(name='Edit', klass='milestone', | |
| 272 description='Coordinator can create and discuss milestones') | |
| 273 db.security.addPermissionToRole('Coordinator', p) | |
| 274 | |
| 275 | |
| 276 ########################## | |
| 277 # Developer permissions | |
| 278 ########################## | |
| 279 for cl in ('bug_type', 'severity', 'component', | |
| 280 'version', 'priority', 'status', 'resolution', | |
| 281 'bug', 'file', 'msg', 'keyword'): | |
| 282 db.security.addPermissionToRole('Developer', 'View', cl) | |
| 283 | |
| 284 for cl in ('bug', 'file', 'msg', 'keyword'): | |
| 285 db.security.addPermissionToRole('Developer', 'Edit', cl) | |
| 286 db.security.addPermissionToRole('Developer', 'Create', cl) | |
| 287 | |
| 288 | |
| 289 ########################## | |
| 290 # Coordinator permissions | |
| 291 ########################## | |
| 292 for cl in ('bug_type', 'task_type', 'severity', 'component', | |
| 293 'version', 'priority', 'status', 'resolution', 'bug', 'task', 'file', 'msg'): | |
| 294 db.security.addPermissionToRole('Coordinator', 'View', cl) | |
| 295 db.security.addPermissionToRole('Coordinator', 'Edit', cl) | |
| 296 db.security.addPermissionToRole('Coordinator', 'Create', cl) | |
| 297 | |
| 298 # May users view other user information? Comment these lines out | |
| 299 # if you don't want them to | |
|
4902
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4676
diff
changeset
|
300 p = db.security.addPermission(name='View', klass='user', |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4676
diff
changeset
|
301 properties=('id', 'organisation', 'phone', 'realname', 'timezone', |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4676
diff
changeset
|
302 'vcs_name', 'username')) |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4676
diff
changeset
|
303 db.security.addPermissionToRole('User', p) |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4676
diff
changeset
|
304 db.security.addPermissionToRole('Developer', p) |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4676
diff
changeset
|
305 |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4676
diff
changeset
|
306 # Coordinator may also edit users, so they may see everything: |
| 4434 | 307 db.security.addPermissionToRole('Coordinator', 'View', 'user') |
| 308 | |
| 309 # Allow Coordinator to edit any user, including their roles. | |
| 310 db.security.addPermissionToRole('Coordinator', 'Edit', 'user') | |
| 311 db.security.addPermissionToRole('Coordinator', 'Web Roles') | |
| 312 | |
| 313 # Users should be able to edit their own details -- this permission is | |
| 314 # limited to only the situation where the Viewed or Edited item is their own. | |
| 315 def own_record(db, userid, itemid): | |
| 316 '''Determine whether the userid matches the item being accessed.''' | |
| 317 return userid == itemid | |
| 318 p = db.security.addPermission(name='View', klass='user', check=own_record, | |
| 319 description="User is allowed to view their own user details") | |
| 320 for r in 'User', 'Developer', 'Coordinator': | |
| 321 db.security.addPermissionToRole(r, p) | |
| 322 p = db.security.addPermission(name='Edit', klass='user', check=own_record, | |
| 323 description="User is allowed to edit their own user details", | |
| 324 properties=('username', 'password', | |
| 325 'address', 'realname', | |
|
4676
d3f8d0be588c
Issue2550783 - change spelling of organization to organisation so that
rouilj
parents:
4457
diff
changeset
|
326 'phone', 'organisation', |
| 4434 | 327 'alternate_addresses', |
| 328 'queries', | |
| 329 'timezone')) # Note: 'roles' excluded - users should not be able to edit their own roles. | |
| 330 for r in 'User', 'Developer': | |
| 331 db.security.addPermissionToRole(r, p) | |
| 332 | |
| 333 # Users should be able to edit and view their own queries. They should also | |
| 334 # be able to view any marked as not private. They should not be able to | |
| 335 # edit others' queries, even if they're not private | |
| 336 def view_query(db, userid, itemid): | |
| 337 private_for = db.query.get(itemid, 'private_for') | |
| 338 if not private_for: return True | |
| 339 return userid == private_for | |
| 340 def edit_query(db, userid, itemid): | |
| 341 return userid == db.query.get(itemid, 'creator') | |
| 342 p = db.security.addPermission(name='View', klass='query', check=view_query, | |
| 343 description="User is allowed to view their own and public queries") | |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4434
diff
changeset
|
344 p = db.security.addPermission(name='Search', klass='query') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4434
diff
changeset
|
345 db.security.addPermissionToRole('User', p) |
| 4434 | 346 for r in 'User', 'Developer', 'Coordinator': |
| 347 db.security.addPermissionToRole(r, p) | |
| 348 p = db.security.addPermission(name='Edit', klass='query', check=edit_query, | |
| 349 description="User is allowed to edit their queries") | |
| 350 for r in 'User', 'Developer', 'Coordinator': | |
| 351 db.security.addPermissionToRole(r, p) | |
| 352 p = db.security.addPermission(name='Create', klass='query', | |
| 353 description="User is allowed to create queries") | |
| 354 for r in 'User', 'Developer', 'Coordinator': | |
| 355 db.security.addPermissionToRole(r, p) | |
| 356 | |
| 357 | |
| 358 # | |
| 359 # ANONYMOUS USER PERMISSIONS | |
| 360 # | |
| 361 # Let anonymous users access the web interface. Note that almost all | |
| 362 # trackers will need this Permission. The only situation where it's not | |
| 363 # required is in a tracker that uses an HTTP Basic Authenticated front-end. | |
| 364 db.security.addPermissionToRole('Anonymous', 'Web Access') | |
| 365 | |
| 366 # Let anonymous users access the email interface (note that this implies | |
| 367 # that they will be registered automatically, hence they will need the | |
|
7132
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
368 # "Register" user Permission below) |
| 4434 | 369 # This is disabled by default to stop spam from auto-registering users on |
| 370 # public trackers. | |
| 371 #db.security.addPermissionToRole('Anonymous', 'Email Access') | |
| 372 | |
| 373 # Assign the appropriate permissions to the anonymous user's Anonymous | |
| 374 # Role. Choices here are: | |
| 375 # - Allow anonymous users to register | |
|
7132
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
376 db.security.addPermissionToRole('Anonymous', 'Register', 'user') |
| 4434 | 377 |
| 378 # Allow anonymous users access to view issues (and the related, linked | |
| 379 # information). | |
| 380 | |
|
4454
cc402f5ad93e
Anonymous can only see bugs, but neither tasks nor milestones.
Stefan Seefeld <stefan@seefeld.name>
parents:
4437
diff
changeset
|
381 for cl in 'bug', 'severity', 'status', 'resolution', 'msg', 'file': |
| 4434 | 382 db.security.addPermissionToRole('Anonymous', 'View', cl) |
| 383 | |
|
5113
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5049
diff
changeset
|
384 # Allow the anonymous user to use the "Show Unassigned" search. |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5049
diff
changeset
|
385 # It acts like "Show Open" if this permission is not available. |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5049
diff
changeset
|
386 # If you are running a tracker that does not allow read access for |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5049
diff
changeset
|
387 # anonymous, you should remove this entry as it can be used to perform |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5049
diff
changeset
|
388 # a username guessing attack against a roundup install. |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5049
diff
changeset
|
389 p = db.security.addPermission(name='Search', klass='user') |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5049
diff
changeset
|
390 db.security.addPermissionToRole ('Anonymous', p) |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5049
diff
changeset
|
391 |
| 4434 | 392 # [OPTIONAL] |
| 393 # Allow anonymous users access to create or edit "issue" items (and the | |
| 394 # related file and message items) | |
| 395 #for cl in 'issue', 'file', 'msg': | |
| 396 # db.security.addPermissionToRole('Anonymous', 'Create', cl) | |
| 397 # db.security.addPermissionToRole('Anonymous', 'Edit', cl) | |
| 398 | |
| 399 | |
| 400 # vim: set filetype=python sts=4 sw=4 et si : | |
| 401 |