Mercurial > p > roundup > code
annotate doc/whatsnew-0.8.txt @ 3117:460eb0209a9e
Permissions improvements.
- have Permissions only test the check function if itemid is suppled
- modify index templates to check for row-level Permission
- more documentation of security mechanisms
- better unit tests for security mechanisms
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 28 Jan 2005 03:51:19 +0000 |
| parents | 4e7eaf475ad7 |
| children | 7308c3c5a943 |
| rev | line source |
|---|---|
|
2397
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1 ========================= |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 What's New in Roundup 0.8 |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3 ========================= |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
5 For those completely new to Roundup, you might want to look over the very |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
6 terse features__ page. |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
7 |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
8 __ features.html |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
9 |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
10 .. contents:: |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
11 |
| 3108 | 12 In Summary |
| 13 ========== | |
| 14 | |
| 15 (this information copied directly from the ``CHANGES.txt`` file) | |
| 16 | |
| 17 XXX this section needs more detail | |
| 18 | |
| 19 - remove "manual" locking of sqlite database | |
| 20 - create a new RDBMS cursor after committing | |
| 21 - roundup-mailgw now logs fatal exceptions rather than mailing them to admin | |
| 22 - roundup-server options -g and -u accept both ids and names (sf bug 983769) | |
| 23 - roundup-server now has a configuration file (-C option) | |
| 24 - added mod_python interface (see installation.txt) | |
| 25 - added option to turn off registration confirmation via email | |
| 26 ("instant_registration" in config) (sf rfe 922209) | |
| 27 - roundup-admin reindex command may now work on single items or classes | |
| 28 - record journaltag lookup ("fixes" sf bug 998140) | |
| 29 - roundup windows service may be installed with command line options | |
| 30 recognized by roundup-server (but not tracker specification arguments). | |
| 31 Use this to specify server configuration file for the service. | |
| 32 - added experimental multi-thread server | |
| 33 - don't try to import all backends in backends.__init__ unless we *want* to | |
| 34 - unless in debug mode, keep a single persistent connection through a | |
| 35 single web or mailgw request. | |
| 36 - extended security.addPermissionToRole to allow skipping the separate | |
| 37 getPermission call | |
| 38 | |
| 39 | |
|
2397
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
40 Logging of internal messages |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
41 ============================ |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
42 |
|
2983
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
43 Roundup's previously ad-hoc logging of events has been cleaned up and is |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
44 now configured in a single place in the tracker configuration file. |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
45 |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
46 The `customisation documentation`_ has more details on how this is |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
47 configured. |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
48 |
|
2886
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
49 |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
50 Security Changes |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
51 ================ |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
52 |
|
2983
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
53 Password Storage |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
54 ---------------- |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
55 |
|
2886
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
56 Added MD5 scheme for password hiding. This extends the existing SHA and |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
57 crypt methods and is useful if you have an existing MD5 password database. |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
58 |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
59 |
|
2983
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
60 Permission Definitions |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
61 ---------------------- |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
62 |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
63 Permissions may now be defined on a per-property basis, allowing access to |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
64 only specific properties on items. |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
65 |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
66 Permissions may also have code attached which is executed to check whether |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
67 the Permission is valid for the current user and item. |
|
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
68 |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
69 Permissions are now automatically checked when information is rendered |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
70 through the web. This includes: |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
71 |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
72 1. View checks for properties when being rendered via the ``plain()`` or |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
73 similar methods. If the check fails, the text "[hidden]" will be |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
74 displayed. |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
75 2. Edit checks for properties when the edit field is being rendered via |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
76 the ``field()`` or similar methods. If the check fails, the property |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
77 will be rendered via the ``plain()`` method (see point 1. for additional |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
78 checking performed) |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
79 3. View checks are performed in index pages for each item being displayed |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
80 such that if the user does not have permission, the row is not rendered. |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
3108
diff
changeset
|
81 |
|
2983
9614a101b68f
Stuff from the train ride this morning:
Richard Jones <richard@users.sourceforge.net>
parents:
2915
diff
changeset
|
82 |
|
2886
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
83 Extending Roundup |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
84 ================= |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
85 |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
86 To write extension code for Roundup you place a file in the tracker home |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
87 ``extensions`` directory. See the `customisation documentation`_ for more |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
88 information about how this is done. |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
89 |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
90 |
| 2907 | 91 8-bit character set support in Web interface |
| 92 ============================================ | |
|
2886
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
93 |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
94 This is used to override the UTF-8 default. It may be overridden in both |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
95 forms and a browser cookie. |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
96 |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
97 - In forms, use the ``@charset`` variable. |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
98 - To use the cookie override, have the ``roundup_charset`` cookie set. |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
99 |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
100 In both cases, the value is a valid charset name (eg. ``utf-8`` or |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
101 ``kio8-r``). |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
102 |
| 2907 | 103 Inside Roundup, all strings are stored and processed in utf-8. |
| 104 Unfortunately, some older browsers do not work properly with | |
| 105 utf8-encoded pages (e.g. Netscape Navigator 4 displays wrong | |
| 106 characters in form fields). This version allows to change | |
| 107 the character set for http transfers. To do so, you may add | |
| 108 the following code to your ``page.html`` template:: | |
| 109 | |
| 110 <tal:block define="uri string:${request/base}${request/env/PATH_INFO}"> | |
| 111 <a tal:attributes="href python:request.indexargs_href(uri, | |
| 112 {'@charset':'utf-8'})">utf-8</a> | |
| 113 <a tal:attributes="href python:request.indexargs_href(uri, | |
| 114 {'@charset':'koi8-r'})">koi8-r</a> | |
| 115 </tal:block> | |
| 116 | |
| 117 (substitute ``koi8-r`` with appropriate charset for your language). | |
| 118 Charset preference is kept in the browser cookie ``roundup_charset``. | |
| 119 | |
| 120 Lines ``meta http-equiv`` added to the tracker templates in version 0.6.0 | |
| 121 should be changed to include actual character set name:: | |
| 122 | |
| 123 <meta http-equiv="Content-Type" | |
| 124 tal:attributes="content string:text/html;; charset=${request/client/charset}" | |
| 125 /> | |
| 126 | |
| 127 Actual charset is also sent in the http header. | |
| 128 | |
|
2886
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
129 |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
130 Web Interface Miscellanea |
|
0998d1b48182
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
2397
diff
changeset
|
131 ========================= |
|
2397
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
132 |
|
2996
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
133 The web interface has seen some changes: |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
134 |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
135 Templating |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
136 We implement __nonzero__ for HTMLProperty - properties may now be used in |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
137 boolean conditions (eg ``tal:condition="issue/nosy"`` will be false if |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
138 the nosy list is empty). |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
139 |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
140 We added a default argument to the DateHTMLProperty.field method, and an |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
141 optional Interval (string or object) to the DateHTMLProperty.now |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
142 |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
143 We've added a multiple selection Link/Multilink search field macro to the |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
144 default classic page.html template. |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
145 |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
146 We relaxed hyperlinking in web interface (accept "issue123" or "Issue 123") |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
147 |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
148 The listing popup may be used in query forms. |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
149 |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
150 Standard templates |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
151 We hide "(list)" popup links when issue is only viewable |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
152 |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
153 Web server |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
154 The builtin web server may now perform HTTP Basic Authentication by |
|
08a17fc4dc01
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2983
diff
changeset
|
155 itself. |
|
2397
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
156 |
|
fa50e1347397
added basic logging support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
157 .. _`customisation documentation`: customizing.html |