Mercurial > p > roundup > code
annotate roundup/actions.py @ 4781:6e9b9743de89
Implementation for:
http://issues.roundup-tracker.org/issue2550731
Add mechanism for the detectors to be able to tell the source of the
data changes.
Support for tx_Source property on database handle. Can be
used by detectors to find out the source of a change in an auditor to
block changes arriving by unauthenticated mechanisms (e.g. plain email
where headers can be faked). The property db.tx_Source has the
following values:
* None - Default value set to None. May be valid if it's a script
that is created by the user. Otherwise it's an error and indicates
that some code path is not properly setting the tx_Source property.
* "cli" - this string value is set when using roundup-admin and
supplied scripts.
* "web" - this string value is set when using any web based
technique: html interface, xmlrpc ....
* "email" - this string value is set when using an unauthenticated
email based technique.
* "email-sig-openpgp" - this string value is set when email with a
valid pgp signature is used. (*NOTE* the testing for this mode
is incomplete. If you have a pgp infrastructure you should test
and verify that this is properly set.)
This also includes some (possibly incomplete) tests cases for the
modes above and an example of using ts_Source in the customization.txt
document.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 23 Apr 2013 23:06:09 -0400 |
| parents | 13b3155869e0 |
| children | a7541077cf12 |
| rev | line source |
|---|---|
| 4083 | 1 # |
| 2 # Copyright (C) 2009 Stefan Seefeld | |
| 3 # All rights reserved. | |
| 4 # For license terms see the file COPYING.txt. | |
| 5 # | |
| 6 | |
| 7 from roundup.exceptions import * | |
| 8 from roundup import hyperdb | |
| 9 from roundup.i18n import _ | |
| 10 | |
| 11 class Action: | |
| 12 def __init__(self, db, translator): | |
| 13 self.db = db | |
| 14 self.translator = translator | |
| 15 | |
| 16 def handle(self, *args): | |
| 17 """Action handler procedure""" | |
| 18 raise NotImplementedError | |
| 19 | |
| 20 def execute(self, *args): | |
| 21 """Execute the action specified by this object.""" | |
| 22 | |
| 23 self.permission(*args) | |
| 24 return self.handle(*args) | |
| 25 | |
| 26 | |
| 27 def permission(self, *args): | |
| 28 """Check whether the user has permission to execute this action. | |
| 29 | |
| 30 If not, raise Unauthorised.""" | |
| 31 | |
| 32 pass | |
| 33 | |
| 34 | |
| 35 def gettext(self, msgid): | |
| 36 """Return the localized translation of msgid""" | |
| 37 return self.translator.gettext(msgid) | |
| 38 | |
| 39 | |
| 40 _ = gettext | |
| 41 | |
| 42 | |
| 43 class Retire(Action): | |
| 44 | |
| 45 def handle(self, designator): | |
| 46 | |
| 47 classname, itemid = hyperdb.splitDesignator(designator) | |
| 48 | |
| 49 # make sure we don't try to retire admin or anonymous | |
| 50 if (classname == 'user' and | |
| 51 self.db.user.get(itemid, 'username') in ('admin', 'anonymous')): | |
|
4357
13b3155869e0
Beginnings of a big code cleanup / modernisation to make 2to3 happy
Richard Jones <richard@users.sourceforge.net>
parents:
4125
diff
changeset
|
52 raise ValueError(self._( |
|
13b3155869e0
Beginnings of a big code cleanup / modernisation to make 2to3 happy
Richard Jones <richard@users.sourceforge.net>
parents:
4125
diff
changeset
|
53 'You may not retire the admin or anonymous user')) |
| 4083 | 54 |
| 55 # do the retire | |
| 56 self.db.getclass(classname).retire(itemid) | |
| 57 self.db.commit() | |
| 58 | |
| 59 | |
| 60 def permission(self, designator): | |
| 61 | |
| 62 classname, itemid = hyperdb.splitDesignator(designator) | |
| 63 | |
| 64 if not self.db.security.hasPermission('Edit', self.db.getuid(), | |
| 65 classname=classname, itemid=itemid): | |
| 66 raise Unauthorised(self._('You do not have permission to ' | |
| 4125 | 67 'retire the %(classname)s class.')%classname) |
| 4083 | 68 |