Mercurial > p > roundup > code

annotate doc/upgrading.txt @ 7155:89a59e46b3af

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
improve REST interface security When using REST, we reflect the client's origin. If the wildcard '*' is used in allowed_api_origins all origins are allowed. When this is done, it also added an 'Access-Control-Allow-Credentials: true' header. This Credentials header should not be added if the site is matched only by '*'. This header should be provided only for explicit origins (e.g. https://example.org) not for the wildcard. This is now fixed for CORS preflight OPTIONS request as well as normal GET, PUT, DELETE, POST, PATCH and OPTIONS requests. A missing Access-Control-Allow-Credentials will prevent the tracker from being accessed using credentials. This prevents an unauthorized third party web site from using a user's credentials to access information in the tracker that is not publicly available. Added test for this specific case. In addition, allowed_api_origins can include explicit origins in addition to '*'. '*' must be first in the list. Also adapted numerous tests to work with these changes. Doc updates.
author John Rouillard <rouilj@ieee.org>
date Thu, 23 Feb 2023 12:01:33 -0500
parents 1e3b9abbc2b9
children 1549c7e74ef8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6586
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
1 .. meta::
6774
e7b4ad2c57ac landmarks, skiplink, remove bad attrs, autocomplete search
John Rouillard <rouilj@ieee.org>
parents: 6768
diff changeset
2 :description:
7138
1e3b9abbc2b9 shorten meta description < 160 chars. best practice.
John Rouillard <rouilj@ieee.org>
parents: 7134
diff changeset
3 Critical documentation for upgrading the Roundup Issue
1e3b9abbc2b9 shorten meta description < 160 chars. best practice.
John Rouillard <rouilj@ieee.org>
parents: 7134
diff changeset
4 Tracker. Actions that must be taken when upgrading from
6586
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
5 one version to another are documented here.
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
6
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
7 .. index:: Upgrading
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
8
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 Upgrading to newer versions of Roundup
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
13 Please read each section carefully and edit your tracker home files
2016
2112962f5bb1 Update documentation for the client.py split and add an upgrade notice.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 2003
diff changeset
14 accordingly. Note that there is information about upgrade procedures in the
6781
b3d4b25b4922 Add links some updates.
John Rouillard <rouilj@ieee.org>
parents: 6780
diff changeset
15 `administration guide`_ in the `Software Upgrade`_ section.
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16
2273
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
17 If a specific version transition isn't mentioned here (eg. 0.6.7 to 0.6.8)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
18 then you don't need to do anything. If you're upgrading from 0.5.6 to
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
19 0.6.8 though, you'll need to check the "0.5 to 0.6" and "0.6.x to 0.6.3"
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
20 steps.
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
21
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
22 General steps:
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
23
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
24 1. Make note of your current Roundup version.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
25 2. Take your Roundup installation offline (web, email,
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
26 cron scripts, roundup-admin etc.)
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
27 3. Backup your Roundup instance
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
28 4. Install a new version of Roundup
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
29 5. Make version specific changes as described below for
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
30 each version transition. If you are starting at 1.5.0
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
31 and installing to 2.3, you need to make the changes for **all**
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
32 versions starting at 1.5 and ending at 2.3. E.G.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
33 1.5.0 -> 1.5.1, 1.5.1 -> 1.6.0, ..., 2.1.0 -> 2.2.0,
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
34 2.2.0 -> 2.3.0.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
35 6. Run ``roundup-admin -i <tracker_home> migrate`` for
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
36 **all** your trackers. This will update the database if
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
37 it is required.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
38 7. Bring your Roundup instance back online
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
39 8. Test
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
40
5328
ba1ce44254df clarify supported python versions in two docs. Reported by Joseph Myers.
John Rouillard <rouilj@ieee.org>
parents: 5323
diff changeset
41 **IMPORTANT** The v1.5.x releases of Roundup were the last to support
ba1ce44254df clarify supported python versions in two docs. Reported by Joseph Myers.
John Rouillard <rouilj@ieee.org>
parents: 5323
diff changeset
42 Python v2.5 and v2.6. Starting with the v1.6 releases of Roundup
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
43 Python version 2.7 that is newer than 2.7.2 is required to run
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
44 Roundup. Starting with Roundup version 2.0.0 we also support Python 3
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
45 versions newer than 3.4.
4901
fa268ea457db Add note about dropping support for Python v2.5
John Kristensen <john@jerrykan.com>
parents: 4890
diff changeset
46
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
47 Contents:
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
48
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49 .. contents::
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
50 :local:
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
51
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
52 .. index:: Upgrading; 2.2.0 to 2.3.0
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
53
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
54 Migrating from 2.2.0 to 2.3.0
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
55 =============================
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
56
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
57 Update your ``config.ini`` (required)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
58 -------------------------------------
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
59
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
60 Upgrade tracker's config.ini file. Use::
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
61
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
62 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
63
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
64 to generate a new ini file preserving all your settings.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
65 You can then merge any local comments from the tracker's
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
66 ``config.ini`` to ``newconfig.ini`` and replace
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
67 ``config.ini`` with ``newconfig.ini``.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
68
7132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
69 Using the roundup-mailgw script (required)
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
70 ------------------------------------------
7064
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
71
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
72 In previous versions the roundup-mailgw script had a ``-C`` (or
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
73 ``--class``) option for specifying a class to be used with ``-S`` (or
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
74 ``--set``) option(s). In the latest version the ``-C`` option is gone,
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
75 the class for this option is specified as a prefix, e.g. instead of ::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
76
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
77 roundup-mailgw -C issue -S issueprop=value
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
78
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
79 You now specify ::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
80
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
81 roundup-mailgw -S issue.issueprop=value
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
82
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
83 If multiple values need to be set, this can be achieved with multiple
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
84 ``-S`` options or with delimiting multiple values with a semicolon (in
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
85 that case the string needs to be quoted because semicolon is a shell
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
86 special character)::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
87
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
88 roundup-mailgw -S 'issue.issueprop1=value1;issueprop2=value2'
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
89 roundup-mailgw -S issue.issueprop1=value1 -S issue.issueprop2=value2
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
90
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
91 are equivalent. Note that the class is provided as a prefix for the
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
92 set-string, not for each property. The class can be omitted altogether
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
93 in which case it defaults to ``msg`` (this default existed in previous
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
94 versions).
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
95
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
96 If you do not use the ``-C`` (or ``--class``) option in your current
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
97 setup of mailgw you don't need to change anything.
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
98
7132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
99 Replace Create User permission for Anonymous with Register (required)
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
100 ---------------------------------------------------------------------
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
101
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
102 Check your trackers schema.py. If you have the following code::
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
103
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
104 db.security.addPermissionToRole('Anonymous', 'Create', 'user')
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
105
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
106 after the permission for Anonymous 'Email Access', change it to::
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
107
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
108 db.security.addPermissionToRole('Anonymous', 'Register', 'user')
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
109
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
110 The comment for Anonymous 'Email Access' may refer to Create. Change
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
111 it to refer to Register.
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
112
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
113 This will be an issue if you used the devel or responsive tracker
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
114 templates. If you used a classic, minimal or jinja2 template the
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
115 permission change (but not the comment change) should be done already.
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
116
6806
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
117 Rdbms version change from 7 to 8 (required)
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
118 -------------------------------------------
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
119
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
120 This release includes a change that requires updates to the
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
121 database schema.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
122
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
123 Sessions and one time key (otks) tables in the Mysql and
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
124 PostgreSQL database use a numeric type that
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
125 truncates/rounds expiration timestamps. This results in
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
126 entries being purged early or late (depending on whether
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
127 it rounds up or down). The discrepancy is a couple of
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
128 days for Mysql or a couple of minutes for PostgreSQL.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
129
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
130 Session keys stay for a week or more and CSRF keys are
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
131 two weeks by default. As a result, this isn't usually a
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
132 visible issue. This migration updates the numeric types
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
133 to ones that supports more significant figures.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
134
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
135 You should backup your instance and run the
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
136 ``roundup-admin -i <tracker_home> migrate``
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
137 command for all your trackers once you've
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
138 installed the latest code base.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
139
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
140 Do this before you use the web, command-line or mail
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
141 interface and before any users access the tracker.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
142
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
143 If successful, this command will respond with either
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
144 "Tracker updated" (if you've not previously run it on an
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
145 RDBMS backend) or "No migration action required" (if you
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
146 have run it, or have used another interface to the tracker,
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
147 or are using anydbm).
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
148
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
149 Session/OTK data storage for SQLite backend changed (required)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
150 --------------------------------------------------------------
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
151
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
152 Roundup stores a lot of ephemeral data:
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
153
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
154 * login session tokens,
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
155 * rate limits
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
156 * password reset attempt tokens
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
157 * one time keys
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
158 * and anti CSRF keys.
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
159
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
160 These were stored using dbm style files while the main data
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
161 is stored in a SQLite db. Using both dbm and sqlite style
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
162 files is surprising and due to how we lock dbm files can be
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
163 a performance issue.
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
164
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
165 However you can continue to use the dbm files by setting the
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
166 ``backend`` option in the ``[sessiondb]`` section of
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
167 ``config.ini`` to ``anydbm``.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
168
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
169 If you do not change the setting, two sqlite databases
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
170 called ``db-otk`` and ``db-session`` replace the dbm
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
171 databases. Once you make the change the old ``otks`` and
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
172 ``sessions`` dbm databases can be removed.
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
173
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
174 Note this replacement will require users to log in again and
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
175 refresh web pages to save data. It is best if people save
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
176 all their changes and log out of Roundup before the upgrade
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
177 is done to minimize confusion. Because the data is
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
178 ephemeral, there is no plan to migrate this data to the new
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
179 SQLite databases. If you want to keep using the data set the
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
180 ``sessiondb`` ``backend`` option as described above.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
181
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
182 Session/OTK data storage using Redis (optional)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
183 -----------------------------------------------
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
184
6819
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
185 You can store your ephemeral data in a Redis database. This
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
186 provides significantly better performance for ephemeral data
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
187 than SQLite or dbm files. See the section `Using Redis for
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
188 Session Databases`_ in the `administration guide`_
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
189
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
190
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
191 .. _Using Redis for Session Databases:
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
192 admin_guide.html#using-redis-for-session-databases
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
193
6930
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
194 New SQLite databases created with WAL mode journaling (optional)
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
195 ----------------------------------------------------------------
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
196
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
197 By default, SQLite databases use a rollback journal when
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
198 writing an update. The rollback journal stores a copy of the
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
199 data from before the update. One downside of this is that
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
200 all reads have to be suspended while a write is
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
201 occurring. SQLite has an alternate way of insuring ACID
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
202 compliance by using a WAL (write ahead log) journal.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
203
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
204 Version 2.3.0 of Roundup, creates new SQLite databases using
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
205 WAL journaling. With WAL, a writer does not block readers
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
206 and readers do not block writing an update. This keeps
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
207 Roundup accessible even under a heavy write load (e.g. when
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
208 bulk loading data or automated updates via REST).
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
209
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
210 If you want to convert your existing SQLite db to WAL mode:
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
211
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
212 1. check the current journal mode on your database
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
213 using::
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
214
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
215 sqlite3 <tracker_home>/db/db "pragma journal_mode;"
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
216
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
217 2. If it returns ``delete``, change it to WAL mode using::
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
218
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
219 sqlite3 <tracker_home>/db/db "pragma journal_mode=WAL;"
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
220
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
221 3. verify by running the command in step 1 again and you
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
222 should get ``wal``.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
223
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
224 If you are using SQLite for session and otk databases,
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
225 perform the same steps replacing ``db`` with ``db-session``
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
226 and ``db-otk``.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
227
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
228 If you find WAL mode is not working for you, you can set the
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
229 journal method to a rollback journal (``delete`` mode) by
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
230 using step 2 and replacing ``wal`` with ``delete``. (Note:
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
231 SQLite supports other journaling modes, but only ``wal`` and
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
232 ``delete`` persist. Roundup doesn't set a journaling mode
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
233 when it opens the database, so options such as ``truncate``
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
234 are not used.)
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
235
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
236 For details on WAL mode see `<https://www.sqlite.org/wal.html>`_
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
237 and `<https://www.sqlite.org/pragma.html#pragma_journal_mode>`_.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
238
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
239 Change in processing allowed_api_origins setting
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
240 ------------------------------------------------
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
241
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
242 In this release you can use both ``*`` (as the first origin) and
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
243 explicit origins in the `allowed_api_origins`` setting in
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
244 ``config.ini``. (Before it was only one or the other.)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
245
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
246 You do not need to use ``*``. If you do, it allows any client
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
247 anonymous (unauthenticated) access to the Roundup tracker. This
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
248 is the same as browsing the tracker without logging in. If they
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
249 try to provide credentials, access to the data will be denied by
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
250 `CORS`_.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
251
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
252 If you include explicit origins (e.g. \https://example.com),
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
253 users from those origins will not be blocked if they use
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
254 credentials to log in.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
255
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
256 .. _CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
257
6941
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
258 Change in processing of In-Reply_to email header
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
259 ------------------------------------------------
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
260
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
261 Messages received via email usually include a ``[issue23]``
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
262 designator in the subject line. This indicates what issue is
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
263 being updated. If the designator is missing, Roundup tries
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
264 to find the correct issue by using the in-reply-to email
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
265 header.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
266
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
267 The former code appends the new message to the first issue
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
268 found with a message matching the in-reply-to
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
269 header. Usually a message is associated with only one
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
270 issue. However nothing in Roundup requires that.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
271
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
272 In this release, the in-reply-to matching is disabled if
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
273 there are multiple issues with the same message. In this
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
274 case, subject matching is used to try to find the matching
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
275 issue.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
276
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
277 If you don't have messages assigned to multiple issues you
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
278 will see no change. If you do have multi-linked messages
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
279 this will hopefully result in better message->issue
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
280 matching.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
281
6775
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
282 .. index:: Upgrading; 2.1.0 to 2.2.0
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
283
6698
b56bd672ebbf formatting changes
John Rouillard <rouilj@ieee.org>
parents: 6688
diff changeset
284 Migrating from 2.1.0 to 2.2.0
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
285 =============================
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
286
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
287 Update your ``config.ini`` (required)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
288 -------------------------------------
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
289
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
290 Upgrade tracker's config.ini file. Use::
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
291
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
292 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
293
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
294 to generate a new ini file preserving all your settings.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
295 You can then merge any local comments from the tracker's
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
296 ``config.ini`` to ``newconfig.ini`` and replace
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
297 ``config.ini`` with ``newconfig.ini``.
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
298
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
299 Rdbms version change from 6 to 7 (required)
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
300 -------------------------------------------
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
301
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
302 This release includes two changes that require updates to the database
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
303 schema:
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
304
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
305 1. The size of words included in the Roundup FTS indexers have been
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
306 increased from 25 to 50. This requires changes to the database
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
307 columns used by the native indexer. This also affect the whoosh
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
308 and xapian indexers.
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
309 2. Some databases that include native full-text search (native-fts
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
310 indexer) searching are now supported.
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
311
6780
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
312 You should run the ``roundup-admin -i <tracker_home> migrate`` command
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
313 for all your trackers once you've installed the latest codebase.
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
314
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
315 Do this before you use the web, command-line or mail interface
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
316 and before any users access the tracker.
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
317
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
318 If successful, this command will respond with either "Tracker
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
319 updated" (if you've not previously run it on an RDBMS backend) or
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
320 "No migration action required" (if you have run it, or have used
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
321 another interface to the tracker, or are using anydbm).
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
322
6780
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
323 See `below if you want to enable native-fts searching`_.
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
324
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
325 .. _below if you want to enable native-fts searching: \
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
326 #enhanced-full-text-search-optional
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
327
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
328 The increase in indexed word length also affects whoosh and xapian
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
329 backends. You may want to run ``roundup-admin -i tracker_home
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
330 reindex`` if you want to index or search for longer words in your full
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
331 text searches. Re-indexing make take some time.
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
332
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
333 Check new login_empty_passwords setting (required)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
334 --------------------------------------------------
6684
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
335
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
336 In this version of Roundup, users with a blank password are not
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
337 allowed to login. Blank passwords have been allowed since 2002, but
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
338 2022 is a different time. If you have a use case that requires a user
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
339 to login without a password, set the ``login_empty_passwords`` setting
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
340 in the ``web`` section of ``config.ini`` to ``yes``. In
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
341 general this should be left at its default value of ``no``.
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
342
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
343 Check allowed_api_origins setting (optional)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
344 --------------------------------------------
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
345
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
346 If you are using the REST or xmlrpc api's from an origin
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
347 that is different from your roundup tracker, you will need
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
348 to add your allowed origins to the allowed_api_origins in
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
349 your updated ``config.ini``. Upgrade your ``config.ini`` as
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
350 described above then read the documentation for the setting
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
351 in ``config.ini``.
6684
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
352
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
353 Check compression settings (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
354 -------------------------------------
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
355
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
356 Read the `administration guide`_ section on `Configuring Compression`_.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
357
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
358 Upgrade your tracker's config.ini as described
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
359 above. Compare the old and new files and configure new
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
360 compression settings as you want. Then replace
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
361 ``config.ini`` with the ``newconfig.ini`` file.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
362
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
363 Search added to user index page (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
364 ------------------------------------------
6464
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
365
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
366 A search form and count of number of hits has been added to the
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
367 ``user.index.html`` template page in the classic template. You may
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
368 want to merge the search form and footer into your template.
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
369
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
370 Enhanced full-text search (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
371 ------------------------------------
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
372
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
373 SQLite's `FTS5 full-text search engine`_ is available as is
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
374 `PostgreSQL's full text search`_. Both require a schema upgrade so you
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
375 should run::
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
376
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
377 roundup-admin -i tracker_home migrate
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
378
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
379 to create FTS specific tables before restarting the roundup-web or
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
380 email interfaces.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
381
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
382 SQLite 3.9.0+ or PostgreSQL 11.0+ are required to use this feature.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
383 When using SQLite, all full text search fields will allow searching
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
384 using the MATCH query format described at:
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
385 https://www.sqlite.org/fts5.html#full_text_query_syntax. When using
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
386 PostgreSQL either the websearch_to_tsquery or to_tsquery formats
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
387 described on
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
388 https://www.postgresql.org/docs/14/textsearch-controls.html#TEXTSEARCH-PARSING-QUERIES
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
389 can be used. The default is websearch. Prefixing the search with
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
390 ``ts:`` enables tsquery mode.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
391
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
392 A list of words behaves almost the same as the default text search
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
393 (`native`). So the search string `fts search` will find all issues
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
394 that have both of those words (an AND search) in a text-field (like
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
395 title) or in a message (or file) attached to the issue.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
396
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
397 One thing to note is that native-fts searches do not ignore words
6613
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
398 longer than 50 characters or less than 2 characters. Also SQLite does
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
399 not filter out common words (i.e. there is no stopword list). So words
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
400 like "and", "or", "then", "with" ... are included in the FTS5 search.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
401
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
402 You must explicitly enable this search mechanism by changing the
6613
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
403 ``indexer`` setting in ``config.ini`` to ``native-fts``. Native-fts
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
404 must be explicitly chosen. This is different from Xapian or Whoosh
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
405 indexers, which are chosen if they are installed in the Python
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
406 environment. This prevents the existing native indexing from being
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
407 discarded if ``indexer`` is not set.
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
408
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
409 Next re-index your data with ``roundup-admin -i tracker_home
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
410 reindex``. This can take a while depending on the size of the tracker.
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
411
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
412 You may want to update your ``config.ini`` by following the directions
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
413 above to get the latest documentation.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
414
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
415 See the `administration guide notes on native-fts`_ for further details.
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
416
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
417 Adding error reporting templates (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
418 -------------------------------------------
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
419
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
420 Currently some internal errors result in a bare html page with an
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
421 error message. The usual chrome supplied by page.html is not shown.
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
422 For example query language syntax errors for full text search methods
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
423 will display a bare HTML error page.
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
424
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
425 If you add an ``_generic.400.html`` template to the html directory, you
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
426 can display the error inside of the layout provided by the ``page.html``
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
427 template. This can make fixing the error and navigation easier. You
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
428 can use the ``_generic.404.html`` template to create a
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
429 ``_generic.400.html`` by modifying the title and body text. You can test
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
430 the 400 template by appending ``@template=400`` to the url for the
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
431 tracker.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
432
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
433 Change passwords using crypt module (optional)
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
434 ----------------------------------------------
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
435
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
436 The crypt module is being removed from the standard library. Any
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
437 stored password using crypt encoding will fail to verify once the
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
438 crypt module is removed (expected in Python 3.13 see
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
439 pep-0594). Automatic migration of passwords (if enabled in config.ini)
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
440 re-encrypts old passwords using something other than crypt if a user
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
441 logs in using the web interface.
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
442
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
443 You can find users with passwords still encrypted using crypt by
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
444 running::
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
445
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
446 roundup-admin -i <tracker_home> table password,id,username
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
447
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
448 Look for lines starting with ``{CRYPT}``. You can reset the user's
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
449 password using::
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
450
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
451 roundup-admin -i <tracker_home>
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
452 roundup> set user16 password=somenewpassword
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
453
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
454 changing ``16`` to the id in the second column of the table output.
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
455 The example uses interactive mode (indicated by the ``roundup>``
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
456 prompt). This prevents the new password from showing up in the output
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
457 of ps or shell history. The new password will be encrypted using the
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
458 default encryption method (usually pbkdf2).
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
459
6747
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
460 Enable performance improvement for wsgi mode (optional)
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
461 -------------------------------------------------------
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
462
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
463 There is an experimental wsgi performance improvement mode that caches
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
464 the loaded roundup instance. This eliminates disk reads that are
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
465 incurred on each connection. In one report it improves speed by a
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
466 factor of 2 to 3 times. To enable this you should add a feature flag
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
467 to your Roundup wsgi wrapper (see the file
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
468 ``.../share/frontends/wsgi.py``) so it looks like::
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
469
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
470 feature_flags = { "cache_tracker": "" }
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
471 app = RequestDispatcher(tracker_home, feature_flags=feature_flags)
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
472
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
473 to enable this mode. Note that this is experimental and was added
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
474 during the 2.2.0 beta period, so it is enabled using a feature flag.
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
475 If you use this and it works for you please followup with an email to
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
476 the roundup-users at lists.sourceforge.net mailing list so we can
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
477 enable it by default in a future release.
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
478
6753
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
479
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
480 Hide submit button during readonly use of _generic.item.html (optional)
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
481 -----------------------------------------------------------------------
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
482
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
483 The submit button in _generic.item.html always shows up even when the
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
484 user doesn't have edit perms. Change the ``context/submit`` html to
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
485 read::
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
486
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
487 <td colspan=3 tal:content="structure context/submit"
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
488 tal:condition="context/is_edit_ok">
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
489
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
490 in your TAL based templates. The ``jinja2`` based templates are
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
491 missing this file, but if you implemented one you want to surround the
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
492 jinja2 code with::
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
493
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
494 {% if context.is_view_ok() %}
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
495 <submit button code here>
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
496 {% endif %}
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
497
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
498
6775
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
499 .. index:: Upgrading; 2.0.0 to 2.1.0
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
500
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
501 Migrating from 2.0.0 to 2.1.0
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
502 =============================
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
503
6434
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
504 Rdbms version change from 5 to 6 (**)
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
505 -------------------------------------
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
506
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
507 To fix an issue with importing databases, the database has to be
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
508 upgraded for rdbms backends.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
509
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
510 You should run the ``roundup-admin migrate`` command for your
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
511 tracker once you've installed the latest codebase.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
512
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
513 Do this before you use the web, command-line or mail interface
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
514 and before any users access the tracker.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
515
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
516 If successful, this command will respond with either "Tracker
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
517 updated" (if you've not previously run it on an RDBMS backend) or
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
518 "No migration action required" (if you have run it, or have used
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
519 another interface to the tracker, or are using anydbm).
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
520
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
521 This only changes the schema for the mysql backend. It has no
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
522 effect other than upgrading the revision on other rdbms backends.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
523
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
524 On the mysql backend it creates the database index that makes
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
525 sure the key field for your class is unique.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
526
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
527 If your update/migration fails, you will see an::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
528
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
529 IntegrityError: (1062, "Duplicate entry '0-NULL' for key '_user_key_retired_idx'")
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
530
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
531 it means you have two non-retired members of the class with the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
532 same key field. E.G. two non-retired users with the same
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
533 username.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
534
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
535 Debug this using roundup-admin using the list command. For
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
536 example dump the user class by the key field ``username``::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
537
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
538 $ roundup-admin -i <tracker_home> list user username
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
539 1: admin
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
540 2: anonymous
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
541 3: demo
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
542 4: agent
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
543 5: provisional
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
544 6: foo@example.com
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
545 7: dupe
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
546 8: dupe
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
547 ...
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
548
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
549 then search the usernames for duplicates. Once you have
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
550 identified the duplicate username (``dupe`` above), you should
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
551 retire the other active duplicates or change the username for the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
552 duplicate. To retire ``7: dupe``, you run::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
553
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
554 roundup-admin -i <tracker_home> retire user7
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
555
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
556 (use ``restore user7`` if you retired the wrong item). If you
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
557 want to rename the entry use::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
558
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
559 roundup-admin -i <tracker_home> set user7 username=dupe1
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
560
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
561 Keep doing this until you have no more duplicates. Then run the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
562 update/migrate again.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
563
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
564 If you have duplicate non-retired entries in your database,
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
565 please email roundup-users at lists.sourceforge.net. We are
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
566 interested in how many issues this has caused. Duplicate creation
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
567 should occur only when two or more mysql processes run in
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
568 parallel and both of them creating an item with the same key. So
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
569 this should be a rare event. The internal duplicate prevention
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
570 checks should work in other cases.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
571
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
572 For the nerds: if you had a new installation that was created at
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
573 version 5, the uniqueness of a key was not enforced at the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
574 database level. If you had a database that was at version 4 and
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
575 then upgraded to version 5 you have the uniqueness enforcing
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
576 constraint. Running migrate updates to schema version 6 and installs
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
577 the unique index constraint if it is missing.
6434
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
578
6378
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
579 Setuptools is now required to install
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
580 -------------------------------------
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
581
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
582 Roundup install now uses setuptools rather than distutils. You must
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
583 install setuptools. Use the version packgaged by your OS vendor. If
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
584 your OS vendor doesn't supply setuptools use ``pip install
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
585 setuptools``. (You may need pip3 rather than pip if using python3.)
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
586
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
587 Define Authentication Header
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
588 ----------------------------
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
589
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
590 The web server in front of roundup (apache, nginx) can perform user
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
591 authentication. It can pass the authenticated username to the backend
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
592 in a variable. By default roundup looks for the ``REMOTE_USER``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
593 variable. This can be changed by setting the parameter
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
594 ``http_auth_header`` in the ``[web]`` section of the tracker's
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
595 ``config.ini`` file to a different value. The value is case sensitive.
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
596 If the value is unset (the default) the REMOTE_USER variable is used.
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
597
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
598 If you are running roundup using ``roundup-server`` behind a proxy
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
599 that authenticates the user you need to configure ``roundup-server``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
600 to pass the HTTP header with the authenticated username to the
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
601 tracker. By default ``roundup-server`` looks for the ``REMOTE_USER``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
602 header for the authenticated user. You can copy an arbitrary header
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
603 variable to the tracker using the ``-I`` option to roundup-server (or
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
604 the equivalent option in the roundup-server config file).
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
605
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
606 For example to use the ``uid_variable`` header, two configuration
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
607 changes are needed: First configure ``roundup-server`` to pass the
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
608 header to the tracker using::
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
609
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
610 roundup-server -I uid_variable ....
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
611
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
612 note that the header is passed exactly as supplied by the upstream
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
613 server. It is **not** prefixed with ``HTTP_`` like other headers since
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
614 you are explicitly allowing the header. Multiple comma separated
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
615 headers can be passed to the ``-I`` option. These could be used in a
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
616 detector or other tracker extensions, but only one header can be used
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
617 by the tracker as an authentication header.
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
618
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
619 To make the tracker honor the new variable changing the tracker
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
620 ``config.ini`` to read::
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
621
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
622 [web]
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
623 ...
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
624 http_auth_header = uid_variable
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
625
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
626 At the time this is written, support is experimental. If you use it
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
627 you should notify the roundup maintainers using the roundup-users
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
628 at lists.sourceforge.net mailing list.
6378
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
629
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
630 Classname Format Enforced
6290
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
631 -------------------------
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
632
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
633 Check schema.py and look at all Class(), IssueClass(), FileClass()
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
634 calls. The second argument is the classname. All classnames must:
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
635
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
636 * start with an alphabetic character
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
637 * consist of alphanumerics and '_'
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
638 * not end with a digit
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
639
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
640 this was not enforced before. Using non-standard classnames could lead
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
641 to other issues.
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
642
6290
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
643 jQuery updated with updates to user.help.html
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
644 ---------------------------------------------
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
645
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
646 The devel and responsive templates shipped with an old version of
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
647 jQuery with some security issues. It has been updated to the current
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
648 version: 3.5.1. If your tracker is based on one of these templates
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
649 (see the ``TEMPLATE-INFO.txt`` file in your tracker), remove the old
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
650 ``html/jquery.js`` file from your tracker and copy the new
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
651 ``jquery-3.5.1.js`` file from the template directory to your tracker's
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
652 ``html`` directory. Also copy in the new ``user.help.html`` file. It now
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
653 references the new ``jquery-3.5.1.js`` file and also fixes a bug that
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
654 prevented applying the change from the helper to the field on the main
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
655 form.
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
656
6393
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
657 Roundup-admin security stops on incorrect properties
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
658 ----------------------------------------------------
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
659
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
660 The ``roundup-admin ... security`` command used to continue
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
661 running through the rest of the security roles after reporting a
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
662 property error. Now it stops after reporting the incorrect property.
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
663
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
664 If run non-interactively, it exits with status 1. It can now be
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
665 used in a startup script to detect permission errors.
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
666
6418
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
667 Futureproof devel and responsive timezone selection extension
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
668 -------------------------------------------------------------
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
669
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
670 The devel and responsive (derived from devel) templates use a select
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
671 control to list all available timezones when pytz is used. It
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
672 sanitizes the data using cgi.escape. Cgi.escape is deprecated and
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
673 removed in newer pythons. Change your ``extensions/timezone.py``
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
674 file by applying the following patch manually::
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
675
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
676
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
677 -import cgi
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
678 +try:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
679 + from html import escape
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
680 +except ImportError:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
681 + from cgi import escape
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
682
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
683 try:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
684 import pytz
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
685 @@ -25,7 +28,7 @@
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
686 s = ' '
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
687 if zone == value:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
688 s = 'selected=selected '
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
689 - z = cgi.escape(zone)
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
690 + z = escape(zone)
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
691
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
692 See https://issues.roundup-tracker.org/issue2551136 for more details.
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
693
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
694 .. index:: Upgrading; 1.6.x to 2.0.0
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
695
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
696 Migrating from 1.6.X to 2.0.0
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
697 =============================
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
698
6174
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
699 .. index:: roundup-admin; updateconfig subcommand
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
700
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
701
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
702 Python 2 MYSQL users MUST READ
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
703 ------------------------------
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
704
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
705 To fix issues with encoding of data and text searching, roundup now
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
706 explicitly sets the database connection character set. Roundup prior
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
707 to 2.0 used the default character set which was not always utf-8. All
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
708 roundup data is manipulated in utf-8. This mismatch causes issues with
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
709 searches and result in corrupted data in the database if it was not
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
710 properly represented across the charset conversions.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
711
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
712 This issue exists when running roundup under python 2. Note that there
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
713 are more changes required for running roundup 2.0 if you choose to use
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
714 python3. See `Python 3 support`_.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
715
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
716 In an upgraded ``config.ini`` (see next section) the ``[rdbms]``
6333
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
717 section has a key ``mysql_charset`` set by default to ``utf8mb4``.
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
718
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
719 It should be possible to change ``utf8mb4`` to any mysql charset. So
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
720 if you know what charset is enabled (e.g. via a setting in ~roundup/.my.cnf,
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
721 or the default charset for the database) you can set it in
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
722 ``config.ini`` and not need to covert the database. However the
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
723 underlying issues with misconverted data and bad searches will still
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
724 exist if they did before.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
725
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
726 None of the roundup developers run mysql, so the exact steps to take
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
727 during the upgrade were tested with test and not production databases.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
728
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
729 **Before doing anything else:**
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
730
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
731 Backup the mysql database using mysql dump or other mysql
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
732 supported tool.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
733
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
734 Backup roundup using your current backup tool and take the roundup
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
735 instance offline.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
736
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
737 Then the following steps (similar to the conversion in needed for
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
738 Python 3) should work:
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
739
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
740 1. Export the tracker database
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
741 using your **current** 1.6 instance::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
742
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
743 roundup-admin -i <trackerdir> exporttables <export_dir>
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
744
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
745 replacing tracker_dir and export_dir as appropriate.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
746
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
747 2. Import the exported database using the **new** 2.0 roundup::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
748
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
749 roundup-admin -i <trackerdir> importtables <export_dir>
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
750
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
751 replacing tracker_dir and export_dir as appropriate.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
752
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
753 The imported data should overwrite the original data. Note it is
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
754 critically important that the ``exporttables`` be done with the *old
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
755 tracker* and the ``importtables`` be done with the *new tracker*. An
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
756 import/export cycle between roundup 1.6.0 and roundup 2.0 has been
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
757 done successfully. So the export format for 1.6 and 2.0 should be
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
758 compatible.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
759
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
760 Note that ``importtables`` is new in roundup-2.0, so you will not be
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
761 able to import the result of ``exporttables`` using any 1.x version of
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
762 roundup.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
763
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
764 Following the same sequence as above using ``export`` and ``import``
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
765 should also work, but it will export all the files and messages. This
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
766 will take longer but may be worth trying if the ``exporttables`` and
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
767 ``importtables`` method fails for some reason.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
768
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
769 Another way that should be faster, but is untested is to use mysql
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
770 dump to dump the database.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
771 https://makandracards.com/makandra/595-dumping-and-importing-from-to-mysql-in-an-utf-8-safe-way
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
772 recommends::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
773
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
774 Note that when your MySQL server is not set to UTF-8 you need to do
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
775 mysqldump --default-character-set=latin1 (!) to get a correctly
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
776 encoded dump. In that case you will also need to remove the SET
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
777 NAMES='latin1' comment at the top of the dump, so the target machine
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
778 won't change its UTF-8 charset when sourcing.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
779
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
780 Then import the dump. Removing ``SET NAMES`` should allow the import
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
781 to use UTF-8.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
782
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
783 Please report success or issues with this conversion to the
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
784 roundup-users AT lists.sourceforge.net mailing list.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
785
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
786 As people report successful or unsuccessful conversions, we will update
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
787 the errata page at: https://wiki.roundup-tracker.org/ReleaseErrata.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
788
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
789 Upgrade tracker's config.ini file
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
790 ---------------------------------
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
791
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
792 Once you have installed the new roundup, use::
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
793
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
794 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
795
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
796 to generate a new ini file preserving all your settings. You can then
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
797 merge any local comments from the tracker's ``config.ini`` into
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
798 ``newconfig.ini``. Compare the old and new files and configure any new
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
799 settings as you want. Then replace ``config.ini`` with the
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
800 ``newconfig.ini`` file.
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
801
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
802 Python 3 support
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
803 ----------------
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
804
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
805 Many of the ``.html`` and ``.py`` files from Roundup that are copied
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
806 into tracker directories have changed for Python 3 support. If you
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
807 wish to move an existing tracker to Python 3, you need to merge in
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
808 those changes. Also you need to make sure that locally created python
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
809 code in the tracker is correct for Python 3.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
810
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
811 If your tracker uses the ``anydbm`` or ``mysql`` backends, you also
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
812 need to export the tracker contents using ``roundup-admin export``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
813 running under Python 2, and them import them using ``roundup-admin
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
814 import`` running under Python 3. This is detailed in the documention
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
815 for migrating to a different backend. If using the ``sqlite`` backend,
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
816 you do not need to export and import, but need to delete the
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
817 ``db/otks`` and ``db/sessions`` files when changing Python version.
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
818 If using the ``postgresql`` backend, you do not need to export and
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
819 import and no other special database-related steps are needed.
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
820
5967
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
821 If you use the whoosh indexer, you will need to reindex. It looks like
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
822 a database created with Python 2 leads to Unicode decode errors when
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
823 accessed by Python 3. Reindexing can take a while (see details below
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
824 look for "reindexing").
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
825
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
826 Octal values in config.ini change from the Python 2 representation
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
827 with a leading ``0`` (``022``). They now use a leading ``0o``
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
828 (``0o22``). Note that the ``0o`` format is properly handled under
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
829 python 2. You can use the ``newconfig.ini`` generated using ``python3
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
830 roundup-admin -i ... updateconfig newconfig.ini`` if you want to go
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
831 back to using python 2. (Note going back to Python 2 will require
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
832 the same steps as moving from 2 to 3 except using Python 3 to perform
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
833 the export.)
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
834
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
835 Rate Limit New User Registration
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
836 --------------------------------
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
837
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
838 The new user registration form can be abused by bots to allow
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
839 automated registration for spamming. This can be limited by using the
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
840 new ``config.ini`` ``[web]`` option called
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
841 ``registration_delay``. The default is 4 and is the number of seconds
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
842 between the time the form was generated and the time the form is
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
843 processed.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
844
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
845 If you do not modify the ``user.register.html`` template in your
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
846 tracker's html directory, you *must* set this to 0. Otherwise you will
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
847 see the error:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
848
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
849 Form is corrupted, missing: opaqueregister.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
850
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
851 If set to 0, the rate limit check is disabled.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
852
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
853 If you want to use this, you can change your ``user.register.html``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
854 file to include::
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
855
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
856 <input type="hidden" name="opaqueregister" tal:attributes="value python: utils.timestamp()">
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
857
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
858 The hidden input field can be placed right after the form declaration
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
859 that starts with::
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
860
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
861 <form method="POST" onSubmit="return submit_once()"
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
862
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
863 If you have applied Erik Forsberg's tracker level patch to implement
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
864 (see: https://hg.python.org/tracker/python-dev/rev/83477f735132), you
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
865 can back the code out of the tracker. You must change the name of the
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
866 field in the html template to ``opaqueregistration`` from ``opaque``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
867 in order to use the core code.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
868
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
869 PGP mail processing
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
870 -------------------
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
871
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
872 Roundup now uses the ``gpg`` module instead of ``pyme`` to process PGP
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
873 mail. If you have PGP processing enabled, make sure the ``gpg``
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
874 module is installed.
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
875
5510
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
876 MySQL client module
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
877 -------------------
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
878
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
879 Although the ``MySQLdb`` module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
880 https://pypi.org/project/MySQL-python/ is still supported, it is
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
881 recommended to switch to the updated module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
882 https://pypi.org/project/mysqlclient/.
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
883
5879
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
884 XMLRPC Access Role
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
885 ------------------
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
886
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
887 A new permission has been added to control access to the XMLRPC
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
888 endpoint. If the user doesn't have the new "Xmlrpc Access" permission,
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
889 they will not be able to log in using the /xmlrpc end point. To add
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
890 this new permission to the "User" role you should change your
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
891 tracker's schema.py and add::
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
892
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
893 db.security.addPermissionToRole('User', 'Xmlrpc Access')
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
894
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
895 This is usually included near where other permissions like "Web Access"
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
896 or "Email Access" are assigned.
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
897
5881
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
898 New values for db.tx_Source
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
899 ---------------------------
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
900
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
901 The database attribute tx_Source reports "xmlrpc" and "rest" when the
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
902 /xmlrpc and /rest web endpoints are used. Check all code (extensions,
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
903 detectors, lib) in trackers looking for tx_Source. If you have code
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
904 like::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
905
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
906 if db.tx_Source == "web":
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
907
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
908 or::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
909
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
910 if db.tx_Source in ['web', 'email-sig-openpgp', 'cli' ]:
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
911
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
912 you may need to change these to include matches to "rest" and
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
913 "xmlrpc". For example::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
914
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
915 if db.tx_Source in [ "web", "rest", "xmlrpc" ]
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
916
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
917 or::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
918
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
919 if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]:
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
920
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
921
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
922 CSV export changes
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
923 ------------------
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
924
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
925 The original Roundup CSV export function for indexes reported id
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
926 numbers for links. The wiki had a version that resolved the id's to
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
927 names, so it would report ``open`` rather than ``2`` or
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
928 ``user2;user3`` rather than ``[2,3]``.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
929
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
930 Many people added the enhanced version to their extensions directory.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
931
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
932 The enhanced version was made the default in roundup 2.0. If you want
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
933 to use the old version (that returns id's), you can replace references
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
934 to ``export_csv`` with ``export_csv_id`` in templates.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
935
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
936 Both core csv export functions have been changed to force quoting of
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
937 all exported fields. To incorporate this change in any CSV export
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
938 extension you may have added, change references in your code from::
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
939
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
940 writer = csv.writer(wfile)
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
941
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
942 to::
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
943
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
944 writer = csv.writer(wfile, quoting=csv.QUOTE_NONNUMERIC)
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
945
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
946 this forces all (non-numeric) fields to be quoted and empty quotes to
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
947 be added for missing parameters.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
948
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
949 This turns exported values that may look like formulas into strings so
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
950 some versions of Excel won't try to interpret them as a formula.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
951
5958
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
952 Update userauditor.py to restrict usernames
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
953 -------------------------------------------
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
954
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
955 A username can be created with embedded commas and < and >
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
956 characters. Even though the < and > are usually escaped when
5958
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
957 displayed, the embedded comma makes it difficult to edit lists of
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
958 users as they are comma separated.
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
959
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
960 If you have not modified your tracker's userauditor.py, you can just
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
961 copy the userauditor.py from the classic template into your tracker's
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
962 detectors directory. Otherwise merge the changes from the template
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
963 userauditor.py. https://issues.roundup-tracker.org/issue2550921 may be
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
964 helpful.
5881
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
965
5967
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
966 Consider reindexing if you use European languages
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
967 -------------------------------------------------
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
968
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
969 A couple of bugs dealing with incorrect indexing of European languages
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
970 (Russian and German were reported) have been fixed. Note reindexing
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
971 all your data may take a long time. See:
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
972 https://issues.roundup-tracker.org/issue1195739 and
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
973 https://issues.roundup-tracker.org/issue1344046 for a description of
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
974 the problem. If you determine that this a problem for your tracker,
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
975 you can use::
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
976
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
977 roundup-admin -i /path/to/tracker reindex
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
978
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
979 to rewrite your full text indexes. The tracker used for reindex timing
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
980 had 140MB of file/message data and 2500 issues with a slow 5400RPM
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
981 SATA drive. Using native indexing with sqlite took about 45
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
982 minutes. Using whoosh took about 2 hours. Using xapian took about 6
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
983 hours. All examples were with Python 2. Anecdotal evidence shows
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
984 Python 3 is faster, but YMMV.
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
985
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
986 Merge improvements in statusauditor.py
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
987 --------------------------------------
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
988
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
989 By default the detector statusauditor.py will change the status from
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
990 "unread" to "chatting" when a second message is added to an issue.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
991 The distributed classic and jinja templates implement this feature in
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
992 their copies of ``detectors/statusauditor.py``.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
993
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
994 This can be a problem. Consider a person sending email to create an
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
995 issue. Then the person sends a followup message to add some additional
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
996 information to the issue. The followup message will trigger the status
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
997 change from "unread" to "chatting". This is misleading since the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
998 person is "chatting" with themselves.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
999
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1000 Statusauditor.py has been enhanced to prevent the status from changing
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1001 to "chatting" until a second user (person) adds a message. If you
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1002 want this functionality, you need to merge the distributed
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1003 statusauditor.py with your tracker's statusauditor.py. If you have not
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1004 customized your tracker's statusauditor.py, copy the one from the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1005 distibuted template. In addition to the python file, you also must
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1006 copy/merge the distributed ``detectors/config.ini`` into your
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1007 tracker's detectors directory. Most people can copy
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1008 ``detectors/config.ini`` from the distributed templates as they won't
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1009 have a ``detectors/config.ini`` file. (Note this is
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1010 ``detectors/config.ini`` do not confuse it with the main
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1011 ``config.ini`` file at the root of the tracker home.)
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1012
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1013 This enhancement is disabled by default. Enable it by changing the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1014 value in ``detectors/config.ini`` from:
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1015
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1016 chatting_requires_two_users = False
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1017
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1018 to
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1019
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1020 chatting_requires_two_users = True
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1021
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1022 (the values ``no`` and ``yes`` can also be used). Restart the tracker
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1023 to enable the change.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1024
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1025 If you don't do this quite right you will see one of two error
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1026 messages in the web interface when you try to update an issue with a
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1027 message::
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1028
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1029 Edit Error: Unsupported configuration option: Option
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1030 STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS not found in
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1031 detectors/config.ini.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1032 Contact tracker admin to fix.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1033
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1034 This happens if detectors/config.ini is not found or is missing the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1035 ``chatting_requires_two_users`` option in the ``statusauditor``
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1036 section.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1037
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1038 If you have an incorrect value (say you use ``T`` rather than
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1039 ``True``) you see a different error::
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1040
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1041 Edit Error: Invalid value for
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1042 DETECTOR::STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS: 'T'
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1043 Allowed values: yes, no
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1044
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1045 to fix this set the value to ``yes`` (True) or ``no`` (False).
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1046
5990
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
1047 Responsive template changes
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
1048 ---------------------------
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
1049
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
1050 There have been some changes to the responsive template. You can
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1051 diff/merge these changes into your responsive template based tracker.
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1052
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1053 Jinja template changes
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1054 ----------------------
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1055
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1056 Auto escaping has been enabled in the jinja template engine, this
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1057 means it is no longer necessary to manually escape dynamic strings
6128
c75d0f27a10a doc fix escape perceived test substitution
John Rouillard <rouilj@ieee.org>
parents: 6055
diff changeset
1058 with "\|e", but strings that should not be escaped need to be marked
c75d0f27a10a doc fix escape perceived test substitution
John Rouillard <rouilj@ieee.org>
parents: 6055
diff changeset
1059 with "\|safe" (e.g. "{{ context.history()|u|safe }}"). Also, the i18n
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1060 extension has been enabled and the template has been updated to use
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1061 the extension for translatable text instead of explicit "i18n.gettext"
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1062 calls:
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1063
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1064 {% trans %}List of issues{% endtrans %}
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1065
6128
c75d0f27a10a doc fix escape perceived test substitution
John Rouillard <rouilj@ieee.org>
parents: 6055
diff changeset
1066 instead of:
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1067
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1068 {{ i18n.gettext('List of issues')|u }}
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1069
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1070 The jinja template has been upgraded to use bootstrap 4.1.3 (from
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1071 2.2.2). You can diff/merge changes into your jinja template based
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1072 tracker.
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1073
5994
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1074 Also search _generic.index.html, navigation.html and file.index.html
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1075 in the html directory of your tracker. Look for::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1076
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1077 <input type="hidden" name="@action"
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1078
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1079 where the value is a jinja expression that calls i18n.gettext. Set the
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1080 value to the argument of the gettext call. E.G. replace::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1081
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1082 <input type="hidden" name="@action" value="{{ i18n.gettext('editCSV')|u }}">
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1083
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1084 with::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1085
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1086 <input type="hidden" name="@action" value="editCSV">
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1087
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1088 The action keywords should not be translated.
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1089
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
1090 .. index:: Upgrading; 1.5.1 to 1.6.0
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
1091
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1092 Migrating from 1.5.1 to 1.6.0
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1093 =============================
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1094
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1095 Update tracker config file
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1096 --------------------------
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1097
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1098 After installing the new version of roundup, you should
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1099 update the ``config.ini`` file for your tracker. To do this:
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1100
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1101 1. backup your existing ``config.ini`` file
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1102 2. using the newly installed code, run::
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1103
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1104 roundup-admin -i /path/to/tracker updateconfig config.ini.new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1105
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1106 to create the file config.ini.new. Replace
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1107 ``/path/to/tracker`` with the path to your tracker.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1108 3. replace your tracker's config.ini with config.ini.new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1109
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1110 Using updateconfig keeps all the settings from your
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1111 tracker's config.ini file and adds settings for all the new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1112 options.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1113
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1114 If you have added comments to your original config.ini file,
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1115 merge the added comments into the config.ini.new file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1116 replace your tracker's config.ini with config.ini.new.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1117
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1118 Read the new config.ini and configure it to enable new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1119 features. Details on using these features can be found in
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1120 this section.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1121
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1122 Make sure that user can view labelprop on classes (REQUIRED)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1123 ------------------------------------------------------------
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1124
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1125 If you have View permissions that use ```properties=...```,
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1126 make sure that the labelprop for the class is listed in the
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1127 properties list.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1128
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1129 The first one of these that exists must must be in the list:
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1130
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1131 1. the property set by a call to setlabelprop for the class
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1132 2. the key of the class (as set by setkey())
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1133 3. the "name" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1134 4. the "title" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1135
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1136 if none of those apply, you must allow
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1137
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1138 * the "id" property
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1139
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1140 E.G. If your class does a setlabelprop("foo") you must include "foo"
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1141 in the properties list even if the class has name or title properties.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1142
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1143 See:
6265
b2eb59ada444 Replace http:....roundup-tracker.org with https. Also fix wiki links.
John Rouillard <rouilj@ieee.org>
parents: 6248
diff changeset
1144 https://www.roundup-tracker.org/docs/customizing.html#setlabelprop-property
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1145 for further details on the labelprop.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1146
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1147 If you don't do this, you will find that multilinks (and possibly
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1148 links) may not be displayed properly. E.G. templates that iterate over
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1149 a mutlilink field (with tal:repeat for example) may not show any
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1150 content.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1151
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1152 See: https://sourceforge.net/p/roundup/mailman/message/35763294/
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1153 for the initial discussion of the issue.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1154
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1155 Cross Site Request Forgery Detection Added
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1156 ------------------------------------------
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1157
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1158 Roundup 1.6. supports a number of defenses against CSRF.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1159
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1160 Http header verification against the tracker's ``web``
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1161 setting in the ``[tracker]`` section of config.ini for the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1162 following headers:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1163
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1164 1. Analyze the ``Referer`` HTTP header to make sure it
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1165 includes the web setting.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1166 2. Analyze the ``Origin`` HTTP header to make sure the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1167 schema://host matches the web setting.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1168 3. Analyze the ``X-Forwarded-Host`` header set by a proxy
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1169 running in front of roundup to make sure it agrees with
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1170 the host part of the web setting.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1171 4. Analyze the ``Host`` header to make sure it agrees with
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1172 the host part of the web setting. This is not done if
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1173 ``X-Forwarded-Host`` is set.
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1174
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1175 By default roundup 1.6 does not require any specific header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1176 to be present. However at least one of the headers above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1177 *must* pass validation checks (usually ``Host`` or
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1178 ``Referer``) or the submission is rejected with an error.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1179 If any header fails validation, the submission is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1180 rejected. (Note the user's form keeps all the data they
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1181 entered if it was rejected.)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1182
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1183 Also the admin can include unique csrf tokens for all forms
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1184 submitted using the POST method. (Delete and put methods are also
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1185 included, but not currently used by roundup.) The csrf
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1186 token (nonce) is tied to the user's session. When the user
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1187 submits the form and nonce, the nonce is checked to make
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1188 sure it was issued to the user and the same session. If this
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1189 is not true the post is rejected and the user is notified.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1190
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1191 The standard context/submit templating item creates CSRF tokens by
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1192 default. If you have forms using the POST method that are not using
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1193 the standard submit routine, you should add the following field to all
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1194 forms:
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1195
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1196 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1197 tal:attributes="value python:utils.anti_csrf_nonce()">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1198
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1199 A unique random token is generated by every call to
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1200 utils.anti_csrf_nonce() and is put in a database to be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1201 retreived if the token is used. Token lifetimes are 2 weeks
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1202 by default but can be configured in config.ini. Roundup will
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1203 automatically prune old tokens. Calling anti_csrf_nonce with
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1204 an integer lifetime, for example:
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1205
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1206 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1207 tal:attributes="value python:utils.anti_csrf_nonce(lifetime=10)">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1208
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1209 sets the lifetime of that nonce to 10 minutes.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1210
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1211 If you want to change the default settings, you have to
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1212 update the web section in your tracker's config.ini file. Follow the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1213 section above to generate an updated config.ini file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1214 look for settings that start with csrf. The updated config.ini
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1215 file includes detailed descriptions of the settings.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1216
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1217 In general one of four values can be set for these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1218 settings. The default is ``yes``, which validates the header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1219 or nonce and blocks access if the validation fails. If the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1220 field/header is missing it allows access. Setting these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1221 fields to ``required`` blocks access if the header/nonce is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1222 missing.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1223
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1224 It is recommended that you change your templates so every form
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1225 that is not submitted via GET has an @csrf field. Then change
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1226 the csrf_enforce_token setting to 'required'.
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1227
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1228 Errors and Troubleshooting - @csrf in url
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1229 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1230
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1231 If you see the @csrf nonce in the URL, you have added the value to a
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1232 form that uses the GET method. You should remove the @csrf token from
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1233 these forms as it is not needed.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1234
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1235 Errors and Troubleshooting - AttributeError list object no attribute value
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1236 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1237 If you get an error:
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1238
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1239 AttributeError: 'list' object has no attribute 'value'
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1240
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1241 in handle_csrf, you have more than one @csrf token for the form. This
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1242 usually occurs because the form uses the standard context/submit
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1243 element but you also added an explicit @csrf statement. Simply remove
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1244 the @csrf element for that form.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1245
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1246 Errors and Troubleshooting - xmlrpc Required Header Missing
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1247 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6768
15238a434368 formatting fixes.
John Rouillard <rouilj@ieee.org>
parents: 6753
diff changeset
1248 When performing and xmlrpc call, if you see something like::
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1249
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1250 xmlrpclib.Fault: <Fault 1: "<class
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1251 'roundup.exceptions.UsageError'>:Required Header Missing">
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1252
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1253 change the setting of csrf_enforce_header_x-requested-with in
6768
15238a434368 formatting fixes.
John Rouillard <rouilj@ieee.org>
parents: 6753
diff changeset
1254 config.ini to no. So it looks like::
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1255
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1256 csrf_enforce_header_x-requested-with = no
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1257
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1258 Alternatively change your xmlrpc client to add appropriate headers to
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1259 the request including the:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1260
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1261 X-Requested-With:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1262
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1263 header as well as any other required csrf headers (e.g. referer, origin)
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1264 configured in config.ini. See the advanced python client at the end of
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1265 the `xmlrpc guide`_.
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1266
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1267 Support for SameSite cookie option for session cookie
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1268 -----------------------------------------------------
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1269
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1270 Support for serving the session cookie using the SameSite cookie option
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1271 has been added. By default it is set to lax to provide a better user
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1272 experience. But this can be changed to strict or the option can be
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1273 removed entirely.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1274
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1275 Using the process for merging config.ini changes described in
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1276 `Cross Site Request Forgery Detection Added`_ you can add the
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1277 ``samesite_cookie_setting`` to the ``[web]`` section of the config
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1278 file.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1279
5147
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1280 Fix for path traversal changes template resolution
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1281 --------------------------------------------------
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1282
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1283 The templates in the tracker's html subdirectory must not be
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1284 symbolic links that lead outside of the html directory.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1285
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1286 If you don't use symbolic links for templates in your html
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1287 subdirectory you don't have to make any changes. Otherwise you need to
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1288 replace the symbolic links with hard links to the files or replace the
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1289 symbolic links with the files.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1290
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1291 This is a side effect of fixing a path traversal security issue. The
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1292 security issue required a directory with a specific unusual name. This
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1293 made it difficult to exploit. However allowing the use of
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1294 subdirectories to organize the templates required that it be fixed.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1295
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1296
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1297 Database back end specified in config.ini (REQUIRED)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1298 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1299
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1300 The ``db/backend_name`` file is no longer used to configure the database
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1301 backend being used for a tracker. The backend is now configured in the
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1302 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1303 section. For example if ``db/backend_name`` file contains ``sqlite``, a new
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1304 entry in the tracker's ``config.ini`` will need to be created::
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1305
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1306 [rdbms]
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1307
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1308 ...
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1309
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1310 # Database backend.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1311 # Default:
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1312 backend = sqlite
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1313
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1314 Once the ``config.ini`` file has been updated with the new ``backend`` option,
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1315 you can safely delete the ``db/backend_name`` file.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1316
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1317 Note: the ``backend_name`` file may be located in a directory other than
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1318 ``db/`` if you have configured the ``database`` option in the ``[main]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1319 section of the ``config.ini`` file to be something other than ``db``.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1320
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1321 Note 2: if you are using the anydbm back end, you still set
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1322 it using the backend option in the rdbms section of the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1323 config.ini file.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1324
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1325 New config file option 'indexer' added
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1326 --------------------------------------
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1327
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1328 This release added support for the Whoosh indexer, so a new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1329 config file option has been
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1330 added. You can force Roundup to use a particular text indexer by
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1331 setting this value in the [main] section of the tracker's
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1332 ``config.ini`` file (usually placed right before indexer_stopwords)::
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1333
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1334 [main]
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1335
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1336 ...
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1337
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1338 # Force Roundup to use a particular text indexer.
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1339 # If no indexer is supplied, the first available indexer
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1340 # will be used in the following order:
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1341 # Possible values: xapian, whoosh, native (internal).
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1342 indexer =
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1343
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1344 Errors and Troubleshooting - Full text searching not working
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1345 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1346
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1347 If after the upgrade full text searching is not working try changing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1348 the indexer value. If this is failing most likely you need to set
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1349 '''indexer = native''' to use the rdbms or db text indexing systems.
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1350
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1351 Alternatively you can do a
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1352 '''roundup-admin -i /path/to/tracker reindex'''
5752
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1353 to generate a new index using roundup's preferred indexer from the
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1354 list above.
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1355
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1356 Xapian error with flint when reindexing
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1357 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1358 If you reindex and are using xapian, you may get the error that
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1359 "flint" is not supported (looks like flint was removed after xapian
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1360 1.2.x). To fix this, you can delete the full text search database
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1361 located in the tracker home directory in the file '''db/text-index'''
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1362 and then perform a reindex.
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1363
5108
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1364 Stemming improved in Xapian Indexer
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1365 -----------------------------------
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1366
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1367 Stemming allows a search for "silent" also match silently. The Porter
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1368 stemmer in Xapian works with lowercase English text. In this release we
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1369 lowercase the documents as they are put into the indexer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1370
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1371 This means capitalization is not preserved, but produces more hits by
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1372 using the stemmer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1373
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1374 You will need to do a roundup-admin reindex if you are using the
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1375 Xapian full text indexer on your tracker.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1376
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1377
5098
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1378 New config file option 'replyto_address' added
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1379 ----------------------------------------------
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1380
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1381 A new config file option has been added to let you control the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1382 Reply-To header on nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1383
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1384 Edit your tracker's ``config.ini`` and place the following after
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1385 the email entry in the tracker section::
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1386
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1387 [tracker]
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1388 ...
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1389
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1390 # Controls the reply-to header address used when sending
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1391 # nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1392 # If the value is unset (default) the roundup tracker's
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1393 # email address (above) is used.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1394 # If set to "AUTHOR" then the primary email address of the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1395 # author of the change will be used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1396 # address. This allows email exchanges to occur outside of
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1397 # the view of roundup and exposes the address of the person
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1398 # who updated the issue, but it could be useful in some
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1399 # unusual circumstances.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1400 # If set to some other value, the value is used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1401 # address. It must be a valid RFC2822 address or people will not be
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1402 # able to reply.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1403 # Default:
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1404 replyto_address =
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1405
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1406 Login from a search or after logout works better (REQUIRED)
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1407 -----------------------------------------------------------
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1408
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1409 The login form has been improved to work with some back end code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1410 changes. Now when a user logs in they stay on the same page where they
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1411 started the login. To make this work, you must change the tal that is
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1412 used to set the ``__came_from`` form variable. Note that the url
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1413 assigned to __came_from must be url encoded/quoted and be under the
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1414 tracker's base url. If the base_url uses http, you can set the url to
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1415 https.
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1416
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1417 Replace the existing code in the tracker's html/page.html page that
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1418 looks similar to (look for name="__came_from")::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1419
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1420 <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1421
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1422 with the following::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1423
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1424 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1425 tal:condition="exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1426 tal:attributes="value string:${request/base}${request/env/PATH_INFO}?${request/env/QUERY_STRING}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1427 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1428 tal:condition="not:exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1429 tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1430
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1431 Now search backwards for the nearest form statement before the code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1432 that sets __came_from. If it looks like::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1433
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1434 <form method="post" action="#">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1435
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1436 replace it with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1437
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1438 <form method="post" tal:attributes="action request/base">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1439
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1440 or with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1441
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1442 <form method="post" tal:attributes="action string:${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1443
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1444 the important part is that the action field **must not** include any query
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1445 parameters ('#' includes query params).
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1446
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1447 Errors and Troubleshooting - Unrecognized scheme in ...
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1448 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1449
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1450 One symptom of failing to do this is getting an error:
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1451
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1452 Unrecognized scheme in ....
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1453
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1454 where the .... changes depending on the url path. You can see this
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1455 when logging in from any screen other than the main index.
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1456
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1457 Option to make adding multiple keywords more convenient
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1458 -------------------------------------------------------
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1459
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1460 In the classic tracker, after adding a new keyword you are redirected
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1461 to the page for the new keyword so you can change the keyword's
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1462 name. This is usually not desirable as you usually correctly set the
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1463 keyword's name when creating the keyword. The new classic tracker has
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1464 a new checkbox (checked by default) that keeps you on the same page so
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1465 you can add a new keywords one after the other.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1466
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1467 To add this to your own tracker, add the following code (prefixed with
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1468 a +) after the entry box for the new keyword in html/keyword.item.html::
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1469
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1470 <tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1471 <th i18n:translate="">Keyword</th>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1472 <td tal:content="structure context/name/field">name</td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1473 + <td tal:condition="not:context/id">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1474 + <tal:comment tal:replace="nothing">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1475 + If we get here and do not have an id, we are creating a new
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1476 + keyword. It would be nice to provide some mechanism to
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1477 + determine the preferred state of the "Continue adding keywords"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1478 + checkbox. By default it is enabled.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1479 + </tal:comment>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1480 + <input type="checkbox" id="continue_new_keyword"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1481 + name="__redirect_to"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1482 + tal:attributes="value
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1483 + string:${request/base}${request/env/PATH_INFO}?@template=item;
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1484 + checked python:True" />
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1485 + <label for="continue_new_keyword" i18n:translate="">Continue adding keywords.</label>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1486 + </td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1487 </tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1488
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1489 Note remove the leading '+' when adding this to the templates.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1490
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1491 The key component here is support for the '__redirect_to' query
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1492 property. It is a url which can be used when creating any new item
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1493 (issue, user, keyword ....). It controls the next page displayed after
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1494 creating the item. If '__redirect_to' is not set, then you end up on
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1495 the page for the newly created item. The url value assigned to
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1496 __redirect_to must start with the tracker's base url and must be properly
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1497 url encoded.
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1498
5179
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1499 Helper popups trigger change events on the original page
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1500 --------------------------------------------------------
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1501
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1502 The helper popups used to set dates (from a calendar), change lists of
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1503 users or lists of issues did not notify the browser that the fields
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1504 had been changed. This release adds code to trigger the change event.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1505
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1506 To add the change event to the calendar popup, you don't need to do
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1507 any changes to the tracker. It is all done in the roundup python code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1508 in templating.py.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1509
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1510 To add the change event when updating users using the help-submit
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1511 template, copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1512 share/roundup/templates/devel/html/_generic.help-submit.html and
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1513 replace your tracker's html/_generic.help-submit.html. If you have
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1514 done local changes to this file, change your file to include the code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1515 that defines the onclick event for the input field with
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1516 id="btn_apply".
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1517
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1518 To add the change event when updating lists of issues copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1519 share/roundup/templates/devel/html/help_controls.js to your tracer's
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1520 html directory. If you have made local changes to the javascript file,
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1521 merge the two if/else blocks labeled::
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1522
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1523 /* trigger change event on the field we changed */
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1524
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1525 into your help_controls.js
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1526
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1527 html/_generic.404.html in trackers use page template
5078
487dc55e3c5e issue2550907 Fix errors when creating documentation. Work done by
John Rouillard <rouilj@ieee.org>
parents: 5068
diff changeset
1528 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1529
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1530 The original generic 404 error pages for many trackers did not use the
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1531 standard page layout. This change replaces the html/_generic.404.html
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1532 page with one that uses the page template.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1533
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1534 If your deployed tracker is based on: classic, minimal, responsive or
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1535 devel templates and has not changed the html/_generic.404.html file,
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1536 you can copy in the new file to get this additional functionality.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1537
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1538 Organize templates into subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1539 --------------------------------------
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1540
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1541 The @template parameter to the web interface allows the use of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1542 subdirectories. So a setting of @template=view/view for an issue would
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1543 use the template in the tracker's html/view/issue.view.html. Similarly
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1544 for a caller class, you could put all the templates under the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1545 html/caller directory with names like: html/caller/caller.item.html,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1546 html/caller/caller.index.html etc. You may want to symbolically link the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1547 html/_generic* templates into your subdirectory so that missing
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1548 templates (e.g. a missing caller.edit.html template) can be satisfied
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1549 by the _generic.edit.html template.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1550
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1551 Properly quote query dispname (displayed name) in page.html
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1552 -----------------------------------------------------------
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1553
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1554 A new method has been added to HTMLStringProperty called url_quote.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1555 The default templates have been updated to use this in the "Your
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1556 Query" section of the trackers html/page.html file. You will want to
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1557 change your template. Lines starting with - are the original line and
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1558 you want to change it to match the line starting with the + (remove
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1559 the + from the line)::
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1560
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1561 <tal:block tal:repeat="qs request/user/queries">
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1562 - <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1563 + <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1564 tal:content="qs/name">link</a><br>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1565 </tal:block>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1566
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1567 Find the tal:repeat line that loops over all queries. Then
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1568 change the value assigned to @dispname in the href attribute from
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1569 ${qs/name} to ${qs/name/url_quote}. Note that you should *not* change
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1570 the value for tal:content.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1571
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1572 Allow "Show Unassigned" issues link to work for Anonymous user
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1573 --------------------------------------------------------------
5113
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1574
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1575 In this release the anonymous user is allowed to search the user
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1576 class. The following was added to the schema for all templates that
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1577 provide the search option::
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1578
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1579 p = db.security.addPermission(name='Search', klass='user')
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1580 db.security.addPermissionToRole ('Anonymous', p)
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1581
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1582 If you are running a tracker that **does not** allow read access for
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1583 anonymous, you should remove this entry as it can be used to perform
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1584 a username guessing attack against a roundup install.
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1585
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1586 Errors and Troubleshooting - Unassigned issues for anonymous
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1587 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5276
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1588
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1589 If you notice that the "Unassigned Issues" search on page.html
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1590 is displaying assigned issues for users with the Anonymous role,
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1591 you need to allow search permissions for the user class.
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1592
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1593 Improvements in Classic Tracker query.edit.html template
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1594 --------------------------------------------------------
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1595
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1596 There is a new query editing template included in the distribution at:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1597
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1598 ``share/roundup/templates/classic/html/query.edit.html``
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1599
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1600 This template fixes:
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1601
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1602 * public query could not be removed from "Your Queries" once it was added.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1603 Trying to do so would cause a permissions error.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1604 * private yes/no dropdown always showed "yes" regardless of
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1605 underlying state
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1606 * query Delete button did not work.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1607 * same query being displayed multiple times
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1608
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1609 It also adds:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1610 * the table layout displays queries created by the user first,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1611 then available public queries.
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1612 * public query owners are shown
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1613 * better support for deleted queries. When a query is deleted, it is
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1614 still available for those who added it to their query list. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1615 are the query owner, you can restore (undelete) the query. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1616 are not the owner you can remove it from your query list.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1617 (If a query is deleted and nobody had it in their query list, it
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1618 will not show up in the "Active retired queries" section. You will
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1619 have to use the class editor or roundup_admin command line to
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1620 restore it.)
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1621 * notifies the user that delete/restore requires javascript. It
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1622 always did, but that requirement wasn't displayed.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1623
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1624 To use the new template, you must add Restore permission on queries to
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1625 allow the user to restore queries (see below).
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1626
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1627 If you have not modified the query.edit.html template in your tracker,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1628 you should be able to copy the new version from the location above.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1629 Otherwise you will have to merge the changes into your modified template.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1630
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1631 Add the query Restore permission for the User role to your tracker's
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1632 schema.py file. Place it right after the query retire permission for
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1633 the user role. After the change it should look like::
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1634
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1635 p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1636 description="User is allowed to retire their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1637 db.security.addPermissionToRole('User', p)
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1638 p = db.security.addPermission(name='Restore', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1639 check=edit_query,
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1640 description="User is allowed to restore their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1641 db.security.addPermissionToRole('User', p)
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1642
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1643 where the last four lines are the ones you need to add.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1644
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1645 Usually you can add this to your User role. If all users have the User
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1646 role in common then all logged in users should be ok. If you have
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1647 users who do not include the User role (e.g. they may only have a
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1648 Provisional role), you should add the search permission to that role
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1649 (e.g. Provisional) as well if you allow them to edit their list of
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1650 queries.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1651
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1652 Also see the `new search permissions for query in 1.4.17`_ section
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1653 discussing search permission requirements for editing queries. The
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1654 fixes in this release require the ability to search the creator of all
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1655 queries to work correctly.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1656
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1657 If the test script for the `new search permissions for query in
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1658 1.4.17`_ doesn't report that a role has the ability to search queries
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1659 or at least search the creator property for queries, add the following
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1660 permissions to your schema.py::
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1661
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1662 s = db.security.addPermission(name='Search', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1663 properties=['creator'],
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1664 description="User is allowed to Search queries for creator")
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1665 db.security.addPermissionToRole('User', s)
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1666
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1667 Errors and Troubleshooting - Public queries listed twice when editing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1668 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1669
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1670 If you do not do this, public queries will be listed twice in the edit
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1671 interface. Once in the "Queries I created" section and again in the
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1672 "Queries others created" section of the query edit page
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1673 (``http..../query?@template=edit``).
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1674
5274
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1675 Fix security issues in query.item.html template
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1676 -----------------------------------------------
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1677 The default query.item.html template allows anybody to view all
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1678 queries.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1679
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1680 This has been updated in the classic, devel and responsive templates
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1681 to only allow people to view queries they creates or queries that are
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1682 publicly viewable.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1683
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1684 If you haven't modified you query.item.html template, simply copy the
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1685 query.item.html template from one of the above default templates to
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1686 your tracker's html directory.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1687
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1688 Enhancement to check command for Permissions
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1689 --------------------------------------------
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1690
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1691 A new form of check function is permitted in permission definitions.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1692 The three argument form is still supported and will work the same
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1693 as it always has (although it may be depricated in the future).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1694
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1695 If the check function is defined as::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1696
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1697 check(db, userid, itemid, **ctx)
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1698
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1699 the ctx variable will have the context to use when determining access
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1700 rights::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1701
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1702 ctx['property'] the name of the property being checked or None if
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1703 it's a class check.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1704
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1705 ctx['classname'] the name of the class that is being checked
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1706 (issue, query ....).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1707
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1708 ctx['permission'] the name of the permission (e.g. View, Edit...).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1709
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1710 This should make defining complex permissions much easier. Consider::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1711
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1712 def issue_private_access(db, userid, itemid, **ctx):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1713 if not db.issue.get(itemid, 'private'):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1714 # allow access to everything if not private
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1715 return True
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1716
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1717 # It is a private issue hide nosy list
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1718 # Note that the nosy property *must* be listed
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1719 # in permissions argument to the addPermission
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1720 # definition otherwise this check command
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1721 # is not run.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1722 if ctx['property'] == 'nosy':
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1723 return False # deny access to this property
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1724
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1725 # allow access for editing, viewing etc. of the class
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1726 return True
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1727
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1728
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1729 e = db.security.addPermission(name='Edit', klass='issue',
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1730 check=issue_private_access,
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1731 properties=['nosy'],
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1732 description="Edit issue checks")
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1733
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1734 It is suggested that you change your checks to use the ``**ctx``
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1735 parameter. This is expected to be the preferred form in the future.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1736 You do not need to use the ``ctx`` parameter in the function if you do
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1737 not need it.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1738
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1739 Changes to property permissions
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1740 -------------------------------
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1741
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1742 If you create a permission:
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1743
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1744 db.security.addPermission(name='View', klass='user',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1745 properties=['theme'], check=own_record,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1746 description="User is allowed to view their own theme")
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1747
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1748 that combines checks and properties, the permission also matches a
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1749 permission check for the View permission on the user class. So this
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1750 also allows the user to see their user record. It is unexpected that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1751 checking for access without a property would match this permission.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1752
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1753 This release adds support for making a permission like above only be
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1754 used during property permission tests. See ``customizing.txt`` and
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1755 search for props_only and set_props_only_default in the section
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1756 'Adding a new Permission'
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1757
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1758 Improve query editing
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1759 ---------------------
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1760
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1761 If a user creates a query with the same name as one of their existing
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1762 queries, the query editing interface will now report an error. By
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1763 default the query editing page (issue.search.html) displays the index
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1764 page when the search is triggered. This is usually correct since the
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1765 user expects to see the results of the query. But now that
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1766 the code properly checks for duplicate search names, the user should
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1767 stay on the search page if there is an error. To add this to your
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1768 existing issue.search.html page, add the following line after the
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1769 hidden field @old-queryname:
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1770
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1771 <input type="hidden" name="@template" value="index|search"/>
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1772
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1773 With this addition, the index template is displayed if there is no
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1774 error, and the user stays on the search template if there is an error.
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1775
5323
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1776 New -L (loghttpvialogger) option to roundup-server
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1777 --------------------------------------------------
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1778
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1779 Http request logs from roundup-server are sent to stderr or
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1780 can be recorded in a log file (if -l or the logfile options
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1781 is used). However there is no way to rotate the logfile
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1782 without shutting down and restarting the roundup-server.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1783
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1784 If the -L flag is used, the python logging module is used
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1785 for logging the http requests. The name for the log
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1786 (qualname) is 'roundup.http'. You can direct these messages
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1787 to a rotating log file by putting the following::
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1788
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1789 [loggers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1790 keys=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1791
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1792 [logger_roundup.http]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1793 level=INFO
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1794 handlers=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1795 qualname=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1796 propagate=0
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1797
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1798 [handlers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1799 keys=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1800
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1801 [handler_rotate_weblog]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1802 class=logging.handlers.RotatingFileHandler
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1803 args=('httpd.log','a', 512000, 2)
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1804 formatter=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1805
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1806 [formatters]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1807 keys=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1808
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1809 [formatter_plain]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1810 format=%(message)s
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1811
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1812 into a file (e.g. logging.ini). Then reference this file in
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1813 the 'config' value of the [logging] section in the trackers
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1814 config.ini file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1815
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1816 Note the log configuration above is an example and can be
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1817 merged into a more full featured logging config file for
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1818 your tracker if you wish. It will create a new file in the
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1819 current working directory called 'httpd.log' and will rotate
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1820 the log file at 500K and keep two old copies of the file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1821
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1822 .. index:: Upgrading; 1.5.0 to 1.5.1
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1823
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1824 Migrating from 1.5.0 to 1.5.1
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1825 =============================
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1826
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1827 User data visibility
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1828 --------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1829
4902
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1830 For security reasons you should change the permissions on the user
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1831 class. We previously shipped a configuration that allowed users to see
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1832 too many of other users details, including hashed passwords under
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1833 certain circumstances. In schema.py in your tracker, replace the line::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1834
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1835 db.security.addPermissionToRole('User', 'View', 'user')
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1836
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1837 with::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1838
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1839 p = db.security.addPermission(name='View', klass='user',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1840 properties=('id', 'organisation', 'phone', 'realname',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1841 'timezone', 'username'))
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1842 db.security.addPermissionToRole('User', p)
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1843
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1844 Note that this removes visibility of user emails, if you want emails to
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1845 be visible you can add 'address' and 'alternate_addresses' to the list
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1846 above.
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1847
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1848 XSS protection for custom actions
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1849 ---------------------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1850
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1851 If you have defined your own cgi actions in your tracker instance
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1852 (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1853 all cases where client.error_message or client.ok_message are modified
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1854 directly. Instead of::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1855
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1856 self.client.ok_message.append(...)
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1857
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1858 you need to call::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1859
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1860 self.client.add_ok_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1861
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1862 and the same for::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1863
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1864 self.client.error_message.append(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1865
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1866 vs.::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1867
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1868 self.client.add_error_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1869
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1870 The new calls escape the passed string by default and avoid XSS security
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1871 issues.
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1872
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1873 .. index:: Upgrading; 1.4.20 to 1.4.21
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1874
4664
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1875 Migrating from 1.4.20 to 1.4.21
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1876 ===============================
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1877
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1878 The ``_generic.calendar.html`` page of the instance has been updated to include
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1879 ``<meta name="robots" content="noindex, nofollow" />``. This prevents
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1880 robots to follow all the links in the calendar. If you haven't modified the
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1881 page on your local instance, you can simply replace it with the one in
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1882 ``share/roundup/templates/classic/html/_generic.calendar.html``; if you did,
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1883 you can add the tag manually. See issue2550765 and changeset a099ff2ceff3.
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1884
4678
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1885 If you are using the xml-rpc interface, there is a change
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1886 in accessing it. You can not send text/xml data to any
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1887 roundup url and get a response, you must use the /xmlrpc
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1888 url. For example, if you used to send your xmlrpc request to:
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1889
7134
7109cdf8fef4 Do not hyperlink some exampe url's.
John Rouillard <rouilj@ieee.org>
parents: 7132
diff changeset
1890 \http://myroundup.com/roundup
4678
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1891
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1892 you need to change the url to read:
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1893
7134
7109cdf8fef4 Do not hyperlink some exampe url's.
John Rouillard <rouilj@ieee.org>
parents: 7132
diff changeset
1894 \http://myroundup.com/roundup/xmlrpc
4678
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1895
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1896 to invoke the xmlrpc handler. This allows us to send xml
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1897 data to roundup for other handlers (e.g. REST, SOAP ...)
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
1898 in the future.
4664
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
1899
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1900
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1901 .. index:: upgrading; 1.4.19 to 1.4.20
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1902
4623
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1903 Migrating from 1.4.19 to 1.4.20
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1904 ===============================
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1905
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1906 Roundup used to allow certain HTML-Tags in OK- and Error-messages. Since
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1907 these messages are passed via the URL (due to roundup redirecting after
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1908 an edit), we did have security-issues (see issue2550724).
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1909
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1910 If you have customized the OK or Error messages in your
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1911 roundup-installation and you were using features like bold or italic
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1912 in the message, you will have to do without this highlighting and
4623
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1913 remove HTML tags from messages.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1914
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1915 If you were using <br> tags for multi-line messages, you now should use
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1916 newlines instead, these will be replaced with <br/> during formatting.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1917
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1918 Note that the previous implementation also allowed links inside
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1919 messages. Since these links could be set by an attacker, no links in
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1920 roundup messages are supported anymore. This does *not* affect the
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1921 "clear this message" link in OK-messages as it is generated by the
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1922 template and is not part of the OK-message.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1923
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1924 If you have not modified any roundup messages, you need not do anything,
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1925 the templates shipped with roundup did not use HTML tags in messages for
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1926 highlighting.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1927
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
1928
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1929 .. index:: upgrading; 1.4.17 to 1.4.18
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1930
4503
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
1931 Migrating from 1.4.17 to 1.4.18
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1932 ===============================
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1933
4503
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
1934 There was a bug in 1.4.17 where files were unlinked from issues if a
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1935 mail without attachment was received via the mail interface. The
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1936 following script will list likely issues being affected by the bug.
4503
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
1937 The date in the script is the date of the 1.4.17 release. If you have
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
1938 installed 1.4.17 later than this date, you can change the date
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1939 appropriately to your installation date. Run the script in the directory
4582
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1940 of your tracker::
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1941
4582
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1942 #!/usr/bin/python
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1943 import os
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1944 from roundup import instance
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1945 from roundup.date import Date
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1946 dir = os.getcwd ()
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1947 tracker = instance.open (dir)
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1948 db = tracker.open ('admin')
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1949 # you may want to change this to your install date to find less candidates
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1950 last_release = Date('2011-05-13')
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1951 affected = {}
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1952 for i in db.issue.getnodeids():
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1953 for j in db.issue.history(i):
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1954 if i in affected:
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1955 break
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1956 if j[1] < last_release or j[3] != 'set' or 'files' not in j[4]:
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1957 continue
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1958 for op, p in j[4]['files']:
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1959 if op == '-':
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1960 affected [i] = 1
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
1961 break
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
1962 print(', '.join(sorted(affected.keys())))
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1963
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1964 To find out which files where attached before you can look in the
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1965 history of the affected issue. For fixing issues you can re-attach the
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1966 files in question using the "set" command of roundup-admin, e.g., if the
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1967 list of files attached to an issue should be files 5, 17, 23 for issue42
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1968 you will set this using
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1969
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1970 roundup-admin -i /path/to/your/tracker set issue42 files=5,17,23
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
1971
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1972 .. index:: upgrading; 1.4.x to 1.4.17
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1973
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
1974 Migrating from 1.4.x to 1.4.17
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
1975 ==============================
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
1976
4489
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1977 There is a new config-option `migrate_passwords` in section `web` to
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
1978 auto-migrate passwords at web-login time to a more secure storage
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
1979 scheme. Default for the new option is "yes" so if you don't want that
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
1980 passwords are auto-migrated to a more secure password scheme on user
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
1981 login, set this to "no" before running your tracker(s) after the
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
1982 upgrade.
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
1983
4489
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1984 The standalone roundup-server now defaults to listening on localhost (no
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1985 longer on all network interfaces). This will not affect you if you're
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1986 already using a configuration file for roundup-server. If you are using
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1987 an empty setting for the `host` parameter in the config-file you should
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1988 explicitly put 0.0.0.0 there as the use of an empty string to specify
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1989 listening to all interfaces is deprecated and will go away in a future
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1990 version. If you are starting the server without a configuration file
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1991 and want to explicitly listen to all network interface, you should
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1992 specify the -n option with the address `0.0.0.0`.
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
1993
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1994 .. _new search permissions for query in 1.4.17:
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1995
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
1996 Searching now requires either read-permission without a check method, or
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
1997 you will have to add a "Search" permission for a class or a list of
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
1998 properties for a class (if you want to allow searching). For the classic
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
1999 template (or other templates derived from it) you want to add the
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2000 following lines to your `schema.py` file::
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2001
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2002 p = db.security.addPermission(name='Search', klass='query')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2003 db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2004
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2005 This is needed, because for the `query` class users may view only their
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2006 own queries (or public queries). This is implemented with a `check`
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2007 method, therefore the default search permissions will not allow
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2008 searching and you'll have to add an explicit search permission.
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2009 If you have modified your schema, you can check if you're missing any
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2010 search permissions with the following script, run it in your tracker
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2011 directory, it will list for each Class and Property the roles that may
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2012 search for this property::
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2013
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2014 #!/usr/bin/python
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
2015 from __future__ import print_function
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2016 import os
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2017 from roundup import instance
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2018
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2019 tracker = instance.open(os.getcwd ())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2020 db = tracker.open('admin')
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2021
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2022 for cl in sorted(db.getclasses()):
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
2023 print("Class:", cl)
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2024 for p in sorted(db.getclass(cl).getprops(protected=True).keys()):
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
2025 print(" Property:", p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2026 roles = []
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
2027 for role in sorted(db.security.role.keys()):
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
2028 if db.security.roleHasSearchPermission(cl,p,role):
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2029 roles.append(role)
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
2030 print(" roles may search:", ', '.join(roles))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2031
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
2032
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2033 .. index:: upgrading; 1.4.x to 1.4.12
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2034
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
2035 Migrating from 1.4.x to 1.4.12
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
2036 ==============================
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
2037
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
2038 Item creation now checks the "Create" permission instead of the "Edit"
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
2039 permission for individual properties. If you have modified your tracker
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
2040 permissions from the default distribution, you should check that
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
2041 "Create" permissions exist for all properties you want users to be able
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
2042 to create.
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
2043
4322
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
2044
4320
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2045 Fixing some potential security holes
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2046 ------------------------------------
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2047
4322
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
2048 Enhanced checking was added to the user registration auditor. If you
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
2049 run a public tracker you should update your tracker's
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
2050 ``detectors/userauditor.py`` using the new code from
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
2051 ``share/roundup/templates/classic/detectors/userauditor.py``. In most
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
2052 cases you may just copy the file over, but if you've made changes to
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
2053 the auditor in your tracker then you'll need to manually integrate
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
2054 the new code.
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
2055
4320
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2056 Some HTML templates were found to have formatting security problems:
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2057
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2058 ``html/page.html``::
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2059
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2060 -tal:replace="request/user/username">username</span></b><br>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2061 +tal:replace="python:request.user.username.plain(escape=1)">username</span></b><br>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2062
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2063 ``html/_generic.help-list.html``::
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2064
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2065 -tal:content="structure python:item[prop]"></label>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2066 +tal:content="python:item[prop]"></label>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2067
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2068 The lines marked "+" should be added and lines marked "-" should be
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2069 deleted (minus the "+"/"-" signs).
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2070
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2071
4321
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2072 Some HTML interface tweaks
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2073 --------------------------
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2074
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2075 You may wish to copy the ``user_utils.js`` and ``style.css` files from the
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2076 source distribution ``share/roundup/templates/classic/html/`` directory to the
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2077 ``html`` directory of your trackers as it includes a small improvement.
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2078
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2079 If you have made local changes to those files you'll need to manually work
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2080 the differences in to your versions or ignore the changes.
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2081
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
2082
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2083 .. index:: upgrading; 1.4.x to 1.4.11
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2084
4299
e16a1131ba67 include info on what a designator is in all commands that use them
Richard Jones <richard@users.sourceforge.net>
parents: 4295
diff changeset
2085 Migrating from 1.4.x to 1.4.11
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2086 ==============================
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2087
4312
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
2088 Close potential security hole
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
2089 -----------------------------
4308
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2090
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2091 If your tracker has untrusted users you should examine its ``schema.py``
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2092 file and look for the section granting the "Edit" permission to your users.
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2093 This should look something like::
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2094
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2095 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2096 description="User is allowed to edit their own user details")
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2097
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2098 and should be modified to restrict the list of properties they are allowed
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2099 to edit by adding the ``properties=`` section like::
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2100
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2101 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2102 properties=('username', 'password', 'address', 'realname', 'phone',
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2103 'organisation', 'alternate_addresses', 'queries', 'timezone'),
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2104 description="User is allowed to edit their own user details")
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2105
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2106 Most importantly the "roles" property should not be editable - thus not
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2107 appear in that list of properties.
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2108
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
2109
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2110 Grant the "Register" permission to the Anonymous role
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2111 -----------------------------------------------------
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2112
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2113 A separate "Register" permission has been introduced to allow
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2114 anonymous users to register. This means you will need to add the
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2115 following to your tracker's ``schema.py`` to add the permission and
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2116 assign it to the Anonymous role (replacing any previously assigned
4312
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
2117 "Create user" permission for the Anonymous role)::
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2118
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2119 +db.security.addPermission(name='Register', klass='user',
4312
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
2120 + description='User is allowed to register new user')
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2121
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2122 # Assign the appropriate permissions to the anonymous user's Anonymous
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2123 # Role. Choices here are:
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2124 # - Allow anonymous users to register
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2125 -db.security.addPermissionToRole('Anonymous', 'Create', 'user')
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2126 +db.security.addPermissionToRole('Anonymous', 'Register', 'user')
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2127
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2128 The lines marked "+" should be added and lines marked "-" should be
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2129 deleted (minus the "+"/"-" signs).
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2130
4323
a3f88aa04735 fix stupid typo
Richard Jones <richard@users.sourceforge.net>
parents: 4322
diff changeset
2131 You should also modify the ``html/page.html`` template to change the
4320
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2132 permission tested there::
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2133
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2134 -tal:condition="python:request.user.hasPermission('Create', 'user')"
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2135 +tal:condition="python:request.user.hasPermission('Register', 'user')"
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
2136
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
2137
4318
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
2138 Generic class editor may now restore retired items
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
2139 --------------------------------------------------
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
2140
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
2141 The instructions for doing so won't be present in your tracker unless you copy
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
2142 the ``_generic.index.html`` template from the roundup distribution in
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
2143 ``share/roundup/templates/classic/html`` to your tracker's ``html`` directory.
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
2144
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
2145
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2146 .. index:: upgrading; 1.4.x to 1.4.9
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2147
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2148 Migrating from 1.4.x to 1.4.9
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2149 =============================
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2150
4211
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2151 Customized MailGW Class
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2152 -----------------------
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2153
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2154 If you have customized the MailGW class in your tracker: The new MailGW
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2155 class opens the database for each message in the method handle_message
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2156 (instance.open) instead of passing the opened database as a parameter to
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2157 the MailGW constructor. The old handle_message has been renamed to
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2158 _handle_message. The new method opens the database and wraps the call to
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2159 the old method into a try/finally.
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2160
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2161 Your customized MailGW class needs to mirror this behavior.
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
2162
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2163 Fix the "remove" button in issue files and messages lists
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2164 ---------------------------------------------------------
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2165
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2166 The "remove" button(s) in the issue messages list needs to be altered. Find
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2167 the following in your tracker's ``html/issue.item.html`` template::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2168
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2169 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2170 <form style="padding:0" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2171 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2172 <input type="hidden" name="@remove@files" tal:attributes="value file/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2173
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2174 and add ``method="POST"`` as shown below::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2175
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2176 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2177 <form style="padding:0" method="POST" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2178 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2179 <input type="hidden" name="@remove@files" tal:attributes="value file/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2180
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2181 Then also find::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2182
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2183 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2184 <form style="padding:0" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2185 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2186 <input type="hidden" name="@remove@messages" tal:attributes="value msg/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2187
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2188 and add ``method="POST"`` as shown below::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2189
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2190 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2191 <form style="padding:0" method="POST" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2192 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2193 <input type="hidden" name="@remove@messages" tal:attributes="value msg/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2194
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2195
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2196 Fixing the "retire" button in user management list
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2197 --------------------------------------------------
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2198
4643
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2199 Some previous versions of this upgrading document missed ``method="POST"``
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2200 in the change to the "retire" link in the user management list
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2201 in section `Migrating from 1.4.x to 1.4.7`_.
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2202 Make sure the change is done as listed below in this document.
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2203
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2204
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2205 .. index:: upgrading; 1.4.x to 1.4.7
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2206
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2207 Migrating from 1.4.x to 1.4.7
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2208 =============================
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2209
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2210 Several security issues were addressed in this release. Some aspects of your
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2211 trackers may no longer function depending on your local customisations. Core
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2212 functionality that will need to be modified:
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2213
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2214 Grant the "retire" permission to users for their queries
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2215 --------------------------------------------------------
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2216
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2217 Users will no longer be able to retire their own queries. To remedy this you
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2218 will need to add the following to your tracker's ``schema.py`` just under the
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2219 line that grants them permission to edit their own queries::
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2220
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2221 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2222 description="User is allowed to edit their queries")
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2223 db.security.addPermissionToRole('User', p)
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2224 + p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2225 + description="User is allowed to retire their queries")
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2226 + db.security.addPermissionToRole('User', p)
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2227 p = db.security.addPermission(name='Create', klass='query',
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2228 description="User is allowed to create queries")
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2229 db.security.addPermissionToRole('User', p)
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2230
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2231 The lines marked "+" should be added, minus the "+" sign.
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2232
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2233
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2234 Fix the "retire" link in the users list for admin users
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2235 -------------------------------------------------------
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2236
4330
15f74c03d9f5 fix typo
Richard Jones <richard@users.sourceforge.net>
parents: 4323
diff changeset
2237 The "retire" link found in the file ``html/user.index.html``::
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2238
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2239 <td tal:condition="context/is_edit_ok">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2240 <a tal:attributes="href string:user${user/id}?@action=retire&@template=index"
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2241 i18n:translate="">retire</a>
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2242
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2243 Should be replaced with::
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2244
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2245 <td tal:condition="context/is_retire_ok">
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
2246 <form style="padding:0" method="POST"
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2247 tal:attributes="action string:user${user/id}">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2248 <input type="hidden" name="@template" value="index">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2249 <input type="hidden" name="@action" value="retire">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2250 <input type="submit" value="retire" i18n:attributes="value">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2251 </form>
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2252
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2253
4089
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2254 Fix for Python 2.6+ users
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2255 -------------------------
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2256
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2257 If you use Python 2.6 you should edit your tracker's
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2258 ``detectors/nosyreaction.py`` file to change::
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2259
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2260 import sets
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2261
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2262 at the top to::
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2263
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2264 from roundup.anypy.sets_ import set
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2265
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2266 and then all instances of ``sets.Set()`` to ``set()`` in the later code.
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2267
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2268
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2269
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2270 Trackers currently allowing HTML file uploading
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2271 -----------------------------------------------
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2272
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2273 Trackers which wish to continue to allow uploading of HTML content against issues
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2274 will need to set a new configuration variable in the ``[web]`` section of the
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2275 tracker's ``config.ini`` file:
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2276
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2277 # Setting this option enables Roundup to serve uploaded HTML
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2278 # file content *as HTML*. This is a potential security risk
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2279 # and is therefore disabled by default. Set to 'yes' if you
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2280 # trust *all* users uploading content to your tracker.
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2281 # Allowed values: yes, no
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2282 # Default: no
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2283 allow_html_file = no
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2284
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2285
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
2286
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2287 .. index:: upgrading; 1.4.2 to 1.4.3
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2288
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2289 Migrating from 1.4.2 to 1.4.3
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2290 =============================
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2291
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2292 If you are using the MySQL backend you will need to replace some indexes
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2293 that may have been created by version 1.4.2.
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2294
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2295 You should to access your MySQL database directly and remove any indexes
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2296 with a name ending in "_key_retired_idx". You should then re-add them with
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2297 the same spec except the key column name needs a size. So an index on
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2298 "_user (__retired, _name)" should become "_user (__retired, _name(255))".
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2299
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
2300
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2301 .. index:: upgrading; 1.4.x to 1.4.2
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2302
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2303 Migrating from 1.4.x to 1.4.2
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2304 =============================
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2305
6174
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
2306 .. index:: roundup-admin; migrate subcommand
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
2307
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2308 You should run the "roundup-admin migrate" command for your tracker once
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2309 you've installed the latest codebase.
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2310
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2311 Do this before you use the web, command-line or mail interface and before
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2312 any users access the tracker.
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2313
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2314 This command will respond with either "Tracker updated" (if you've not
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2315 previously run it on an RDBMS backend) or "No migration action required"
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2316 (if you have run it, or have used another interface to the tracker,
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2317 or are using anydbm).
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2318
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2319 It's safe to run this even if it's not required, so just get into the
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2320 habit.
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2321
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2322
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2323 .. index:: upgrading; 1.3.3 to 1.4.0
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2324
3938
083e280165a8 Pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3858
diff changeset
2325 Migrating from 1.3.3 to 1.4.0
3838
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2326 =============================
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2327
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2328 Value of the "refwd_re" tracker configuration option (section "mailgw")
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2329 is treated as UTF-8 string. In previous versions, it was ISO8859-1.
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2330
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2331 If you have running trackers based on the classic template, please
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2332 update the messagesummary detector as follows::
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2333
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2334 --- detectors/messagesummary.py 17 Apr 2003 03:26:38 -0000 1.1
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2335 +++ detectors/messagesummary.py 3 Apr 2007 06:47:21 -0000 1.2
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2336 @@ -8,7 +8,7 @@
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2337 if newvalues.has_key('summary') or not newvalues.has_key('content'):
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2338 return
3838
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2339
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2340 - summary, content = parseContent(newvalues['content'], 1, 1)
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2341 + summary, content = parseContent(newvalues['content'], config=db.config)
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
2342 newvalues['summary'] = summary
3838
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
2343
3858
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
2344 In the latest version we have added some database indexes to the
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
2345 SQL-backends (mysql, postgresql, sqlite) for speeding up building the
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
2346 roundup-index for full-text search. We recommend that you create the
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
2347 following database indexes on the database by hand::
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
2348
4332
61f2e659faf7 add SQL detail
Richard Jones <richard@users.sourceforge.net>
parents: 4330
diff changeset
2349 CREATE INDEX words_by_id ON __words (_textid);
61f2e659faf7 add SQL detail
Richard Jones <richard@users.sourceforge.net>
parents: 4330
diff changeset
2350 CREATE UNIQUE INDEX __textids_by_props ON __textids (_class, _itemid, _prop);
3858
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
2351
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2352 .. index:: upgrading; 1.2.x to 1.3.0
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2353
3745
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2354 Migrating from 1.2.x to 1.3.0
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2355 =============================
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2356
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2357 1.3.0 Web interface changes
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2358 ---------------------------
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2359
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2360 Some of the HTML files in the "classic" and "minimal" tracker templates
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2361 were changed to fix some bugs and clean them up. You may wish to compare
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2362 them to the HTML files in your tracker and apply any changes.
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2363
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
2364
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2365 .. index:: upgrading; 1.1.2 to 1.2.0
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2366
3732
0cc9b954f1f1 - fix version number in upgrading howto.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3696
diff changeset
2367 Migrating from 1.1.2 to 1.2.0
3696
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2368 =============================
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2369
3732
0cc9b954f1f1 - fix version number in upgrading howto.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3696
diff changeset
2370 1.2.0 Sorting and grouping by multiple properties
3696
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2371 -------------------------------------------------
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2372
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2373 Starting with this version, sorting and grouping by multiple properties
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2374 is possible. This means that request.sort and request.group are now
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2375 lists. This is reflected in several places:
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2376
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2377 * ``renderWith`` now has list attributes for ``sort`` and ``group``,
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2378 where you previously wrote::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2379
3696
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2380 renderWith(... sort=('-', 'activity'), group=('+', 'priority')
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2381
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2382 you write now::
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2383
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2384 renderWith(... sort=[('-', 'activity')], group=[('+', 'priority')]
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2385
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2386 * In templates that permit to edit sorting/grouping, request.sort and
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2387 request.group are (possibly empty) lists. You can now sort and group
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2388 by multiple attributes. For an example, see the classic template. You
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2389 may want search for the variable ``n_sort`` which can be set to the
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2390 number of sort/group properties.
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2391
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2392 * Templates that diplay new headlines for each group of items with
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2393 equal group properties can now use the modified ``batch.propchanged``
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2394 method that can take several properties which are checked for
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2395 changes. See the example in the classic template which makes use of
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2396 ``batch.propchanged``.
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
2397
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2398 .. index:: upgrading; 1.1.0 to 1.1.1
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2399
3588
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2400 Migrating from 1.1.0 to 1.1.1
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2401 =============================
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2402
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2403 1.1.1 "Clear this message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2404 --------------------------
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2405
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2406 In 1.1.1, the standard ``page.html`` template includes a "clear this message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2407 link in the green "ok" message bar that appears after a successful edit
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2408 (or other) action.
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2409
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2410 To include this in your tracker, change the following in your ``page.html``
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2411 template::
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2412
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2413 <p tal:condition="options/ok_message | nothing" class="ok-message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2414 tal:repeat="m options/ok_message" tal:content="structure m">error</p>
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2415
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2416 to be::
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2417
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2418 <p tal:condition="options/ok_message | nothing" class="ok-message">
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2419 <span tal:repeat="m options/ok_message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2420 tal:content="structure string:$m <br/ > " />
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2421 <a class="form-small" tal:attributes="href request/current_url"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2422 i18n:translate="">clear this message</a>
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2423 </p>
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2424
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2425
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2426 If you implemented the "clear this message" in your 1.1.0 tracker, then you
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2427 should change it to the above and it will work much better!
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2428
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
2429
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2430 .. index:: upgrading; 1.0.x to 1.1.0
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2431
3550
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
2432 Migrating from 1.0.x to 1.1.0
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
2433 =============================
3548
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2434
3550
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
2435 1.1 Login "For Session Only"
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
2436 ----------------------------
3548
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2437
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2438 In 1.1, web logins are alive for the length of a session only, *unless* you
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2439 add the following to the login form in your tracker's ``page.html``::
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2440
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2441 <input type="checkbox" name="remember" id="remember">
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2442 <label for="remember" i18n:translate="">Remember me?</label><br>
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2443
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2444 See the classic tracker ``page.html`` if you're unsure where this should
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2445 go.
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2446
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
2447
3549
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2448 1.1 Query Display Name
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2449 ----------------------
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2450
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2451 The ``dispname`` web variable has been renamed ``@dispname`` to avoid
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2452 clashing with other variables of the same name. If you are using the
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2453 display name feature, you will need to edit your tracker's ``page.html``
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2454 and ``issue.index.html`` pages to change ``dispname`` to ``@dispname``.
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2455
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2456 A side-effect of this change is that the renderWith method used in the
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2457 ``home.html`` page may now take a dispname argument.
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2458
3554
5e70726a86dd fixed schema migration problem when Class keys were removed
Richard Jones <richard@users.sourceforge.net>
parents: 3552
diff changeset
2459
3552
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2460 1.1 "Clear this message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2461 ------------------------
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2462
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2463 In 1.1, the standard ``page.html`` template includes a "clear this message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2464 link in the green "ok" message bar that appears after a successful edit
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2465 (or other) action.
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2466
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2467 To include this in your tracker, change the following in your ``page.html``
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2468 template::
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2469
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2470 <p tal:condition="options/ok_message | nothing" class="ok-message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2471 tal:repeat="m options/ok_message" tal:content="structure m">error</p>
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2472
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2473 to be::
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2474
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2475 <p tal:condition="options/ok_message | nothing" class="ok-message">
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2476 <span tal:repeat="m options/ok_message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2477 tal:content="structure string:$m <br/ > " />
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2478 <a class="form-small" tal:attributes="href string:issue${context/id}"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2479 i18n:translate="">clear this message</a>
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2480 </p>
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
2481
3549
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
2482
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2483 .. index:: upgrading; 0.8.x to 1.0
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2484
3518
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2485 Migrating from 0.8.x to 1.0
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2486 ===========================
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2487
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2488 1.0 New Query Permissions
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2489 -------------------------
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2490
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2491 New permissions are defined for query editing and viewing. To include these
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2492 in your tracker, you need to add these lines to your tracker's
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2493 ``schema.py``::
3419
4aeb0d0cf0d6 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3281
diff changeset
2494
3518
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2495 # Users should be able to edit and view their own queries. They should also
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2496 # be able to view any marked as not private. They should not be able to
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2497 # edit others' queries, even if they're not private
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2498 def view_query(db, userid, itemid):
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2499 private_for = db.query.get(itemid, 'private_for')
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2500 if not private_for: return True
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2501 return userid == private_for
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2502 def edit_query(db, userid, itemid):
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2503 return userid == db.query.get(itemid, 'creator')
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2504 p = db.security.addPermission(name='View', klass='query', check=view_query,
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2505 description="User is allowed to view their own and public queries")
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2506 db.security.addPermissionToRole('User', p)
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2507 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2508 description="User is allowed to edit their queries")
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2509 db.security.addPermissionToRole('User', p)
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2510 p = db.security.addPermission(name='Create', klass='query',
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2511 description="User is allowed to create queries")
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2512 db.security.addPermissionToRole('User', p)
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2513
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2514 and then remove 'query' from the line::
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2515
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2516 # Assign the access and edit Permissions for issue, file and message
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2517 # to regular users now
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2518 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2519
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2520 so it looks like::
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2521
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
2522 for cl in 'issue', 'file', 'msg', 'keyword':
3419
4aeb0d0cf0d6 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3281
diff changeset
2523
4aeb0d0cf0d6 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3281
diff changeset
2524
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2525 .. index:: upgrading; 0.8.0 to 0.8.3
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2526
3253
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2527 Migrating from 0.8.0 to 0.8.3
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2528 =============================
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2529
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2530 0.8.3 Nosy Handling Changes
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2531 ---------------------------
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2532
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2533 A change was made to fix a bug in the ``nosyreaction.py`` standard
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2534 detector. To incorporate this fix in your trackers, you will need to copy
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2535 the ``nosyreaction.py`` file from the ``templates/classic/detectors``
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2536 directory of the source to your tracker's ``templates`` directory.
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2537
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2538 If you have modified the ``nosyreaction.py`` file from the standard
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2539 version, you will need to roll your changes into the new file.
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2540
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
2541
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2542 .. index:: upgrading; 0.7.1 to 0.8.0
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2543
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
2544 Migrating from 0.7.1 to 0.8.0
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
2545 =============================
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
2546
2954
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
2547 You *must* fully uninstall previous Roundup version before installing
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
2548 Roundup 0.8.0. If you don't do that, ``roundup-admin install``
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
2549 command may fail to function properly.
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
2550
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
2551 0.8.0 Backend changes
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
2552 ---------------------
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
2553
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
2554 Backends 'bsddb' and 'bsddb3' are removed. If you are using one of these,
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2555 you *must* migrate to another backend before upgrading.
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2556
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
2557
2737
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
2558 0.8.0 API changes
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
2559 -----------------
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
2560
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
2561 Class.safeget() was removed from the API. Test your item ids before calling
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
2562 Class.get() instead.
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
2563
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
2564
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2565 0.8.0 New tracker layout
2700
Richard Jones <richard@users.sourceforge.net>
parents: 2573
diff changeset
2566 ------------------------
Richard Jones <richard@users.sourceforge.net>
parents: 2573
diff changeset
2567
2889
accb3b411ef6 instructions and method for generating config.ini
Richard Jones <richard@users.sourceforge.net>
parents: 2886
diff changeset
2568 The ``config.py`` file has been replaced by ``config.ini``. You may use the
accb3b411ef6 instructions and method for generating config.ini
Richard Jones <richard@users.sourceforge.net>
parents: 2886
diff changeset
2569 roundup-admin command "genconfig" to generate a new config file::
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2570
2889
accb3b411ef6 instructions and method for generating config.ini
Richard Jones <richard@users.sourceforge.net>
parents: 2886
diff changeset
2571 roundup-admin genconfig <tracker home>/config.ini
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2572
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2573 and modify the values therein based on the contents of your old config.py.
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2574 In most cases, the names of the config variables are the same.
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2575
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2576 The ``select_db.py`` file has been replaced by a file in the ``db``
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2577 directory called ``backend_name``. As you might guess, this file contains
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2578 just the name of the backend. To figure what the contents of yours should
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2579 be, use the following table:
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2580
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2581 ================================ =========================
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2582 ``select_db.py`` contents ``backend_name`` contents
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2583 ================================ =========================
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2584 from back_anydbm import ... anydbm
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2585 from back_metakit import ... metakit
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2586 from back_sqlite import ... sqlite
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2587 from back_mysql import ... mysql
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2588 from back_postgresql import ... postgresql
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2589 ================================ =========================
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2590
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2591 The ``dbinit.py`` file has been split into two new files,
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2592 ``initial_data.py`` and ``schema.py``. The contents of this file are:
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2593
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2594 ``initial_data.py``
3130
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
2595 You don't need one of these as your tracker is already initialised.
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2596
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2597 ``schema.py``
3130
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
2598 Copy the body of the ``def open(name=None)`` function from your old
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
2599 tracker's ``dbinit.py`` file to this file. As the lines you're copying
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
2600 aren't part of a function definition anymore, one level of indentation
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
2601 needs to be removed (remove only the leading four spaces on each
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2602 line).
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2603
3130
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
2604 The first few lines -- those starting with ``from roundup.hyperdb
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
2605 import ...`` and the ``db = Database(config, name)`` line -- don't
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
2606 need to be copied. Neither do the last few lines -- those starting
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
2607 with ``import detectors``, down to ``return db`` inclusive.
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
2608
3281
751601e710d8 minor doc change
Richard Jones <richard@users.sourceforge.net>
parents: 3253
diff changeset
2609 You may remove the ``__init__.py`` module from the "detectors" directory as
751601e710d8 minor doc change
Richard Jones <richard@users.sourceforge.net>
parents: 3253
diff changeset
2610 it is no longer used.
751601e710d8 minor doc change
Richard Jones <richard@users.sourceforge.net>
parents: 3253
diff changeset
2611
3738
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
2612 There's a new way to write extension code for Roundup. If you have code in
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
2613 an ``interfaces.py`` file you should move it. See the `customisation
2915
7d97c75e7cba more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2913
diff changeset
2614 documentation`_ for information about how extensions are now written.
3738
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
2615 Note that some older trackers may use ``interfaces.py`` to customise the
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
2616 mail gateway behaviour. You will need to keep your ``interfaces.py`` file
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
2617 if this is the case.
2700
Richard Jones <richard@users.sourceforge.net>
parents: 2573
diff changeset
2618
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2619
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2620 0.8.0 Permissions Changes
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2621 -------------------------
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
2622
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2623 The creation of a new item in the user interfaces is now controlled by the
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2624 "Create" Permission. You will need to add an assignment of this Permission
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2625 to your users who are allowed to create items. The most common form of this
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2626 is the following in your ``schema.py`` added just under the current
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2627 assignation of the Edit Permission::
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
2628
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2629 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2630 p = db.security.getPermission('Create', cl)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2631 db.security.addPermissionToRole('User', p)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2632
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2633 You will need to explicitly let anonymous users access the web interface so
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2634 that regular users are able to see the login form. Note that almost all
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2635 trackers will need this Permission. The only situation where it's not
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2636 required is in a tracker that uses an HTTP Basic Authenticated front-end.
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2637 It's enabled by adding to your ``schema.py``::
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2638
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2639 p = db.security.getPermission('Web Access')
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2640 db.security.addPermissionToRole('Anonymous', p)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2641
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2642 Finally, you will need to enable permission for your users to edit their
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2643 own details by adding the following to ``schema.py``::
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
2644
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2645 # Users should be able to edit their own details. Note that this
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2646 # permission is limited to only the situation where the Viewed or
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2647 # Edited item is their own.
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2648 def own_record(db, userid, itemid):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2649 '''Determine whether the userid matches the item being accessed.'''
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2650 return userid == itemid
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2651 p = db.security.addPermission(name='View', klass='user', check=own_record,
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2652 description="User is allowed to view their own user details")
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2653 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2654 description="User is allowed to edit their own user details")
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2655 db.security.addPermissionToRole('User', p)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2656
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2657
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2658 0.8.0 Use of TemplatingUtils
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2659 ----------------------------
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2660
2910
5c0e5abcb5e3 doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2907
diff changeset
2661 If you used custom python functions in TemplatingUtils, they must
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2662 be moved from interfaces.py to a new file in the ``extensions`` directory.
2910
5c0e5abcb5e3 doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2907
diff changeset
2663
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2664 Each Function that should be available through TAL needs to be defined
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2665 as a toplevel function in the newly created file. Furthermore you
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2666 add an inititialization function, that registers the functions with the
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2667 tracker.
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
2668
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2669 If you find this too tedious, donfu wrote an automatic init function that
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2670 takes an existing TemplatingUtils class, and registers all class methods
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2671 that do not start with an underscore. The following hack should be placed
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2672 in the ``extensions`` directory alongside other extensions::
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
2673
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2674 class TemplatingUtils:
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2675 # copy from interfaces.py
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2676
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2677 def init(tracker):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2678 util = TemplatingUtils()
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
2679
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2680 def setClient(tu):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2681 util.client = tu.client
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2682 return util
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
2683
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2684 def execUtil(name):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2685 return lambda tu, *args, **kwargs: \
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2686 getattr(setClient(tu), name)(*args, **kwargs)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2687
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2688 for name in dir(util):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2689 if callable(getattr(util, name)) and not name.startswith('_'):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2690 tracker.registerUtil(name, execUtil(name))
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
2691
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
2692
2572
d15b71b8a85a more logging goodness
Richard Jones <richard@users.sourceforge.net>
parents: 2409
diff changeset
2693 0.8.0 Logging Configuration
d15b71b8a85a more logging goodness
Richard Jones <richard@users.sourceforge.net>
parents: 2409
diff changeset
2694 ---------------------------
d15b71b8a85a more logging goodness
Richard Jones <richard@users.sourceforge.net>
parents: 2409
diff changeset
2695
2573
71e03be0a25b *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2572
diff changeset
2696 See the `administration guide`_ for information about configuring the new
71e03be0a25b *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2572
diff changeset
2697 logging implemented in 0.8.0.
71e03be0a25b *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2572
diff changeset
2698
2374
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2699
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2700 .. index:: upgrading; 0.7.2 to 0.7.3
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2701
2374
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2702 Migrating from 0.7.2 to 0.7.3
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2703 =============================
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2704
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2705 0.7.3 Configuration
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2706 -------------------
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2707
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2708 If you choose, you may specify the directory from which static files are
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2709 served (those which use the URL component ``@@file``). Currently the
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2710 directory defaults to the ``TEMPLATES`` configuration variable. You may
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2711 define a new variable, ``STATIC_FILES`` which overrides this value for
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2712 static files.
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2713
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
2714
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2715 .. index:: upgrading; 0.7.0 to 0.7.2
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2716
2293
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2717 Migrating from 0.7.0 to 0.7.2
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2718 =============================
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2719
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2720 0.7.2 DEFAULT_TIMEZONE is now required
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2721 --------------------------------------
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2722
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2723 The DEFAULT_TIMEZONE configuration variable is now required. Add the
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2724 following to your tracker's ``config.py`` file::
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2725
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2726 # You may specify a different default timezone, for use when users do not
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2727 # choose their own in their settings.
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2728 DEFAULT_TIMEZONE = 0 # specify as numeric hour offest
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2729
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2730 .. index:: upgrading; 0.7.0 to 0.7.1
2293
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
2731
2273
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2732 Migrating from 0.7.0 to 0.7.1
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2733 =============================
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2734
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2735 0.7.1 Permission assignments
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2736 ----------------------------
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2737
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2738 If you allow anonymous access to your tracker, you might need to assign
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2739 some additional View (or Edit if your tracker is that open) permissions
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2740 to the "anonymous" user. To do so, find the code in your ``dbinit.py`` that
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2741 says::
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2742
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2743 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2744 p = db.security.getPermission('View', cl)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2745 db.security.addPermissionToRole('User', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2746 p = db.security.getPermission('Edit', cl)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2747 db.security.addPermissionToRole('User', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2748 for cl in 'priority', 'status':
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2749 p = db.security.getPermission('View', cl)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2750 db.security.addPermissionToRole('User', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2751
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2752 Add add a line::
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2753
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2754 db.security.addPermissionToRole('Anonymous', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2755
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2756 next to the existing ``'User'`` lines for the Permissions you wish to
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2757 assign to the anonymous user.
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
2758
2119
cc4667ef3f12 Added the ability to toggle where error messages go.
Eddie Parker <eparker@users.sourceforge.net>
parents: 2114
diff changeset
2759
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2760 .. index:: upgrading; versions earlier than 0.7
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2761
2136
ee3cf6a44f29 queries on a per-user basis, and public queries [SF#891798] :)
Richard Jones <richard@users.sourceforge.net>
parents: 2121
diff changeset
2762 Migrating from 0.6 to 0.7
2119
cc4667ef3f12 Added the ability to toggle where error messages go.
Eddie Parker <eparker@users.sourceforge.net>
parents: 2114
diff changeset
2763 =========================
cc4667ef3f12 Added the ability to toggle where error messages go.
Eddie Parker <eparker@users.sourceforge.net>
parents: 2114
diff changeset
2764
2076
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2765 0.7.0 Permission assignments
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2766 ----------------------------
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2767
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2768 Due to a change in the rendering of web widgets, permissions are now
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2769 checked on Classes where they previously weren't (this is a good thing).
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2770
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2771 You will need to add some additional Permission assignments for your
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2772 regular users, or some displays will break. After the following in your
2076
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2773 tracker's ``dbinit.py``::
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2774
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2775 # Assign the access and edit Permissions for issue, file and message
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2776 # to regular users now
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2777 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2778 p = db.security.getPermission('View', cl)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2779 db.security.addPermissionToRole('User', p)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2780 p = db.security.getPermission('Edit', cl)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2781 db.security.addPermissionToRole('User', p)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2782
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2783 add::
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2784
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2785 for cl in 'priority', 'status':
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2786 p = db.security.getPermission('View', cl)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2787 db.security.addPermissionToRole('User', p)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
2788
2102
666402433998 Fix some tests.
Richard Jones <richard@users.sourceforge.net>
parents: 2077
diff changeset
2789
1800
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
2790 0.7.0 Getting the current user id
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
2791 ---------------------------------
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
2792
2263
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
2793 The Database.curuserid attribute has been removed.
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
2794
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
2795 Any code referencing this attribute should be replaced with a
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
2796 call to Database.getuid().
1800
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
2797
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2798
1911
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2799 0.7.0 ZRoundup changes
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2800 ----------------------
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2801
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2802 The templates in your tracker's html directory will need updating if you
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2803 wish to use ZRoundup. If you've not modified those files (or some of them),
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2804 you may just copy the new versions from the Roundup source in the
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2805 templates/classic/html directory.
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2806
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2807 If you have modified the html files, then you'll need to manually edit them
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2808 to change all occurances of special form variables from using the colon ":"
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2809 special character to the at "@" special character. That is, variables such
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2810 as::
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2811
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2812 :action :required :template :remove:messages ...
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2813
2223
9b447ac40be3 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2138
diff changeset
2814 should become::
1911
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2815
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2816 @action @required @template @remove@messages ...
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2817
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2818 Note that ``tal:`` statements are unaffected. So are TAL expression type
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2819 prefixes such as ``python:`` and ``string:``. Please ask on the
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2820 roundup-users mailing list for help if you're unsure.
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
2821
1882
15cfde2c3db8 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1850
diff changeset
2822
2913
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2823 0.7.0 Edit collision detection
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2824 ------------------------------
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2825
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2826 Roundup now detects collisions with editing in the web interface (that is,
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2827 two people editing the same item at the same time).
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2828
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2829 You must copy the ``_generic.collision.html`` file from Roundup source in
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2830 the ``templates/classic/html`` directory. to your tracker's ``html``
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2831 directory.
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2832
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
2833
1835
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2834 Migrating from 0.6.x to 0.6.3
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2835 =============================
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2836
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2837 0.6.3 Configuration
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2838 -------------------
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2839
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2840 You will need to copy the file::
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2841
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2842 templates/classic/detectors/__init__.py
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2843
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2844 to your tracker's ``detectors`` directory, replacing the one already there.
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2845 This fixes a couple of bugs in that file.
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2846
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2847
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
2848
1363
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
2849 Migrating from 0.5 to 0.6
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
2850 =========================
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
2851
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2852
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2853 0.6.0 Configuration
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2854 -------------------
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2855
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2856 Introduced EMAIL_FROM_TAG config variable. This value is inserted into
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2857 the From: line of nosy email. If the sending user is "Foo Bar", the
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2858 From: line is usually::
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2859
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2860 "Foo Bar" <issue_tracker@tracker.example>
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2861
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2862 the EMAIL_FROM_TAG goes inside the "Foo Bar" quotes like so::
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2863
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2864 "Foo Bar EMAIL_FROM_TAG" <issue_tracker@tracker.example>
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2865
1455
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
2866 I've altered the mechanism in the detectors __init__.py module so that it
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
2867 doesn't cross-import detectors from other trackers (if you run more than one
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
2868 in a single roundup-server). This change means that you'll need to copy the
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
2869 __init__.py from roundup/templates/classic/detectors/__init__.py to your
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
2870 <tracker home>/detectors/__init__.py. Don't worry, the "classic" __init__ is a
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
2871 one-size-fits-all, so it'll work even if you've added/removed detectors.
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
2872
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2873 0.6.0 Templating changes
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2874 ------------------------
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2875
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2876 The ``user.item`` template (in the tracker home "templates" directory)
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2877 needs to have the following hidden variable added to its form (between the
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2878 ``<form...>`` and ``</form>`` tags::
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2879
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2880 <input type="hidden" name=":template" value="item">
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2881
1455
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
2882
1423
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
2883 0.6.0 Form handling changes
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
2884 ---------------------------
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
2885
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2886 Roundup's form handling capabilities have been significantly expanded. This
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2887 should not affect users of 0.5 installations - but if you find you're
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2888 getting errors from form submissions, please ask for help on the Roundup
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2889 users mailing list:
1423
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
2890
5756
e48b039b0ec0 issue2550966: fix suboptimal links in docs.
John Rouillard <rouilj@ieee.org>
parents: 5752
diff changeset
2891 https://sourceforge.net/projects/roundup/lists/roundup-users
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2892
1741
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2893 See the customisation doc section on `Form Values`__ for documentation of the
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2894 new form variables possible.
1439
0634f815b90c rfc2822-ify the tracker name in mail headers
Richard Jones <richard@users.sourceforge.net>
parents: 1423
diff changeset
2895
1741
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2896 __ customizing.html#form-values
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2897
1423
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
2898
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2899 0.6.0 Multilingual character set support
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
2900 ----------------------------------------
1363
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
2901
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2902 Added internationalization support. This is done via encoding all data
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2903 stored in roundup database to utf-8 (unicode encoding). To support utf-8 in
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2904 web interface you should add the folowing line to your tracker's html/page
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2905 and html/_generic.help files inside <head> tag::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2906
1386
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
2907 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
2908
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2909 Since latin characters in utf-8 have the same codes as in ASCII table, this
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2910 modification is optional for users who use only plain latin characters.
1386
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
2911
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2912 After this modification, you will be able to see and enter any world
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2913 character via web interface. Data received via mail interface also converted
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2914 to utf-8, however only new messages will be converted. If your roundup
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2915 database contains some of non-ASCII characters in one of 8-bit encoding,
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2916 they will not be visible in new unicode environment. Some of such data (e.g.
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2917 user names, keywords, etc) can be edited by administrator, the others
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2918 (e.g. messages' contents) is not editable via web interface. Currently there
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2919 is no tool for converting such data, the only solution is to close
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2920 appropriate old issues and create new ones with the same content.
1386
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
2921
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2922
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2923 0.6.0 User timezone support
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2924 ---------------------------
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
2925
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2926 From version 0.6.0 roundup supports displaying of Date data in user' local
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2927 timezone if he/she has provided timezone information. To make it possible
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2928 some modification to tracker's schema and HTML templates are required.
1769
5fed70f96d2b various minor bugfixes
Richard Jones <richard@users.sourceforge.net>
parents: 1758
diff changeset
2929 First you must add string property 'timezone' to user class in dbinit.py
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2930 like this::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2931
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2932 user = Class(db, "user",
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
2933 username=String(), password=Password(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2934 address=String(), realname=String(),
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
2935 phone=String(), organisation=String(),
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
2936 alternate_addresses=String(),
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
2937 queries=Multilink('query'), roles=String(),
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
2938 timezone=String())
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2939
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2940 And second - html interface. Add following lines to
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2941 $TRACKER_HOME/html/user.item template::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2942
1560
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
2943 <tr>
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
2944 <th>Timezone</th>
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
2945 <td tal:content="structure context/timezone/field">timezone</td>
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
2946 </tr>
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
2947
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2948 After that all users should be able to provide their timezone information.
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2949 Timezone should be a positive or negative integer - offset from GMT.
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
2950
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2951 After providing timezone, roundup will show all dates values, found in web
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2952 and mail interfaces in local time. It will also accept any Date info in
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2953 local time, convert and store it in GMT.
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
2954
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
2955
1741
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2956 0.6.0 Search page structure
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2957 ---------------------------
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2958
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2959 In order to accomodate query editing the search page has been restructured. If
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2960 you want to provide your users with query editing, you should update your
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2961 search page using the macros detailed in the customisation doc section
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2962 `Searching on categories`__.
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2963
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2964 __ customizing.html#searching-on-categories
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
2965
1758
5e1680c11bed Added text about removing '?' from url field when upgrading [SF#790326].
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1741
diff changeset
2966 Also, the url field in the query class no longer starts with a '?'. You'll need
1850
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
2967 to remove this question mark from the url field to support queries. There's
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
2968 a script in the "tools" directory called ``migrate-queries.py`` that should
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
2969 automatically change any existing queries for you. As always, make a backup
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
2970 of your database before running such a script.
1758
5e1680c11bed Added text about removing '?' from url field when upgrading [SF#790326].
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1741
diff changeset
2971
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
2972
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
2973 0.6.0 Notes for metakit backend users
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
2974 -------------------------------------
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
2975
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2976 Roundup 0.6.0 introduced searching on ranges of dates and intervals. To
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2977 support it, some modifications to interval storing routine were made. So if
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2978 your tracker uses metakit backend and your db schema contains intervals
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2979 property, searches on that property will not be accurate for db items that
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2980 was stored before roundup' upgrade. However all new records should be
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2981 searchable on intervals.
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
2982
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2983 It is possible to convert your database to new format: you can export and
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2984 import back all your data (consult "Migrating backends" in "Maintenance"
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2985 documentation). After this operation all your interval properties should
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2986 become searchable.
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
2987
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
2988 Users of backends others than metakit should not worry about this issue.
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
2989
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
2990
825
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
2991 Migrating from 0.4.x to 0.5.0
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
2992 =============================
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
2993
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2994 This has been a fairly major revision of Roundup:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2995
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2996 1. Brand new, much more powerful, flexible, tasty and nutritious templating.
1091
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
2997 Unfortunately, this means all your current templates are useless. Hopefully
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
2998 the new documentation and examples will be enough to help you make the
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
2999 transition. Please don't hesitate to ask on roundup-users for help (or
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
3000 complete conversions if you're completely stuck)!
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3001 2. The database backed got a lot more flexible, allowing Metakit and SQL
1227
92d8e1aad2e9 added mention of the new "minimal" template...
Richard Jones <richard@users.sourceforge.net>
parents: 1096
diff changeset
3002 databases! The only decent SQL database implemented at present is sqlite,
92d8e1aad2e9 added mention of the new "minimal" template...
Richard Jones <richard@users.sourceforge.net>
parents: 1096
diff changeset
3003 but others shouldn't be a whole lot more work.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3004 3. A brand new, highly flexible and much more robust security system including
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3005 a system of Permissions, Roles and Role assignments to users. You may now
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3006 define your own Permissions that may be checked in CGI transactions.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3007 4. Journalling has been made less storage-hungry, so has been turned on
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3008 by default *except* for author, recipient and nosy link/unlink events. You
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3009 are advised to turn it off in your trackers too.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3010 5. We've changed the terminology from "instance" to "tracker", to ease the
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3011 learning curve/impact for new users.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3012 6. Because of the above changes, the tracker configuration has seen some
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3013 major changes. See below for the details.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3014
1091
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
3015 Please, **back up your database** before you start the migration process. This
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3016 is as simple as copying the "db" directory and all its contents from your
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3017 tracker to somewhere safe.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3018
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3019
825
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
3020 0.5.0 Configuration
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
3021 -------------------
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
3022
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3023 First up, rename your ``instance_config.py`` file to just ``config.py``.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3024
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3025 Then edit your tracker's ``__init__.py`` module. It'll currently look
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3026 like this::
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3027
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3028 from instance_config import *
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3029 try:
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3030 from dbinit import *
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3031 except ImportError:
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3032 pass # in installdir (probably :)
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3033 from interfaces import *
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3034
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3035 and it needs to be::
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3036
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3037 import config
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3038 from dbinit import open, init
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3039 from interfaces import Client, MailGW
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3040
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3041 Due to the new templating having a top-level ``page`` that defines links for
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3042 searching, indexes, adding items etc, the following variables are no longer
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3043 used:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3044
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3045 - HEADER_INDEX_LINKS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3046 - HEADER_ADD_LINKS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3047 - HEADER_SEARCH_LINKS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3048 - SEARCH_FILTERS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3049 - DEFAULT_INDEX
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3050 - UNASSIGNED_INDEX
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3051 - USER_INDEX
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3052 - ISSUE_FILTER
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3053
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3054 The new security implementation will require additions to the dbinit module,
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3055 but also removes the need for the following tracker config variables:
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3056
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3057 - ANONYMOUS_ACCESS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3058 - ANONYMOUS_REGISTER
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3059
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3060 but requires two new variables which define the Roles assigned to users who
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3061 register through the web and e-mail interfaces:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3062
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3063 - NEW_WEB_USER_ROLES
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3064 - NEW_EMAIL_USER_ROLES
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3065
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3066 in both cases, 'User' is a good initial setting. To emulate
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3067 ``ANONYMOUS_ACCESS='deny'``, remove all "View" Permissions from the
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3068 "Anonymous" Role. To emulate ``ANONYMOUS_REGISTER='deny'``, remove the "Web
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3069 Registration" and/or the "Email Registration" Permission from the "Anonymous"
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3070 Role. See the section on customising security in the `customisation
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3071 documentation`_ for more information.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3072
1096
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
3073 Finally, the following config variables have been renamed to make more sense:
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
3074
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
3075 - INSTANCE_HOME -> TRACKER_HOME
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
3076 - INSTANCE_NAME -> TRACKER_NAME
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
3077 - ISSUE_TRACKER_WEB -> TRACKER_WEB
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
3078 - ISSUE_TRACKER_EMAIL -> TRACKER_EMAIL
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
3079
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3080
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3081 0.5.0 Schema Specification
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3082 --------------------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3083
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3084 0.5.0 Database backend changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3085 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3086
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3087 Your select_db module in your tracker has changed a fair bit. Where it used
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3088 to contain::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3089
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3090 # WARNING: DO NOT EDIT THIS FILE!!!
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3091 from roundup.backends.back_anydbm import Database
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3092
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3093 it must now contain::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3094
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3095 # WARNING: DO NOT EDIT THIS FILE!!!
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3096 from roundup.backends.back_anydbm import Database, Class, FileClass, IssueClass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3097
1051
a0c7df67dd9c Allow a page request to include a :contentonly variable.
Richard Jones <richard@users.sourceforge.net>
parents: 1034
diff changeset
3098 Yes, I realise the irony of the "DO NOT EDIT THIS FILE" statement :)
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3099 Note the addition of the Class, FileClass, IssueClass imports. These are very
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3100 important, as they're going to make the next change work too. You now need to
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3101 modify the top of the dbinit module in your tracker from::
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3102
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3103 import instance_config
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3104 from roundup import roundupdb
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3105 from select_db import Database
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3106
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3107 from roundup.roundupdb import Class, FileClass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3108
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3109 class Database(roundupdb.Database, select_db.Database):
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3110 ''' Creates a hybrid database from:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3111 . the selected database back-end from select_db
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3112 . the roundup extensions from roundupdb
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3113 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3114 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3115
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3116 class IssueClass(roundupdb.IssueClass):
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3117 ''' issues need the email information
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3118 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3119 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3120
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3121 to::
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3122
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3123 import config
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3124 from select_db import Database, Class, FileClass, IssueClass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3125
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3126 Yes, remove the Database and IssueClass definitions and those other imports.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3127 They're not needed any more!
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3128
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3129 Look for places in dbinit.py where ``instance_config`` is used too, and
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3130 rename them ``config``.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3131
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3132
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3133 0.5.0 Journalling changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3134 ~~~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3135
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3136 Journalling has been optimised for storage. Journalling of links has been
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3137 turned back on by default. If your tracker has a large user base, you may wish
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3138 to turn off journalling of nosy list, message author and message recipient
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3139 link and unlink events. You do this by adding ``do_journal='no'`` to the Class
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3140 initialisation in your dbinit. For example, your *msg* class initialisation
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3141 probably looks like this::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3142
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3143 msg = FileClass(db, "msg",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3144 author=Link("user"), recipients=Multilink("user"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3145 date=Date(), summary=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3146 files=Multilink("file"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3147 messageid=String(), inreplyto=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3148
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3149 to turn off journalling of author and recipient link events, add
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3150 ``do_journal='no'`` to the ``author=Link("user")`` part of the statement,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3151 like so::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3152
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3153 msg = FileClass(db, "msg",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3154 author=Link("user", do_journal='no'),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3155 recipients=Multilink("user", do_journal='no'),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3156 date=Date(), summary=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3157 files=Multilink("file"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3158 messageid=String(), inreplyto=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3159
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3160 Nosy list link event journalling is actually turned off by default now. If you
1227
92d8e1aad2e9 added mention of the new "minimal" template...
Richard Jones <richard@users.sourceforge.net>
parents: 1096
diff changeset
3161 want to turn it on, change to your issue class' nosy list, change its
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3162 definition from::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3163
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3164 issue = IssueClass(db, "issue",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3165 assignedto=Link("user"), topic=Multilink("keyword"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3166 priority=Link("priority"), status=Link("status"))
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3167
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3168 to::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3169
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3170 issue = IssueClass(db, "issue", nosy=Multilink("user", do_journal='yes'),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3171 assignedto=Link("user"), topic=Multilink("keyword"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3172 priority=Link("priority"), status=Link("status"))
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3173
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3174 noting that your definition of the nosy Multilink will override the normal one.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3175
1009
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3176
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3177 0.5.0 User schema changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3178 ~~~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3179
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3180 Users have two more properties, "queries" and "roles". You'll have something
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3181 like this in your dbinit module now::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3182
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3183 user = Class(db, "user",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3184 username=String(), password=Password(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3185 address=String(), realname=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3186 phone=String(), organisation=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3187 alternate_addresses=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3188 user.setkey("username")
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3189
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3190 and you'll need to add the new properties and the new "query" class to it
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3191 like so::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3192
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3193 query = Class(db, "query",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3194 klass=String(), name=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3195 url=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3196 query.setkey("name")
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3197
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3198 # Note: roles is a comma-separated string of Role names
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3199 user = Class(db, "user",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3200 username=String(), password=Password(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3201 address=String(), realname=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3202 phone=String(), organisation=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3203 alternate_addresses=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3204 queries=Multilink('query'), roles=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3205 user.setkey("username")
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3206
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3207 The "queries" property is used to store off the user's favourite database
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3208 queries. The "roles" property is explained below in `0.5.0 Security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3209 Settings`_.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3210
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3211
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3212 0.5.0 Security Settings
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3213 ~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3214
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3215 See the `security documentation`_ for an explanation of how the new security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3216 system works. In a nutshell though, the security is handled as a four step
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3217 process:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3218
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3219 1. Permissions are defined as having a name and optionally a hyperdb class
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3220 they're specific to,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3221 2. Roles are defined that have one or more Permissions,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3222 3. Users are assigned Roles in their "roles" property, and finally
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3223 4. Roundup checks that users have appropriate Permissions at appropriate times
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3224 (like editing issues).
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3225
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3226 Your tracker dbinit module's *open* function now has to define any
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3227 Permissions that are specific to your tracker, and also the assignment
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3228 of Permissions to Roles. At the moment, your open function
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3229 ends with::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3230
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3231 import detectors
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3232 detectors.init(db)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3233
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3234 return db
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3235
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3236 and what we need to do is insert some commands that will set up the security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3237 parameters. Right above the ``import detectors`` line, you'll want to insert
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3238 these lines::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3239
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3240 #
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3241 # SECURITY SETTINGS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3242 #
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3243 # new permissions for this schema
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3244 for cl in 'issue', 'file', 'msg', 'user':
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3245 db.security.addPermission(name="Edit", klass=cl,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3246 description="User is allowed to edit "+cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3247 db.security.addPermission(name="View", klass=cl,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3248 description="User is allowed to access "+cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3249
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3250 # Assign the access and edit permissions for issue, file and message
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3251 # to regular users now
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3252 for cl in 'issue', 'file', 'msg':
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3253 p = db.security.getPermission('View', cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3254 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3255 p = db.security.getPermission('Edit', cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3256 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3257 # and give the regular users access to the web and email interface
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3258 p = db.security.getPermission('Web Access')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3259 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3260 p = db.security.getPermission('Email Access')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3261 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3262
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3263 # May users view other user information? Comment these lines out
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3264 # if you don't want them to
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3265 p = db.security.getPermission('View', 'user')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3266 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3267
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3268 # Assign the appropriate permissions to the anonymous user's Anonymous
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3269 # Role. Choices here are:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3270 # - Allow anonymous users to register through the web
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3271 p = db.security.getPermission('Web Registration')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3272 db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3273 # - Allow anonymous (new) users to register through the email gateway
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3274 p = db.security.getPermission('Email Registration')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3275 db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3276 # - Allow anonymous users access to the "issue" class of data
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3277 # Note: this also grants access to related information like files,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3278 # messages, statuses etc that are linked to issues
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3279 #p = db.security.getPermission('View', 'issue')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3280 #db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3281 # - Allow anonymous users access to edit the "issue" class of data
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3282 # Note: this also grants access to create related information like
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3283 # files and messages etc that are linked to issues
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3284 #p = db.security.getPermission('Edit', 'issue')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3285 #db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3286
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3287 # oh, g'wan, let anonymous access the web interface too
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3288 p = db.security.getPermission('Web Access')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3289 db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3290
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3291 Note in the comments there the places where you might change the permissions
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3292 to restrict users or grant users more access. If you've created additional
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3293 classes that users should be able to edit and view, then you should add them
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3294 to the "new permissions for this schema" section at the start of the security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3295 block. Then add them to the "Assign the access and edit permissions" section
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3296 too, so people actually have the new Permission you've created.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3297
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3298 One final change is needed that finishes off the security system's
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3299 initialisation. We need to add a call to ``db.post_init()`` at the end of the
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3300 dbinit open() function. Add it like this::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3301
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3302 import detectors
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3303 detectors.init(db)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3304
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3305 # schema is set up - run any post-initialisation
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3306 db.post_init()
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3307 return db
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3308
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3309 You may verify the setup of Permissions and Roles using the new
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3310 "``roundup-admin security``" command.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3311
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3312
1009
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3313 0.5.0 User changes
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3314 ~~~~~~~~~~~~~~~~~~
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3315
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3316 To support all those schema changes, you'll need to massage your user database
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3317 a little too, to:
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3318
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3319 1. make sure there's an "anonymous" user - this user is mandatory now and is
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3320 the one that unknown users are logged in as.
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3321 2. make sure all users have at least one Role.
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3322
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3323 If you don't have the "anonymous" user, create it now with the command::
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3324
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3325 roundup-admin create user username=anonymous roles=Anonymous
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3326
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3327 making sure the capitalisation is the same as above. Once you've done that,
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3328 you'll need to set the roles property on all users to a reasonable default.
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3329 The admin user should get "Admin", the anonymous user "Anonymous"
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3330 and all other users "User". The ``fixroles.py`` script in the tools directory
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3331 will do this. Run it like so (where python is your python 2+ binary)::
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3332
1271
7733d5b96ef6 docco fix
Richard Jones <richard@users.sourceforge.net>
parents: 1227
diff changeset
3333 python tools/fixroles.py -i <tracker home> fixroles
1009
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3334
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3335
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
3336
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3337 0.5.0 CGI interface changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3338 ---------------------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3339
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3340 The CGI interface code was completely reorganised and largely rewritten. The
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3341 end result is that this section of your tracker interfaces module will need
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3342 changing from::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3343
1308
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
3344 from roundup import cgi_client, mailgw
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
3345 from roundup.i18n import _
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3346
1308
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
3347 class Client(cgi_client.Client):
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3348 ''' derives basic CGI implementation from the standard module,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3349 with any specific extensions
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3350 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3351 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3352
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3353 to::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3354
1308
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
3355 from roundup import mailgw
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
3356 from roundup.cgi import client
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3357
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3358 class Client(client.Client):
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3359 ''' derives basic CGI implementation from the standard module,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3360 with any specific extensions
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3361 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3362 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3363
1034
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
3364 You will also need to install the new version of roundup.cgi from the source
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
3365 cgi-bin directory if you're using it.
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
3366
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
3367
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3368 0.5.0 HTML templating
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3369 ---------------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3370
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3371 You'll want to make a backup of your current tracker html directory. You
1091
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
3372 should then copy the html directory from the Roundup source "classic" template
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
3373 and modify it according to your local schema changes.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3374
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3375 If you need help with the new templating system, please ask questions on the
4510
bce9aaf19a3b Updated the url to point to www.roundup-tracker.org in two places in the docs.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents: 4503
diff changeset
3376 roundup-users mailing list (available through the roundup web page on
6265
b2eb59ada444 Replace http:....roundup-tracker.org with https. Also fix wiki links.
John Rouillard <rouilj@ieee.org>
parents: 6248
diff changeset
3377 sourceforge, https://www.roundup-tracker.org/.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3378
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3379
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3380 0.5.0 Detectors
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3381 ---------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3382
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3383 The nosy reactor has been updated to handle the tracker not having an
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3384 "assignedto" property on issues. You may want to copy it into your tracker's
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3385 detectors directory. Chances are you've already fixed it though :)
825
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
3386
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
3387
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3388 Migrating from 0.4.1 to 0.4.2
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3389 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3390
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3391 0.4.2 Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3392 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3393 The USER_INDEX definition introduced in 0.4.1 was too restrictive in its
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3394 allowing replacement of 'assignedto' with the user's userid. Users must change
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3395 the None value of 'assignedto' to 'CURRENT USER' (the string, in quotes) for
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3396 the replacement behaviour to occur now.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3397
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3398 The new configuration variables are:
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3399
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3400 - EMAIL_KEEP_QUOTED_TEXT
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3401 - EMAIL_LEAVE_BODY_UNCHANGED
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3402 - ADD_RECIPIENTS_TO_NOSY
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3403
798
faf164ab8ed9 Docco changes.
Richard Jones <richard@users.sourceforge.net>
parents: 782
diff changeset
3404 See the sample configuration files in::
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3405
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3406 <roundup source>/roundup/templates/classic/instance_config.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3407
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3408 and::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3409
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3410 <roundup source>/roundup/templates/extended/instance_config.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3411
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3412 and the `customisation documentation`_ for information on how they're used.
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3413
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3414
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3415 0.4.2 Changes to detectors
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3416 --------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3417 You will need to copy the detectors from the distribution into your instance
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3418 home "detectors" directory. If you used the classic schema, the detectors
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3419 are in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3420
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3421 <roundup source>/roundup/templates/classic/detectors/
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3422
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3423 If you used the extended schema, the detectors are in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3424
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3425 <roundup source>/roundup/templates/extended/detectors/
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3426
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3427 The change means that schema-specific code has been removed from the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3428 mail gateway and cgi interface and made into auditors:
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3429
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3430 - nosyreactor.py has now got an updatenosy auditor which updates the nosy
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3431 list with author, recipient and assignedto information.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3432 - statusauditor.py makes the unread or resolved -> chatting changes and
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3433 presets the status of an issue to unread.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3434
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3435 There's also a bug or two fixed in the nosyreactor code.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3436
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3437 0.4.2 HTML templating changes
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3438 -----------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3439 The link() htmltemplate function now has a "showid" option for links and
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
3440 multilinks. When true, it only displays the linked item id as the anchor
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3441 text. The link value is displayed as a tooltip using the title anchor
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3442 attribute. To use in eg. the superseder field, have something like this::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3443
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3444 <td>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3445 <display call="field('superseder', showid=1)">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3446 <display call="classhelp('issue', 'id,title', label='list', width=500)">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3447 <property name="superseder">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3448 <br>View: <display call="link('superseder', showid=1)">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3449 </property>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3450 </td>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3451
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3452 The stylesheets have been cleaned up too. You may want to use the newer
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3453 versions in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3454
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3455 <roundup source>/roundup/templates/<template>/html/default.css
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3456
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3457
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3458
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3459 Migrating from 0.4.0 to 0.4.1
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3460 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3461
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3462 0.4.1 Files storage
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3463 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3464
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3465 Messages and files from newly created issues will be put into subdierectories
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3466 in thousands e.g. msg123 will be put into files/msg/0/msg123, file2003
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3467 will go into files/file/2/file2003. Previous messages are still found, but
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3468 could be put into this structure.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3469
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3470 0.4.1 Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3471 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3472
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3473 To allow more fine-grained access control, the variable used to check
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3474 permission to auto-register users in the mail gateway is now called
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3475 ANONYMOUS_REGISTER_MAIL rather than overloading ANONYMOUS_REGISTER. If the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3476 variable doesn't exist, then ANONYMOUS_REGISTER is tested as before.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3477
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3478 Configuring the links in the web header is now easier too. The following
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3479 variables have been added to the classic instance_config.py::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3480
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3481 HEADER_INDEX_LINKS - defines the "index" links to be made available
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3482 HEADER_ADD_LINKS - defines the "add" links
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3483 DEFAULT_INDEX - specifies the index view for DEFAULT
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3484 UNASSIGNED_INDEX - specifies the index view for UNASSIGNED
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3485 USER_INDEX - specifies the index view for USER
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3486
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3487 See the <roundup source>/roundup/templates/classic/instance_config.py for more
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3488 information - including how the variables are to be set up. Most users will
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3489 just be able to copy the variables from the source to their instance home. If
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3490 you've modified the header by changing the source of the interfaces.py file in
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3491 the instance home, you'll need to remove that customisation and move it into
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3492 the appropriate variables in instance_config.py.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3493
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3494 The extended schema has similar variables added too - see the source for more
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3495 info.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3496
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3497 0.4.1 Alternate E-Mail Addresses
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3498 --------------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3499
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3500 If you add the property "alternate_addresses" to your user class, your users
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3501 will be able to register alternate email addresses that they may use to
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3502 communicate with roundup as. All email from roundup will continue to be sent
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3503 to their primary address.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3504
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3505 If you have not edited the dbinit.py file in your instance home directory,
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3506 you may simply copy the new dbinit.py file from the core code. If you used
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3507 the classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3508
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3509 <roundup source>/roundup/templates/classic/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3510
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3511 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3512
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3513 <roundup source>/roundup/templates/extended/dbinit.py
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3514
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3515 If you have modified your dbinit.py file, you need to edit the dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3516 file in your instance home directory. Find the lines which define the user
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3517 class::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3518
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3519 user = Class(db, "msg",
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3520 username=String(), password=Password(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3521 address=String(), realname=String(),
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3522 phone=String(), organisation=String(),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3523 alternate_addresses=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3524
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3525 You will also want to add the property to the user's details page. The
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3526 template for this is the "user.item" file in your instance home "html"
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3527 directory. Similar to above, you may copy the file from the roundup source if
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3528 you haven't modified it. Otherwise, add the following to the template::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3529
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3530 <display call="multiline('alternate_addresses')">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3531
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3532 with appropriate labelling etc. See the standard template for an idea.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3533
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3534
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3535
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3536 Migrating from 0.3.x to 0.4.0
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3537 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3538
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3539 0.4.0 Message-ID and In-Reply-To addition
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3540 -----------------------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3541 0.4.0 adds the tracking of messages by message-id and allows threading
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3542 using in-reply-to. Most e-mail clients support threading using this
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3543 feature, and we hope to add support for it to the web gateway. If you
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3544 have not edited the dbinit.py file in your instance home directory, you may
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3545 simply copy the new dbinit.py file from the core code. If you used the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3546 classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3547
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3548 <roundup source>/roundup/templates/classic/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3549
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3550 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3551
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3552 <roundup source>/roundup/templates/extended/dbinit.py
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3553
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3554 If you have modified your dbinit.py file, you need to edit the dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3555 file in your instance home directory. Find the lines which define the msg
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3556 class::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3557
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3558 msg = FileClass(db, "msg",
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3559 author=Link("user"), recipients=Multilink("user"),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3560 date=Date(), summary=String(),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3561 files=Multilink("file"))
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3562
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3563 and add the messageid and inreplyto properties like so::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3564
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3565 msg = FileClass(db, "msg",
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3566 author=Link("user"), recipients=Multilink("user"),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3567 date=Date(), summary=String(),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3568 files=Multilink("file"),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3569 messageid=String(), inreplyto=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3570
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3571 Also, configuration is being cleaned up. This means that your dbinit.py will
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3572 also need to be changed in the open function. If you haven't changed your
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3573 dbinit.py, the above copy will be enough. If you have, you'll need to change
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3574 the line (round line 50)::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3575
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3576 db = Database(instance_config.DATABASE, name)
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3577
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3578 to::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3579
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3580 db = Database(instance_config, name)
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3581
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3582
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3583 0.4.0 Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3584 --------------------
1096
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
3585 ``TRACKER_NAME`` and ``EMAIL_SIGNATURE_POSITION`` have been added to the
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3586 instance_config.py. The simplest solution is to copy the default values
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3587 from template in the core source.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3588
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3589 The mail gateway now checks ``ANONYMOUS_REGISTER`` to see if unknown users
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3590 are to be automatically registered with the tracker. If it is set to "deny"
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3591 then unknown users will not have access. If it is set to "allow" they will be
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3592 automatically registered with the tracker.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3593
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3594
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3595 0.4.0 CGI script roundup.cgi
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3596 ----------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3597 The CGI script has been updated with some features and a bugfix, so you should
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3598 copy it from the roundup cgi-bin source directory again. Make sure you update
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3599 the ROUNDUP_INSTANCE_HOMES after the copy.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3600
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3601
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3602 0.4.0 Nosy reactor
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3603 ------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3604 The nosy reactor has also changed - copy the nosyreactor.py file from the core
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3605 source::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3606
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3607 <roundup source>/roundup/templates/<template>/detectors/nosyreactor.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3608
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3609 to your instance home "detectors" directory.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3610
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3611
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3612 0.4.0 HTML templating
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3613 ---------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3614 The field() function was incorrectly implemented - links and multilinks now
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3615 display as text fields when rendered using field(). To display a menu (drop-
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3616 down or select box) you need to use the menu() function.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3617
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3618
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3619
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3620 Migrating from 0.2.x to 0.3.x
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3621 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3622
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3623 0.3.x Cookie Authentication changes
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3624 -----------------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3625 0.3.0 introduces cookie authentication - you will need to copy the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3626 interfaces.py file from the roundup source to your instance home to enable
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3627 authentication. If you used the classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3628
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3629 <roundup source>/roundup/templates/classic/interfaces.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3630
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3631 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3632
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3633 <roundup source>/roundup/templates/extended/interfaces.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3634
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3635 If you have modified your interfaces.Client class, you will need to take
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3636 note of the login/logout functionality provided in roundup.cgi_client.Client
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3637 (classic schema) or roundup.cgi_client.ExtendedClient (extended schema) and
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3638 modify your instance code apropriately.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3639
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3640
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3641 0.3.x Password encoding
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3642 -----------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3643 This release also introduces encoding of passwords in the database. If you
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3644 have not edited the dbinit.py file in your instance home directory, you may
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3645 simply copy the new dbinit.py file from the core code. If you used the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3646 classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3647
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3648 <roundup source>/roundup/templates/classic/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3649
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3650 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3651
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3652 <roundup source>/roundup/templates/extended/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3653
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3654
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3655 If you have modified your dbinit.py file, you may use encoded passwords:
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3656
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3657 1. Edit the dbinit.py file in your instance home directory
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3658 a. At the first code line of the open() function::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3659
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3660 from roundup.hyperdb import String, Date, Link, Multilink
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3661
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3662 alter to include Password, as so::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3663
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3664 from roundup.hyperdb import String, Password, Date, Link, Multilink
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3665
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3666 b. Where the password property is defined (around line 66)::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3667
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3668 user = Class(db, "user",
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3669 username=String(), password=String(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3670 address=String(), realname=String(),
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3671 phone=String(), organisation=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3672 user.setkey("username")
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3673
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3674 alter the "password=String()" to "password=Password()"::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3675
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3676 user = Class(db, "user",
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3677 username=String(), password=Password(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
3678 address=String(), realname=String(),
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3679 phone=String(), organisation=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3680 user.setkey("username")
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3681
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3682 2. Any existing passwords in the database will remain cleartext until they
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3683 are edited. It is recommended that at a minimum the admin password be
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3684 changed immediately::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3685
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3686 roundup-admin -i <instance home> set user1 password=<new password>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3687
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3688
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3689 0.3.x Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3690 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3691 FILTER_POSITION, ANONYMOUS_ACCESS, ANONYMOUS_REGISTER have been added to
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3692 the instance_config.py. Simplest solution is to copy the default values from
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3693 template in the core source.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3694
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3695 MESSAGES_TO_AUTHOR has been added to the IssueClass in dbinit.py. Set to 'yes'
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3696 to send nosy messages to the author. Default behaviour is to not send nosy
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3697 messages to the author. You will need to add MESSAGES_TO_AUTHOR to your
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3698 dbinit.py in your instance home.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3699
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3700
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3701 0.3.x CGI script roundup.cgi
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3702 ----------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3703 There have been some structural changes to the roundup.cgi script - you will
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3704 need to install it again from the cgi-bin directory of the source
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3705 distribution. Make sure you update the ROUNDUP_INSTANCE_HOMES after the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3706 copy.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3707
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3708
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
3709 .. _`customisation documentation`: customizing.html
7091
849e9b2d6926 Rename security.py to security-history.py; change reference
John Rouillard <rouilj@ieee.org>
parents: 7064
diff changeset
3710 .. _`security documentation`: security-history.html
2409
Richard Jones <richard@users.sourceforge.net>
parents: 2374
diff changeset
3711 .. _`administration guide`: admin_guide.html
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3712 .. _`xmlrpc guide`: xmlrpc.html
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
3713 .. _FTS5 full-text search engine: https://www.sqlite.org/fts5.html
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3714 .. _PostgreSQL's full text search: https://www.postgresql.org/docs/current/textsearch.html
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3715 .. _`administration guide notes on native-fts`: admin_guide.html#configuring-native-fts-full-text-search
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
3716 .. _Configuring Compression: admin_guide.html#configuring-compression
6781
b3d4b25b4922 Add links some updates.
John Rouillard <rouilj@ieee.org>
parents: 6780
diff changeset
3717 .. _Software Upgrade: admin_guide.html#software-upgrade
Roundup Issue Tracker: http://roundup-tracker.org/