Mercurial > p > roundup > code

annotate website/issues/detectors/newissuecopy.py @ 5257:928512faf565

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- issue2550864: Potential information leakage via journal/history Original code didn't fully implement the security checks. Users with only Edit access on a property were not able to view the journal entry for the property. This patch fixes that. Also had additional info leakage: the target object of a link or multilink must be viewable or editable in order for the journal entry to be shown. Otherwise the existance of the target is exposed via the journal while it is blocked from searches, direct access etc.
author John Rouillard <rouilj@ieee.org>
date Sun, 27 Aug 2017 00:19:48 -0400
parents 198b6e810c67
children b580f61929e2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4354
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 from roundup import roundupdb
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 def newissuecopy(db, cl, nodeid, oldvalues):
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 ''' Copy a message about new issues to a team address.
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 '''
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 # so use all the messages in the create
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 change_note = cl.generateCreateNote(nodeid)
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 # send a copy to the nosy list
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 for msgid in cl.get(nodeid, 'messages'):
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 try:
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 # note: last arg must be a list
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 cl.send_message(nodeid, msgid, change_note,
4376
b622e150c0ba issues: Adding roundup-devel@lists.sourceforge.net to the list of recipients
Bernhard Reiter <ber@users.sourceforge.net>
parents: 4354
diff changeset
14 ['r1chardj0n3s@gmail.com',
b622e150c0ba issues: Adding roundup-devel@lists.sourceforge.net to the list of recipients
Bernhard Reiter <ber@users.sourceforge.net>
parents: 4354
diff changeset
15 'roundup-devel@lists.sourceforge.net'])
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 4376
diff changeset
16 except roundupdb.MessageSendError as message:
4354
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 raise roundupdb.DetectorError, message
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19 def init(db):
81a9eda2a798 I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20 db.issue.react('create', newissuecopy)
Roundup Issue Tracker: http://roundup-tracker.org/