Mercurial > p > roundup > code

annotate share/roundup/templates/jinja2/schema.py @ 5879:94a7669677ae

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add permissions to control user of rest and xmlrpc API interfaces. issue2551058: Add new permissions: 'Rest Access' and 'Xmlrpc Access' to allow per-user access control to rest and xmlrpc interfaces using roles. Updated all schemas to add these new perms to all authenticated roles. Error conditions in handle_xmlrpc were not working right in manual testing. I tried to make it a little better, but I don't actually understand how the fault xmlrpc object is supposed to be used. So I may have messed something up. I'll try to ping the people who wrote the xmlrpc code to have them review.
author John Rouillard <rouilj@ieee.org>
date Fri, 27 Sep 2019 23:29:59 -0400
parents cf112b90fa8d
children bae060c8a5ac
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4751
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
1
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
2 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
3 # TRACKER SCHEMA
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
4 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
5
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
6 # Class automatically gets these properties:
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
7 # creation = Date()
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
8 # activity = Date()
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
9 # creator = Link('user')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
10 # actor = Link('user')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
11
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
12 # Priorities
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
13 pri = Class(db, "priority",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
14 name=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
15 order=Number())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
16 pri.setkey("name")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
17
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
18 # Statuses
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
19 stat = Class(db, "status",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
20 name=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
21 order=Number())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
22 stat.setkey("name")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
23
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
24 # Keywords
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
25 keyword = Class(db, "keyword",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
26 name=String())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
27 keyword.setkey("name")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
28
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
29 # User-defined saved searches
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
30 query = Class(db, "query",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
31 klass=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
32 name=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
33 url=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
34 private_for=Link('user'))
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
35
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
36 # add any additional database schema configuration here
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
37
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
38 user = Class(db, "user",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
39 username=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
40 password=Password(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
41 address=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
42 realname=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
43 phone=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
44 organisation=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
45 alternate_addresses=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
46 queries=Multilink('query'),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
47 roles=String(), # comma-separated string of Role names
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
48 timezone=String())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
49 user.setkey("username")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
50 db.security.addPermission(name='Register', klass='user',
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
51 description='User is allowed to register new user')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
52
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
53 # FileClass automatically gets this property in addition to the Class ones:
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
54 # content = String() [saved to disk in <tracker home>/db/files/]
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
55 # type = String() [MIME type of the content, default 'text/plain']
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
56 msg = FileClass(db, "msg",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
57 author=Link("user", do_journal='no'),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
58 recipients=Multilink("user", do_journal='no'),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
59 date=Date(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
60 summary=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
61 files=Multilink("file"),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
62 messageid=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
63 inreplyto=String())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
64
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
65 file = FileClass(db, "file",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
66 name=String())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
67
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
68 # IssueClass automatically gets these properties in addition to the Class ones:
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
69 # title = String()
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
70 # messages = Multilink("msg")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
71 # files = Multilink("file")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
72 # nosy = Multilink("user")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
73 # superseder = Multilink("issue")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
74 issue = IssueClass(db, "issue",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
75 assignedto=Link("user"),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
76 keyword=Multilink("keyword"),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
77 priority=Link("priority"),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
78 status=Link("status"))
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
79
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
80 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
81 # TRACKER SECURITY SETTINGS
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
82 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
83 # See the configuration and customisation document for information
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
84 # about security setup.
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
85
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
86 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
87 # REGULAR USERS
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
88 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
89 # Give the regular users access to the web and email interface
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
90 db.security.addPermissionToRole('User', 'Web Access')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
91 db.security.addPermissionToRole('User', 'Email Access')
5879
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
92 db.security.addPermissionToRole('User', 'Rest Access')
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
93 db.security.addPermissionToRole('User', 'Xmlrpc Access')
4751
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
94
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
95 # Assign the access and edit Permissions for issue, file and message
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
96 # to regular users now
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
97 for cl in 'issue', 'file', 'msg', 'keyword':
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
98 db.security.addPermissionToRole('User', 'View', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
99 db.security.addPermissionToRole('User', 'Edit', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
100 db.security.addPermissionToRole('User', 'Create', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
101 for cl in 'priority', 'status':
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
102 db.security.addPermissionToRole('User', 'View', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
103
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
104 # May users view other user information? Comment these lines out
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
105 # if you don't want them to
4902
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4751
diff changeset
106 p = db.security.addPermission(name='View', klass='user',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4751
diff changeset
107 properties=('id', 'organisation', 'phone', 'realname', 'timezone',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4751
diff changeset
108 'username'))
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4751
diff changeset
109 db.security.addPermissionToRole('User', p)
4751
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
110
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
111 # Users should be able to edit their own details -- this permission is
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
112 # limited to only the situation where the Viewed or Edited item is their own.
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
113 def own_record(db, userid, itemid):
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
114 '''Determine whether the userid matches the item being accessed.'''
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
115 return userid == itemid
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
116 p = db.security.addPermission(name='View', klass='user', check=own_record,
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
117 description="User is allowed to view their own user details")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
118 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
119 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
120 properties=('username', 'password', 'address', 'realname', 'phone',
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
121 'organisation', 'alternate_addresses', 'queries', 'timezone'),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
122 description="User is allowed to edit their own user details")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
123 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
124
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
125 # Users should be able to edit and view their own queries. They should also
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
126 # be able to view any marked as not private. They should not be able to
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
127 # edit others' queries, even if they're not private
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
128 def view_query(db, userid, itemid):
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
129 private_for = db.query.get(itemid, 'private_for')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
130 if not private_for: return True
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
131 return userid == private_for
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
132 def edit_query(db, userid, itemid):
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
133 return userid == db.query.get(itemid, 'creator')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
134 p = db.security.addPermission(name='View', klass='query', check=view_query,
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
135 description="User is allowed to view their own and public queries")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
136 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
137 p = db.security.addPermission(name='Search', klass='query')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
138 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
139 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
140 description="User is allowed to edit their queries")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
141 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
142 p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
143 description="User is allowed to retire their queries")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
144 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
145 p = db.security.addPermission(name='Create', klass='query',
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
146 description="User is allowed to create queries")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
147 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
148
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
149
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
150 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
151 # ANONYMOUS USER PERMISSIONS
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
152 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
153 # Let anonymous users access the web interface. Note that almost all
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
154 # trackers will need this Permission. The only situation where it's not
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
155 # required is in a tracker that uses an HTTP Basic Authenticated front-end.
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
156 db.security.addPermissionToRole('Anonymous', 'Web Access')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
157
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
158 # Let anonymous users access the email interface (note that this implies
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
159 # that they will be registered automatically, hence they will need the
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
160 # "Create" user Permission below)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
161 # This is disabled by default to stop spam from auto-registering users on
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
162 # public trackers.
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
163 #db.security.addPermissionToRole('Anonymous', 'Email Access')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
164
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
165 # Assign the appropriate permissions to the anonymous user's Anonymous
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
166 # Role. Choices here are:
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
167 # - Allow anonymous users to register
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
168 db.security.addPermissionToRole('Anonymous', 'Register', 'user')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
169
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
170 # Allow anonymous users access to view issues (and the related, linked
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
171 # information)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
172 for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status':
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
173 db.security.addPermissionToRole('Anonymous', 'View', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
174
5113
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 4902
diff changeset
175 # Allow the anonymous user to use the "Show Unassigned" search.
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 4902
diff changeset
176 # It acts like "Show Open" if this permission is not available.
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 4902
diff changeset
177 # If you are running a tracker that does not allow read access for
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 4902
diff changeset
178 # anonymous, you should remove this entry as it can be used to perform
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 4902
diff changeset
179 # a username guessing attack against a roundup install.
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 4902
diff changeset
180 p = db.security.addPermission(name='Search', klass='user')
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 4902
diff changeset
181 db.security.addPermissionToRole ('Anonymous', p)
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 4902
diff changeset
182
4751
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
183 # [OPTIONAL]
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
184 # Allow anonymous users access to create or edit "issue" items (and the
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
185 # related file and message items)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
186 #for cl in 'issue', 'file', 'msg':
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
187 # db.security.addPermissionToRole('Anonymous', 'Create', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
188 # db.security.addPermissionToRole('Anonymous', 'Edit', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
189
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
190
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
191 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/