Mercurial > p > roundup > code

annotate share/roundup/templates/jinja2/schema.py @ 4902:a403c29ffaf9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Security fix default user permissions Default user permissions should not include all user attributes. We now limit this to the username, realname and some further attributes depending on the schema. Note that we no longer include the email addresses, depending on your installation you may want to further restrict this or add some attributes like ``address`` and ``alternate_addresses``.
author Ralf Schlatterbeck <rsc@runtux.com>
date Fri, 04 Jul 2014 15:32:28 +0200
parents a8c95abaf3fb
children cf112b90fa8d
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4751
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
1
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
2 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
3 # TRACKER SCHEMA
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
4 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
5
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
6 # Class automatically gets these properties:
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
7 # creation = Date()
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
8 # activity = Date()
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
9 # creator = Link('user')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
10 # actor = Link('user')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
11
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
12 # Priorities
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
13 pri = Class(db, "priority",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
14 name=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
15 order=Number())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
16 pri.setkey("name")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
17
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
18 # Statuses
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
19 stat = Class(db, "status",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
20 name=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
21 order=Number())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
22 stat.setkey("name")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
23
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
24 # Keywords
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
25 keyword = Class(db, "keyword",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
26 name=String())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
27 keyword.setkey("name")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
28
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
29 # User-defined saved searches
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
30 query = Class(db, "query",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
31 klass=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
32 name=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
33 url=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
34 private_for=Link('user'))
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
35
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
36 # add any additional database schema configuration here
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
37
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
38 user = Class(db, "user",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
39 username=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
40 password=Password(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
41 address=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
42 realname=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
43 phone=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
44 organisation=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
45 alternate_addresses=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
46 queries=Multilink('query'),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
47 roles=String(), # comma-separated string of Role names
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
48 timezone=String())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
49 user.setkey("username")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
50 db.security.addPermission(name='Register', klass='user',
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
51 description='User is allowed to register new user')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
52
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
53 # FileClass automatically gets this property in addition to the Class ones:
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
54 # content = String() [saved to disk in <tracker home>/db/files/]
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
55 # type = String() [MIME type of the content, default 'text/plain']
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
56 msg = FileClass(db, "msg",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
57 author=Link("user", do_journal='no'),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
58 recipients=Multilink("user", do_journal='no'),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
59 date=Date(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
60 summary=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
61 files=Multilink("file"),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
62 messageid=String(),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
63 inreplyto=String())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
64
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
65 file = FileClass(db, "file",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
66 name=String())
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
67
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
68 # IssueClass automatically gets these properties in addition to the Class ones:
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
69 # title = String()
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
70 # messages = Multilink("msg")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
71 # files = Multilink("file")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
72 # nosy = Multilink("user")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
73 # superseder = Multilink("issue")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
74 issue = IssueClass(db, "issue",
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
75 assignedto=Link("user"),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
76 keyword=Multilink("keyword"),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
77 priority=Link("priority"),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
78 status=Link("status"))
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
79
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
80 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
81 # TRACKER SECURITY SETTINGS
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
82 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
83 # See the configuration and customisation document for information
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
84 # about security setup.
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
85
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
86 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
87 # REGULAR USERS
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
88 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
89 # Give the regular users access to the web and email interface
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
90 db.security.addPermissionToRole('User', 'Web Access')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
91 db.security.addPermissionToRole('User', 'Email Access')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
92
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
93 # Assign the access and edit Permissions for issue, file and message
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
94 # to regular users now
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
95 for cl in 'issue', 'file', 'msg', 'keyword':
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
96 db.security.addPermissionToRole('User', 'View', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
97 db.security.addPermissionToRole('User', 'Edit', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
98 db.security.addPermissionToRole('User', 'Create', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
99 for cl in 'priority', 'status':
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
100 db.security.addPermissionToRole('User', 'View', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
101
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
102 # May users view other user information? Comment these lines out
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
103 # if you don't want them to
4902
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4751
diff changeset
104 p = db.security.addPermission(name='View', klass='user',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4751
diff changeset
105 properties=('id', 'organisation', 'phone', 'realname', 'timezone',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4751
diff changeset
106 'username'))
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4751
diff changeset
107 db.security.addPermissionToRole('User', p)
4751
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
108
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
109 # Users should be able to edit their own details -- this permission is
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
110 # limited to only the situation where the Viewed or Edited item is their own.
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
111 def own_record(db, userid, itemid):
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
112 '''Determine whether the userid matches the item being accessed.'''
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
113 return userid == itemid
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
114 p = db.security.addPermission(name='View', klass='user', check=own_record,
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
115 description="User is allowed to view their own user details")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
116 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
117 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
118 properties=('username', 'password', 'address', 'realname', 'phone',
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
119 'organisation', 'alternate_addresses', 'queries', 'timezone'),
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
120 description="User is allowed to edit their own user details")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
121 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
122
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
123 # Users should be able to edit and view their own queries. They should also
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
124 # be able to view any marked as not private. They should not be able to
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
125 # edit others' queries, even if they're not private
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
126 def view_query(db, userid, itemid):
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
127 private_for = db.query.get(itemid, 'private_for')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
128 if not private_for: return True
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
129 return userid == private_for
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
130 def edit_query(db, userid, itemid):
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
131 return userid == db.query.get(itemid, 'creator')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
132 p = db.security.addPermission(name='View', klass='query', check=view_query,
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
133 description="User is allowed to view their own and public queries")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
134 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
135 p = db.security.addPermission(name='Search', klass='query')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
136 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
137 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
138 description="User is allowed to edit their queries")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
139 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
140 p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
141 description="User is allowed to retire their queries")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
142 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
143 p = db.security.addPermission(name='Create', klass='query',
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
144 description="User is allowed to create queries")
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
145 db.security.addPermissionToRole('User', p)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
146
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
147
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
148 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
149 # ANONYMOUS USER PERMISSIONS
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
150 #
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
151 # Let anonymous users access the web interface. Note that almost all
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
152 # trackers will need this Permission. The only situation where it's not
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
153 # required is in a tracker that uses an HTTP Basic Authenticated front-end.
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
154 db.security.addPermissionToRole('Anonymous', 'Web Access')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
155
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
156 # Let anonymous users access the email interface (note that this implies
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
157 # that they will be registered automatically, hence they will need the
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
158 # "Create" user Permission below)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
159 # This is disabled by default to stop spam from auto-registering users on
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
160 # public trackers.
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
161 #db.security.addPermissionToRole('Anonymous', 'Email Access')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
162
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
163 # Assign the appropriate permissions to the anonymous user's Anonymous
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
164 # Role. Choices here are:
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
165 # - Allow anonymous users to register
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
166 db.security.addPermissionToRole('Anonymous', 'Register', 'user')
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
167
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
168 # Allow anonymous users access to view issues (and the related, linked
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
169 # information)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
170 for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status':
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
171 db.security.addPermissionToRole('Anonymous', 'View', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
172
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
173 # [OPTIONAL]
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
174 # Allow anonymous users access to create or edit "issue" items (and the
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
175 # related file and message items)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
176 #for cl in 'issue', 'file', 'msg':
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
177 # db.security.addPermissionToRole('Anonymous', 'Create', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
178 # db.security.addPermissionToRole('Anonymous', 'Edit', cl)
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
179
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
180
a8c95abaf3fb Work in progress - template based on jinja2, bootstrap and classic schema
Pradip Caulagi <caulagi@gmail.com>
parents:
diff changeset
181 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/