Mercurial > p > roundup > code

annotate doc/upgrading.txt @ 5726:e199d0ae4a25

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2551033: prevent reverse engineering hidden data by using etags as an oracle to identify when the right data has been guessed. Identified by Joseph Myers who also suggested remediation methods. Implemented John Rouillard.
author John Rouillard <rouilj@ieee.org>
date Thu, 23 May 2019 18:56:57 -0400
parents bc3e00a3d24b
children 8ab5fe695d5f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 Upgrading to newer versions of Roundup
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
5 Please read each section carefully and edit your tracker home files
2016
2112962f5bb1 Update documentation for the client.py split and add an upgrade notice.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 2003
diff changeset
6 accordingly. Note that there is information about upgrade procedures in the
2003
a291bf753037 maintenance -> admin guide
Richard Jones <richard@users.sourceforge.net>
parents: 1911
diff changeset
7 `administration guide`_.
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8
2273
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
9 If a specific version transition isn't mentioned here (eg. 0.6.7 to 0.6.8)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
10 then you don't need to do anything. If you're upgrading from 0.5.6 to
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
11 0.6.8 though, you'll need to check the "0.5 to 0.6" and "0.6.x to 0.6.3"
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
12 steps.
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
13
5328
ba1ce44254df clarify supported python versions in two docs. Reported by Joseph Myers.
John Rouillard <rouilj@ieee.org>
parents: 5323
diff changeset
14 **IMPORTANT** The v1.5.x releases of Roundup were the last to support
ba1ce44254df clarify supported python versions in two docs. Reported by Joseph Myers.
John Rouillard <rouilj@ieee.org>
parents: 5323
diff changeset
15 Python v2.5 and v2.6. Starting with the v1.6 releases of Roundup
ba1ce44254df clarify supported python versions in two docs. Reported by Joseph Myers.
John Rouillard <rouilj@ieee.org>
parents: 5323
diff changeset
16 v2.7.2 is required to run newer releases of Roundup.
4901
fa268ea457db Add note about dropping support for Python v2.5
John Kristensen <john@jerrykan.com>
parents: 4890
diff changeset
17
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
18 Contents:
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
19
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20 .. contents::
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
21 :local:
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
22
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
23 Migrating from 1.6.0 to x.y.0
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
24 =============================
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
25
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
26 Upgrade tracker's config.ini file
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
27 --------------------------------------
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
28 Once you have installed the new roundup, use:
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
29
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
30 roundup-admin -i /path/to/tracker updateconfig new_init_file.ini
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
31
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
32 to generate a new ini file preserving all your settings. You can then
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
33 merge any local comments from the tracker's ``config.ini`` into
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
34 ``new_init_file.ini``. Compare the old and new files and configure set
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
35 any new settings as you want. Then replace ``config.ini`` with the new
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
36 init file.
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
37
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
38 PGP mail processing
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
39 -------------------
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
40
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
41 Roundup now uses the ``gpg`` module instead of ``pyme`` to process PGP
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
42 mail. If you have PGP processing enabled, make sure the ``gpg``
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
43 module is installed.
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
44
5510
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
45 MySQL client module
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
46 -------------------
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
47
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
48 Although the ``MySQLdb`` module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
49 https://pypi.org/project/MySQL-python/ is still supported, it is
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
50 recommended to switch to the updated module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
51 https://pypi.org/project/mysqlclient/.
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
52
5526
df3f553fa414 Update documentation for Python 3 support (issue 2550968, issue 2550980).
Joseph Myers <jsm@polyomino.org.uk>
parents: 5510
diff changeset
53 Python 3 support
df3f553fa414 Update documentation for Python 3 support (issue 2550968, issue 2550980).
Joseph Myers <jsm@polyomino.org.uk>
parents: 5510
diff changeset
54 ----------------
df3f553fa414 Update documentation for Python 3 support (issue 2550968, issue 2550980).
Joseph Myers <jsm@polyomino.org.uk>
parents: 5510
diff changeset
55
df3f553fa414 Update documentation for Python 3 support (issue 2550968, issue 2550980).
Joseph Myers <jsm@polyomino.org.uk>
parents: 5510
diff changeset
56 Many of the ``.html`` and ``.py`` files from Roundup that are copied
df3f553fa414 Update documentation for Python 3 support (issue 2550968, issue 2550980).
Joseph Myers <jsm@polyomino.org.uk>
parents: 5510
diff changeset
57 into tracker directories have changed for Python 3 support. If you
df3f553fa414 Update documentation for Python 3 support (issue 2550968, issue 2550980).
Joseph Myers <jsm@polyomino.org.uk>
parents: 5510
diff changeset
58 wish to move an existing tracker to Python 3, you need to merge in
5543
bc3e00a3d24b MySQL backend fixes for Python 3.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5526
diff changeset
59 those changes. If your tracker uses the ``anydbm`` or ``mysql``
bc3e00a3d24b MySQL backend fixes for Python 3.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5526
diff changeset
60 backends, you also need to export the tracker contents using
bc3e00a3d24b MySQL backend fixes for Python 3.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5526
diff changeset
61 ``roundup-admin export`` running under Python 2, and them import them
bc3e00a3d24b MySQL backend fixes for Python 3.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5526
diff changeset
62 using ``roundup-admin import`` running under Python 3, as for a
bc3e00a3d24b MySQL backend fixes for Python 3.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5526
diff changeset
63 migration to a different backend. If using the ``sqlite`` backend,
bc3e00a3d24b MySQL backend fixes for Python 3.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5526
diff changeset
64 you do not need to export and import, but need to delete the
bc3e00a3d24b MySQL backend fixes for Python 3.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5526
diff changeset
65 ``db/otks`` and ``db/sessions`` files when changing Python version.
bc3e00a3d24b MySQL backend fixes for Python 3.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5526
diff changeset
66 If using the ``postgresql`` backend, you do not need to export and
bc3e00a3d24b MySQL backend fixes for Python 3.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5526
diff changeset
67 import and no other special database-related steps are needed.
5526
df3f553fa414 Update documentation for Python 3 support (issue 2550968, issue 2550980).
Joseph Myers <jsm@polyomino.org.uk>
parents: 5510
diff changeset
68
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
69 Migrating from 1.5.1 to 1.6.0
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
70 =============================
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
71
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
72 Update tracker config file
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
73 --------------------------
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
74
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
75 After installing the new version of roundup, you should
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
76 update the ``config.ini`` file for your tracker. To do this:
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
77
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
78 1. backup your existing ``config.ini`` file
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
79 2. using the newly installed code, run::
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
80
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
81 roundup-admin -i /path/to/tracker updateconfig config.ini.new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
82
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
83 to create the file config.ini.new. Replace
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
84 ``/path/to/tracker`` with the path to your tracker.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
85 3. replace your tracker's config.ini with config.ini.new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
86
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
87 Using updateconfig keeps all the settings from your
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
88 tracker's config.ini file and adds settings for all the new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
89 options.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
90
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
91 If you have added comments to your original config.ini file,
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
92 merge the added comments into the config.ini.new file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
93 replace your tracker's config.ini with config.ini.new.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
94
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
95 Read the new config.ini and configure it to enable new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
96 features. Details on using these features can be found in
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
97 this section.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
98
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
99 Make sure that user can view labelprop on classes (REQUIRED)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
100 ------------------------------------------------------------
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
101
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
102 If you have View permissions that use ```properties=...```,
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
103 make sure that the labelprop for the class is listed in the
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
104 properties list.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
105
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
106 The first one of these that exists must must be in the list:
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
107
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
108 1. the property set by a call to setlabelprop for the class
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
109 2. the key of the class (as set by setkey())
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
110 3. the "name" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
111 4. the "title" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
112
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
113 if none of those apply, you must allow
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
114
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
115 * the "id" property
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
116
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
117 E.G. If your class does a setlabelprop("foo") you must include "foo"
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
118 in the properties list even if the class has name or title properties.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
119
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
120 See:
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
121 http://www.roundup-tracker.org/docs/customizing.html#setlabelprop-property
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
122 for further details on the labelprop.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
123
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
124 If you don't do this, you will find that multilinks (and possibly
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
125 links) may not be displayed properly. E.G. templates that iterate over
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
126 a mutlilink field (with tal:repeat for example) may not show any
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
127 content.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
128
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
129 See: https://sourceforge.net/p/roundup/mailman/message/35763294/
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
130 for the initial discussion of the issue.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
131
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
132 Cross Site Request Forgery Detection Added
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
133 ------------------------------------------
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
134
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
135 Roundup 1.6. supports a number of defenses against CSRF.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
136
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
137 Http header verification against the tracker's ``web``
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
138 setting in the ``[tracker]`` section of config.ini for the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
139 following headers:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
140
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
141 1. Analyze the ``Referer`` HTTP header to make sure it
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
142 includes the web setting.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
143 2. Analyze the ``Origin`` HTTP header to make sure the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
144 schema://host matches the web setting.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
145 3. Analyze the ``X-Forwarded-Host`` header set by a proxy
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
146 running in front of roundup to make sure it agrees with
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
147 the host part of the web setting.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
148 4. Analyze the ``Host`` header to make sure it agrees with
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
149 the host part of the web setting. This is not done if
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
150 ``X-Forwarded-Host`` is set.
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
151
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
152 By default roundup 1.6 does not require any specific header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
153 to be present. However at least one of the headers above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
154 *must* pass validation checks (usually ``Host`` or
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
155 ``Referer``) or the submission is rejected with an error.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
156 If any header fails validation, the submission is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
157 rejected. (Note the user's form keeps all the data they
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
158 entered if it was rejected.)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
159
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
160 Also the admin can include unique csrf tokens for all forms
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
161 submitted using the POST method. (Delete and put methods are also
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
162 included, but not currently used by roundup.) The csrf
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
163 token (nonce) is tied to the user's session. When the user
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
164 submits the form and nonce, the nonce is checked to make
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
165 sure it was issued to the user and the same session. If this
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
166 is not true the post is rejected and the user is notified.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
167
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
168 The standard context/submit templating item creates CSRF tokens by
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
169 default. If you have forms using the POST method that are not using
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
170 the standard submit routine, you should add the following field to all
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
171 forms:
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
172
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
173 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
174 tal:attributes="value python:utils.anti_csrf_nonce()">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
175
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
176 A unique random token is generated by every call to
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
177 utils.anti_csrf_nonce() and is put in a database to be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
178 retreived if the token is used. Token lifetimes are 2 weeks
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
179 by default but can be configured in config.ini. Roundup will
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
180 automatically prune old tokens. Calling anti_csrf_nonce with
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
181 an integer lifetime, for example:
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
182
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
183 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
184 tal:attributes="value python:utils.anti_csrf_nonce(lifetime=10)">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
185
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
186 sets the lifetime of that nonce to 10 minutes.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
187
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
188 If you want to change the default settings, you have to
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
189 update the web section in your tracker's config.ini file. Follow the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
190 section above to generate an updated config.ini file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
191 look for settings that start with csrf. The updated config.ini
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
192 file includes detailed descriptions of the settings.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
193
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
194 In general one of four values can be set for these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
195 settings. The default is ``yes``, which validates the header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
196 or nonce and blocks access if the validation fails. If the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
197 field/header is missing it allows access. Setting these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
198 fields to ``required`` blocks access if the header/nonce is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
199 missing.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
200
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
201 It is recommended that you change your templates so every form
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
202 that is not submitted via GET has an @csrf field. Then change
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
203 the csrf_enforce_token setting to 'required'.
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
204
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
205 Errors and Troubleshooting - @csrf in url
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
206 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
207
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
208 If you see the @csrf nonce in the URL, you have added the value to a
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
209 form that uses the GET method. You should remove the @csrf token from
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
210 these forms as it is not needed.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
211
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
212 Errors and Troubleshooting - AttributeError list object no attribute value
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
213 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
214 If you get an error:
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
215
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
216 AttributeError: 'list' object has no attribute 'value'
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
217
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
218 in handle_csrf, you have more than one @csrf token for the form. This
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
219 usually occurs because the form uses the standard context/submit
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
220 element but you also added an explicit @csrf statement. Simply remove
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
221 the @csrf element for that form.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
222
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
223 Errors and Troubleshooting - xmlrpc Required Header Missing
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
224 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
225 When performing and xmlrpc call, if you see something like:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
226
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
227 xmlrpclib.Fault: <Fault 1: "<class
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
228 'roundup.exceptions.UsageError'>:Required Header Missing">
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
229
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
230 change the setting of csrf_enforce_header_x-requested-with in
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
231 config.ini to no. So it looks like:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
232
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
233 csrf_enforce_header_x-requested-with = no
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
234
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
235 Alternatively change your xmlrpc client to add appropriate headers to
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
236 the request including the:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
237
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
238 X-Requested-With:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
239
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
240 header as well as any other required csrf headers (e.g. referer, origin)
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
241 configured in config.ini. See the advanced python client at the end of
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
242 the `xmlrpc guide`_.
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
243
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
244 Support for SameSite cookie option for session cookie
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
245 -----------------------------------------------------
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
246
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
247 Support for serving the session cookie using the SameSite cookie option
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
248 has been added. By default it is set to lax to provide a better user
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
249 experience. But this can be changes to strict or the option can be
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
250 removed entirely.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
251
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
252 Using the process for merging config.ini changes described in
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
253 `Cross Site Request Forgery Detection Added`_ you can add the
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
254 ``samesite_cookie_setting`` to the ``[web]`` section of the config
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
255 file.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
256
5147
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
257 Fix for path traversal changes template resolution
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
258 --------------------------------------------------
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
259
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
260 The templates in the tracker's html subdirectory must not be
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
261 symbolic links that lead outside of the html directory.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
262
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
263 If you don't use symbolic links for templates in your html
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
264 subdirectory you don't have to make any changes. Otherwise you need to
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
265 replace the symbolic links with hard links to the files or replace the
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
266 symbolic links with the files.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
267
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
268 This is a side effect of fixing a path traversal security issue. The
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
269 security issue required a directory with a specific unusual name. This
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
270 made it difficult to exploit. However allowing the use of
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
271 subdirectories to organize the templates required that it be fixed.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
272
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
273
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
274 Database back end specified in config.ini (REQUIRED)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
275 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
276
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
277 The ``db/backend_name`` file is no longer used to configure the database
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
278 backend being used for a tracker. The backend is now configured in the
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
279 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
280 section. For example if ``db/backend_name`` file contains ``sqlite``, a new
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
281 entry in the tracker's ``config.ini`` will need to be created::
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
282
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
283 [rdbms]
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
284
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
285 ...
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
286
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
287 # Database backend.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
288 # Default:
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
289 backend = sqlite
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
290
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
291 Once the ``config.ini`` file has been updated with the new ``backend`` option,
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
292 you can safely delete the ``db/backend_name`` file.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
293
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
294 Note: the ``backend_name`` file may be located in a directory other than
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
295 ``db/`` if you have configured the ``database`` option in the ``[main]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
296 section of the ``config.ini`` file to be something other than ``db``.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
297
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
298 Note 2: if you are using the anydbm back end, you still set
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
299 it using the backend option in the rdbms section of the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
300 config.ini file.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
301
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
302 New config file option 'indexer' added
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
303 --------------------------------------
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
304
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
305 This release added support for the Whoosh indexer, so a new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
306 config file option has been
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
307 added. You can force Roundup to use a particular text indexer by
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
308 setting this value in the [main] section of the tracker's
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
309 ``config.ini`` file (usually placed right before indexer_stopwords)::
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
310
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
311 [main]
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
312
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
313 ...
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
314
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
315 # Force Roundup to use a particular text indexer.
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
316 # If no indexer is supplied, the first available indexer
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
317 # will be used in the following order:
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
318 # Possible values: xapian, whoosh, native (internal).
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
319 indexer =
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
320
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
321 Errors and Troubleshooting - Full text searching not working
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
322 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
323
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
324 If after the upgrade full text searching is not working try changing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
325 the indexer value. If this is failing most likely you need to set
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
326 '''indexer = native''' to use the rdbms or db text indexing systems.
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
327
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
328 Alternatively you can do a
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
329 '''roundup-admin -i /path/to/tracker reindex'''
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
330 to generate a new index using roundup's preferred indexer from the list above.
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
331
5108
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
332 Stemming improved in Xapian Indexer
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
333 -----------------------------------
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
334
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
335 Stemming allows a search for "silent" also match silently. The Porter
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
336 stemmer in Xapian works with lowercase English text. In this release we
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
337 lowercase the documents as they are put into the indexer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
338
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
339 This means capitalization is not preserved, but produces more hits by
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
340 using the stemmer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
341
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
342 You will need to do a roundup-admin reindex if you are using the
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
343 Xapian full text indexer on your tracker.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
344
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
345
5098
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
346 New config file option 'replyto_address' added
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
347 ----------------------------------------------
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
348
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
349 A new config file option has been added to let you control the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
350 Reply-To header on nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
351
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
352 Edit your tracker's ``config.ini`` and place the following after
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
353 the email entry in the tracker section::
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
354
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
355 [tracker]
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
356 ...
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
357
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
358 # Controls the reply-to header address used when sending
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
359 # nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
360 # If the value is unset (default) the roundup tracker's
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
361 # email address (above) is used.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
362 # If set to "AUTHOR" then the primary email address of the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
363 # author of the change will be used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
364 # address. This allows email exchanges to occur outside of
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
365 # the view of roundup and exposes the address of the person
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
366 # who updated the issue, but it could be useful in some
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
367 # unusual circumstances.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
368 # If set to some other value, the value is used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
369 # address. It must be a valid RFC2822 address or people will not be
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
370 # able to reply.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
371 # Default:
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
372 replyto_address =
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
373
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
374 Login from a search or after logout works better (REQUIRED)
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
375 -----------------------------------------------------------
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
376
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
377 The login form has been improved to work with some back end code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
378 changes. Now when a user logs in they stay on the same page where they
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
379 started the login. To make this work, you must change the tal that is
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
380 used to set the ``__came_from`` form variable. Note that the url
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
381 assigned to __came_from must be url encoded/quoted and be under the
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
382 tracker's base url. If the base_url uses http, you can set the url to
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
383 https.
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
384
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
385 Replace the existing code in the tracker's html/page.html page that
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
386 looks similar to (look for name="__came_from")::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
387
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
388 <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
389
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
390 with the following::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
391
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
392 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
393 tal:condition="exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
394 tal:attributes="value string:${request/base}${request/env/PATH_INFO}?${request/env/QUERY_STRING}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
395 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
396 tal:condition="not:exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
397 tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
398
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
399 Now search backwards for the nearest form statement before the code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
400 that sets __came_from. If it looks like::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
401
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
402 <form method="post" action="#">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
403
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
404 replace it with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
405
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
406 <form method="post" tal:attributes="action request/base">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
407
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
408 or with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
409
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
410 <form method="post" tal:attributes="action string:${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
411
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
412 the important part is that the action field **must not** include any query
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
413 parameters ('#' includes query params).
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
414
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
415 Errors and Troubleshooting - Unrecognized scheme in ...
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
416 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
417
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
418 One symptom of failing to do this is getting an error:
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
419
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
420 Unrecognized scheme in ....
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
421
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
422 where the .... changes depending on the url path. You can see this
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
423 when logging in from any screen other than the main index.
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
424
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
425 Option to make adding multiple keywords more convenient
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
426 -------------------------------------------------------
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
427
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
428 In the classic tracker, after adding a new keyword you are redirected
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
429 to the page for the new keyword so you can change the keyword's
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
430 name. This is usually not desirable as you usually correctly set the
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
431 keyword's name when creating the keyword. The new classic tracker has
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
432 a new checkbox (checked by default) that keeps you on the same page so
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
433 you can add a new keywords one after the other.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
434
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
435 To add this to your own tracker, add the following code (prefixed with
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
436 a +) after the entry box for the new keyword in html/keyword.item.html::
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
437
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
438 <tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
439 <th i18n:translate="">Keyword</th>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
440 <td tal:content="structure context/name/field">name</td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
441 + <td tal:condition="not:context/id">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
442 + <tal:comment tal:replace="nothing">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
443 + If we get here and do not have an id, we are creating a new
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
444 + keyword. It would be nice to provide some mechanism to
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
445 + determine the preferred state of the "Continue adding keywords"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
446 + checkbox. By default it is enabled.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
447 + </tal:comment>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
448 + <input type="checkbox" id="continue_new_keyword"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
449 + name="__redirect_to"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
450 + tal:attributes="value
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
451 + string:${request/base}${request/env/PATH_INFO}?@template=item;
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
452 + checked python:True" />
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
453 + <label for="continue_new_keyword" i18n:translate="">Continue adding keywords.</label>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
454 + </td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
455 </tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
456
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
457 Note remove the leading '+' when adding this to the templates.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
458
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
459 The key component here is support for the '__redirect_to' query
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
460 property. It is a url which can be used when creating any new item
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
461 (issue, user, keyword ....). It controls the next page displayed after
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
462 creating the item. If '__redirect_to' is not set, then you end up on
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
463 the page for the newly created item. The url value assigned to
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
464 __redirect_to must start with the tracker's base url and must be properly
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
465 url encoded.
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
466
5179
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
467 Helper popups trigger change events on the original page
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
468 --------------------------------------------------------
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
469
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
470 The helper popups used to set dates (from a calendar), change lists of
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
471 users or lists of issues did not notify the browser that the fields
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
472 had been changed. This release adds code to trigger the change event.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
473
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
474 To add the change event to the calendar popup, you don't need to do
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
475 any changes to the tracker. It is all done in the roundup python code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
476 in templating.py.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
477
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
478 To add the change event when updating users using the help-submit
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
479 template, copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
480 share/roundup/templates/devel/html/_generic.help-submit.html and
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
481 replace your tracker's html/_generic.help-submit.html. If you have
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
482 done local changes to this file, change your file to include the code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
483 that defines the onclick event for the input field with
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
484 id="btn_apply".
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
485
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
486 To add the change event when updating lists of issues copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
487 share/roundup/templates/devel/html/help_controls.js to your tracer's
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
488 html directory. If you have made local changes to the javascript file,
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
489 merge the two if/else blocks labeled::
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
490
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
491 /* trigger change event on the field we changed */
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
492
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
493 into your help_controls.js
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
494
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
495 html/_generic.404.html in trackers use page template
5078
487dc55e3c5e issue2550907 Fix errors when creating documentation. Work done by
John Rouillard <rouilj@ieee.org>
parents: 5068
diff changeset
496 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
497
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
498 The original generic 404 error pages for many trackers did not use the
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
499 standard page layout. This change replaces the html/_generic.404.html
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
500 page with one that uses the page template.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
501
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
502 If your deployed tracker is based on: classic, minimal, responsive or
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
503 devel templates and has not changed the html/_generic.404.html file,
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
504 you can copy in the new file to get this additional functionality.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
505
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
506 Organize templates into subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
507 --------------------------------------
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
508
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
509 The @template parameter to the web interface allows the use of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
510 subdirectories. So a setting of @template=view/view for an issue would
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
511 use the template in the tracker's html/view/issue.view.html. Similarly
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
512 for a caller class, you could put all the templates under the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
513 html/caller directory with names like: html/caller/caller.item.html,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
514 html/caller/caller.index.html etc. You may want to symbolically link the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
515 html/_generic* templates into your subdirectory so that missing
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
516 templates (e.g. a missing caller.edit.html template) can be satisfied
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
517 by the _generic.edit.html template.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
518
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
519 Properly quote query dispname (displayed name) in page.html
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
520 -----------------------------------------------------------
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
521
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
522 A new method has been added to HTMLStringProperty called url_quote.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
523 The default templates have been updated to use this in the "Your
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
524 Query" section of the trackers html/page.html file. You will want to
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
525 change your template. Lines starting with - are the original line and
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
526 you want to change it to match the line starting with the + (remove
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
527 the + from the line)::
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
528
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
529 <tal:block tal:repeat="qs request/user/queries">
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
530 - <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
531 + <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
532 tal:content="qs/name">link</a><br>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
533 </tal:block>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
534
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
535 Find the tal:repeat line that loops over all queries. Then
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
536 change the value assigned to @dispname in the href attribute from
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
537 ${qs/name} to ${qs/name/url_quote}. Note that you should *not* change
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
538 the value for tal:content.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
539
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
540 Allow "Show Unassigned" issues link to work for Anonymous user
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
541 --------------------------------------------------------------
5113
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
542
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
543 In this release the anonymous user is allowed to search the user
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
544 class. The following was added to the schema for all templates that
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
545 provide the search option::
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
546
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
547 p = db.security.addPermission(name='Search', klass='user')
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
548 db.security.addPermissionToRole ('Anonymous', p)
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
549
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
550 If you are running a tracker that **does not** allow read access for
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
551 anonymous, you should remove this entry as it can be used to perform
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
552 a username guessing attack against a roundup install.
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
553
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
554 Errors and Troubleshooting - Unassigned issues for anonymous
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
555 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5276
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
556
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
557 If you notice that the "Unassigned Issues" search on page.html
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
558 is displaying assigned issues for users with the Anonymous role,
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
559 you need to allow search permissions for the user class.
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
560
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
561 Improvements in Classic Tracker query.edit.html template
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
562 --------------------------------------------------------
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
563
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
564 There is a new query editing template included in the distribution at:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
565
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
566 ``share/roundup/templates/classic/html/query.edit.html``
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
567
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
568 This template fixes:
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
569
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
570 * public query could not be removed from "Your Queries" once it was added.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
571 Trying to do so would cause a permissions error.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
572 * private yes/no dropdown always showed "yes" regardless of
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
573 underlying state
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
574 * query Delete button did not work.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
575 * same query being displayed multiple times
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
576
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
577 It also adds:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
578 * the table layout displays queries created by the user first,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
579 then available public queries.
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
580 * public query owners are shown
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
581 * better support for deleted queries. When a query is deleted, it is
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
582 still available for those who added it to their query list. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
583 are the query owner, you can restore (undelete) the query. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
584 are not the owner you can remove it from your query list.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
585 (If a query is deleted and nobody had it in their query list, it
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
586 will not show up in the "Active retired queries" section. You will
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
587 have to use the class editor or roundup_admin command line to
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
588 restore it.)
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
589 * notifies the user that delete/restore requires javascript. It
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
590 always did, but that requirement wasn't displayed.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
591
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
592 To use the new template, you must add Restore permission on queries to
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
593 allow the user to restore queries (see below).
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
594
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
595 If you have not modified the query.edit.html template in your tracker,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
596 you should be able to copy the new version from the location above.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
597 Otherwise you will have to merge the changes into your modified template.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
598
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
599 Add the query Restore permission for the User role to your tracker's
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
600 schema.py file. Place it right after the query retire permission for
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
601 the user role. After the change it should look like::
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
602
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
603 p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
604 description="User is allowed to retire their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
605 db.security.addPermissionToRole('User', p)
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
606 p = db.security.addPermission(name='Restore', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
607 check=edit_query,
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
608 description="User is allowed to restore their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
609 db.security.addPermissionToRole('User', p)
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
610
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
611 where the last four lines are the ones you need to add.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
612
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
613 Usually you can add this to your User role. If all users have the User
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
614 role in common then all logged in users should be ok. If you have
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
615 users who do not include the User role (e.g. they may only have a
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
616 Provisional role), you should add the search permission to that role
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
617 (e.g. Provisional) as well if you allow them to edit their list of
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
618 queries.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
619
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
620 Also see the `new search permissions for query in 1.4.17`_ section
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
621 discussing search permission requirements for editing queries. The
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
622 fixes in this release require the ability to search the creator of all
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
623 queries to work correctly.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
624
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
625 If the test script for the `new search permissions for query in
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
626 1.4.17`_ doesn't report that a role has the ability to search queries
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
627 or at least search the creator property for queries, add the following
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
628 permissions to your schema.py::
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
629
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
630 s = db.security.addPermission(name='Search', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
631 properties=['creator'],
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
632 description="User is allowed to Search queries for creator")
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
633 db.security.addPermissionToRole('User', s)
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
634
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
635 Errors and Troubleshooting - Public queries listed twice when editing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
636 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
637
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
638 If you do not do this, public queries will be listed twice in the edit
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
639 interface. Once in the "Queries I created" section and again in the
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
640 "Queries others created" section of the query edit page
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
641 (``http..../query?@template=edit``).
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
642
5274
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
643 Fix security issues in query.item.html template
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
644 -----------------------------------------------
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
645 The default query.item.html template allows anybody to view all
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
646 queries.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
647
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
648 This has been updated in the classic, devel and responsive templates
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
649 to only allow people to view queries they creates or queries that are
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
650 publicly viewable.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
651
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
652 If you haven't modified you query.item.html template, simply copy the
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
653 query.item.html template from one of the above default templates to
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
654 your tracker's html directory.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
655
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
656 Enhancement to check command for Permissions
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
657 --------------------------------------------
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
658
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
659 A new form of check function is permitted in permission definitions.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
660 The three argument form is still supported and will work the same
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
661 as it always has (although it may be depricated in the future).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
662
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
663 If the check function is defined as::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
664
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
665 check(db, userid, itemid, **ctx)
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
666
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
667 the ctx variable will have the context to use when determining access
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
668 rights::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
669
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
670 ctx['property'] the name of the property being checked or None if
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
671 it's a class check.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
672
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
673 ctx['classname'] the name of the class that is being checked
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
674 (issue, query ....).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
675
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
676 ctx['permission'] the name of the permission (e.g. View, Edit...).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
677
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
678 This should make defining complex permissions much easier. Consider::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
679
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
680 def issue_private_access(db, userid, itemid, **ctx):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
681 if not db.issue.get(itemid, 'private'):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
682 # allow access to everything if not private
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
683 return True
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
684
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
685 # It is a private issue hide nosy list
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
686 # Note that the nosy property *must* be listed
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
687 # in permissions argument to the addPermission
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
688 # definition otherwise this check command
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
689 # is not run.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
690 if ctx['property'] == 'nosy':
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
691 return False # deny access to this property
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
692
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
693 # allow access for editing, viewing etc. of the class
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
694 return True
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
695
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
696
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
697 e = db.security.addPermission(name='Edit', klass='issue',
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
698 check=issue_private_access,
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
699 properties=['nosy'],
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
700 description="Edit issue checks")
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
701
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
702 It is suggested that you change your checks to use the ``**ctx``
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
703 parameter. This is expected to be the preferred form in the future.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
704 You do not need to use the ``ctx`` parameter in the function if you do
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
705 not need it.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
706
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
707 Changes to property permissions
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
708 -------------------------------
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
709
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
710 If you create a permission:
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
711
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
712 db.security.addPermission(name='View', klass='user',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
713 properties=['theme'], check=own_record,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
714 description="User is allowed to view their own theme")
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
715
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
716 that combines checks and properties, the permission also matches a
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
717 permission check for the View permission on the user class. So this
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
718 also allows the user to see their user record. It is unexpected that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
719 checking for access without a property would match this permission.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
720
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
721 This release adds support for making a permission like above only be
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
722 used during property permission tests. See ``customizing.txt`` and
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
723 search for props_only and set_props_only_default in the section
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
724 'Adding a new Permission'
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
725
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
726 Improve query editing
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
727 ---------------------
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
728
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
729 If a user creates a query with the same name as one of their existing
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
730 queries, the query editing interface will now report an error. By
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
731 default the query editing page (issue.search.html) displays the index
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
732 page when the search is triggered. This is usually correct since the
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
733 user expects to see the results of the query. But now that
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
734 the code properly checks for duplicate search names, the user should
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
735 stay on the search page if there is an error. To add this to your
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
736 existing issue.search.html page, add the following line after the
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
737 hidden field @old-queryname:
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
738
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
739 <input type="hidden" name="@template" value="index|search"/>
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
740
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
741 With this addition, the index template is displayed if there is no
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
742 error, and the user stays on the search template if there is an error.
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
743
5323
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
744 New -L (loghttpvialogger) option to roundup-server
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
745 --------------------------------------------------
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
746
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
747 Http request logs from roundup-server are sent to stderr or
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
748 can be recorded in a log file (if -l or the logfile options
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
749 is used). However there is no way to rotate the logfile
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
750 without shutting down and restarting the roundup-server.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
751
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
752 If the -L flag is used, the python logging module is used
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
753 for logging the http requests. The name for the log
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
754 (qualname) is 'roundup.http'. You can direct these messages
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
755 to a rotating log file by putting the following::
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
756
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
757 [loggers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
758 keys=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
759
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
760 [logger_roundup.http]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
761 level=INFO
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
762 handlers=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
763 qualname=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
764 propagate=0
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
765
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
766 [handlers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
767 keys=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
768
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
769 [handler_rotate_weblog]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
770 class=logging.handlers.RotatingFileHandler
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
771 args=('httpd.log','a', 512000, 2)
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
772 formatter=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
773
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
774 [formatters]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
775 keys=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
776
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
777 [formatter_plain]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
778 format=%(message)s
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
779
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
780 into a file (e.g. logging.ini). Then reference this file in
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
781 the 'config' value of the [logging] section in the trackers
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
782 config.ini file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
783
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
784 Note the log configuration above is an example and can be
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
785 merged into a more full featured logging config file for
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
786 your tracker if you wish. It will create a new file in the
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
787 current working directory called 'httpd.log' and will rotate
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
788 the log file at 500K and keep two old copies of the file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
789
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
790 Migrating from 1.5.0 to 1.5.1
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
791 =============================
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
792
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
793 User data visibility
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
794 --------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
795
4902
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
796 For security reasons you should change the permissions on the user
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
797 class. We previously shipped a configuration that allowed users to see
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
798 too many of other users details, including hashed passwords under
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
799 certain circumstances. In schema.py in your tracker, replace the line::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
800
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
801 db.security.addPermissionToRole('User', 'View', 'user')
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
802
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
803 with::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
804
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
805 p = db.security.addPermission(name='View', klass='user',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
806 properties=('id', 'organisation', 'phone', 'realname',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
807 'timezone', 'username'))
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
808 db.security.addPermissionToRole('User', p)
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
809
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
810 Note that this removes visibility of user emails, if you want emails to
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
811 be visible you can add 'address' and 'alternate_addresses' to the list
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
812 above.
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
813
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
814 XSS protection for custom actions
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
815 ---------------------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
816
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
817 If you have defined your own cgi actions in your tracker instance
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
818 (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
819 all cases where client.error_message or client.ok_message are modified
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
820 directly. Instead of::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
821
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
822 self.client.ok_message.append(...)
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
823
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
824 you need to call::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
825
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
826 self.client.add_ok_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
827
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
828 and the same for::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
829
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
830 self.client.error_message.append(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
831
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
832 vs.::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
833
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
834 self.client.add_error_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
835
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
836 The new calls escape the passed string by default and avoid XSS security
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
837 issues.
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
838
4664
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
839 Migrating from 1.4.20 to 1.4.21
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
840 ===============================
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
841
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
842 The ``_generic.calendar.html`` page of the instance has been updated to include
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
843 ``<meta name="robots" content="noindex, nofollow" />``. This prevents
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
844 robots to follow all the links in the calendar. If you haven't modified the
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
845 page on your local instance, you can simply replace it with the one in
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
846 ``share/roundup/templates/classic/html/_generic.calendar.html``; if you did,
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
847 you can add the tag manually. See issue2550765 and changeset a099ff2ceff3.
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
848
4678
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
849 If you are using the xml-rpc interface, there is a change
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
850 in accessing it. You can not send text/xml data to any
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
851 roundup url and get a response, you must use the /xmlrpc
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
852 url. For example, if you used to send your xmlrpc request to:
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
853
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
854 http://myroundup.com/roundup
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
855
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
856 you need to change the url to read:
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
857
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
858 http://myroundup.com/roundup/xmlrpc
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
859
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
860 to invoke the xmlrpc handler. This allows us to send xml
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
861 data to roundup for other handlers (e.g. REST, SOAP ...)
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
862 in the future.
4664
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
863
4623
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
864 Migrating from 1.4.19 to 1.4.20
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
865 ===============================
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
866
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
867 Roundup used to allow certain HTML-Tags in OK- and Error-messages. Since
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
868 these messages are passed via the URL (due to roundup redirecting after
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
869 an edit), we did have security-issues (see issue2550724).
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
870
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
871 If you have customized the OK or Error messages in your
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
872 roundup-installation and you were using features like bold or italic
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
873 in the message, you will have to do without this highlighting and
4623
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
874 remove HTML tags from messages.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
875
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
876 If you were using <br> tags for multi-line messages, you now should use
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
877 newlines instead, these will be replaced with <br/> during formatting.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
878
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
879 Note that the previous implementation also allowed links inside
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
880 messages. Since these links could be set by an attacker, no links in
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
881 roundup messages are supported anymore. This does *not* affect the
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
882 "clear this message" link in OK-messages as it is generated by the
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
883 template and is not part of the OK-message.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
884
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
885 If you have not modified any roundup messages, you need not do anything,
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
886 the templates shipped with roundup did not use HTML tags in messages for
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
887 highlighting.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
888
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
889
4503
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
890 Migrating from 1.4.17 to 1.4.18
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
891 ===============================
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
892
4503
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
893 There was a bug in 1.4.17 where files were unlinked from issues if a
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
894 mail without attachment was received via the mail interface. The
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
895 following script will list likely issues being affected by the bug.
4503
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
896 The date in the script is the date of the 1.4.17 release. If you have
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
897 installed 1.4.17 later than this date, you can change the date
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
898 appropriately to your installation date. Run the script in the directory
4582
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
899 of your tracker::
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
900
4582
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
901 #!/usr/bin/python
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
902 import os
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
903 from roundup import instance
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
904 from roundup.date import Date
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
905 dir = os.getcwd ()
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
906 tracker = instance.open (dir)
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
907 db = tracker.open ('admin')
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
908 # you may want to change this to your install date to find less candidates
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
909 last_release = Date('2011-05-13')
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
910 affected = {}
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
911 for i in db.issue.getnodeids():
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
912 for j in db.issue.history(i):
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
913 if i in affected:
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
914 break
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
915 if j[1] < last_release or j[3] != 'set' or 'files' not in j[4]:
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
916 continue
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
917 for op, p in j[4]['files']:
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
918 if op == '-':
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
919 affected [i] = 1
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
920 break
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
921 print(', '.join(sorted(affected.keys())))
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
922
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
923 To find out which files where attached before you can look in the
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
924 history of the affected issue. For fixing issues you can re-attach the
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
925 files in question using the "set" command of roundup-admin, e.g., if the
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
926 list of files attached to an issue should be files 5, 17, 23 for issue42
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
927 you will set this using
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
928
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
929 roundup-admin -i /path/to/your/tracker set issue42 files=5,17,23
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
930
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
931 Migrating from 1.4.x to 1.4.17
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
932 ==============================
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
933
4489
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
934 There is a new config-option `migrate_passwords` in section `web` to
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
935 auto-migrate passwords at web-login time to a more secure storage
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
936 scheme. Default for the new option is "yes" so if you don't want that
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
937 passwords are auto-migrated to a more secure password scheme on user
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
938 login, set this to "no" before running your tracker(s) after the
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
939 upgrade.
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
940
4489
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
941 The standalone roundup-server now defaults to listening on localhost (no
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
942 longer on all network interfaces). This will not affect you if you're
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
943 already using a configuration file for roundup-server. If you are using
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
944 an empty setting for the `host` parameter in the config-file you should
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
945 explicitly put 0.0.0.0 there as the use of an empty string to specify
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
946 listening to all interfaces is deprecated and will go away in a future
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
947 version. If you are starting the server without a configuration file
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
948 and want to explicitly listen to all network interface, you should
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
949 specify the -n option with the address `0.0.0.0`.
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
950
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
951 .. _new search permissions for query in 1.4.17:
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
952
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
953 Searching now requires either read-permission without a check method, or
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
954 you will have to add a "Search" permission for a class or a list of
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
955 properties for a class (if you want to allow searching). For the classic
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
956 template (or other templates derived from it) you want to add the
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
957 following lines to your `schema.py` file::
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
958
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
959 p = db.security.addPermission(name='Search', klass='query')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
960 db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
961
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
962 This is needed, because for the `query` class users may view only their
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
963 own queries (or public queries). This is implemented with a `check`
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
964 method, therefore the default search permissions will not allow
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
965 searching and you'll have to add an explicit search permission.
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
966 If you have modified your schema, you can check if you're missing any
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
967 search permissions with the following script, run it in your tracker
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
968 directory, it will list for each Class and Property the roles that may
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
969 search for this property::
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
970
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
971 #!/usr/bin/python
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
972 from __future__ import print_function
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
973 import os
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
974 from roundup import instance
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
975
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
976 tracker = instance.open(os.getcwd ())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
977 db = tracker.open('admin')
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
978
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
979 for cl in sorted(db.getclasses()):
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
980 print("Class:", cl)
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
981 for p in sorted(db.getclass(cl).getprops(protected=True).keys()):
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
982 print(" Property:", p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
983 roles = []
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
984 for role in sorted(db.security.role.keys()):
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
985 if db.security.roleHasSearchPermission(cl,p,role):
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
986 roles.append(role)
5332
d0689aaa83db Applied patch 0038 from issue2550960 to upgrade code examples in
John Rouillard <rouilj@ieee.org>
parents: 5328
diff changeset
987 print(" roles may search:", ', '.join(roles))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
988
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
989
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
990 Migrating from 1.4.x to 1.4.12
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
991 ==============================
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
992
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
993 Item creation now checks the "Create" permission instead of the "Edit"
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
994 permission for individual properties. If you have modified your tracker
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
995 permissions from the default distribution, you should check that
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
996 "Create" permissions exist for all properties you want users to be able
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
997 to create.
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
998
4322
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
999
4320
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1000 Fixing some potential security holes
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1001 ------------------------------------
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1002
4322
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
1003 Enhanced checking was added to the user registration auditor. If you
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
1004 run a public tracker you should update your tracker's
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
1005 ``detectors/userauditor.py`` using the new code from
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
1006 ``share/roundup/templates/classic/detectors/userauditor.py``. In most
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
1007 cases you may just copy the file over, but if you've made changes to
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
1008 the auditor in your tracker then you'll need to manually integrate
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
1009 the new code.
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
1010
4320
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1011 Some HTML templates were found to have formatting security problems:
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1012
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1013 ``html/page.html``::
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1014
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1015 -tal:replace="request/user/username">username</span></b><br>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1016 +tal:replace="python:request.user.username.plain(escape=1)">username</span></b><br>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1017
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1018 ``html/_generic.help-list.html``::
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1019
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1020 -tal:content="structure python:item[prop]"></label>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1021 +tal:content="python:item[prop]"></label>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1022
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1023 The lines marked "+" should be added and lines marked "-" should be
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1024 deleted (minus the "+"/"-" signs).
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1025
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1026
4321
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1027 Some HTML interface tweaks
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1028 --------------------------
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1029
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1030 You may wish to copy the ``user_utils.js`` and ``style.css` files from the
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1031 source distribution ``share/roundup/templates/classic/html/`` directory to the
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1032 ``html`` directory of your trackers as it includes a small improvement.
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1033
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1034 If you have made local changes to those files you'll need to manually work
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1035 the differences in to your versions or ignore the changes.
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1036
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
1037
4299
e16a1131ba67 include info on what a designator is in all commands that use them
Richard Jones <richard@users.sourceforge.net>
parents: 4295
diff changeset
1038 Migrating from 1.4.x to 1.4.11
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1039 ==============================
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1040
4312
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
1041 Close potential security hole
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
1042 -----------------------------
4308
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1043
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1044 If your tracker has untrusted users you should examine its ``schema.py``
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1045 file and look for the section granting the "Edit" permission to your users.
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1046 This should look something like::
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1047
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1048 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1049 description="User is allowed to edit their own user details")
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1050
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1051 and should be modified to restrict the list of properties they are allowed
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1052 to edit by adding the ``properties=`` section like::
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1053
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1054 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1055 properties=('username', 'password', 'address', 'realname', 'phone',
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1056 'organisation', 'alternate_addresses', 'queries', 'timezone'),
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1057 description="User is allowed to edit their own user details")
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1058
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1059 Most importantly the "roles" property should not be editable - thus not
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1060 appear in that list of properties.
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1061
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
1062
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1063 Grant the "Register" permission to the Anonymous role
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1064 -----------------------------------------------------
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1065
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1066 A separate "Register" permission has been introduced to allow
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1067 anonymous users to register. This means you will need to add the
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1068 following to your tracker's ``schema.py`` to add the permission and
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1069 assign it to the Anonymous role (replacing any previously assigned
4312
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
1070 "Create user" permission for the Anonymous role)::
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1071
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1072 +db.security.addPermission(name='Register', klass='user',
4312
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
1073 + description='User is allowed to register new user')
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1074
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1075 # Assign the appropriate permissions to the anonymous user's Anonymous
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1076 # Role. Choices here are:
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1077 # - Allow anonymous users to register
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1078 -db.security.addPermissionToRole('Anonymous', 'Create', 'user')
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1079 +db.security.addPermissionToRole('Anonymous', 'Register', 'user')
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1080
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1081 The lines marked "+" should be added and lines marked "-" should be
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1082 deleted (minus the "+"/"-" signs).
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1083
4323
a3f88aa04735 fix stupid typo
Richard Jones <richard@users.sourceforge.net>
parents: 4322
diff changeset
1084 You should also modify the ``html/page.html`` template to change the
4320
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1085 permission tested there::
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1086
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1087 -tal:condition="python:request.user.hasPermission('Create', 'user')"
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1088 +tal:condition="python:request.user.hasPermission('Register', 'user')"
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
1089
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
1090
4318
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
1091 Generic class editor may now restore retired items
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
1092 --------------------------------------------------
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
1093
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
1094 The instructions for doing so won't be present in your tracker unless you copy
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
1095 the ``_generic.index.html`` template from the roundup distribution in
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
1096 ``share/roundup/templates/classic/html`` to your tracker's ``html`` directory.
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
1097
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
1098
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1099 Migrating from 1.4.x to 1.4.9
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1100 =============================
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1101
4211
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1102 Customized MailGW Class
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1103 -----------------------
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1104
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1105 If you have customized the MailGW class in your tracker: The new MailGW
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1106 class opens the database for each message in the method handle_message
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1107 (instance.open) instead of passing the opened database as a parameter to
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1108 the MailGW constructor. The old handle_message has been renamed to
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1109 _handle_message. The new method opens the database and wraps the call to
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1110 the old method into a try/finally.
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1111
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1112 Your customized MailGW class needs to mirror this behavior.
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
1113
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1114 Fix the "remove" button in issue files and messages lists
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1115 ---------------------------------------------------------
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1116
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1117 The "remove" button(s) in the issue messages list needs to be altered. Find
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1118 the following in your tracker's ``html/issue.item.html`` template::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1119
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1120 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1121 <form style="padding:0" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1122 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1123 <input type="hidden" name="@remove@files" tal:attributes="value file/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1124
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1125 and add ``method="POST"`` as shown below::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1126
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1127 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1128 <form style="padding:0" method="POST" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1129 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1130 <input type="hidden" name="@remove@files" tal:attributes="value file/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1131
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1132 Then also find::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1133
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1134 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1135 <form style="padding:0" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1136 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1137 <input type="hidden" name="@remove@messages" tal:attributes="value msg/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1138
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1139 and add ``method="POST"`` as shown below::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1140
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1141 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1142 <form style="padding:0" method="POST" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1143 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1144 <input type="hidden" name="@remove@messages" tal:attributes="value msg/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1145
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1146
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1147 Fixing the "retire" button in user management list
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1148 --------------------------------------------------
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1149
4643
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1150 Some previous versions of this upgrading document missed ``method="POST"``
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1151 in the change to the "retire" link in the user management list
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1152 in section `Migrating from 1.4.x to 1.4.7`_.
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1153 Make sure the change is done as listed below in this document.
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1154
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1155
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1156 Migrating from 1.4.x to 1.4.7
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1157 =============================
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1158
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1159 Several security issues were addressed in this release. Some aspects of your
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1160 trackers may no longer function depending on your local customisations. Core
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1161 functionality that will need to be modified:
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1162
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1163 Grant the "retire" permission to users for their queries
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1164 --------------------------------------------------------
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1165
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1166 Users will no longer be able to retire their own queries. To remedy this you
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1167 will need to add the following to your tracker's ``schema.py`` just under the
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1168 line that grants them permission to edit their own queries::
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1169
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1170 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1171 description="User is allowed to edit their queries")
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1172 db.security.addPermissionToRole('User', p)
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1173 + p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1174 + description="User is allowed to retire their queries")
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1175 + db.security.addPermissionToRole('User', p)
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1176 p = db.security.addPermission(name='Create', klass='query',
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1177 description="User is allowed to create queries")
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1178 db.security.addPermissionToRole('User', p)
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1179
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1180 The lines marked "+" should be added, minus the "+" sign.
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1181
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1182
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1183 Fix the "retire" link in the users list for admin users
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1184 -------------------------------------------------------
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1185
4330
15f74c03d9f5 fix typo
Richard Jones <richard@users.sourceforge.net>
parents: 4323
diff changeset
1186 The "retire" link found in the file ``html/user.index.html``::
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1187
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1188 <td tal:condition="context/is_edit_ok">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1189 <a tal:attributes="href string:user${user/id}?@action=retire&@template=index"
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1190 i18n:translate="">retire</a>
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1191
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1192 Should be replaced with::
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1193
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1194 <td tal:condition="context/is_retire_ok">
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1195 <form style="padding:0" method="POST"
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1196 tal:attributes="action string:user${user/id}">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1197 <input type="hidden" name="@template" value="index">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1198 <input type="hidden" name="@action" value="retire">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1199 <input type="submit" value="retire" i18n:attributes="value">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1200 </form>
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1201
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1202
4089
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1203 Fix for Python 2.6+ users
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1204 -------------------------
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1205
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1206 If you use Python 2.6 you should edit your tracker's
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1207 ``detectors/nosyreaction.py`` file to change::
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1208
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1209 import sets
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1210
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1211 at the top to::
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1212
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1213 from roundup.anypy.sets_ import set
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1214
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1215 and then all instances of ``sets.Set()`` to ``set()`` in the later code.
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1216
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1217
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1218
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1219 Trackers currently allowing HTML file uploading
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1220 -----------------------------------------------
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1221
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1222 Trackers which wish to continue to allow uploading of HTML content against issues
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1223 will need to set a new configuration variable in the ``[web]`` section of the
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1224 tracker's ``config.ini`` file:
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1225
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1226 # Setting this option enables Roundup to serve uploaded HTML
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1227 # file content *as HTML*. This is a potential security risk
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1228 # and is therefore disabled by default. Set to 'yes' if you
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1229 # trust *all* users uploading content to your tracker.
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1230 # Allowed values: yes, no
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1231 # Default: no
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1232 allow_html_file = no
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1233
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1234
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1235
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1236 Migrating from 1.4.2 to 1.4.3
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1237 =============================
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1238
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1239 If you are using the MySQL backend you will need to replace some indexes
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1240 that may have been created by version 1.4.2.
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1241
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1242 You should to access your MySQL database directly and remove any indexes
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1243 with a name ending in "_key_retired_idx". You should then re-add them with
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1244 the same spec except the key column name needs a size. So an index on
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1245 "_user (__retired, _name)" should become "_user (__retired, _name(255))".
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1246
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1247
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1248 Migrating from 1.4.x to 1.4.2
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1249 =============================
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1250
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1251 You should run the "roundup-admin migrate" command for your tracker once
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1252 you've installed the latest codebase.
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1253
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1254 Do this before you use the web, command-line or mail interface and before
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1255 any users access the tracker.
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1256
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1257 This command will respond with either "Tracker updated" (if you've not
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1258 previously run it on an RDBMS backend) or "No migration action required"
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1259 (if you have run it, or have used another interface to the tracker,
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1260 or are using anydbm).
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1261
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1262 It's safe to run this even if it's not required, so just get into the
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1263 habit.
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1264
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1265
3938
083e280165a8 Pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3858
diff changeset
1266 Migrating from 1.3.3 to 1.4.0
3838
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1267 =============================
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1268
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1269 Value of the "refwd_re" tracker configuration option (section "mailgw")
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1270 is treated as UTF-8 string. In previous versions, it was ISO8859-1.
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1271
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1272 If you have running trackers based on the classic template, please
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1273 update the messagesummary detector as follows::
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1274
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1275 --- detectors/messagesummary.py 17 Apr 2003 03:26:38 -0000 1.1
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1276 +++ detectors/messagesummary.py 3 Apr 2007 06:47:21 -0000 1.2
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1277 @@ -8,7 +8,7 @@
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1278 if newvalues.has_key('summary') or not newvalues.has_key('content'):
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1279 return
3838
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1280
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1281 - summary, content = parseContent(newvalues['content'], 1, 1)
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1282 + summary, content = parseContent(newvalues['content'], config=db.config)
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1283 newvalues['summary'] = summary
3838
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1284
3858
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1285 In the latest version we have added some database indexes to the
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1286 SQL-backends (mysql, postgresql, sqlite) for speeding up building the
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1287 roundup-index for full-text search. We recommend that you create the
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1288 following database indexes on the database by hand::
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1289
4332
61f2e659faf7 add SQL detail
Richard Jones <richard@users.sourceforge.net>
parents: 4330
diff changeset
1290 CREATE INDEX words_by_id ON __words (_textid);
61f2e659faf7 add SQL detail
Richard Jones <richard@users.sourceforge.net>
parents: 4330
diff changeset
1291 CREATE UNIQUE INDEX __textids_by_props ON __textids (_class, _itemid, _prop);
3858
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1292
3745
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1293 Migrating from 1.2.x to 1.3.0
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1294 =============================
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1295
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1296 1.3.0 Web interface changes
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1297 ---------------------------
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1298
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1299 Some of the HTML files in the "classic" and "minimal" tracker templates
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1300 were changed to fix some bugs and clean them up. You may wish to compare
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1301 them to the HTML files in your tracker and apply any changes.
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1302
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1303
3732
0cc9b954f1f1 - fix version number in upgrading howto.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3696
diff changeset
1304 Migrating from 1.1.2 to 1.2.0
3696
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1305 =============================
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1306
3732
0cc9b954f1f1 - fix version number in upgrading howto.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3696
diff changeset
1307 1.2.0 Sorting and grouping by multiple properties
3696
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1308 -------------------------------------------------
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1309
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1310 Starting with this version, sorting and grouping by multiple properties
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1311 is possible. This means that request.sort and request.group are now
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1312 lists. This is reflected in several places:
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1313
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1314 * ``renderWith`` now has list attributes for ``sort`` and ``group``,
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1315 where you previously wrote::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1316
3696
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1317 renderWith(... sort=('-', 'activity'), group=('+', 'priority')
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1318
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1319 you write now::
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1320
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1321 renderWith(... sort=[('-', 'activity')], group=[('+', 'priority')]
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1322
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1323 * In templates that permit to edit sorting/grouping, request.sort and
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1324 request.group are (possibly empty) lists. You can now sort and group
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1325 by multiple attributes. For an example, see the classic template. You
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1326 may want search for the variable ``n_sort`` which can be set to the
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1327 number of sort/group properties.
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1328
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1329 * Templates that diplay new headlines for each group of items with
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1330 equal group properties can now use the modified ``batch.propchanged``
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1331 method that can take several properties which are checked for
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1332 changes. See the example in the classic template which makes use of
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1333 ``batch.propchanged``.
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1334
3588
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1335 Migrating from 1.1.0 to 1.1.1
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1336 =============================
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1337
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1338 1.1.1 "Clear this message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1339 --------------------------
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1340
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1341 In 1.1.1, the standard ``page.html`` template includes a "clear this message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1342 link in the green "ok" message bar that appears after a successful edit
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1343 (or other) action.
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1344
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1345 To include this in your tracker, change the following in your ``page.html``
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1346 template::
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1347
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1348 <p tal:condition="options/ok_message | nothing" class="ok-message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1349 tal:repeat="m options/ok_message" tal:content="structure m">error</p>
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1350
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1351 to be::
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1352
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1353 <p tal:condition="options/ok_message | nothing" class="ok-message">
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1354 <span tal:repeat="m options/ok_message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1355 tal:content="structure string:$m <br/ > " />
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1356 <a class="form-small" tal:attributes="href request/current_url"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1357 i18n:translate="">clear this message</a>
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1358 </p>
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1359
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1360
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1361 If you implemented the "clear this message" in your 1.1.0 tracker, then you
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1362 should change it to the above and it will work much better!
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1363
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1364
3550
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
1365 Migrating from 1.0.x to 1.1.0
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
1366 =============================
3548
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1367
3550
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
1368 1.1 Login "For Session Only"
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
1369 ----------------------------
3548
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1370
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1371 In 1.1, web logins are alive for the length of a session only, *unless* you
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1372 add the following to the login form in your tracker's ``page.html``::
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1373
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1374 <input type="checkbox" name="remember" id="remember">
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1375 <label for="remember" i18n:translate="">Remember me?</label><br>
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1376
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1377 See the classic tracker ``page.html`` if you're unsure where this should
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1378 go.
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1379
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1380
3549
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1381 1.1 Query Display Name
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1382 ----------------------
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1383
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1384 The ``dispname`` web variable has been renamed ``@dispname`` to avoid
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1385 clashing with other variables of the same name. If you are using the
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1386 display name feature, you will need to edit your tracker's ``page.html``
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1387 and ``issue.index.html`` pages to change ``dispname`` to ``@dispname``.
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1388
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1389 A side-effect of this change is that the renderWith method used in the
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1390 ``home.html`` page may now take a dispname argument.
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1391
3554
5e70726a86dd fixed schema migration problem when Class keys were removed
Richard Jones <richard@users.sourceforge.net>
parents: 3552
diff changeset
1392
3552
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1393 1.1 "Clear this message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1394 ------------------------
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1395
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1396 In 1.1, the standard ``page.html`` template includes a "clear this message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1397 link in the green "ok" message bar that appears after a successful edit
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1398 (or other) action.
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1399
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1400 To include this in your tracker, change the following in your ``page.html``
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1401 template::
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1402
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1403 <p tal:condition="options/ok_message | nothing" class="ok-message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1404 tal:repeat="m options/ok_message" tal:content="structure m">error</p>
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1405
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1406 to be::
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1407
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1408 <p tal:condition="options/ok_message | nothing" class="ok-message">
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1409 <span tal:repeat="m options/ok_message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1410 tal:content="structure string:$m <br/ > " />
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1411 <a class="form-small" tal:attributes="href string:issue${context/id}"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1412 i18n:translate="">clear this message</a>
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1413 </p>
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1414
3549
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1415
3518
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1416 Migrating from 0.8.x to 1.0
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1417 ===========================
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1418
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1419 1.0 New Query Permissions
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1420 -------------------------
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1421
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1422 New permissions are defined for query editing and viewing. To include these
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1423 in your tracker, you need to add these lines to your tracker's
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1424 ``schema.py``::
3419
4aeb0d0cf0d6 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3281
diff changeset
1425
3518
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1426 # Users should be able to edit and view their own queries. They should also
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1427 # be able to view any marked as not private. They should not be able to
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1428 # edit others' queries, even if they're not private
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1429 def view_query(db, userid, itemid):
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1430 private_for = db.query.get(itemid, 'private_for')
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1431 if not private_for: return True
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1432 return userid == private_for
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1433 def edit_query(db, userid, itemid):
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1434 return userid == db.query.get(itemid, 'creator')
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1435 p = db.security.addPermission(name='View', klass='query', check=view_query,
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1436 description="User is allowed to view their own and public queries")
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1437 db.security.addPermissionToRole('User', p)
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1438 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1439 description="User is allowed to edit their queries")
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1440 db.security.addPermissionToRole('User', p)
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1441 p = db.security.addPermission(name='Create', klass='query',
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1442 description="User is allowed to create queries")
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1443 db.security.addPermissionToRole('User', p)
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1444
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1445 and then remove 'query' from the line::
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1446
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1447 # Assign the access and edit Permissions for issue, file and message
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1448 # to regular users now
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1449 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1450
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1451 so it looks like::
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1452
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1453 for cl in 'issue', 'file', 'msg', 'keyword':
3419
4aeb0d0cf0d6 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3281
diff changeset
1454
4aeb0d0cf0d6 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3281
diff changeset
1455
3253
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1456 Migrating from 0.8.0 to 0.8.3
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1457 =============================
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1458
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1459 0.8.3 Nosy Handling Changes
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1460 ---------------------------
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1461
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1462 A change was made to fix a bug in the ``nosyreaction.py`` standard
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1463 detector. To incorporate this fix in your trackers, you will need to copy
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1464 the ``nosyreaction.py`` file from the ``templates/classic/detectors``
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1465 directory of the source to your tracker's ``templates`` directory.
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1466
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1467 If you have modified the ``nosyreaction.py`` file from the standard
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1468 version, you will need to roll your changes into the new file.
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1469
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1470
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1471 Migrating from 0.7.1 to 0.8.0
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1472 =============================
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1473
2954
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
1474 You *must* fully uninstall previous Roundup version before installing
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
1475 Roundup 0.8.0. If you don't do that, ``roundup-admin install``
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
1476 command may fail to function properly.
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
1477
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1478 0.8.0 Backend changes
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1479 ---------------------
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1480
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1481 Backends 'bsddb' and 'bsddb3' are removed. If you are using one of these,
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1482 you *must* migrate to another backend before upgrading.
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1483
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1484
2737
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1485 0.8.0 API changes
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1486 -----------------
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1487
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1488 Class.safeget() was removed from the API. Test your item ids before calling
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1489 Class.get() instead.
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1490
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1491
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1492 0.8.0 New tracker layout
2700
Richard Jones <richard@users.sourceforge.net>
parents: 2573
diff changeset
1493 ------------------------
Richard Jones <richard@users.sourceforge.net>
parents: 2573
diff changeset
1494
2889
accb3b411ef6 instructions and method for generating config.ini
Richard Jones <richard@users.sourceforge.net>
parents: 2886
diff changeset
1495 The ``config.py`` file has been replaced by ``config.ini``. You may use the
accb3b411ef6 instructions and method for generating config.ini
Richard Jones <richard@users.sourceforge.net>
parents: 2886
diff changeset
1496 roundup-admin command "genconfig" to generate a new config file::
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1497
2889
accb3b411ef6 instructions and method for generating config.ini
Richard Jones <richard@users.sourceforge.net>
parents: 2886
diff changeset
1498 roundup-admin genconfig <tracker home>/config.ini
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1499
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1500 and modify the values therein based on the contents of your old config.py.
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1501 In most cases, the names of the config variables are the same.
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1502
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1503 The ``select_db.py`` file has been replaced by a file in the ``db``
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1504 directory called ``backend_name``. As you might guess, this file contains
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1505 just the name of the backend. To figure what the contents of yours should
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1506 be, use the following table:
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1507
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1508 ================================ =========================
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1509 ``select_db.py`` contents ``backend_name`` contents
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1510 ================================ =========================
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1511 from back_anydbm import ... anydbm
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1512 from back_metakit import ... metakit
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1513 from back_sqlite import ... sqlite
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1514 from back_mysql import ... mysql
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1515 from back_postgresql import ... postgresql
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1516 ================================ =========================
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1517
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1518 The ``dbinit.py`` file has been split into two new files,
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1519 ``initial_data.py`` and ``schema.py``. The contents of this file are:
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1520
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1521 ``initial_data.py``
3130
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1522 You don't need one of these as your tracker is already initialised.
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1523
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1524 ``schema.py``
3130
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1525 Copy the body of the ``def open(name=None)`` function from your old
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1526 tracker's ``dbinit.py`` file to this file. As the lines you're copying
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1527 aren't part of a function definition anymore, one level of indentation
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1528 needs to be removed (remove only the leading four spaces on each
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1529 line).
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1530
3130
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1531 The first few lines -- those starting with ``from roundup.hyperdb
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1532 import ...`` and the ``db = Database(config, name)`` line -- don't
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1533 need to be copied. Neither do the last few lines -- those starting
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1534 with ``import detectors``, down to ``return db`` inclusive.
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1535
3281
751601e710d8 minor doc change
Richard Jones <richard@users.sourceforge.net>
parents: 3253
diff changeset
1536 You may remove the ``__init__.py`` module from the "detectors" directory as
751601e710d8 minor doc change
Richard Jones <richard@users.sourceforge.net>
parents: 3253
diff changeset
1537 it is no longer used.
751601e710d8 minor doc change
Richard Jones <richard@users.sourceforge.net>
parents: 3253
diff changeset
1538
3738
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
1539 There's a new way to write extension code for Roundup. If you have code in
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
1540 an ``interfaces.py`` file you should move it. See the `customisation
2915
7d97c75e7cba more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2913
diff changeset
1541 documentation`_ for information about how extensions are now written.
3738
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
1542 Note that some older trackers may use ``interfaces.py`` to customise the
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
1543 mail gateway behaviour. You will need to keep your ``interfaces.py`` file
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
1544 if this is the case.
2700
Richard Jones <richard@users.sourceforge.net>
parents: 2573
diff changeset
1545
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1546
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1547 0.8.0 Permissions Changes
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1548 -------------------------
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1549
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1550 The creation of a new item in the user interfaces is now controlled by the
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1551 "Create" Permission. You will need to add an assignment of this Permission
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1552 to your users who are allowed to create items. The most common form of this
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1553 is the following in your ``schema.py`` added just under the current
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1554 assignation of the Edit Permission::
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1555
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1556 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1557 p = db.security.getPermission('Create', cl)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1558 db.security.addPermissionToRole('User', p)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1559
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1560 You will need to explicitly let anonymous users access the web interface so
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1561 that regular users are able to see the login form. Note that almost all
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1562 trackers will need this Permission. The only situation where it's not
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1563 required is in a tracker that uses an HTTP Basic Authenticated front-end.
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1564 It's enabled by adding to your ``schema.py``::
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1565
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1566 p = db.security.getPermission('Web Access')
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1567 db.security.addPermissionToRole('Anonymous', p)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1568
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1569 Finally, you will need to enable permission for your users to edit their
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1570 own details by adding the following to ``schema.py``::
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1571
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1572 # Users should be able to edit their own details. Note that this
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1573 # permission is limited to only the situation where the Viewed or
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1574 # Edited item is their own.
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1575 def own_record(db, userid, itemid):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1576 '''Determine whether the userid matches the item being accessed.'''
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1577 return userid == itemid
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1578 p = db.security.addPermission(name='View', klass='user', check=own_record,
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1579 description="User is allowed to view their own user details")
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1580 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1581 description="User is allowed to edit their own user details")
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1582 db.security.addPermissionToRole('User', p)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1583
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1584
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1585 0.8.0 Use of TemplatingUtils
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1586 ----------------------------
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1587
2910
5c0e5abcb5e3 doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2907
diff changeset
1588 If you used custom python functions in TemplatingUtils, they must
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1589 be moved from interfaces.py to a new file in the ``extensions`` directory.
2910
5c0e5abcb5e3 doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2907
diff changeset
1590
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1591 Each Function that should be available through TAL needs to be defined
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1592 as a toplevel function in the newly created file. Furthermore you
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1593 add an inititialization function, that registers the functions with the
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1594 tracker.
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1595
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1596 If you find this too tedious, donfu wrote an automatic init function that
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1597 takes an existing TemplatingUtils class, and registers all class methods
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1598 that do not start with an underscore. The following hack should be placed
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1599 in the ``extensions`` directory alongside other extensions::
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1600
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1601 class TemplatingUtils:
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1602 # copy from interfaces.py
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1603
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1604 def init(tracker):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1605 util = TemplatingUtils()
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1606
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1607 def setClient(tu):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1608 util.client = tu.client
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1609 return util
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1610
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1611 def execUtil(name):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1612 return lambda tu, *args, **kwargs: \
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1613 getattr(setClient(tu), name)(*args, **kwargs)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1614
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1615 for name in dir(util):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1616 if callable(getattr(util, name)) and not name.startswith('_'):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1617 tracker.registerUtil(name, execUtil(name))
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1618
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1619
2572
d15b71b8a85a more logging goodness
Richard Jones <richard@users.sourceforge.net>
parents: 2409
diff changeset
1620 0.8.0 Logging Configuration
d15b71b8a85a more logging goodness
Richard Jones <richard@users.sourceforge.net>
parents: 2409
diff changeset
1621 ---------------------------
d15b71b8a85a more logging goodness
Richard Jones <richard@users.sourceforge.net>
parents: 2409
diff changeset
1622
2573
71e03be0a25b *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2572
diff changeset
1623 See the `administration guide`_ for information about configuring the new
71e03be0a25b *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2572
diff changeset
1624 logging implemented in 0.8.0.
71e03be0a25b *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2572
diff changeset
1625
2374
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1626
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1627 Migrating from 0.7.2 to 0.7.3
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1628 =============================
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1629
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1630 0.7.3 Configuration
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1631 -------------------
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1632
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1633 If you choose, you may specify the directory from which static files are
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1634 served (those which use the URL component ``@@file``). Currently the
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1635 directory defaults to the ``TEMPLATES`` configuration variable. You may
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1636 define a new variable, ``STATIC_FILES`` which overrides this value for
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1637 static files.
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1638
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1639
2293
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1640 Migrating from 0.7.0 to 0.7.2
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1641 =============================
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1642
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1643 0.7.2 DEFAULT_TIMEZONE is now required
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1644 --------------------------------------
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1645
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1646 The DEFAULT_TIMEZONE configuration variable is now required. Add the
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1647 following to your tracker's ``config.py`` file::
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1648
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1649 # You may specify a different default timezone, for use when users do not
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1650 # choose their own in their settings.
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1651 DEFAULT_TIMEZONE = 0 # specify as numeric hour offest
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1652
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1653
2273
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1654 Migrating from 0.7.0 to 0.7.1
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1655 =============================
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1656
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1657 0.7.1 Permission assignments
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1658 ----------------------------
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1659
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1660 If you allow anonymous access to your tracker, you might need to assign
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1661 some additional View (or Edit if your tracker is that open) permissions
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1662 to the "anonymous" user. To do so, find the code in your ``dbinit.py`` that
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1663 says::
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1664
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1665 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1666 p = db.security.getPermission('View', cl)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1667 db.security.addPermissionToRole('User', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1668 p = db.security.getPermission('Edit', cl)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1669 db.security.addPermissionToRole('User', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1670 for cl in 'priority', 'status':
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1671 p = db.security.getPermission('View', cl)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1672 db.security.addPermissionToRole('User', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1673
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1674 Add add a line::
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1675
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1676 db.security.addPermissionToRole('Anonymous', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1677
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1678 next to the existing ``'User'`` lines for the Permissions you wish to
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1679 assign to the anonymous user.
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1680
2119
cc4667ef3f12 Added the ability to toggle where error messages go.
Eddie Parker <eparker@users.sourceforge.net>
parents: 2114
diff changeset
1681
2136
ee3cf6a44f29 queries on a per-user basis, and public queries [SF#891798] :)
Richard Jones <richard@users.sourceforge.net>
parents: 2121
diff changeset
1682 Migrating from 0.6 to 0.7
2119
cc4667ef3f12 Added the ability to toggle where error messages go.
Eddie Parker <eparker@users.sourceforge.net>
parents: 2114
diff changeset
1683 =========================
cc4667ef3f12 Added the ability to toggle where error messages go.
Eddie Parker <eparker@users.sourceforge.net>
parents: 2114
diff changeset
1684
2076
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1685 0.7.0 Permission assignments
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1686 ----------------------------
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1687
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1688 Due to a change in the rendering of web widgets, permissions are now
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1689 checked on Classes where they previously weren't (this is a good thing).
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1690
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1691 You will need to add some additional Permission assignments for your
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1692 regular users, or some displays will break. After the following in your
2076
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1693 tracker's ``dbinit.py``::
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1694
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1695 # Assign the access and edit Permissions for issue, file and message
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1696 # to regular users now
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1697 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1698 p = db.security.getPermission('View', cl)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1699 db.security.addPermissionToRole('User', p)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1700 p = db.security.getPermission('Edit', cl)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1701 db.security.addPermissionToRole('User', p)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1702
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1703 add::
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1704
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1705 for cl in 'priority', 'status':
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1706 p = db.security.getPermission('View', cl)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1707 db.security.addPermissionToRole('User', p)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1708
2102
666402433998 Fix some tests.
Richard Jones <richard@users.sourceforge.net>
parents: 2077
diff changeset
1709
1800
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
1710 0.7.0 Getting the current user id
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
1711 ---------------------------------
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
1712
2263
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
1713 The Database.curuserid attribute has been removed.
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
1714
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
1715 Any code referencing this attribute should be replaced with a
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
1716 call to Database.getuid().
1800
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
1717
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1718
1911
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1719 0.7.0 ZRoundup changes
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1720 ----------------------
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1721
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1722 The templates in your tracker's html directory will need updating if you
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1723 wish to use ZRoundup. If you've not modified those files (or some of them),
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1724 you may just copy the new versions from the Roundup source in the
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1725 templates/classic/html directory.
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1726
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1727 If you have modified the html files, then you'll need to manually edit them
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1728 to change all occurances of special form variables from using the colon ":"
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1729 special character to the at "@" special character. That is, variables such
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1730 as::
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1731
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1732 :action :required :template :remove:messages ...
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1733
2223
9b447ac40be3 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2138
diff changeset
1734 should become::
1911
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1735
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1736 @action @required @template @remove@messages ...
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1737
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1738 Note that ``tal:`` statements are unaffected. So are TAL expression type
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1739 prefixes such as ``python:`` and ``string:``. Please ask on the
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1740 roundup-users mailing list for help if you're unsure.
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1741
1882
15cfde2c3db8 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1850
diff changeset
1742
2913
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1743 0.7.0 Edit collision detection
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1744 ------------------------------
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1745
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1746 Roundup now detects collisions with editing in the web interface (that is,
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1747 two people editing the same item at the same time).
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1748
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1749 You must copy the ``_generic.collision.html`` file from Roundup source in
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1750 the ``templates/classic/html`` directory. to your tracker's ``html``
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1751 directory.
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1752
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1753
1835
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1754 Migrating from 0.6.x to 0.6.3
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1755 =============================
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1756
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1757 0.6.3 Configuration
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1758 -------------------
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1759
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1760 You will need to copy the file::
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1761
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1762 templates/classic/detectors/__init__.py
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1763
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1764 to your tracker's ``detectors`` directory, replacing the one already there.
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1765 This fixes a couple of bugs in that file.
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1766
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1767
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1768
1363
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
1769 Migrating from 0.5 to 0.6
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
1770 =========================
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
1771
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1772
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1773 0.6.0 Configuration
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1774 -------------------
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1775
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1776 Introduced EMAIL_FROM_TAG config variable. This value is inserted into
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1777 the From: line of nosy email. If the sending user is "Foo Bar", the
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1778 From: line is usually::
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1779
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1780 "Foo Bar" <issue_tracker@tracker.example>
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1781
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1782 the EMAIL_FROM_TAG goes inside the "Foo Bar" quotes like so::
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1783
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1784 "Foo Bar EMAIL_FROM_TAG" <issue_tracker@tracker.example>
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1785
1455
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1786 I've altered the mechanism in the detectors __init__.py module so that it
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1787 doesn't cross-import detectors from other trackers (if you run more than one
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1788 in a single roundup-server). This change means that you'll need to copy the
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1789 __init__.py from roundup/templates/classic/detectors/__init__.py to your
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1790 <tracker home>/detectors/__init__.py. Don't worry, the "classic" __init__ is a
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1791 one-size-fits-all, so it'll work even if you've added/removed detectors.
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1792
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1793 0.6.0 Templating changes
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1794 ------------------------
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1795
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1796 The ``user.item`` template (in the tracker home "templates" directory)
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1797 needs to have the following hidden variable added to its form (between the
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1798 ``<form...>`` and ``</form>`` tags::
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1799
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1800 <input type="hidden" name=":template" value="item">
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1801
1455
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1802
1423
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
1803 0.6.0 Form handling changes
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
1804 ---------------------------
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
1805
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1806 Roundup's form handling capabilities have been significantly expanded. This
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1807 should not affect users of 0.5 installations - but if you find you're
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1808 getting errors from form submissions, please ask for help on the Roundup
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1809 users mailing list:
1423
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
1810
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1811 http://lists.sourceforge.net/lists/listinfo/roundup-users
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1812
1741
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1813 See the customisation doc section on `Form Values`__ for documentation of the
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1814 new form variables possible.
1439
0634f815b90c rfc2822-ify the tracker name in mail headers
Richard Jones <richard@users.sourceforge.net>
parents: 1423
diff changeset
1815
1741
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1816 __ customizing.html#form-values
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1817
1423
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
1818
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1819 0.6.0 Multilingual character set support
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1820 ----------------------------------------
1363
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
1821
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1822 Added internationalization support. This is done via encoding all data
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1823 stored in roundup database to utf-8 (unicode encoding). To support utf-8 in
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1824 web interface you should add the folowing line to your tracker's html/page
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1825 and html/_generic.help files inside <head> tag::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1826
1386
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
1827 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
1828
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1829 Since latin characters in utf-8 have the same codes as in ASCII table, this
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1830 modification is optional for users who use only plain latin characters.
1386
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
1831
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1832 After this modification, you will be able to see and enter any world
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1833 character via web interface. Data received via mail interface also converted
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1834 to utf-8, however only new messages will be converted. If your roundup
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1835 database contains some of non-ASCII characters in one of 8-bit encoding,
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1836 they will not be visible in new unicode environment. Some of such data (e.g.
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1837 user names, keywords, etc) can be edited by administrator, the others
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1838 (e.g. messages' contents) is not editable via web interface. Currently there
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1839 is no tool for converting such data, the only solution is to close
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1840 appropriate old issues and create new ones with the same content.
1386
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
1841
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1842
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1843 0.6.0 User timezone support
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1844 ---------------------------
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1845
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1846 From version 0.6.0 roundup supports displaying of Date data in user' local
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1847 timezone if he/she has provided timezone information. To make it possible
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1848 some modification to tracker's schema and HTML templates are required.
1769
5fed70f96d2b various minor bugfixes
Richard Jones <richard@users.sourceforge.net>
parents: 1758
diff changeset
1849 First you must add string property 'timezone' to user class in dbinit.py
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1850 like this::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1851
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1852 user = Class(db, "user",
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1853 username=String(), password=Password(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1854 address=String(), realname=String(),
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1855 phone=String(), organisation=String(),
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1856 alternate_addresses=String(),
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1857 queries=Multilink('query'), roles=String(),
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1858 timezone=String())
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1859
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1860 And second - html interface. Add following lines to
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1861 $TRACKER_HOME/html/user.item template::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1862
1560
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
1863 <tr>
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
1864 <th>Timezone</th>
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
1865 <td tal:content="structure context/timezone/field">timezone</td>
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
1866 </tr>
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1867
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1868 After that all users should be able to provide their timezone information.
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1869 Timezone should be a positive or negative integer - offset from GMT.
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1870
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1871 After providing timezone, roundup will show all dates values, found in web
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1872 and mail interfaces in local time. It will also accept any Date info in
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1873 local time, convert and store it in GMT.
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1874
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1875
1741
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1876 0.6.0 Search page structure
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1877 ---------------------------
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1878
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1879 In order to accomodate query editing the search page has been restructured. If
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1880 you want to provide your users with query editing, you should update your
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1881 search page using the macros detailed in the customisation doc section
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1882 `Searching on categories`__.
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1883
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1884 __ customizing.html#searching-on-categories
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1885
1758
5e1680c11bed Added text about removing '?' from url field when upgrading [SF#790326].
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1741
diff changeset
1886 Also, the url field in the query class no longer starts with a '?'. You'll need
1850
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
1887 to remove this question mark from the url field to support queries. There's
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
1888 a script in the "tools" directory called ``migrate-queries.py`` that should
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
1889 automatically change any existing queries for you. As always, make a backup
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
1890 of your database before running such a script.
1758
5e1680c11bed Added text about removing '?' from url field when upgrading [SF#790326].
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1741
diff changeset
1891
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1892
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1893 0.6.0 Notes for metakit backend users
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1894 -------------------------------------
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1895
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1896 Roundup 0.6.0 introduced searching on ranges of dates and intervals. To
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1897 support it, some modifications to interval storing routine were made. So if
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1898 your tracker uses metakit backend and your db schema contains intervals
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1899 property, searches on that property will not be accurate for db items that
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1900 was stored before roundup' upgrade. However all new records should be
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1901 searchable on intervals.
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1902
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1903 It is possible to convert your database to new format: you can export and
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1904 import back all your data (consult "Migrating backends" in "Maintenance"
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1905 documentation). After this operation all your interval properties should
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1906 become searchable.
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1907
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1908 Users of backends others than metakit should not worry about this issue.
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1909
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1910
825
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1911 Migrating from 0.4.x to 0.5.0
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1912 =============================
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1913
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1914 This has been a fairly major revision of Roundup:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1915
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1916 1. Brand new, much more powerful, flexible, tasty and nutritious templating.
1091
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
1917 Unfortunately, this means all your current templates are useless. Hopefully
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
1918 the new documentation and examples will be enough to help you make the
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
1919 transition. Please don't hesitate to ask on roundup-users for help (or
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
1920 complete conversions if you're completely stuck)!
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1921 2. The database backed got a lot more flexible, allowing Metakit and SQL
1227
92d8e1aad2e9 added mention of the new "minimal" template...
Richard Jones <richard@users.sourceforge.net>
parents: 1096
diff changeset
1922 databases! The only decent SQL database implemented at present is sqlite,
92d8e1aad2e9 added mention of the new "minimal" template...
Richard Jones <richard@users.sourceforge.net>
parents: 1096
diff changeset
1923 but others shouldn't be a whole lot more work.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1924 3. A brand new, highly flexible and much more robust security system including
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1925 a system of Permissions, Roles and Role assignments to users. You may now
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1926 define your own Permissions that may be checked in CGI transactions.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1927 4. Journalling has been made less storage-hungry, so has been turned on
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1928 by default *except* for author, recipient and nosy link/unlink events. You
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1929 are advised to turn it off in your trackers too.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1930 5. We've changed the terminology from "instance" to "tracker", to ease the
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1931 learning curve/impact for new users.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1932 6. Because of the above changes, the tracker configuration has seen some
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1933 major changes. See below for the details.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1934
1091
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
1935 Please, **back up your database** before you start the migration process. This
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1936 is as simple as copying the "db" directory and all its contents from your
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1937 tracker to somewhere safe.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1938
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1939
825
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1940 0.5.0 Configuration
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1941 -------------------
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1942
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1943 First up, rename your ``instance_config.py`` file to just ``config.py``.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1944
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1945 Then edit your tracker's ``__init__.py`` module. It'll currently look
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1946 like this::
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1947
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1948 from instance_config import *
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1949 try:
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1950 from dbinit import *
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1951 except ImportError:
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1952 pass # in installdir (probably :)
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1953 from interfaces import *
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1954
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1955 and it needs to be::
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1956
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1957 import config
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1958 from dbinit import open, init
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1959 from interfaces import Client, MailGW
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1960
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1961 Due to the new templating having a top-level ``page`` that defines links for
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1962 searching, indexes, adding items etc, the following variables are no longer
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1963 used:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1964
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1965 - HEADER_INDEX_LINKS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1966 - HEADER_ADD_LINKS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1967 - HEADER_SEARCH_LINKS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1968 - SEARCH_FILTERS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1969 - DEFAULT_INDEX
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1970 - UNASSIGNED_INDEX
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1971 - USER_INDEX
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1972 - ISSUE_FILTER
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1973
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1974 The new security implementation will require additions to the dbinit module,
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1975 but also removes the need for the following tracker config variables:
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1976
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1977 - ANONYMOUS_ACCESS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1978 - ANONYMOUS_REGISTER
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1979
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1980 but requires two new variables which define the Roles assigned to users who
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1981 register through the web and e-mail interfaces:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1982
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1983 - NEW_WEB_USER_ROLES
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1984 - NEW_EMAIL_USER_ROLES
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1985
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1986 in both cases, 'User' is a good initial setting. To emulate
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1987 ``ANONYMOUS_ACCESS='deny'``, remove all "View" Permissions from the
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1988 "Anonymous" Role. To emulate ``ANONYMOUS_REGISTER='deny'``, remove the "Web
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1989 Registration" and/or the "Email Registration" Permission from the "Anonymous"
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1990 Role. See the section on customising security in the `customisation
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1991 documentation`_ for more information.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1992
1096
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1993 Finally, the following config variables have been renamed to make more sense:
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1994
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1995 - INSTANCE_HOME -> TRACKER_HOME
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1996 - INSTANCE_NAME -> TRACKER_NAME
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1997 - ISSUE_TRACKER_WEB -> TRACKER_WEB
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1998 - ISSUE_TRACKER_EMAIL -> TRACKER_EMAIL
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1999
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2000
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2001 0.5.0 Schema Specification
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2002 --------------------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2003
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2004 0.5.0 Database backend changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2005 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2006
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2007 Your select_db module in your tracker has changed a fair bit. Where it used
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2008 to contain::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2009
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2010 # WARNING: DO NOT EDIT THIS FILE!!!
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2011 from roundup.backends.back_anydbm import Database
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2012
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2013 it must now contain::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2014
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2015 # WARNING: DO NOT EDIT THIS FILE!!!
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2016 from roundup.backends.back_anydbm import Database, Class, FileClass, IssueClass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2017
1051
a0c7df67dd9c Allow a page request to include a :contentonly variable.
Richard Jones <richard@users.sourceforge.net>
parents: 1034
diff changeset
2018 Yes, I realise the irony of the "DO NOT EDIT THIS FILE" statement :)
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2019 Note the addition of the Class, FileClass, IssueClass imports. These are very
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2020 important, as they're going to make the next change work too. You now need to
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2021 modify the top of the dbinit module in your tracker from::
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2022
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2023 import instance_config
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2024 from roundup import roundupdb
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2025 from select_db import Database
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2026
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2027 from roundup.roundupdb import Class, FileClass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2028
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2029 class Database(roundupdb.Database, select_db.Database):
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2030 ''' Creates a hybrid database from:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2031 . the selected database back-end from select_db
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2032 . the roundup extensions from roundupdb
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2033 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2034 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2035
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2036 class IssueClass(roundupdb.IssueClass):
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2037 ''' issues need the email information
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2038 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2039 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2040
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2041 to::
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2042
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2043 import config
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2044 from select_db import Database, Class, FileClass, IssueClass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2045
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2046 Yes, remove the Database and IssueClass definitions and those other imports.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2047 They're not needed any more!
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2048
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2049 Look for places in dbinit.py where ``instance_config`` is used too, and
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2050 rename them ``config``.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2051
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2052
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2053 0.5.0 Journalling changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2054 ~~~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2055
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2056 Journalling has been optimised for storage. Journalling of links has been
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2057 turned back on by default. If your tracker has a large user base, you may wish
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2058 to turn off journalling of nosy list, message author and message recipient
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2059 link and unlink events. You do this by adding ``do_journal='no'`` to the Class
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2060 initialisation in your dbinit. For example, your *msg* class initialisation
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2061 probably looks like this::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2062
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2063 msg = FileClass(db, "msg",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2064 author=Link("user"), recipients=Multilink("user"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2065 date=Date(), summary=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2066 files=Multilink("file"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2067 messageid=String(), inreplyto=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2068
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2069 to turn off journalling of author and recipient link events, add
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2070 ``do_journal='no'`` to the ``author=Link("user")`` part of the statement,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2071 like so::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2072
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2073 msg = FileClass(db, "msg",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2074 author=Link("user", do_journal='no'),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2075 recipients=Multilink("user", do_journal='no'),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2076 date=Date(), summary=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2077 files=Multilink("file"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2078 messageid=String(), inreplyto=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2079
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2080 Nosy list link event journalling is actually turned off by default now. If you
1227
92d8e1aad2e9 added mention of the new "minimal" template...
Richard Jones <richard@users.sourceforge.net>
parents: 1096
diff changeset
2081 want to turn it on, change to your issue class' nosy list, change its
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2082 definition from::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2083
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2084 issue = IssueClass(db, "issue",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2085 assignedto=Link("user"), topic=Multilink("keyword"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2086 priority=Link("priority"), status=Link("status"))
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2087
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2088 to::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2089
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2090 issue = IssueClass(db, "issue", nosy=Multilink("user", do_journal='yes'),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2091 assignedto=Link("user"), topic=Multilink("keyword"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2092 priority=Link("priority"), status=Link("status"))
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2093
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2094 noting that your definition of the nosy Multilink will override the normal one.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2095
1009
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2096
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2097 0.5.0 User schema changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2098 ~~~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2099
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2100 Users have two more properties, "queries" and "roles". You'll have something
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2101 like this in your dbinit module now::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2102
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2103 user = Class(db, "user",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2104 username=String(), password=Password(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2105 address=String(), realname=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2106 phone=String(), organisation=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2107 alternate_addresses=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2108 user.setkey("username")
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2109
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2110 and you'll need to add the new properties and the new "query" class to it
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2111 like so::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2112
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2113 query = Class(db, "query",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2114 klass=String(), name=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2115 url=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2116 query.setkey("name")
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2117
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2118 # Note: roles is a comma-separated string of Role names
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2119 user = Class(db, "user",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2120 username=String(), password=Password(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2121 address=String(), realname=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2122 phone=String(), organisation=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2123 alternate_addresses=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2124 queries=Multilink('query'), roles=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2125 user.setkey("username")
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2126
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2127 The "queries" property is used to store off the user's favourite database
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2128 queries. The "roles" property is explained below in `0.5.0 Security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2129 Settings`_.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2130
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2131
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2132 0.5.0 Security Settings
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2133 ~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2134
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2135 See the `security documentation`_ for an explanation of how the new security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2136 system works. In a nutshell though, the security is handled as a four step
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2137 process:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2138
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2139 1. Permissions are defined as having a name and optionally a hyperdb class
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2140 they're specific to,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2141 2. Roles are defined that have one or more Permissions,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2142 3. Users are assigned Roles in their "roles" property, and finally
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2143 4. Roundup checks that users have appropriate Permissions at appropriate times
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2144 (like editing issues).
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2145
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2146 Your tracker dbinit module's *open* function now has to define any
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2147 Permissions that are specific to your tracker, and also the assignment
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2148 of Permissions to Roles. At the moment, your open function
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2149 ends with::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2150
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2151 import detectors
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2152 detectors.init(db)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2153
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2154 return db
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2155
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2156 and what we need to do is insert some commands that will set up the security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2157 parameters. Right above the ``import detectors`` line, you'll want to insert
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2158 these lines::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2159
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2160 #
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2161 # SECURITY SETTINGS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2162 #
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2163 # new permissions for this schema
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2164 for cl in 'issue', 'file', 'msg', 'user':
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2165 db.security.addPermission(name="Edit", klass=cl,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2166 description="User is allowed to edit "+cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2167 db.security.addPermission(name="View", klass=cl,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2168 description="User is allowed to access "+cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2169
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2170 # Assign the access and edit permissions for issue, file and message
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2171 # to regular users now
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2172 for cl in 'issue', 'file', 'msg':
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2173 p = db.security.getPermission('View', cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2174 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2175 p = db.security.getPermission('Edit', cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2176 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2177 # and give the regular users access to the web and email interface
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2178 p = db.security.getPermission('Web Access')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2179 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2180 p = db.security.getPermission('Email Access')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2181 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2182
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2183 # May users view other user information? Comment these lines out
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2184 # if you don't want them to
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2185 p = db.security.getPermission('View', 'user')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2186 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2187
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2188 # Assign the appropriate permissions to the anonymous user's Anonymous
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2189 # Role. Choices here are:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2190 # - Allow anonymous users to register through the web
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2191 p = db.security.getPermission('Web Registration')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2192 db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2193 # - Allow anonymous (new) users to register through the email gateway
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2194 p = db.security.getPermission('Email Registration')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2195 db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2196 # - Allow anonymous users access to the "issue" class of data
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2197 # Note: this also grants access to related information like files,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2198 # messages, statuses etc that are linked to issues
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2199 #p = db.security.getPermission('View', 'issue')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2200 #db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2201 # - Allow anonymous users access to edit the "issue" class of data
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2202 # Note: this also grants access to create related information like
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2203 # files and messages etc that are linked to issues
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2204 #p = db.security.getPermission('Edit', 'issue')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2205 #db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2206
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2207 # oh, g'wan, let anonymous access the web interface too
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2208 p = db.security.getPermission('Web Access')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2209 db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2210
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2211 Note in the comments there the places where you might change the permissions
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2212 to restrict users or grant users more access. If you've created additional
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2213 classes that users should be able to edit and view, then you should add them
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2214 to the "new permissions for this schema" section at the start of the security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2215 block. Then add them to the "Assign the access and edit permissions" section
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2216 too, so people actually have the new Permission you've created.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2217
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2218 One final change is needed that finishes off the security system's
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2219 initialisation. We need to add a call to ``db.post_init()`` at the end of the
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2220 dbinit open() function. Add it like this::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2221
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2222 import detectors
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2223 detectors.init(db)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2224
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2225 # schema is set up - run any post-initialisation
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2226 db.post_init()
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2227 return db
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2228
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2229 You may verify the setup of Permissions and Roles using the new
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2230 "``roundup-admin security``" command.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2231
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2232
1009
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2233 0.5.0 User changes
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2234 ~~~~~~~~~~~~~~~~~~
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2235
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2236 To support all those schema changes, you'll need to massage your user database
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2237 a little too, to:
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2238
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2239 1. make sure there's an "anonymous" user - this user is mandatory now and is
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2240 the one that unknown users are logged in as.
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2241 2. make sure all users have at least one Role.
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2242
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2243 If you don't have the "anonymous" user, create it now with the command::
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2244
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2245 roundup-admin create user username=anonymous roles=Anonymous
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2246
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2247 making sure the capitalisation is the same as above. Once you've done that,
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2248 you'll need to set the roles property on all users to a reasonable default.
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2249 The admin user should get "Admin", the anonymous user "Anonymous"
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2250 and all other users "User". The ``fixroles.py`` script in the tools directory
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2251 will do this. Run it like so (where python is your python 2+ binary)::
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2252
1271
7733d5b96ef6 docco fix
Richard Jones <richard@users.sourceforge.net>
parents: 1227
diff changeset
2253 python tools/fixroles.py -i <tracker home> fixroles
1009
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2254
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2255
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2256
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2257 0.5.0 CGI interface changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2258 ---------------------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2259
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2260 The CGI interface code was completely reorganised and largely rewritten. The
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2261 end result is that this section of your tracker interfaces module will need
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2262 changing from::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2263
1308
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
2264 from roundup import cgi_client, mailgw
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
2265 from roundup.i18n import _
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2266
1308
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
2267 class Client(cgi_client.Client):
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2268 ''' derives basic CGI implementation from the standard module,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2269 with any specific extensions
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2270 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2271 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2272
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2273 to::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2274
1308
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
2275 from roundup import mailgw
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
2276 from roundup.cgi import client
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2277
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2278 class Client(client.Client):
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2279 ''' derives basic CGI implementation from the standard module,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2280 with any specific extensions
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2281 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2282 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2283
1034
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
2284 You will also need to install the new version of roundup.cgi from the source
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
2285 cgi-bin directory if you're using it.
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
2286
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
2287
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2288 0.5.0 HTML templating
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2289 ---------------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2290
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2291 You'll want to make a backup of your current tracker html directory. You
1091
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
2292 should then copy the html directory from the Roundup source "classic" template
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
2293 and modify it according to your local schema changes.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2294
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2295 If you need help with the new templating system, please ask questions on the
4510
bce9aaf19a3b Updated the url to point to www.roundup-tracker.org in two places in the docs.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents: 4503
diff changeset
2296 roundup-users mailing list (available through the roundup web page on
bce9aaf19a3b Updated the url to point to www.roundup-tracker.org in two places in the docs.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents: 4503
diff changeset
2297 sourceforge, http://www.roundup-tracker.org/.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2298
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2299
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2300 0.5.0 Detectors
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2301 ---------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2302
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2303 The nosy reactor has been updated to handle the tracker not having an
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2304 "assignedto" property on issues. You may want to copy it into your tracker's
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2305 detectors directory. Chances are you've already fixed it though :)
825
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
2306
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
2307
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2308 Migrating from 0.4.1 to 0.4.2
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2309 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2310
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2311 0.4.2 Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2312 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2313 The USER_INDEX definition introduced in 0.4.1 was too restrictive in its
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2314 allowing replacement of 'assignedto' with the user's userid. Users must change
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2315 the None value of 'assignedto' to 'CURRENT USER' (the string, in quotes) for
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2316 the replacement behaviour to occur now.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2317
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2318 The new configuration variables are:
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2319
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2320 - EMAIL_KEEP_QUOTED_TEXT
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2321 - EMAIL_LEAVE_BODY_UNCHANGED
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2322 - ADD_RECIPIENTS_TO_NOSY
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2323
798
faf164ab8ed9 Docco changes.
Richard Jones <richard@users.sourceforge.net>
parents: 782
diff changeset
2324 See the sample configuration files in::
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2325
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2326 <roundup source>/roundup/templates/classic/instance_config.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2327
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2328 and::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2329
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2330 <roundup source>/roundup/templates/extended/instance_config.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2331
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2332 and the `customisation documentation`_ for information on how they're used.
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2333
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2334
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2335 0.4.2 Changes to detectors
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2336 --------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2337 You will need to copy the detectors from the distribution into your instance
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2338 home "detectors" directory. If you used the classic schema, the detectors
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2339 are in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2340
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2341 <roundup source>/roundup/templates/classic/detectors/
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2342
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2343 If you used the extended schema, the detectors are in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2344
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2345 <roundup source>/roundup/templates/extended/detectors/
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2346
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2347 The change means that schema-specific code has been removed from the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2348 mail gateway and cgi interface and made into auditors:
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2349
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2350 - nosyreactor.py has now got an updatenosy auditor which updates the nosy
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2351 list with author, recipient and assignedto information.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2352 - statusauditor.py makes the unread or resolved -> chatting changes and
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2353 presets the status of an issue to unread.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2354
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2355 There's also a bug or two fixed in the nosyreactor code.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2356
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2357 0.4.2 HTML templating changes
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2358 -----------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2359 The link() htmltemplate function now has a "showid" option for links and
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2360 multilinks. When true, it only displays the linked item id as the anchor
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2361 text. The link value is displayed as a tooltip using the title anchor
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2362 attribute. To use in eg. the superseder field, have something like this::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2363
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2364 <td>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2365 <display call="field('superseder', showid=1)">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2366 <display call="classhelp('issue', 'id,title', label='list', width=500)">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2367 <property name="superseder">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2368 <br>View: <display call="link('superseder', showid=1)">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2369 </property>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2370 </td>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2371
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2372 The stylesheets have been cleaned up too. You may want to use the newer
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2373 versions in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2374
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2375 <roundup source>/roundup/templates/<template>/html/default.css
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2376
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2377
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2378
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2379 Migrating from 0.4.0 to 0.4.1
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2380 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2381
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2382 0.4.1 Files storage
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2383 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2384
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2385 Messages and files from newly created issues will be put into subdierectories
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2386 in thousands e.g. msg123 will be put into files/msg/0/msg123, file2003
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2387 will go into files/file/2/file2003. Previous messages are still found, but
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2388 could be put into this structure.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2389
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2390 0.4.1 Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2391 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2392
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2393 To allow more fine-grained access control, the variable used to check
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2394 permission to auto-register users in the mail gateway is now called
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2395 ANONYMOUS_REGISTER_MAIL rather than overloading ANONYMOUS_REGISTER. If the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2396 variable doesn't exist, then ANONYMOUS_REGISTER is tested as before.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2397
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2398 Configuring the links in the web header is now easier too. The following
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2399 variables have been added to the classic instance_config.py::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2400
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2401 HEADER_INDEX_LINKS - defines the "index" links to be made available
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2402 HEADER_ADD_LINKS - defines the "add" links
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2403 DEFAULT_INDEX - specifies the index view for DEFAULT
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2404 UNASSIGNED_INDEX - specifies the index view for UNASSIGNED
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2405 USER_INDEX - specifies the index view for USER
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2406
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2407 See the <roundup source>/roundup/templates/classic/instance_config.py for more
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2408 information - including how the variables are to be set up. Most users will
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2409 just be able to copy the variables from the source to their instance home. If
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2410 you've modified the header by changing the source of the interfaces.py file in
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2411 the instance home, you'll need to remove that customisation and move it into
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2412 the appropriate variables in instance_config.py.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2413
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2414 The extended schema has similar variables added too - see the source for more
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2415 info.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2416
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2417 0.4.1 Alternate E-Mail Addresses
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2418 --------------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2419
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2420 If you add the property "alternate_addresses" to your user class, your users
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2421 will be able to register alternate email addresses that they may use to
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2422 communicate with roundup as. All email from roundup will continue to be sent
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2423 to their primary address.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2424
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2425 If you have not edited the dbinit.py file in your instance home directory,
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2426 you may simply copy the new dbinit.py file from the core code. If you used
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2427 the classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2428
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2429 <roundup source>/roundup/templates/classic/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2430
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2431 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2432
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2433 <roundup source>/roundup/templates/extended/dbinit.py
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2434
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2435 If you have modified your dbinit.py file, you need to edit the dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2436 file in your instance home directory. Find the lines which define the user
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2437 class::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2438
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2439 user = Class(db, "msg",
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2440 username=String(), password=Password(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2441 address=String(), realname=String(),
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2442 phone=String(), organisation=String(),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2443 alternate_addresses=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2444
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2445 You will also want to add the property to the user's details page. The
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2446 template for this is the "user.item" file in your instance home "html"
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2447 directory. Similar to above, you may copy the file from the roundup source if
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2448 you haven't modified it. Otherwise, add the following to the template::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2449
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2450 <display call="multiline('alternate_addresses')">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2451
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2452 with appropriate labelling etc. See the standard template for an idea.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2453
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2454
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2455
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2456 Migrating from 0.3.x to 0.4.0
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2457 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2458
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2459 0.4.0 Message-ID and In-Reply-To addition
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2460 -----------------------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2461 0.4.0 adds the tracking of messages by message-id and allows threading
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2462 using in-reply-to. Most e-mail clients support threading using this
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2463 feature, and we hope to add support for it to the web gateway. If you
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2464 have not edited the dbinit.py file in your instance home directory, you may
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2465 simply copy the new dbinit.py file from the core code. If you used the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2466 classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2467
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2468 <roundup source>/roundup/templates/classic/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2469
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2470 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2471
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2472 <roundup source>/roundup/templates/extended/dbinit.py
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2473
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2474 If you have modified your dbinit.py file, you need to edit the dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2475 file in your instance home directory. Find the lines which define the msg
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2476 class::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2477
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2478 msg = FileClass(db, "msg",
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2479 author=Link("user"), recipients=Multilink("user"),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2480 date=Date(), summary=String(),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2481 files=Multilink("file"))
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2482
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2483 and add the messageid and inreplyto properties like so::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2484
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2485 msg = FileClass(db, "msg",
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2486 author=Link("user"), recipients=Multilink("user"),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2487 date=Date(), summary=String(),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2488 files=Multilink("file"),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2489 messageid=String(), inreplyto=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2490
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2491 Also, configuration is being cleaned up. This means that your dbinit.py will
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2492 also need to be changed in the open function. If you haven't changed your
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2493 dbinit.py, the above copy will be enough. If you have, you'll need to change
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2494 the line (round line 50)::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2495
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2496 db = Database(instance_config.DATABASE, name)
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2497
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2498 to::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2499
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2500 db = Database(instance_config, name)
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2501
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2502
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2503 0.4.0 Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2504 --------------------
1096
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
2505 ``TRACKER_NAME`` and ``EMAIL_SIGNATURE_POSITION`` have been added to the
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2506 instance_config.py. The simplest solution is to copy the default values
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2507 from template in the core source.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2508
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2509 The mail gateway now checks ``ANONYMOUS_REGISTER`` to see if unknown users
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2510 are to be automatically registered with the tracker. If it is set to "deny"
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2511 then unknown users will not have access. If it is set to "allow" they will be
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2512 automatically registered with the tracker.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2513
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2514
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2515 0.4.0 CGI script roundup.cgi
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2516 ----------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2517 The CGI script has been updated with some features and a bugfix, so you should
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2518 copy it from the roundup cgi-bin source directory again. Make sure you update
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2519 the ROUNDUP_INSTANCE_HOMES after the copy.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2520
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2521
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2522 0.4.0 Nosy reactor
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2523 ------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2524 The nosy reactor has also changed - copy the nosyreactor.py file from the core
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2525 source::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2526
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2527 <roundup source>/roundup/templates/<template>/detectors/nosyreactor.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2528
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2529 to your instance home "detectors" directory.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2530
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2531
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2532 0.4.0 HTML templating
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2533 ---------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2534 The field() function was incorrectly implemented - links and multilinks now
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2535 display as text fields when rendered using field(). To display a menu (drop-
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2536 down or select box) you need to use the menu() function.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2537
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2538
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2539
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2540 Migrating from 0.2.x to 0.3.x
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2541 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2542
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2543 0.3.x Cookie Authentication changes
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2544 -----------------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2545 0.3.0 introduces cookie authentication - you will need to copy the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2546 interfaces.py file from the roundup source to your instance home to enable
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2547 authentication. If you used the classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2548
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2549 <roundup source>/roundup/templates/classic/interfaces.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2550
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2551 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2552
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2553 <roundup source>/roundup/templates/extended/interfaces.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2554
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2555 If you have modified your interfaces.Client class, you will need to take
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2556 note of the login/logout functionality provided in roundup.cgi_client.Client
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2557 (classic schema) or roundup.cgi_client.ExtendedClient (extended schema) and
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2558 modify your instance code apropriately.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2559
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2560
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2561 0.3.x Password encoding
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2562 -----------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2563 This release also introduces encoding of passwords in the database. If you
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2564 have not edited the dbinit.py file in your instance home directory, you may
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2565 simply copy the new dbinit.py file from the core code. If you used the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2566 classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2567
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2568 <roundup source>/roundup/templates/classic/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2569
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2570 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2571
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2572 <roundup source>/roundup/templates/extended/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2573
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2574
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2575 If you have modified your dbinit.py file, you may use encoded passwords:
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2576
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2577 1. Edit the dbinit.py file in your instance home directory
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2578 a. At the first code line of the open() function::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2579
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2580 from roundup.hyperdb import String, Date, Link, Multilink
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2581
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2582 alter to include Password, as so::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2583
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2584 from roundup.hyperdb import String, Password, Date, Link, Multilink
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2585
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2586 b. Where the password property is defined (around line 66)::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2587
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2588 user = Class(db, "user",
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2589 username=String(), password=String(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2590 address=String(), realname=String(),
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2591 phone=String(), organisation=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2592 user.setkey("username")
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2593
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2594 alter the "password=String()" to "password=Password()"::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2595
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2596 user = Class(db, "user",
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2597 username=String(), password=Password(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2598 address=String(), realname=String(),
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2599 phone=String(), organisation=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2600 user.setkey("username")
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2601
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2602 2. Any existing passwords in the database will remain cleartext until they
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2603 are edited. It is recommended that at a minimum the admin password be
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2604 changed immediately::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2605
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2606 roundup-admin -i <instance home> set user1 password=<new password>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2607
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2608
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2609 0.3.x Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2610 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2611 FILTER_POSITION, ANONYMOUS_ACCESS, ANONYMOUS_REGISTER have been added to
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2612 the instance_config.py. Simplest solution is to copy the default values from
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2613 template in the core source.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2614
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2615 MESSAGES_TO_AUTHOR has been added to the IssueClass in dbinit.py. Set to 'yes'
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2616 to send nosy messages to the author. Default behaviour is to not send nosy
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2617 messages to the author. You will need to add MESSAGES_TO_AUTHOR to your
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2618 dbinit.py in your instance home.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2619
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2620
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2621 0.3.x CGI script roundup.cgi
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2622 ----------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2623 There have been some structural changes to the roundup.cgi script - you will
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2624 need to install it again from the cgi-bin directory of the source
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2625 distribution. Make sure you update the ROUNDUP_INSTANCE_HOMES after the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2626 copy.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2627
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2628
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2629 .. _`customisation documentation`: customizing.html
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2630 .. _`security documentation`: security.html
2409
Richard Jones <richard@users.sourceforge.net>
parents: 2374
diff changeset
2631 .. _`administration guide`: admin_guide.html
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2632 .. _`xmlrpc guide`: xmlrpc.html
Roundup Issue Tracker: http://roundup-tracker.org/