Mercurial > p > roundup > code

annotate doc/upgrading.txt @ 5275:fee207407dee

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add error and troubleshooting headers. Clarified the suggestion to a recomendation on @csrf fields.
author John Rouillard <rouilj@ieee.org>
date Sun, 24 Sep 2017 00:30:38 -0400
parents 07da34337f70
children a034f8d09a21
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 Upgrading to newer versions of Roundup
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
5 Please read each section carefully and edit your tracker home files
2016
2112962f5bb1 Update documentation for the client.py split and add an upgrade notice.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 2003
diff changeset
6 accordingly. Note that there is information about upgrade procedures in the
2003
a291bf753037 maintenance -> admin guide
Richard Jones <richard@users.sourceforge.net>
parents: 1911
diff changeset
7 `administration guide`_.
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8
2273
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
9 If a specific version transition isn't mentioned here (eg. 0.6.7 to 0.6.8)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
10 then you don't need to do anything. If you're upgrading from 0.5.6 to
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
11 0.6.8 though, you'll need to check the "0.5 to 0.6" and "0.6.x to 0.6.3"
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
12 steps.
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
13
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
14 **IMPORTANT** The v1.5.x releases of Roundup will be the last to
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
15 support Python v2.5. Support for Python v2.5 and v2.66 will be dropped
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
16 with the v1.6 release of Roundup. Roundup 1.6 and newer require
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
17 Python v2.7.
4901
fa268ea457db Add note about dropping support for Python v2.5
John Kristensen <john@jerrykan.com>
parents: 4890
diff changeset
18
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
19 Contents:
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
20
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
21 .. contents::
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
22 :local:
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
23
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
24 Migrating from 1.5.1 to 1.6.0
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
25 =============================
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
26
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
27 Make sure that user can view labelprop on classes (REQUIRED)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
28 ------------------------------------------------------------
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
29
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
30 If you have View permissions that use ```properties=...```,
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
31 make sure that the labelprop for the class is listed in the
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
32 properties list.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
33
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
34 The first one of these that exists must must be in the list:
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
35
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
36 1. the property set by a call to setlabelprop for the class
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
37 2. the key of the class (as set by setkey())
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
38 3. the "name" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
39 4. the "title" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
40
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
41 if none of those apply, you must allow
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
42
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
43 * the "id" property
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
44
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
45 E.G. If your class does a setlabelprop("foo") you must include "foo"
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
46 in the properties list even if the class has name or title properties.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
47
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
48 See:
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
49 http://www.roundup-tracker.org/docs/customizing.html#setlabelprop-property
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
50 for further details on the labelprop.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
51
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
52 If you don't do this, you will find that multilinks (and possibly
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
53 links) may not be displayed properly. E.G. templates that iterate over
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
54 a mutlilink field (with tal:repeat for example) may not show any
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
55 content.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
56
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
57 See: https://sourceforge.net/p/roundup/mailman/message/35763294/
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
58 for the initial discussion of the issue.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
59
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
60 Cross Site Request Forgery Detection Added
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
61 ------------------------------------------
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
62
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
63 Roundup 1.6. supports a number of defenses against CSRF.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
64
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
65 Http header verification against the tracker's ``web``
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
66 setting in the ``[tracker]`` section of config.ini for the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
67 following headers:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
68
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
69 # Analyze the ``Referer`` HTTP header to make sure it
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
70 includes the web setting.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
71 # Analyse the ``Origin`` HTTP header to make sure the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
72 schema://host matches the web setting.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
73 # Analyze the ``X-Forwarded-Host`` header set by a proxy
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
74 running in front of roundup to make sure it agrees with
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
75 the host part of the web setting.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
76 # Analyze the ``Host`` header to make sure it agrees with
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
77 the host part of the web setting. This is not done if
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
78 ``X-Forwarded-Host`` is set.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
79
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
80 By default roundup 1.6 does not require any specific header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
81 to be present. However at least one of the headers above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
82 *must* pass validation checks (usually ``Host`` or
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
83 ``Referer``) or the submission is rejected with an error.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
84 If any header fails validation, the submission is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
85 rejected. (Note the user's form keeps all the data they
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
86 entered if it was rejected.)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
87
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
88 Also the admin can include unique csrf tokens for all forms
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
89 submitted using the POST method. (Delete and put methods are also
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
90 included, but not currently used by roundup.) The csrf
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
91 token (nonce) is tied to the user's session. When the user
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
92 submits the form and nonce, the nonce is checked to make
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
93 sure it was issued to the user and the same session. If this
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
94 is not true the post is rejected and the user is notified.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
95
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
96 The standard context/submit templating item creates CSRF tokens by
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
97 default. If you have forms using the POST method that are not using
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
98 the standard submit routine, you should add the following field to all
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
99 forms:
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
100
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
101 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
102 tal:attributes="value python:utils.anti_csrf_nonce()">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
103
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
104 A unique random token is generated by every call to
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
105 utils.anti_csrf_nonce() and is put in a database to be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
106 retreived if the token is used. Token lifetimes are 2 weeks
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
107 by default but can be configured in config.ini. Roundup will
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
108 automatically prune old tokens. Calling anti_csrf_nonce with
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
109 an integer lifetime, for example
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
110
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
111 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
112 tal:attributes="value python:utils.anti_csrf_nonce(lifetime=10)">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
113
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
114 sets the lifetime of that nonce to 10 minutes.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
115
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
116 If you want to change the default settings, you have to
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
117 update the web section in your tracker's config.ini's. To do
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
118 this backup your existing config.ini. Run:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
119
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
120 roundup-admin -i /path/to/tracker genconfig config.ini.new
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
121
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
122 to create a new config.ini in the file config.ini.new. Then
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
123 merge the new csrf settings into your tracker's config.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
124 Look for settings that start with csrf. The config.ini.new
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
125 file includes detailed descriptions of the settings.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
126
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
127 In general one of four values can be set for these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
128 settings. The default is ``yes``, which validates the header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
129 or nonce and blocks access if the validation fails. If the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
130 field/header is missing it allows access. Setting these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
131 fields to ``required`` blocks access if the header/nonce is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
132 missing.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
133
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
134 It is recommended that you change your templates so every form
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
135 that is not submitted via GET has an @csrf field. Then change
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
136 the csrf_enforce_token setting to 'required'.
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
137
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
138 Errors and Troubleshooting
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
139 ~~~~~~~~~~~~~~~~~~~~~~~~~~
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
140
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
141 If you see the @csrf nonce in the URL, you have added the value to a
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
142 form that uses the GET method. You should remove the @csrf token from
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
143 these forms as it is not needed.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
144
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
145 If you get an error:
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
146
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
147 AttributeError: 'list' object has no attribute 'value'
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
148
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
149 in handle_csrf, you have more than one @csrf token for the form. This
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
150 usually occurs because the form uses the standard context/submit
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
151 element but you also added an explicit @csrf statement. Simply remove
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
152 the @csrf element for that form.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
153
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
154 Support for SameSite cookie option for session cookie
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
155 -----------------------------------------------------
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
156
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
157 Support for serving the session cookie using the SameSite cookie option
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
158 has been added. By default it is set to lax to provide a better user
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
159 experience. But this can be changes to strict or the option can be
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
160 removed entirely.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
161
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
162 Using the process for merging config.ini changes described in
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
163 `Cross Site Request Forgery Detection Added`_ you can add the
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
164 ``samesite_cookie_setting`` to the ``[web]`` section of the config
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
165 file.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
166
5147
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
167 Fix for path traversal changes template resolution
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
168 --------------------------------------------------
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
169
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
170 The templates in the tracker's html subdirectory must not be
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
171 symbolic links that lead outside of the html directory.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
172
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
173 If you don't use symbolic links for templates in your html
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
174 subdirectory you don't have to make any changes. Otherwise you need to
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
175 replace the symbolic links with hard links to the files or replace the
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
176 symbolic links with the files.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
177
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
178 This is a side effect of fixing a path traversal security issue. The
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
179 security issue required a directory with a specific unusual name. This
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
180 made it difficult to exploit. However allowing the use of
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
181 subdirectories to organize the templates required that it be fixed.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
182
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
183
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
184 Database back end specified in config.ini (REQUIRED)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
185 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
186
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
187 The ``db/backend_name`` file is no longer used to configure the database
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
188 backend being used for a tracker. The backend is now configured in the
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
189 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
190 section. For example if ``db/backend_name`` file contains ``sqlite``, a new
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
191 entry in the tracker's ``config.ini`` will need to be created::
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
192
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
193 [rdbms]
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
194
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
195 ...
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
196
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
197 # Database backend.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
198 # Default:
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
199 backend = sqlite
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
200
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
201 Once the ``config.ini`` file has been updated with the new ``backend`` option,
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
202 you can safely delete the ``db/backend_name`` file.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
203
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
204 Note: the ``backend_name`` file may be located in a directory other than
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
205 ``db/`` if you have configured the ``database`` option in the ``[main]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
206 section of the ``config.ini`` file to be something other than ``db``.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
207
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
208 New config file option 'indexer' added
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
209 --------------------------------------
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
210
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
211 With support for the Whoosh indexer, a new config file option has been
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
212 added. You can force Roundup to use a particular text indexer by
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
213 setting this value in the [main] section of the tracker's
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
214 ``config.ini`` file (usually placed right before indexer_stopwords)::
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
215
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
216 [main]
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
217
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
218 ...
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
219
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
220 # Force Roundup to use a particular text indexer.
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
221 # If no indexer is supplied, the first available indexer
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
222 # will be used in the following order:
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
223 # Possible values: xapian, whoosh, native (internal).
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
224 indexer =
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
225
5108
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
226 Stemming improved in Xapian Indexer
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
227 -----------------------------------
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
228
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
229 Stemming allows a search for "silent" also match silently. The Porter
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
230 stemmer in Xapian works with lowercase English text. In this release we
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
231 lowercase the documents as they are put into the indexer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
232
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
233 This means capitalization is not preserved, but produces more hits by
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
234 using the stemmer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
235
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
236 You will need to do a roundup-admin reindex if you are using the
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
237 Xapian full text indexer on your tracker.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
238
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
239
5098
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
240 New config file option 'replyto_address' added
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
241 ----------------------------------------------
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
242
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
243 A new config file option has been added to let you control the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
244 Reply-To header on nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
245
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
246 Edit your tracker's ``config.ini`` and place the following after
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
247 the email entry in the tracker section::
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
248
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
249 [tracker]
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
250 ...
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
251
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
252 # Controls the reply-to header address used when sending
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
253 # nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
254 # If the value is unset (default) the roundup tracker's
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
255 # email address (above) is used.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
256 # If set to "AUTHOR" then the primary email address of the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
257 # author of the change will be used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
258 # address. This allows email exchanges to occur outside of
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
259 # the view of roundup and exposes the address of the person
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
260 # who updated the issue, but it could be useful in some
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
261 # unusual circumstances.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
262 # If set to some other value, the value is used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
263 # address. It must be a valid RFC2822 address or people will not be
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
264 # able to reply.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
265 # Default:
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
266 replyto_address =
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
267
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
268 Login from a search or after logout works better (REQUIRED)
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
269 -----------------------------------------------------------
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
270
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
271 The login form has been improved to work with some back end code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
272 changes. Now when a user logs in they stay on the same page where they
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
273 started the login. To make this work, you must change the tal that is
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
274 used to set the ``__came_from`` form variable. Note that the url
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
275 assigned to __came_from must be url encoded/quoted and be under the
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
276 tracker's base url. If the base_url uses http, you can set the url to
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
277 https.
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
278
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
279 Replace the existing code in the tracker's html/page.html page that
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
280 looks similar to (look for name="__came_from")::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
281
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
282 <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
283
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
284 with the following::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
285
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
286 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
287 tal:condition="exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
288 tal:attributes="value string:${request/base}${request/env/PATH_INFO}?${request/env/QUERY_STRING}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
289 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
290 tal:condition="not:exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
291 tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
292
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
293 Now search backwards for the nearest form statement before the code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
294 that sets __came_from. If it looks like::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
295
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
296 <form method="post" action="#">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
297
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
298 replace it with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
299
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
300 <form method="post" tal:attributes="action request/base">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
301
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
302 or with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
303
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
304 <form method="post" tal:attributes="action string:${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
305
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
306 the important part is that the action field **must not** include any query
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
307 parameters ('#' includes query params).
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
308
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
309 Errors and Troubleshooting
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
310 ~~~~~~~~~~~~~~~~~~~~~~~~~~
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
311
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
312 One symptom of failing to do this is getting an error:
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
313
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
314 Unrecognized scheme in ....
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
315
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
316 where the .... changes depending on the url path. You can see this
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
317 when logging in from any screen other than the main index.
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
318
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
319 Option to make adding multiple keywords more convenient
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
320 -------------------------------------------------------
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
321
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
322 In the classic tracker, after adding a new keyword you are redirected
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
323 to the page for the new keyword so you can change the keyword's
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
324 name. This is usually not desirable as you usually correctly set the
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
325 keyword's name when creating the keyword. The new classic tracker has
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
326 a new checkbox (checked by default) that keeps you on the same page so
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
327 you can add a new keywords one after the other.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
328
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
329 To add this to your own tracker, add the following code (prefixed with
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
330 a +) after the entry box for the new keyword in html/keyword.item.html::
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
331
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
332 <tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
333 <th i18n:translate="">Keyword</th>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
334 <td tal:content="structure context/name/field">name</td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
335 + <td tal:condition="not:context/id">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
336 + <tal:comment tal:replace="nothing">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
337 + If we get here and do not have an id, we are creating a new
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
338 + keyword. It would be nice to provide some mechanism to
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
339 + determine the preferred state of the "Continue adding keywords"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
340 + checkbox. By default it is enabled.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
341 + </tal:comment>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
342 + <input type="checkbox" id="continue_new_keyword"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
343 + name="__redirect_to"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
344 + tal:attributes="value
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
345 + string:${request/base}${request/env/PATH_INFO}?@template=item;
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
346 + checked python:True" />
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
347 + <label for="continue_new_keyword" i18n:translate="">Continue adding keywords.</label>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
348 + </td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
349 </tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
350
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
351 Note remove the leading '+' when adding this to the templates.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
352
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
353 The key component here is support for the '__redirect_to' query
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
354 property. It is a url which can be used when creating any new item
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
355 (issue, user, keyword ....). It controls the next page displayed after
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
356 creating the item. If '__redirect_to' is not set, then you end up on
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
357 the page for the newly created item. The url value assigned to
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
358 __redirect_to must start with the tracker's base url and must be properly
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
359 url encoded.
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
360
5179
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
361 Helper popups trigger change events on the original page
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
362 --------------------------------------------------------
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
363
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
364 The helper popups used to set dates (from a calendar), change lists of
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
365 users or lists of issues did not notify the browser that the fields
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
366 had been changed. This release adds code to trigger the change event.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
367
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
368 To add the change event to the calendar popup, you don't need to do
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
369 any changes to the tracker. It is all done in the roundup python code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
370 in templating.py.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
371
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
372 To add the change event when updating users using the help-submit
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
373 template, copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
374 share/roundup/templates/devel/html/_generic.help-submit.html and
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
375 replace your tracker's html/_generic.help-submit.html. If you have
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
376 done local changes to this file, change your file to include the code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
377 that defines the onclick event for the input field with
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
378 id="btn_apply".
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
379
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
380 To add the change event when updating lists of issues copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
381 share/roundup/templates/devel/html/help_controls.js to your tracer's
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
382 html directory. If you have made local changes to the javascript file,
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
383 merge the two if/else blocks labeled::
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
384
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
385 /* trigger change event on the field we changed */
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
386
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
387 into your help_controls.js
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
388
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
389 html/_generic.404.html in trackers use page template
5078
487dc55e3c5e issue2550907 Fix errors when creating documentation. Work done by
John Rouillard <rouilj@ieee.org>
parents: 5068
diff changeset
390 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
391
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
392 The original generic 404 error pages for many trackers did not use the
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
393 standard page layout. This change replaces the html/_generic.404.html
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
394 page with one that uses the page template.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
395
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
396 If your deployed tracker is based on: classic, minimal, responsive or
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
397 devel templates and has not changed the html/_generic.404.html file,
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
398 you can copy in the new file to get this additional functionality.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
399
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
400 Organize templates into subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
401 --------------------------------------
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
402
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
403 The @template parameter to the web interface allows the use of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
404 subdirectories. So a setting of @template=view/view for an issue would
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
405 use the template in the tracker's html/view/issue.view.html. Similarly
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
406 for a caller class, you could put all the templates under the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
407 html/caller directory with names like: html/caller/caller.item.html,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
408 html/caller/caller.index.html etc. You may want to symbolically link the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
409 html/_generic* templates into your subdirectory so that missing
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
410 templates (e.g. a missing caller.edit.html template) can be satisfied
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
411 by the _generic.edit.html template.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
412
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
413 Properly quote query dispname (displayed name) in page.html
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
414 -----------------------------------------------------------
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
415
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
416 A new method has been added to HTMLStringProperty called url_quote.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
417 The default templates have been updated to use this in the "Your
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
418 Query" section of the trackers html/page.html file. You will want to
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
419 change your template. Lines starting with - are the original line and
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
420 you want to change it to match the line starting with the + (remove
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
421 the + from the line)::
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
422
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
423 <tal:block tal:repeat="qs request/user/queries">
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
424 - <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
425 + <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
426 tal:content="qs/name">link</a><br>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
427 </tal:block>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
428
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
429 Find the tal:repeat line that loops over all queries. Then
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
430 change the value assigned to @dispname in the href attribute from
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
431 ${qs/name} to ${qs/name/url_quote}. Note that you should *not* change
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
432 the value for tal:content.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
433
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
434 Allow "Show Unassigned" issues link to work for Anonymous user
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
435 --------------------------------------------------------------
5113
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
436
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
437 In this release the anonymous user is allowed to search the user
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
438 class. The following was added to the schema for all templates that
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
439 provide the search option::
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
440
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
441 p = db.security.addPermission(name='Search', klass='user')
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
442 db.security.addPermissionToRole ('Anonymous', p)
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
443
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
444 If you are running a tracker that **does not** allow read access for
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
445 anonymous, you should remove this entry as it can be used to perform
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
446 a username guessing attack against a roundup install.
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
447
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
448 Improvements in Classic Tracker query.edit.html template
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
449 --------------------------------------------------------
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
450
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
451 There is a new query editing template included in the distribution at:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
452
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
453 ``share/roundup/templates/classic/html/query.edit.html``
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
454
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
455 This template fixes:
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
456
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
457 * public query could not be removed from "Your Queries" once it was added.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
458 Trying to do so would cause a permissions error.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
459 * private yes/no dropdown always showed "yes" regardless of
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
460 underlying state
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
461 * query Delete button did not work.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
462 * same query being displayed multiple times
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
463
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
464 It also adds:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
465 * the table layout displays queries created by the user first,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
466 then available public queries.
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
467 * public query owners are shown
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
468 * better support for deleted queries. When a query is deleted, it is
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
469 still available for those who added it to their query list. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
470 are the query owner, you can restore (undelete) the query. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
471 are not the owner you can remove it from your query list.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
472 (If a query is deleted and nobody had it in their query list, it
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
473 will not show up in the "Active retired queries" section. You will
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
474 have to use the class editor or roundup_admin command line to
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
475 restore it.)
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
476 * notifies the user that delete/restore requires javascript. It
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
477 always did, but that requirement wasn't displayed.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
478
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
479 To use the new template, you must add Restore permission on queries to
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
480 allow the user to restore queries (see below).
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
481
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
482 If you have not modified the query.edit.html template in your tracker,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
483 you should be able to copy the new version from the location above.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
484 Otherwise you will have to merge the changes into your modified template.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
485
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
486 Add the query Restore permission for the User role to your tracker's
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
487 schema.py file. Place it right after the query retire permission for
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
488 the user role. After the change it should look like::
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
489
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
490 p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
491 description="User is allowed to retire their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
492 db.security.addPermissionToRole('User', p)
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
493 p = db.security.addPermission(name='Restore', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
494 check=edit_query,
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
495 description="User is allowed to restore their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
496 db.security.addPermissionToRole('User', p)
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
497
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
498 where the last four lines are the ones you need to add.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
499
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
500 Usually you can add this to your User role. If all users have the User
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
501 role in common then all logged in users should be ok. If you have
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
502 users who do not include the User role (e.g. they may only have a
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
503 Provisional role), you should add the search permission to that role
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
504 (e.g. Provisional) as well if you allow them to edit their list of
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
505 queries.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
506
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
507 Also see the `new search permissions for query in 1.4.17`_ section
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
508 discussing search permission requirements for editing queries. The
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
509 fixes in this release require the ability to search the creator of all
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
510 queries to work correctly.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
511
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
512 If the test script for the `new search permissions for query in
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
513 1.4.17`_ doesn't report that a role has the ability to search queries
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
514 or at least search the creator property for queries, add the following
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
515 permissions to your schema.py::
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
516
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
517 s = db.security.addPermission(name='Search', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
518 properties=['creator'],
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
519 description="User is allowed to Search queries for creator")
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
520 db.security.addPermissionToRole('User', s)
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
521
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
522 Errors and Troubleshooting
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
523 ~~~~~~~~~~~~~~~~~~~~~~~~~~
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
524
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
525 If you do not do this, public queries will be listed twice in the edit
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
526 interface. Once in the "Queries I created" section and again in the
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
527 "Queries others created" section of the query edit page
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
528 (``http..../query?@template=edit``).
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
529
5274
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
530 Fix security issues in query.item.html template
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
531 -----------------------------------------------
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
532 The default query.item.html template allows anybody to view all
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
533 queries.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
534
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
535 This has been updated in the classic, devel and responsive templates
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
536 to only allow people to view queries they creates or queries that are
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
537 publicly viewable.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
538
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
539 If you haven't modified you query.item.html template, simply copy the
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
540 query.item.html template from one of the above default templates to
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
541 your tracker's html directory.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
542
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
543 Enhancement to check command for Permissions
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
544 --------------------------------------------
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
545
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
546 A new form of check function is permitted in permission definitions.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
547 The three argument form is still supported and will work the same
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
548 as it always has (although it may be depricated in the future).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
549
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
550 If the check function is defined as::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
551
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
552 check(db, userid, itemid, **ctx)
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
553
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
554 the ctx variable will have the context to use when determining access
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
555 rights::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
556
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
557 ctx['property'] the name of the property being checked or None if
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
558 it's a class check.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
559
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
560 ctx['classname'] the name of the class that is being checked
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
561 (issue, query ....).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
562
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
563 ctx['permission'] the name of the permission (e.g. View, Edit...).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
564
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
565 This should make defining complex permissions much easier. Consider::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
566
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
567 def issue_private_access(db, userid, itemid, **ctx):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
568 if not db.issue.get(itemid, 'private'):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
569 # allow access to everything if not private
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
570 return True
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
571
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
572 # It is a private issue hide nosy list
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
573 # Note that the nosy property *must* be listed
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
574 # in permissions argument to the addPermission
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
575 # definition otherwise this check command
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
576 # is not run.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
577 if ctx['property'] == 'nosy':
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
578 return False # deny access to this property
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
579
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
580 # allow access for editing, viewing etc. of the class
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
581 return True
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
582
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
583
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
584 e = db.security.addPermission(name='Edit', klass='issue',
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
585 check=issue_private_access,
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
586 properties=['nosy'],
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
587 description="Edit issue checks")
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
588
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
589 It is suggested that you change your checks to use the ``**ctx``
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
590 parameter. This is expected to be the preferred form in the future.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
591 You do not need to use the ``ctx`` parameter in the function if you do
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
592 not need it.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
593
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
594 Changes to property permissions
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
595 -------------------------------
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
596
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
597 If you create a permission:
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
598
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
599 db.security.addPermission(name='View', klass='user',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
600 properties=['theme'], check=own_record,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
601 description="User is allowed to view their own theme")
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
602
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
603 that combines checks and properties, the permission also matches a
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
604 permission check for the View permission on the user class. So this
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
605 also allows the user to see their user record. It is unexpected that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
606 checking for access without a property would match this permission.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
607
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
608 This release adds support for making a permission like above only be
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
609 used during property permission tests. See ``customizing.txt`` and
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
610 search for props_only and set_props_only_default in the section
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
611 'Adding a new Permission'
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
612
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
613 Improve query editing
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
614 ---------------------
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
615
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
616 If a user creates a query with the same name as one of their existing
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
617 queries, the query editing interface will now report an error. By
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
618 default the query editing page (issue.search.html) displays the index
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
619 page when the search is triggered. This is usually correct since the
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
620 user expects to see the results of the query. But now that
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
621 the code properly checks for duplicate search names, the user should
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
622 stay on the search page if there is an error. To add this to your
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
623 existing issue.search.html page, add the following line after the
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
624 hidden field @old-queryname:
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
625
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
626 <input type="hidden" name="@template" value="index|search"/>
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
627
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
628 With this addition, the index template is displayed if there is no
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
629 error, and the user stays on the search template if there is an error.
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
630
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
631 Migrating from 1.5.0 to 1.5.1
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
632 =============================
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
633
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
634 User data visibility
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
635 --------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
636
4902
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
637 For security reasons you should change the permissions on the user
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
638 class. We previously shipped a configuration that allowed users to see
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
639 too many of other users details, including hashed passwords under
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
640 certain circumstances. In schema.py in your tracker, replace the line::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
641
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
642 db.security.addPermissionToRole('User', 'View', 'user')
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
643
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
644 with::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
645
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
646 p = db.security.addPermission(name='View', klass='user',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
647 properties=('id', 'organisation', 'phone', 'realname',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
648 'timezone', 'username'))
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
649 db.security.addPermissionToRole('User', p)
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
650
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
651 Note that this removes visibility of user emails, if you want emails to
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
652 be visible you can add 'address' and 'alternate_addresses' to the list
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
653 above.
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
654
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
655 XSS protection for custom actions
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
656 ---------------------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
657
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
658 If you have defined your own cgi actions in your tracker instance
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
659 (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
660 all cases where client.error_message or client.ok_message are modified
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
661 directly. Instead of::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
662
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
663 self.client.ok_message.append(...)
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
664
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
665 you need to call::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
666
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
667 self.client.add_ok_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
668
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
669 and the same for::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
670
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
671 self.client.error_message.append(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
672
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
673 vs.::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
674
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
675 self.client.add_error_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
676
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
677 The new calls escape the passed string by default and avoid XSS security
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
678 issues.
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
679
4664
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
680 Migrating from 1.4.20 to 1.4.21
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
681 ===============================
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
682
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
683 The ``_generic.calendar.html`` page of the instance has been updated to include
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
684 ``<meta name="robots" content="noindex, nofollow" />``. This prevents
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
685 robots to follow all the links in the calendar. If you haven't modified the
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
686 page on your local instance, you can simply replace it with the one in
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
687 ``share/roundup/templates/classic/html/_generic.calendar.html``; if you did,
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
688 you can add the tag manually. See issue2550765 and changeset a099ff2ceff3.
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
689
4678
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
690 If you are using the xml-rpc interface, there is a change
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
691 in accessing it. You can not send text/xml data to any
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
692 roundup url and get a response, you must use the /xmlrpc
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
693 url. For example, if you used to send your xmlrpc request to:
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
694
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
695 http://myroundup.com/roundup
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
696
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
697 you need to change the url to read:
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
698
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
699 http://myroundup.com/roundup/xmlrpc
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
700
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
701 to invoke the xmlrpc handler. This allows us to send xml
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
702 data to roundup for other handlers (e.g. REST, SOAP ...)
23de24f57566 issue2550749 - the xmlrpc interface is invoked on content type
rouilj
parents: 4664
diff changeset
703 in the future.
4664
17197d6145cf Add CHANGES.txt entry and instructions in upgrading.txt for issue2550765/a099ff2ceff3.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4663
diff changeset
704
4623
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
705 Migrating from 1.4.19 to 1.4.20
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
706 ===============================
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
707
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
708 Roundup used to allow certain HTML-Tags in OK- and Error-messages. Since
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
709 these messages are passed via the URL (due to roundup redirecting after
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
710 an edit), we did have security-issues (see issue2550724).
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
711
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
712 If you have customized the OK or Error messages in your
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
713 roundup-installation and you were using features like bold or italic
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
714 in the message, you will have to do without this highlighting and
4623
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
715 remove HTML tags from messages.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
716
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
717 If you were using <br> tags for multi-line messages, you now should use
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
718 newlines instead, these will be replaced with <br/> during formatting.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
719
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
720 Note that the previous implementation also allowed links inside
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
721 messages. Since these links could be set by an attacker, no links in
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
722 roundup messages are supported anymore. This does *not* affect the
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
723 "clear this message" link in OK-messages as it is generated by the
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
724 template and is not part of the OK-message.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
725
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
726 If you have not modified any roundup messages, you need not do anything,
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
727 the templates shipped with roundup did not use HTML tags in messages for
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
728 highlighting.
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
729
4f9c3858b671 Fix another XSS with the ok- and error message, see issue2550724.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4582
diff changeset
730
4503
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
731 Migrating from 1.4.17 to 1.4.18
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
732 ===============================
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
733
4503
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
734 There was a bug in 1.4.17 where files were unlinked from issues if a
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
735 mail without attachment was received via the mail interface. The
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
736 following script will list likely issues being affected by the bug.
4503
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
737 The date in the script is the date of the 1.4.17 release. If you have
9f488541802f Yet another fix to the mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4499
diff changeset
738 installed 1.4.17 later than this date, you can change the date
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
739 appropriately to your installation date. Run the script in the directory
4582
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
740 of your tracker::
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
741
4582
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
742 #!/usr/bin/python
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
743 import os
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
744 from roundup import instance
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
745 from roundup.date import Date
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
746 dir = os.getcwd ()
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
747 tracker = instance.open (dir)
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
748 db = tracker.open ('admin')
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
749 # you may want to change this to your install date to find less candidates
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
750 last_release = Date('2011-05-13')
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
751 affected = {}
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
752 for i in db.issue.getnodeids():
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
753 for j in db.issue.history(i):
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
754 if i in affected:
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
755 break
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
756 if j[1] < last_release or j[3] != 'set' or 'files' not in j[4]:
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
757 continue
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
758 for op, p in j[4]['files']:
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
759 if op == '-':
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
760 affected [i] = 1
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
761 break
753a379c0303 Fix syntax errors in doc/upgrading.txt and .gitignore
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4510
diff changeset
762 print ', '.join(sorted(affected.iterkeys()))
4499
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
763
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
764 To find out which files where attached before you can look in the
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
765 history of the affected issue. For fixing issues you can re-attach the
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
766 files in question using the "set" command of roundup-admin, e.g., if the
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
767 list of files attached to an issue should be files 5, 17, 23 for issue42
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
768 you will set this using
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
769
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
770 roundup-admin -i /path/to/your/tracker set issue42 files=5,17,23
431bf4e7d3d7 - release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4489
diff changeset
771
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
772 Migrating from 1.4.x to 1.4.17
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
773 ==============================
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
774
4489
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
775 There is a new config-option `migrate_passwords` in section `web` to
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
776 auto-migrate passwords at web-login time to a more secure storage
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
777 scheme. Default for the new option is "yes" so if you don't want that
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
778 passwords are auto-migrated to a more secure password scheme on user
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
779 login, set this to "no" before running your tracker(s) after the
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
780 upgrade.
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
781
4489
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
782 The standalone roundup-server now defaults to listening on localhost (no
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
783 longer on all network interfaces). This will not affect you if you're
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
784 already using a configuration file for roundup-server. If you are using
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
785 an empty setting for the `host` parameter in the config-file you should
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
786 explicitly put 0.0.0.0 there as the use of an empty string to specify
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
787 listening to all interfaces is deprecated and will go away in a future
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
788 version. If you are starting the server without a configuration file
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
789 and want to explicitly listen to all network interface, you should
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
790 specify the -n option with the address `0.0.0.0`.
47bd330e3d17 Fix documentation for roundup-server about the 'host' parameter...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
791
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
792 .. _new search permissions for query in 1.4.17:
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
793
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
794 Searching now requires either read-permission without a check method, or
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
795 you will have to add a "Search" permission for a class or a list of
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
796 properties for a class (if you want to allow searching). For the classic
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
797 template (or other templates derived from it) you want to add the
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
798 following lines to your `schema.py` file::
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
799
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
800 p = db.security.addPermission(name='Search', klass='query')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
801 db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
802
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
803 This is needed, because for the `query` class users may view only their
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
804 own queries (or public queries). This is implemented with a `check`
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
805 method, therefore the default search permissions will not allow
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
806 searching and you'll have to add an explicit search permission.
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
807 If you have modified your schema, you can check if you're missing any
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
808 search permissions with the following script, run it in your tracker
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
809 directory, it will list for each Class and Property the roles that may
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
810 search for this property::
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
811
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
812 #!/usr/bin/python
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
813 import os
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
814 from roundup import instance
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
815
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
816 tracker = instance.open(os.getcwd ())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
817 db = tracker.open('admin')
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
818
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
819 for cl in sorted(db.getclasses()):
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
820 print "Class:", cl
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
821 for p in sorted(db.getclass(cl).getprops(protected=True).keys()):
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
822 print " Property:", p
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
823 roles = []
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
824 for role in sorted(db.security.role.iterkeys()):
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
825 if db.security.roleHasSearchPermission(cl,p,role):
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
826 roles.append(role)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
827 print " roles may search:", ', '.join(roles)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
828
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4332
diff changeset
829
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
830 Migrating from 1.4.x to 1.4.12
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
831 ==============================
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
832
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
833 Item creation now checks the "Create" permission instead of the "Edit"
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
834 permission for individual properties. If you have modified your tracker
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
835 permissions from the default distribution, you should check that
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
836 "Create" permissions exist for all properties you want users to be able
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
837 to create.
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4308
diff changeset
838
4322
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
839
4320
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
840 Fixing some potential security holes
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
841 ------------------------------------
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
842
4322
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
843 Enhanced checking was added to the user registration auditor. If you
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
844 run a public tracker you should update your tracker's
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
845 ``detectors/userauditor.py`` using the new code from
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
846 ``share/roundup/templates/classic/detectors/userauditor.py``. In most
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
847 cases you may just copy the file over, but if you've made changes to
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
848 the auditor in your tracker then you'll need to manually integrate
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
849 the new code.
1595ad33036d more security update doc
Richard Jones <richard@users.sourceforge.net>
parents: 4321
diff changeset
850
4320
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
851 Some HTML templates were found to have formatting security problems:
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
852
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
853 ``html/page.html``::
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
854
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
855 -tal:replace="request/user/username">username</span></b><br>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
856 +tal:replace="python:request.user.username.plain(escape=1)">username</span></b><br>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
857
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
858 ``html/_generic.help-list.html``::
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
859
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
860 -tal:content="structure python:item[prop]"></label>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
861 +tal:content="python:item[prop]"></label>
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
862
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
863 The lines marked "+" should be added and lines marked "-" should be
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
864 deleted (minus the "+"/"-" signs).
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
865
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
866
4321
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
867 Some HTML interface tweaks
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
868 --------------------------
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
869
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
870 You may wish to copy the ``user_utils.js`` and ``style.css` files from the
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
871 source distribution ``share/roundup/templates/classic/html/`` directory to the
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
872 ``html`` directory of your trackers as it includes a small improvement.
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
873
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
874 If you have made local changes to those files you'll need to manually work
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
875 the differences in to your versions or ignore the changes.
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
876
Richard Jones <richard@users.sourceforge.net>
parents: 4320
diff changeset
877
4299
e16a1131ba67 include info on what a designator is in all commands that use them
Richard Jones <richard@users.sourceforge.net>
parents: 4295
diff changeset
878 Migrating from 1.4.x to 1.4.11
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
879 ==============================
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
880
4312
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
881 Close potential security hole
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
882 -----------------------------
4308
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
883
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
884 If your tracker has untrusted users you should examine its ``schema.py``
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
885 file and look for the section granting the "Edit" permission to your users.
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
886 This should look something like::
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
887
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
888 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
889 description="User is allowed to edit their own user details")
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
890
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
891 and should be modified to restrict the list of properties they are allowed
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
892 to edit by adding the ``properties=`` section like::
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
893
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
894 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
895 properties=('username', 'password', 'address', 'realname', 'phone',
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
896 'organisation', 'alternate_addresses', 'queries', 'timezone'),
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
897 description="User is allowed to edit their own user details")
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
898
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
899 Most importantly the "roles" property should not be editable - thus not
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
900 appear in that list of properties.
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
901
b30bdfae4461 Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents: 4299
diff changeset
902
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
903 Grant the "Register" permission to the Anonymous role
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
904 -----------------------------------------------------
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
905
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
906 A separate "Register" permission has been introduced to allow
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
907 anonymous users to register. This means you will need to add the
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
908 following to your tracker's ``schema.py`` to add the permission and
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
909 assign it to the Anonymous role (replacing any previously assigned
4312
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
910 "Create user" permission for the Anonymous role)::
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
911
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
912 +db.security.addPermission(name='Register', klass='user',
4312
Richard Jones <richard@users.sourceforge.net>
parents: 4310
diff changeset
913 + description='User is allowed to register new user')
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
914
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
915 # Assign the appropriate permissions to the anonymous user's Anonymous
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
916 # Role. Choices here are:
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
917 # - Allow anonymous users to register
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
918 -db.security.addPermissionToRole('Anonymous', 'Create', 'user')
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
919 +db.security.addPermissionToRole('Anonymous', 'Register', 'user')
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
920
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
921 The lines marked "+" should be added and lines marked "-" should be
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
922 deleted (minus the "+"/"-" signs).
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
923
4323
a3f88aa04735 fix stupid typo
Richard Jones <richard@users.sourceforge.net>
parents: 4322
diff changeset
924 You should also modify the ``html/page.html`` template to change the
4320
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
925 permission tested there::
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
926
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
927 -tal:condition="python:request.user.hasPermission('Create', 'user')"
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
928 +tal:condition="python:request.user.hasPermission('Register', 'user')"
1072574dab86 include some additional docs
Richard Jones <richard@users.sourceforge.net>
parents: 4318
diff changeset
929
4295
a57ced3a4bb6 - Add documentation for migrating to the Register permission...
Richard Jones <richard@users.sourceforge.net>
parents: 4211
diff changeset
930
4318
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
931 Generic class editor may now restore retired items
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
932 --------------------------------------------------
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
933
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
934 The instructions for doing so won't be present in your tracker unless you copy
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
935 the ``_generic.index.html`` template from the roundup distribution in
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
936 ``share/roundup/templates/classic/html`` to your tracker's ``html`` directory.
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
937
05d3f47003fc add missing upgrade instructions
Richard Jones <richard@users.sourceforge.net>
parents: 4312
diff changeset
938
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
939 Migrating from 1.4.x to 1.4.9
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
940 =============================
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
941
4211
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
942 Customized MailGW Class
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
943 -----------------------
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
944
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
945 If you have customized the MailGW class in your tracker: The new MailGW
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
946 class opens the database for each message in the method handle_message
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
947 (instance.open) instead of passing the opened database as a parameter to
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
948 the MailGW constructor. The old handle_message has been renamed to
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
949 _handle_message. The new method opens the database and wraps the call to
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
950 the old method into a try/finally.
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
951
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
952 Your customized MailGW class needs to mirror this behavior.
61cf00ca920a Process each message through the mail gateway as a separate transaction.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4120
diff changeset
953
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
954 Fix the "remove" button in issue files and messages lists
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
955 ---------------------------------------------------------
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
956
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
957 The "remove" button(s) in the issue messages list needs to be altered. Find
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
958 the following in your tracker's ``html/issue.item.html`` template::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
959
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
960 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
961 <form style="padding:0" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
962 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
963 <input type="hidden" name="@remove@files" tal:attributes="value file/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
964
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
965 and add ``method="POST"`` as shown below::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
966
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
967 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
968 <form style="padding:0" method="POST" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
969 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
970 <input type="hidden" name="@remove@files" tal:attributes="value file/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
971
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
972 Then also find::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
973
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
974 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
975 <form style="padding:0" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
976 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
977 <input type="hidden" name="@remove@messages" tal:attributes="value msg/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
978
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
979 and add ``method="POST"`` as shown below::
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
980
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
981 <td>
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
982 <form style="padding:0" method="POST" tal:condition="context/is_edit_ok"
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
983 tal:attributes="action string:issue${context/id}">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
984 <input type="hidden" name="@remove@messages" tal:attributes="value msg/id">
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
985
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
986
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
987 Fixing the "retire" button in user management list
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
988 --------------------------------------------------
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
989
4643
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
990 Some previous versions of this upgrading document missed ``method="POST"``
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
991 in the change to the "retire" link in the user management list
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
992 in section `Migrating from 1.4.x to 1.4.7`_.
09df6e4c6975 Minor improvement to old upgrading infos.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
993 Make sure the change is done as listed below in this document.
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
994
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
995
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
996 Migrating from 1.4.x to 1.4.7
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
997 =============================
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
998
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
999 Several security issues were addressed in this release. Some aspects of your
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1000 trackers may no longer function depending on your local customisations. Core
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1001 functionality that will need to be modified:
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1002
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1003 Grant the "retire" permission to users for their queries
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1004 --------------------------------------------------------
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1005
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1006 Users will no longer be able to retire their own queries. To remedy this you
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1007 will need to add the following to your tracker's ``schema.py`` just under the
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1008 line that grants them permission to edit their own queries::
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1009
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1010 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1011 description="User is allowed to edit their queries")
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1012 db.security.addPermissionToRole('User', p)
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1013 + p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1014 + description="User is allowed to retire their queries")
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1015 + db.security.addPermissionToRole('User', p)
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1016 p = db.security.addPermission(name='Create', klass='query',
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1017 description="User is allowed to create queries")
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1018 db.security.addPermissionToRole('User', p)
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1019
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1020 The lines marked "+" should be added, minus the "+" sign.
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1021
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1022
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1023 Fix the "retire" link in the users list for admin users
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1024 -------------------------------------------------------
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1025
4330
15f74c03d9f5 fix typo
Richard Jones <richard@users.sourceforge.net>
parents: 4323
diff changeset
1026 The "retire" link found in the file ``html/user.index.html``::
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1027
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1028 <td tal:condition="context/is_edit_ok">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1029 <a tal:attributes="href string:user${user/id}?@action=retire&@template=index"
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1030 i18n:translate="">retire</a>
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1031
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1032 Should be replaced with::
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1033
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1034 <td tal:condition="context/is_retire_ok">
4120
ad57b06af972 fixed classic tracker template to submit POST requests when appropriate
Richard Jones <richard@users.sourceforge.net>
parents: 4089
diff changeset
1035 <form style="padding:0" method="POST"
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1036 tal:attributes="action string:user${user/id}">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1037 <input type="hidden" name="@template" value="index">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1038 <input type="hidden" name="@action" value="retire">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1039 <input type="submit" value="retire" i18n:attributes="value">
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1040 </form>
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1041
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1042
4089
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1043 Fix for Python 2.6+ users
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1044 -------------------------
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1045
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1046 If you use Python 2.6 you should edit your tracker's
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1047 ``detectors/nosyreaction.py`` file to change::
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1048
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1049 import sets
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1050
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1051 at the top to::
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1052
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1053 from roundup.anypy.sets_ import set
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1054
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1055 and then all instances of ``sets.Set()`` to ``set()`` in the later code.
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1056
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1057
eddb82d0964c Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1058
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1059 Trackers currently allowing HTML file uploading
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1060 -----------------------------------------------
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1061
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1062 Trackers which wish to continue to allow uploading of HTML content against issues
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1063 will need to set a new configuration variable in the ``[web]`` section of the
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1064 tracker's ``config.ini`` file:
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1065
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1066 # Setting this option enables Roundup to serve uploaded HTML
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1067 # file content *as HTML*. This is a potential security risk
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1068 # and is therefore disabled by default. Set to 'yes' if you
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1069 # trust *all* users uploading content to your tracker.
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1070 # Allowed values: yes, no
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1071 # Default: no
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1072 allow_html_file = no
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1073
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1074
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3969
diff changeset
1075
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1076 Migrating from 1.4.2 to 1.4.3
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1077 =============================
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1078
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1079 If you are using the MySQL backend you will need to replace some indexes
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1080 that may have been created by version 1.4.2.
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1081
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1082 You should to access your MySQL database directly and remove any indexes
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1083 with a name ending in "_key_retired_idx". You should then re-add them with
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1084 the same spec except the key column name needs a size. So an index on
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1085 "_user (__retired, _name)" should become "_user (__retired, _name(255))".
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1086
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3963
diff changeset
1087
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1088 Migrating from 1.4.x to 1.4.2
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1089 =============================
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1090
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1091 You should run the "roundup-admin migrate" command for your tracker once
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1092 you've installed the latest codebase.
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1093
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1094 Do this before you use the web, command-line or mail interface and before
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1095 any users access the tracker.
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1096
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1097 This command will respond with either "Tracker updated" (if you've not
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1098 previously run it on an RDBMS backend) or "No migration action required"
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1099 (if you have run it, or have used another interface to the tracker,
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1100 or are using anydbm).
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1101
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1102 It's safe to run this even if it's not required, so just get into the
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1103 habit.
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1104
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1105
3938
083e280165a8 Pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3858
diff changeset
1106 Migrating from 1.3.3 to 1.4.0
3838
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1107 =============================
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1108
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1109 Value of the "refwd_re" tracker configuration option (section "mailgw")
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1110 is treated as UTF-8 string. In previous versions, it was ISO8859-1.
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1111
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1112 If you have running trackers based on the classic template, please
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1113 update the messagesummary detector as follows::
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1114
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1115 --- detectors/messagesummary.py 17 Apr 2003 03:26:38 -0000 1.1
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1116 +++ detectors/messagesummary.py 3 Apr 2007 06:47:21 -0000 1.2
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1117 @@ -8,7 +8,7 @@
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1118 if newvalues.has_key('summary') or not newvalues.has_key('content'):
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1119 return
3838
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1120
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1121 - summary, content = parseContent(newvalues['content'], 1, 1)
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1122 + summary, content = parseContent(newvalues['content'], config=db.config)
3963
3230f9c88086 Fix race condition for key properties in rdbms backends [SF#1876683]
Richard Jones <richard@users.sourceforge.net>
parents: 3938
diff changeset
1123 newvalues['summary'] = summary
3838
99bd1d59a58e 1.3.3 > 1.3.4 upgrade notes
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 3745
diff changeset
1124
3858
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1125 In the latest version we have added some database indexes to the
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1126 SQL-backends (mysql, postgresql, sqlite) for speeding up building the
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1127 roundup-index for full-text search. We recommend that you create the
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1128 following database indexes on the database by hand::
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1129
4332
61f2e659faf7 add SQL detail
Richard Jones <richard@users.sourceforge.net>
parents: 4330
diff changeset
1130 CREATE INDEX words_by_id ON __words (_textid);
61f2e659faf7 add SQL detail
Richard Jones <richard@users.sourceforge.net>
parents: 4330
diff changeset
1131 CREATE UNIQUE INDEX __textids_by_props ON __textids (_class, _itemid, _prop);
3858
bb30bbfc7cdd Indexing fixes.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3838
diff changeset
1132
3745
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1133 Migrating from 1.2.x to 1.3.0
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1134 =============================
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1135
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1136 1.3.0 Web interface changes
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1137 ---------------------------
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1138
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1139 Some of the HTML files in the "classic" and "minimal" tracker templates
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1140 were changed to fix some bugs and clean them up. You may wish to compare
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1141 them to the HTML files in your tracker and apply any changes.
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1142
20e9831fc58a pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3738
diff changeset
1143
3732
0cc9b954f1f1 - fix version number in upgrading howto.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3696
diff changeset
1144 Migrating from 1.1.2 to 1.2.0
3696
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1145 =============================
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1146
3732
0cc9b954f1f1 - fix version number in upgrading howto.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3696
diff changeset
1147 1.2.0 Sorting and grouping by multiple properties
3696
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1148 -------------------------------------------------
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1149
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1150 Starting with this version, sorting and grouping by multiple properties
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1151 is possible. This means that request.sort and request.group are now
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1152 lists. This is reflected in several places:
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1153
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1154 * ``renderWith`` now has list attributes for ``sort`` and ``group``,
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1155 where you previously wrote::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1156
3696
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1157 renderWith(... sort=('-', 'activity'), group=('+', 'priority')
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1158
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1159 you write now::
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1160
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1161 renderWith(... sort=[('-', 'activity')], group=[('+', 'priority')]
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1162
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1163 * In templates that permit to edit sorting/grouping, request.sort and
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1164 request.group are (possibly empty) lists. You can now sort and group
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1165 by multiple attributes. For an example, see the classic template. You
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1166 may want search for the variable ``n_sort`` which can be set to the
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1167 number of sort/group properties.
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1168
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1169 * Templates that diplay new headlines for each group of items with
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1170 equal group properties can now use the modified ``batch.propchanged``
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1171 method that can take several properties which are checked for
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1172 changes. See the example in the classic template which makes use of
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1173 ``batch.propchanged``.
790363e96852 Sorting/grouping by multiple properties.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3588
diff changeset
1174
3588
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1175 Migrating from 1.1.0 to 1.1.1
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1176 =============================
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1177
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1178 1.1.1 "Clear this message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1179 --------------------------
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1180
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1181 In 1.1.1, the standard ``page.html`` template includes a "clear this message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1182 link in the green "ok" message bar that appears after a successful edit
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1183 (or other) action.
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1184
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1185 To include this in your tracker, change the following in your ``page.html``
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1186 template::
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1187
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1188 <p tal:condition="options/ok_message | nothing" class="ok-message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1189 tal:repeat="m options/ok_message" tal:content="structure m">error</p>
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1190
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1191 to be::
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1192
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1193 <p tal:condition="options/ok_message | nothing" class="ok-message">
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1194 <span tal:repeat="m options/ok_message"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1195 tal:content="structure string:$m <br/ > " />
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1196 <a class="form-small" tal:attributes="href request/current_url"
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1197 i18n:translate="">clear this message</a>
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1198 </p>
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1199
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1200
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1201 If you implemented the "clear this message" in your 1.1.0 tracker, then you
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1202 should change it to the above and it will work much better!
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1203
503d4c10f1f8 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3554
diff changeset
1204
3550
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
1205 Migrating from 1.0.x to 1.1.0
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
1206 =============================
3548
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1207
3550
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
1208 1.1 Login "For Session Only"
55bcd5673097 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3549
diff changeset
1209 ----------------------------
3548
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1210
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1211 In 1.1, web logins are alive for the length of a session only, *unless* you
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1212 add the following to the login form in your tracker's ``page.html``::
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1213
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1214 <input type="checkbox" name="remember" id="remember">
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1215 <label for="remember" i18n:translate="">Remember me?</label><br>
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1216
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1217 See the classic tracker ``page.html`` if you're unsure where this should
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1218 go.
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1219
61d48244e7a8 login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents: 3518
diff changeset
1220
3549
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1221 1.1 Query Display Name
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1222 ----------------------
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1223
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1224 The ``dispname`` web variable has been renamed ``@dispname`` to avoid
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1225 clashing with other variables of the same name. If you are using the
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1226 display name feature, you will need to edit your tracker's ``page.html``
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1227 and ``issue.index.html`` pages to change ``dispname`` to ``@dispname``.
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1228
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1229 A side-effect of this change is that the renderWith method used in the
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1230 ``home.html`` page may now take a dispname argument.
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1231
3554
5e70726a86dd fixed schema migration problem when Class keys were removed
Richard Jones <richard@users.sourceforge.net>
parents: 3552
diff changeset
1232
3552
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1233 1.1 "Clear this message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1234 ------------------------
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1235
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1236 In 1.1, the standard ``page.html`` template includes a "clear this message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1237 link in the green "ok" message bar that appears after a successful edit
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1238 (or other) action.
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1239
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1240 To include this in your tracker, change the following in your ``page.html``
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1241 template::
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1242
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1243 <p tal:condition="options/ok_message | nothing" class="ok-message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1244 tal:repeat="m options/ok_message" tal:content="structure m">error</p>
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1245
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1246 to be::
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1247
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1248 <p tal:condition="options/ok_message | nothing" class="ok-message">
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1249 <span tal:repeat="m options/ok_message"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1250 tal:content="structure string:$m <br/ > " />
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1251 <a class="form-small" tal:attributes="href string:issue${context/id}"
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1252 i18n:translate="">clear this message</a>
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1253 </p>
4cf7f9b7cb37 include "clear this message" link in the "ok" message bar
Richard Jones <richard@users.sourceforge.net>
parents: 3550
diff changeset
1254
3549
f6719836e521 allow dispname to be passed to renderWith [SF#1424587]
Richard Jones <richard@users.sourceforge.net>
parents: 3548
diff changeset
1255
3518
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1256 Migrating from 0.8.x to 1.0
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1257 ===========================
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1258
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1259 1.0 New Query Permissions
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1260 -------------------------
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1261
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1262 New permissions are defined for query editing and viewing. To include these
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1263 in your tracker, you need to add these lines to your tracker's
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1264 ``schema.py``::
3419
4aeb0d0cf0d6 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3281
diff changeset
1265
3518
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1266 # Users should be able to edit and view their own queries. They should also
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1267 # be able to view any marked as not private. They should not be able to
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1268 # edit others' queries, even if they're not private
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1269 def view_query(db, userid, itemid):
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1270 private_for = db.query.get(itemid, 'private_for')
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1271 if not private_for: return True
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1272 return userid == private_for
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1273 def edit_query(db, userid, itemid):
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1274 return userid == db.query.get(itemid, 'creator')
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1275 p = db.security.addPermission(name='View', klass='query', check=view_query,
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1276 description="User is allowed to view their own and public queries")
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1277 db.security.addPermissionToRole('User', p)
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1278 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1279 description="User is allowed to edit their queries")
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1280 db.security.addPermissionToRole('User', p)
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1281 p = db.security.addPermission(name='Create', klass='query',
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1282 description="User is allowed to create queries")
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1283 db.security.addPermissionToRole('User', p)
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1284
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1285 and then remove 'query' from the line::
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1286
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1287 # Assign the access and edit Permissions for issue, file and message
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1288 # to regular users now
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1289 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1290
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1291 so it looks like::
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1292
7fb8cfe3c737 enable editing of public queries [SF#966144]
Richard Jones <richard@users.sourceforge.net>
parents: 3419
diff changeset
1293 for cl in 'issue', 'file', 'msg', 'keyword':
3419
4aeb0d0cf0d6 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3281
diff changeset
1294
4aeb0d0cf0d6 pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 3281
diff changeset
1295
3253
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1296 Migrating from 0.8.0 to 0.8.3
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1297 =============================
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1298
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1299 0.8.3 Nosy Handling Changes
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1300 ---------------------------
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1301
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1302 A change was made to fix a bug in the ``nosyreaction.py`` standard
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1303 detector. To incorporate this fix in your trackers, you will need to copy
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1304 the ``nosyreaction.py`` file from the ``templates/classic/detectors``
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1305 directory of the source to your tracker's ``templates`` directory.
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1306
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1307 If you have modified the ``nosyreaction.py`` file from the standard
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1308 version, you will need to roll your changes into the new file.
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1309
34d034a4c0d9 merge from 0.8 plus docs
Richard Jones <richard@users.sourceforge.net>
parents: 3130
diff changeset
1310
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1311 Migrating from 0.7.1 to 0.8.0
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1312 =============================
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1313
2954
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
1314 You *must* fully uninstall previous Roundup version before installing
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
1315 Roundup 0.8.0. If you don't do that, ``roundup-admin install``
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
1316 command may fail to function properly.
15620de288b1 0.8 requires clean uninstall of previous version [SF#1071402]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2915
diff changeset
1317
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1318 0.8.0 Backend changes
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1319 ---------------------
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1320
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1321 Backends 'bsddb' and 'bsddb3' are removed. If you are using one of these,
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1322 you *must* migrate to another backend before upgrading.
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1323
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1324
2737
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1325 0.8.0 API changes
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1326 -----------------
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1327
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1328 Class.safeget() was removed from the API. Test your item ids before calling
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1329 Class.get() instead.
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1330
37e2b70105f7 removed safeget() from the API [SF#994750]
Richard Jones <richard@users.sourceforge.net>
parents: 2700
diff changeset
1331
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1332 0.8.0 New tracker layout
2700
Richard Jones <richard@users.sourceforge.net>
parents: 2573
diff changeset
1333 ------------------------
Richard Jones <richard@users.sourceforge.net>
parents: 2573
diff changeset
1334
2889
accb3b411ef6 instructions and method for generating config.ini
Richard Jones <richard@users.sourceforge.net>
parents: 2886
diff changeset
1335 The ``config.py`` file has been replaced by ``config.ini``. You may use the
accb3b411ef6 instructions and method for generating config.ini
Richard Jones <richard@users.sourceforge.net>
parents: 2886
diff changeset
1336 roundup-admin command "genconfig" to generate a new config file::
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1337
2889
accb3b411ef6 instructions and method for generating config.ini
Richard Jones <richard@users.sourceforge.net>
parents: 2886
diff changeset
1338 roundup-admin genconfig <tracker home>/config.ini
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1339
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1340 and modify the values therein based on the contents of your old config.py.
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1341 In most cases, the names of the config variables are the same.
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1342
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1343 The ``select_db.py`` file has been replaced by a file in the ``db``
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1344 directory called ``backend_name``. As you might guess, this file contains
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1345 just the name of the backend. To figure what the contents of yours should
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1346 be, use the following table:
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1347
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1348 ================================ =========================
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1349 ``select_db.py`` contents ``backend_name`` contents
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1350 ================================ =========================
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1351 from back_anydbm import ... anydbm
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1352 from back_metakit import ... metakit
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1353 from back_sqlite import ... sqlite
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1354 from back_mysql import ... mysql
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1355 from back_postgresql import ... postgresql
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1356 ================================ =========================
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1357
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1358 The ``dbinit.py`` file has been split into two new files,
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1359 ``initial_data.py`` and ``schema.py``. The contents of this file are:
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1360
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1361 ``initial_data.py``
3130
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1362 You don't need one of these as your tracker is already initialised.
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1363
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1364 ``schema.py``
3130
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1365 Copy the body of the ``def open(name=None)`` function from your old
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1366 tracker's ``dbinit.py`` file to this file. As the lines you're copying
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1367 aren't part of a function definition anymore, one level of indentation
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1368 needs to be removed (remove only the leading four spaces on each
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1369 line).
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1370
3130
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1371 The first few lines -- those starting with ``from roundup.hyperdb
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1372 import ...`` and the ``db = Database(config, name)`` line -- don't
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1373 need to be copied. Neither do the last few lines -- those starting
7308c3c5a943 docs editing from Jean Jordaan
Richard Jones <richard@users.sourceforge.net>
parents: 2954
diff changeset
1374 with ``import detectors``, down to ``return db`` inclusive.
2886
0998d1b48182 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 2819
diff changeset
1375
3281
751601e710d8 minor doc change
Richard Jones <richard@users.sourceforge.net>
parents: 3253
diff changeset
1376 You may remove the ``__init__.py`` module from the "detectors" directory as
751601e710d8 minor doc change
Richard Jones <richard@users.sourceforge.net>
parents: 3253
diff changeset
1377 it is no longer used.
751601e710d8 minor doc change
Richard Jones <richard@users.sourceforge.net>
parents: 3253
diff changeset
1378
3738
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
1379 There's a new way to write extension code for Roundup. If you have code in
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
1380 an ``interfaces.py`` file you should move it. See the `customisation
2915
7d97c75e7cba more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2913
diff changeset
1381 documentation`_ for information about how extensions are now written.
3738
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
1382 Note that some older trackers may use ``interfaces.py`` to customise the
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
1383 mail gateway behaviour. You will need to keep your ``interfaces.py`` file
7d1ab8c03049 fix doc
Richard Jones <richard@users.sourceforge.net>
parents: 3732
diff changeset
1384 if this is the case.
2700
Richard Jones <richard@users.sourceforge.net>
parents: 2573
diff changeset
1385
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1386
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1387 0.8.0 Permissions Changes
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1388 -------------------------
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1389
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1390 The creation of a new item in the user interfaces is now controlled by the
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1391 "Create" Permission. You will need to add an assignment of this Permission
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1392 to your users who are allowed to create items. The most common form of this
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1393 is the following in your ``schema.py`` added just under the current
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1394 assignation of the Edit Permission::
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1395
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1396 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1397 p = db.security.getPermission('Create', cl)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1398 db.security.addPermissionToRole('User', p)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1399
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1400 You will need to explicitly let anonymous users access the web interface so
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1401 that regular users are able to see the login form. Note that almost all
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1402 trackers will need this Permission. The only situation where it's not
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1403 required is in a tracker that uses an HTTP Basic Authenticated front-end.
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1404 It's enabled by adding to your ``schema.py``::
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1405
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1406 p = db.security.getPermission('Web Access')
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1407 db.security.addPermissionToRole('Anonymous', p)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1408
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1409 Finally, you will need to enable permission for your users to edit their
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1410 own details by adding the following to ``schema.py``::
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1411
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1412 # Users should be able to edit their own details. Note that this
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1413 # permission is limited to only the situation where the Viewed or
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1414 # Edited item is their own.
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1415 def own_record(db, userid, itemid):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1416 '''Determine whether the userid matches the item being accessed.'''
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1417 return userid == itemid
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1418 p = db.security.addPermission(name='View', klass='user', check=own_record,
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1419 description="User is allowed to view their own user details")
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1420 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1421 description="User is allowed to edit their own user details")
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1422 db.security.addPermissionToRole('User', p)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1423
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1424
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1425 0.8.0 Use of TemplatingUtils
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1426 ----------------------------
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1427
2910
5c0e5abcb5e3 doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2907
diff changeset
1428 If you used custom python functions in TemplatingUtils, they must
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1429 be moved from interfaces.py to a new file in the ``extensions`` directory.
2910
5c0e5abcb5e3 doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2907
diff changeset
1430
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1431 Each Function that should be available through TAL needs to be defined
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1432 as a toplevel function in the newly created file. Furthermore you
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1433 add an inititialization function, that registers the functions with the
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1434 tracker.
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1435
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1436 If you find this too tedious, donfu wrote an automatic init function that
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1437 takes an existing TemplatingUtils class, and registers all class methods
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1438 that do not start with an underscore. The following hack should be placed
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1439 in the ``extensions`` directory alongside other extensions::
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1440
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1441 class TemplatingUtils:
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1442 # copy from interfaces.py
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1443
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1444 def init(tracker):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1445 util = TemplatingUtils()
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1446
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1447 def setClient(tu):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1448 util.client = tu.client
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1449 return util
2819
24a5447725a2 note dropped bsddb and bsddb3;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2737
diff changeset
1450
2907
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1451 def execUtil(name):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1452 return lambda tu, *args, **kwargs: \
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1453 getattr(setClient(tu), name)(*args, **kwargs)
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1454
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1455 for name in dir(util):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1456 if callable(getattr(util, name)) and not name.startswith('_'):
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1457 tracker.registerUtil(name, execUtil(name))
bcb4668d4196 more docs
Richard Jones <richard@users.sourceforge.net>
parents: 2889
diff changeset
1458
2282
c0e86056739f local character set support
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2273
diff changeset
1459
2572
d15b71b8a85a more logging goodness
Richard Jones <richard@users.sourceforge.net>
parents: 2409
diff changeset
1460 0.8.0 Logging Configuration
d15b71b8a85a more logging goodness
Richard Jones <richard@users.sourceforge.net>
parents: 2409
diff changeset
1461 ---------------------------
d15b71b8a85a more logging goodness
Richard Jones <richard@users.sourceforge.net>
parents: 2409
diff changeset
1462
2573
71e03be0a25b *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2572
diff changeset
1463 See the `administration guide`_ for information about configuring the new
71e03be0a25b *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2572
diff changeset
1464 logging implemented in 0.8.0.
71e03be0a25b *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2572
diff changeset
1465
2374
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1466
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1467 Migrating from 0.7.2 to 0.7.3
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1468 =============================
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1469
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1470 0.7.3 Configuration
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1471 -------------------
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1472
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1473 If you choose, you may specify the directory from which static files are
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1474 served (those which use the URL component ``@@file``). Currently the
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1475 directory defaults to the ``TEMPLATES`` configuration variable. You may
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1476 define a new variable, ``STATIC_FILES`` which overrides this value for
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1477 static files.
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1478
31cb1014300c Switch to using sqlite's own locking mechanisms...
Richard Jones <richard@users.sourceforge.net>
parents: 2293
diff changeset
1479
2293
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1480 Migrating from 0.7.0 to 0.7.2
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1481 =============================
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1482
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1483 0.7.2 DEFAULT_TIMEZONE is now required
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1484 --------------------------------------
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1485
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1486 The DEFAULT_TIMEZONE configuration variable is now required. Add the
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1487 following to your tracker's ``config.py`` file::
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1488
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1489 # You may specify a different default timezone, for use when users do not
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1490 # choose their own in their settings.
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1491 DEFAULT_TIMEZONE = 0 # specify as numeric hour offest
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1492
51b34469b7aa mention DEFAULT_TIMEZONE requirement in upgrading doc [SF#952932]
Richard Jones <richard@users.sourceforge.net>
parents: 2282
diff changeset
1493
2273
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1494 Migrating from 0.7.0 to 0.7.1
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1495 =============================
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1496
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1497 0.7.1 Permission assignments
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1498 ----------------------------
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1499
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1500 If you allow anonymous access to your tracker, you might need to assign
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1501 some additional View (or Edit if your tracker is that open) permissions
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1502 to the "anonymous" user. To do so, find the code in your ``dbinit.py`` that
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1503 says::
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1504
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1505 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1506 p = db.security.getPermission('View', cl)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1507 db.security.addPermissionToRole('User', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1508 p = db.security.getPermission('Edit', cl)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1509 db.security.addPermissionToRole('User', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1510 for cl in 'priority', 'status':
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1511 p = db.security.getPermission('View', cl)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1512 db.security.addPermissionToRole('User', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1513
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1514 Add add a line::
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1515
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1516 db.security.addPermissionToRole('Anonymous', p)
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1517
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1518 next to the existing ``'User'`` lines for the Permissions you wish to
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1519 assign to the anonymous user.
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
1520
2119
cc4667ef3f12 Added the ability to toggle where error messages go.
Eddie Parker <eparker@users.sourceforge.net>
parents: 2114
diff changeset
1521
2136
ee3cf6a44f29 queries on a per-user basis, and public queries [SF#891798] :)
Richard Jones <richard@users.sourceforge.net>
parents: 2121
diff changeset
1522 Migrating from 0.6 to 0.7
2119
cc4667ef3f12 Added the ability to toggle where error messages go.
Eddie Parker <eparker@users.sourceforge.net>
parents: 2114
diff changeset
1523 =========================
cc4667ef3f12 Added the ability to toggle where error messages go.
Eddie Parker <eparker@users.sourceforge.net>
parents: 2114
diff changeset
1524
2076
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1525 0.7.0 Permission assignments
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1526 ----------------------------
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1527
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1528 Due to a change in the rendering of web widgets, permissions are now
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1529 checked on Classes where they previously weren't (this is a good thing).
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1530
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1531 You will need to add some additional Permission assignments for your
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1532 regular users, or some displays will break. After the following in your
2076
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1533 tracker's ``dbinit.py``::
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1534
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1535 # Assign the access and edit Permissions for issue, file and message
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1536 # to regular users now
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1537 for cl in 'issue', 'file', 'msg', 'query', 'keyword':
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1538 p = db.security.getPermission('View', cl)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1539 db.security.addPermissionToRole('User', p)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1540 p = db.security.getPermission('Edit', cl)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1541 db.security.addPermissionToRole('User', p)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1542
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1543 add::
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1544
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1545 for cl in 'priority', 'status':
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1546 p = db.security.getPermission('View', cl)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1547 db.security.addPermissionToRole('User', p)
2a4309450202 security fixes and doc updates
Richard Jones <richard@users.sourceforge.net>
parents: 2059
diff changeset
1548
2102
666402433998 Fix some tests.
Richard Jones <richard@users.sourceforge.net>
parents: 2077
diff changeset
1549
1800
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
1550 0.7.0 Getting the current user id
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
1551 ---------------------------------
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
1552
2263
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
1553 The Database.curuserid attribute has been removed.
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
1554
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
1555 Any code referencing this attribute should be replaced with a
d22a40dd33af mmm... grammar
Richard Jones <richard@users.sourceforge.net>
parents: 2223
diff changeset
1556 call to Database.getuid().
1800
a3b1b1dcf639 Use getuid(), not figure_curuserid()
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1769
diff changeset
1557
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1558
1911
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1559 0.7.0 ZRoundup changes
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1560 ----------------------
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1561
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1562 The templates in your tracker's html directory will need updating if you
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1563 wish to use ZRoundup. If you've not modified those files (or some of them),
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1564 you may just copy the new versions from the Roundup source in the
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1565 templates/classic/html directory.
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1566
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1567 If you have modified the html files, then you'll need to manually edit them
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1568 to change all occurances of special form variables from using the colon ":"
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1569 special character to the at "@" special character. That is, variables such
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1570 as::
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1571
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1572 :action :required :template :remove:messages ...
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1573
2223
9b447ac40be3 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 2138
diff changeset
1574 should become::
1911
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1575
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1576 @action @required @template @remove@messages ...
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1577
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1578 Note that ``tal:`` statements are unaffected. So are TAL expression type
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1579 prefixes such as ``python:`` and ``string:``. Please ask on the
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1580 roundup-users mailing list for help if you're unsure.
f5c804379c85 fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents: 1882
diff changeset
1581
1882
15cfde2c3db8 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1850
diff changeset
1582
2913
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1583 0.7.0 Edit collision detection
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1584 ------------------------------
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1585
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1586 Roundup now detects collisions with editing in the web interface (that is,
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1587 two people editing the same item at the same time).
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1588
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1589 You must copy the ``_generic.collision.html`` file from Roundup source in
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1590 the ``templates/classic/html`` directory. to your tracker's ``html``
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1591 directory.
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1592
398a93f386b8 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2910
diff changeset
1593
1835
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1594 Migrating from 0.6.x to 0.6.3
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1595 =============================
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1596
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1597 0.6.3 Configuration
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1598 -------------------
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1599
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1600 You will need to copy the file::
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1601
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1602 templates/classic/detectors/__init__.py
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1603
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1604 to your tracker's ``detectors`` directory, replacing the one already there.
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1605 This fixes a couple of bugs in that file.
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1606
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1607
461d8aa81376 merge from maint branch
Richard Jones <richard@users.sourceforge.net>
parents: 1813
diff changeset
1608
1363
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
1609 Migrating from 0.5 to 0.6
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
1610 =========================
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
1611
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1612
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1613 0.6.0 Configuration
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1614 -------------------
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1615
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1616 Introduced EMAIL_FROM_TAG config variable. This value is inserted into
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1617 the From: line of nosy email. If the sending user is "Foo Bar", the
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1618 From: line is usually::
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1619
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1620 "Foo Bar" <issue_tracker@tracker.example>
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1621
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1622 the EMAIL_FROM_TAG goes inside the "Foo Bar" quotes like so::
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1623
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1624 "Foo Bar EMAIL_FROM_TAG" <issue_tracker@tracker.example>
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1625
1455
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1626 I've altered the mechanism in the detectors __init__.py module so that it
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1627 doesn't cross-import detectors from other trackers (if you run more than one
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1628 in a single roundup-server). This change means that you'll need to copy the
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1629 __init__.py from roundup/templates/classic/detectors/__init__.py to your
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1630 <tracker home>/detectors/__init__.py. Don't worry, the "classic" __init__ is a
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1631 one-size-fits-all, so it'll work even if you've added/removed detectors.
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1632
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1633 0.6.0 Templating changes
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1634 ------------------------
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1635
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1636 The ``user.item`` template (in the tracker home "templates" directory)
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1637 needs to have the following hidden variable added to its form (between the
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1638 ``<form...>`` and ``</form>`` tags::
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1639
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1640 <input type="hidden" name=":template" value="item">
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1641
1455
436eb851045a *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1439
diff changeset
1642
1423
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
1643 0.6.0 Form handling changes
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
1644 ---------------------------
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
1645
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1646 Roundup's form handling capabilities have been significantly expanded. This
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1647 should not affect users of 0.5 installations - but if you find you're
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1648 getting errors from form submissions, please ask for help on the Roundup
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1649 users mailing list:
1423
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
1650
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1651 http://lists.sourceforge.net/lists/listinfo/roundup-users
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1652
1741
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1653 See the customisation doc section on `Form Values`__ for documentation of the
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1654 new form variables possible.
1439
0634f815b90c rfc2822-ify the tracker name in mail headers
Richard Jones <richard@users.sourceforge.net>
parents: 1423
diff changeset
1655
1741
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1656 __ customizing.html#form-values
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1657
1423
52eec576c4a6 reminder
Richard Jones <richard@users.sourceforge.net>
parents: 1402
diff changeset
1658
1388
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1659 0.6.0 Multilingual character set support
cd28e3b5db2e small cleanup, more info on config changes
Richard Jones <richard@users.sourceforge.net>
parents: 1386
diff changeset
1660 ----------------------------------------
1363
f41360211819 oops, forgot upgrade note
Richard Jones <richard@users.sourceforge.net>
parents: 1308
diff changeset
1661
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1662 Added internationalization support. This is done via encoding all data
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1663 stored in roundup database to utf-8 (unicode encoding). To support utf-8 in
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1664 web interface you should add the folowing line to your tracker's html/page
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1665 and html/_generic.help files inside <head> tag::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1666
1386
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
1667 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
1668
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1669 Since latin characters in utf-8 have the same codes as in ASCII table, this
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1670 modification is optional for users who use only plain latin characters.
1386
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
1671
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1672 After this modification, you will be able to see and enter any world
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1673 character via web interface. Data received via mail interface also converted
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1674 to utf-8, however only new messages will be converted. If your roundup
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1675 database contains some of non-ASCII characters in one of 8-bit encoding,
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1676 they will not be visible in new unicode environment. Some of such data (e.g.
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1677 user names, keywords, etc) can be edited by administrator, the others
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1678 (e.g. messages' contents) is not editable via web interface. Currently there
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1679 is no tool for converting such data, the only solution is to close
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1680 appropriate old issues and create new ones with the same content.
1386
7ca01821df2c notes about upgrading to unicode
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1381
diff changeset
1681
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1682
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1683 0.6.0 User timezone support
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1684 ---------------------------
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1685
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1686 From version 0.6.0 roundup supports displaying of Date data in user' local
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1687 timezone if he/she has provided timezone information. To make it possible
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1688 some modification to tracker's schema and HTML templates are required.
1769
5fed70f96d2b various minor bugfixes
Richard Jones <richard@users.sourceforge.net>
parents: 1758
diff changeset
1689 First you must add string property 'timezone' to user class in dbinit.py
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1690 like this::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1691
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1692 user = Class(db, "user",
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1693 username=String(), password=Password(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1694 address=String(), realname=String(),
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1695 phone=String(), organisation=String(),
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1696 alternate_addresses=String(),
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1697 queries=Multilink('query'), roles=String(),
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1698 timezone=String())
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1699
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1700 And second - html interface. Add following lines to
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1701 $TRACKER_HOME/html/user.item template::
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
1702
1560
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
1703 <tr>
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
1704 <th>Timezone</th>
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
1705 <td tal:content="structure context/timezone/field">timezone</td>
3f2e516b8de3 doc fixes
Richard Jones <richard@users.sourceforge.net>
parents: 1455
diff changeset
1706 </tr>
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1707
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1708 After that all users should be able to provide their timezone information.
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1709 Timezone should be a positive or negative integer - offset from GMT.
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1710
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1711 After providing timezone, roundup will show all dates values, found in web
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1712 and mail interfaces in local time. It will also accept any Date info in
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1713 local time, convert and store it in GMT.
1402
27586da5557c Added users' timezone support
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1388
diff changeset
1714
1813
6c2cff78d6a0 added note about hidden :template var in user.item ([SF#799842])
Richard Jones <richard@users.sourceforge.net>
parents: 1800
diff changeset
1715
1741
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1716 0.6.0 Search page structure
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1717 ---------------------------
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1718
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1719 In order to accomodate query editing the search page has been restructured. If
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1720 you want to provide your users with query editing, you should update your
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1721 search page using the macros detailed in the customisation doc section
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1722 `Searching on categories`__.
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1723
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1724 __ customizing.html#searching-on-categories
3d4ad125662b Added a little text about the new search page structure.?b
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1638
diff changeset
1725
1758
5e1680c11bed Added text about removing '?' from url field when upgrading [SF#790326].
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1741
diff changeset
1726 Also, the url field in the query class no longer starts with a '?'. You'll need
1850
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
1727 to remove this question mark from the url field to support queries. There's
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
1728 a script in the "tools" directory called ``migrate-queries.py`` that should
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
1729 automatically change any existing queries for you. As always, make a backup
6e80f8f760a4 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 1837
diff changeset
1730 of your database before running such a script.
1758
5e1680c11bed Added text about removing '?' from url field when upgrading [SF#790326].
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1741
diff changeset
1731
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1732
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1733 0.6.0 Notes for metakit backend users
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1734 -------------------------------------
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1735
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1736 Roundup 0.6.0 introduced searching on ranges of dates and intervals. To
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1737 support it, some modifications to interval storing routine were made. So if
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1738 your tracker uses metakit backend and your db schema contains intervals
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1739 property, searches on that property will not be accurate for db items that
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1740 was stored before roundup' upgrade. However all new records should be
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1741 searchable on intervals.
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1742
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1743 It is possible to convert your database to new format: you can export and
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1744 import back all your data (consult "Migrating backends" in "Maintenance"
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1745 documentation). After this operation all your interval properties should
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1746 become searchable.
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1747
1638
4a47eb555e51 more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1596
diff changeset
1748 Users of backends others than metakit should not worry about this issue.
1596
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1749
33a0d94c7658 searching on ranges of intervals is implemented
Andrey Lebedev <kedder@users.sourceforge.net>
parents: 1560
diff changeset
1750
825
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1751 Migrating from 0.4.x to 0.5.0
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1752 =============================
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1753
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1754 This has been a fairly major revision of Roundup:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1755
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1756 1. Brand new, much more powerful, flexible, tasty and nutritious templating.
1091
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
1757 Unfortunately, this means all your current templates are useless. Hopefully
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
1758 the new documentation and examples will be enough to help you make the
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
1759 transition. Please don't hesitate to ask on roundup-users for help (or
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
1760 complete conversions if you're completely stuck)!
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1761 2. The database backed got a lot more flexible, allowing Metakit and SQL
1227
92d8e1aad2e9 added mention of the new "minimal" template...
Richard Jones <richard@users.sourceforge.net>
parents: 1096
diff changeset
1762 databases! The only decent SQL database implemented at present is sqlite,
92d8e1aad2e9 added mention of the new "minimal" template...
Richard Jones <richard@users.sourceforge.net>
parents: 1096
diff changeset
1763 but others shouldn't be a whole lot more work.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1764 3. A brand new, highly flexible and much more robust security system including
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1765 a system of Permissions, Roles and Role assignments to users. You may now
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1766 define your own Permissions that may be checked in CGI transactions.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1767 4. Journalling has been made less storage-hungry, so has been turned on
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1768 by default *except* for author, recipient and nosy link/unlink events. You
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1769 are advised to turn it off in your trackers too.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1770 5. We've changed the terminology from "instance" to "tracker", to ease the
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1771 learning curve/impact for new users.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1772 6. Because of the above changes, the tracker configuration has seen some
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1773 major changes. See below for the details.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1774
1091
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
1775 Please, **back up your database** before you start the migration process. This
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1776 is as simple as copying the "db" directory and all its contents from your
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1777 tracker to somewhere safe.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1778
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1779
825
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1780 0.5.0 Configuration
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1781 -------------------
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
1782
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1783 First up, rename your ``instance_config.py`` file to just ``config.py``.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1784
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1785 Then edit your tracker's ``__init__.py`` module. It'll currently look
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1786 like this::
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1787
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1788 from instance_config import *
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1789 try:
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1790 from dbinit import *
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1791 except ImportError:
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1792 pass # in installdir (probably :)
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1793 from interfaces import *
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1794
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1795 and it needs to be::
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1796
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1797 import config
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1798 from dbinit import open, init
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1799 from interfaces import Client, MailGW
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1800
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1801 Due to the new templating having a top-level ``page`` that defines links for
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1802 searching, indexes, adding items etc, the following variables are no longer
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1803 used:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1804
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1805 - HEADER_INDEX_LINKS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1806 - HEADER_ADD_LINKS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1807 - HEADER_SEARCH_LINKS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1808 - SEARCH_FILTERS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1809 - DEFAULT_INDEX
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1810 - UNASSIGNED_INDEX
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1811 - USER_INDEX
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1812 - ISSUE_FILTER
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1813
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1814 The new security implementation will require additions to the dbinit module,
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1815 but also removes the need for the following tracker config variables:
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1816
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1817 - ANONYMOUS_ACCESS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1818 - ANONYMOUS_REGISTER
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1819
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1820 but requires two new variables which define the Roles assigned to users who
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1821 register through the web and e-mail interfaces:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1822
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1823 - NEW_WEB_USER_ROLES
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1824 - NEW_EMAIL_USER_ROLES
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1825
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1826 in both cases, 'User' is a good initial setting. To emulate
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1827 ``ANONYMOUS_ACCESS='deny'``, remove all "View" Permissions from the
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1828 "Anonymous" Role. To emulate ``ANONYMOUS_REGISTER='deny'``, remove the "Web
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1829 Registration" and/or the "Email Registration" Permission from the "Anonymous"
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1830 Role. See the section on customising security in the `customisation
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1831 documentation`_ for more information.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1832
1096
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1833 Finally, the following config variables have been renamed to make more sense:
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1834
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1835 - INSTANCE_HOME -> TRACKER_HOME
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1836 - INSTANCE_NAME -> TRACKER_NAME
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1837 - ISSUE_TRACKER_WEB -> TRACKER_WEB
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1838 - ISSUE_TRACKER_EMAIL -> TRACKER_EMAIL
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
1839
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1840
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1841 0.5.0 Schema Specification
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1842 --------------------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1843
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1844 0.5.0 Database backend changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1845 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1846
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1847 Your select_db module in your tracker has changed a fair bit. Where it used
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1848 to contain::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1849
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1850 # WARNING: DO NOT EDIT THIS FILE!!!
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1851 from roundup.backends.back_anydbm import Database
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1852
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1853 it must now contain::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1854
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1855 # WARNING: DO NOT EDIT THIS FILE!!!
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1856 from roundup.backends.back_anydbm import Database, Class, FileClass, IssueClass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1857
1051
a0c7df67dd9c Allow a page request to include a :contentonly variable.
Richard Jones <richard@users.sourceforge.net>
parents: 1034
diff changeset
1858 Yes, I realise the irony of the "DO NOT EDIT THIS FILE" statement :)
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1859 Note the addition of the Class, FileClass, IssueClass imports. These are very
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1860 important, as they're going to make the next change work too. You now need to
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1861 modify the top of the dbinit module in your tracker from::
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1862
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1863 import instance_config
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1864 from roundup import roundupdb
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1865 from select_db import Database
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1866
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1867 from roundup.roundupdb import Class, FileClass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1868
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1869 class Database(roundupdb.Database, select_db.Database):
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1870 ''' Creates a hybrid database from:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1871 . the selected database back-end from select_db
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1872 . the roundup extensions from roundupdb
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1873 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1874 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1875
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1876 class IssueClass(roundupdb.IssueClass):
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1877 ''' issues need the email information
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1878 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1879 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1880
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1881 to::
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1882
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1883 import config
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1884 from select_db import Database, Class, FileClass, IssueClass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1885
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1886 Yes, remove the Database and IssueClass definitions and those other imports.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1887 They're not needed any more!
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1888
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1889 Look for places in dbinit.py where ``instance_config`` is used too, and
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1890 rename them ``config``.
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1891
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1892
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1893 0.5.0 Journalling changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1894 ~~~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1895
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1896 Journalling has been optimised for storage. Journalling of links has been
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1897 turned back on by default. If your tracker has a large user base, you may wish
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1898 to turn off journalling of nosy list, message author and message recipient
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1899 link and unlink events. You do this by adding ``do_journal='no'`` to the Class
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1900 initialisation in your dbinit. For example, your *msg* class initialisation
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1901 probably looks like this::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1902
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1903 msg = FileClass(db, "msg",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1904 author=Link("user"), recipients=Multilink("user"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1905 date=Date(), summary=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1906 files=Multilink("file"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1907 messageid=String(), inreplyto=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1908
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1909 to turn off journalling of author and recipient link events, add
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1910 ``do_journal='no'`` to the ``author=Link("user")`` part of the statement,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1911 like so::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1912
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1913 msg = FileClass(db, "msg",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1914 author=Link("user", do_journal='no'),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1915 recipients=Multilink("user", do_journal='no'),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1916 date=Date(), summary=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1917 files=Multilink("file"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1918 messageid=String(), inreplyto=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1919
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1920 Nosy list link event journalling is actually turned off by default now. If you
1227
92d8e1aad2e9 added mention of the new "minimal" template...
Richard Jones <richard@users.sourceforge.net>
parents: 1096
diff changeset
1921 want to turn it on, change to your issue class' nosy list, change its
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1922 definition from::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1923
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1924 issue = IssueClass(db, "issue",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1925 assignedto=Link("user"), topic=Multilink("keyword"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1926 priority=Link("priority"), status=Link("status"))
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1927
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1928 to::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1929
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1930 issue = IssueClass(db, "issue", nosy=Multilink("user", do_journal='yes'),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1931 assignedto=Link("user"), topic=Multilink("keyword"),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1932 priority=Link("priority"), status=Link("status"))
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1933
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1934 noting that your definition of the nosy Multilink will override the normal one.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1935
1009
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
1936
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1937 0.5.0 User schema changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1938 ~~~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1939
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1940 Users have two more properties, "queries" and "roles". You'll have something
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1941 like this in your dbinit module now::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1942
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1943 user = Class(db, "user",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1944 username=String(), password=Password(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1945 address=String(), realname=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1946 phone=String(), organisation=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1947 alternate_addresses=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1948 user.setkey("username")
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1949
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1950 and you'll need to add the new properties and the new "query" class to it
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1951 like so::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1952
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1953 query = Class(db, "query",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1954 klass=String(), name=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1955 url=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1956 query.setkey("name")
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1957
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1958 # Note: roles is a comma-separated string of Role names
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1959 user = Class(db, "user",
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1960 username=String(), password=Password(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1961 address=String(), realname=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1962 phone=String(), organisation=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1963 alternate_addresses=String(),
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1964 queries=Multilink('query'), roles=String())
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1965 user.setkey("username")
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1966
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1967 The "queries" property is used to store off the user's favourite database
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1968 queries. The "roles" property is explained below in `0.5.0 Security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1969 Settings`_.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1970
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1971
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1972 0.5.0 Security Settings
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1973 ~~~~~~~~~~~~~~~~~~~~~~~
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1974
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1975 See the `security documentation`_ for an explanation of how the new security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1976 system works. In a nutshell though, the security is handled as a four step
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1977 process:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1978
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1979 1. Permissions are defined as having a name and optionally a hyperdb class
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1980 they're specific to,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1981 2. Roles are defined that have one or more Permissions,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1982 3. Users are assigned Roles in their "roles" property, and finally
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1983 4. Roundup checks that users have appropriate Permissions at appropriate times
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1984 (like editing issues).
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1985
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1986 Your tracker dbinit module's *open* function now has to define any
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
1987 Permissions that are specific to your tracker, and also the assignment
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1988 of Permissions to Roles. At the moment, your open function
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1989 ends with::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1990
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1991 import detectors
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1992 detectors.init(db)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1993
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1994 return db
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1995
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1996 and what we need to do is insert some commands that will set up the security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1997 parameters. Right above the ``import detectors`` line, you'll want to insert
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1998 these lines::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1999
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2000 #
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2001 # SECURITY SETTINGS
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2002 #
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2003 # new permissions for this schema
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2004 for cl in 'issue', 'file', 'msg', 'user':
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2005 db.security.addPermission(name="Edit", klass=cl,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2006 description="User is allowed to edit "+cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2007 db.security.addPermission(name="View", klass=cl,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2008 description="User is allowed to access "+cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2009
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2010 # Assign the access and edit permissions for issue, file and message
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2011 # to regular users now
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2012 for cl in 'issue', 'file', 'msg':
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2013 p = db.security.getPermission('View', cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2014 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2015 p = db.security.getPermission('Edit', cl)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2016 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2017 # and give the regular users access to the web and email interface
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2018 p = db.security.getPermission('Web Access')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2019 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2020 p = db.security.getPermission('Email Access')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2021 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2022
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2023 # May users view other user information? Comment these lines out
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2024 # if you don't want them to
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2025 p = db.security.getPermission('View', 'user')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2026 db.security.addPermissionToRole('User', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2027
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2028 # Assign the appropriate permissions to the anonymous user's Anonymous
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2029 # Role. Choices here are:
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2030 # - Allow anonymous users to register through the web
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2031 p = db.security.getPermission('Web Registration')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2032 db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2033 # - Allow anonymous (new) users to register through the email gateway
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2034 p = db.security.getPermission('Email Registration')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2035 db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2036 # - Allow anonymous users access to the "issue" class of data
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2037 # Note: this also grants access to related information like files,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2038 # messages, statuses etc that are linked to issues
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2039 #p = db.security.getPermission('View', 'issue')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2040 #db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2041 # - Allow anonymous users access to edit the "issue" class of data
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2042 # Note: this also grants access to create related information like
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2043 # files and messages etc that are linked to issues
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2044 #p = db.security.getPermission('Edit', 'issue')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2045 #db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2046
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2047 # oh, g'wan, let anonymous access the web interface too
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2048 p = db.security.getPermission('Web Access')
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2049 db.security.addPermissionToRole('Anonymous', p)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2050
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2051 Note in the comments there the places where you might change the permissions
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2052 to restrict users or grant users more access. If you've created additional
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2053 classes that users should be able to edit and view, then you should add them
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2054 to the "new permissions for this schema" section at the start of the security
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2055 block. Then add them to the "Assign the access and edit permissions" section
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2056 too, so people actually have the new Permission you've created.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2057
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2058 One final change is needed that finishes off the security system's
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2059 initialisation. We need to add a call to ``db.post_init()`` at the end of the
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2060 dbinit open() function. Add it like this::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2061
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2062 import detectors
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2063 detectors.init(db)
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2064
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2065 # schema is set up - run any post-initialisation
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2066 db.post_init()
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2067 return db
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2068
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2069 You may verify the setup of Permissions and Roles using the new
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2070 "``roundup-admin security``" command.
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2071
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2072
1009
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2073 0.5.0 User changes
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2074 ~~~~~~~~~~~~~~~~~~
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2075
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2076 To support all those schema changes, you'll need to massage your user database
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2077 a little too, to:
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2078
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2079 1. make sure there's an "anonymous" user - this user is mandatory now and is
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2080 the one that unknown users are logged in as.
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2081 2. make sure all users have at least one Role.
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2082
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2083 If you don't have the "anonymous" user, create it now with the command::
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2084
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2085 roundup-admin create user username=anonymous roles=Anonymous
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2086
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2087 making sure the capitalisation is the same as above. Once you've done that,
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2088 you'll need to set the roles property on all users to a reasonable default.
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2089 The admin user should get "Admin", the anonymous user "Anonymous"
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2090 and all other users "User". The ``fixroles.py`` script in the tools directory
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2091 will do this. Run it like so (where python is your python 2+ binary)::
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2092
1271
7733d5b96ef6 docco fix
Richard Jones <richard@users.sourceforge.net>
parents: 1227
diff changeset
2093 python tools/fixroles.py -i <tracker home> fixroles
1009
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2094
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2095
fc55426544b5 more upgrading docco and a tool to fix roles
Richard Jones <richard@users.sourceforge.net>
parents: 1008
diff changeset
2096
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2097 0.5.0 CGI interface changes
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2098 ---------------------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2099
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2100 The CGI interface code was completely reorganised and largely rewritten. The
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2101 end result is that this section of your tracker interfaces module will need
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2102 changing from::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2103
1308
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
2104 from roundup import cgi_client, mailgw
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
2105 from roundup.i18n import _
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2106
1308
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
2107 class Client(cgi_client.Client):
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2108 ''' derives basic CGI implementation from the standard module,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2109 with any specific extensions
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2110 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2111 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2112
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2113 to::
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2114
1308
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
2115 from roundup import mailgw
bd71c43f0911 fixed upgrading doc to have CGI changes in the correct order
Richard Jones <richard@users.sourceforge.net>
parents: 1271
diff changeset
2116 from roundup.cgi import client
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2117
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2118 class Client(client.Client):
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2119 ''' derives basic CGI implementation from the standard module,
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2120 with any specific extensions
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2121 '''
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2122 pass
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2123
1034
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
2124 You will also need to install the new version of roundup.cgi from the source
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
2125 cgi-bin directory if you're using it.
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
2126
6afef8529d6c mention cgi script update
Richard Jones <richard@users.sourceforge.net>
parents: 1009
diff changeset
2127
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2128 0.5.0 HTML templating
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2129 ---------------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2130
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2131 You'll want to make a backup of your current tracker html directory. You
1091
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
2132 should then copy the html directory from the Roundup source "classic" template
d870139aeb5c more doc
Richard Jones <richard@users.sourceforge.net>
parents: 1089
diff changeset
2133 and modify it according to your local schema changes.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2134
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2135 If you need help with the new templating system, please ask questions on the
4510
bce9aaf19a3b Updated the url to point to www.roundup-tracker.org in two places in the docs.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents: 4503
diff changeset
2136 roundup-users mailing list (available through the roundup web page on
bce9aaf19a3b Updated the url to point to www.roundup-tracker.org in two places in the docs.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents: 4503
diff changeset
2137 sourceforge, http://www.roundup-tracker.org/.
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2138
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2139
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2140 0.5.0 Detectors
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2141 ---------------
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2142
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2143 The nosy reactor has been updated to handle the tracker not having an
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2144 "assignedto" property on issues. You may want to copy it into your tracker's
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2145 detectors directory. Chances are you've already fixed it though :)
825
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
2146
0779ea9f1f18 More indexer work:
Richard Jones <richard@users.sourceforge.net>
parents: 798
diff changeset
2147
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2148 Migrating from 0.4.1 to 0.4.2
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2149 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2150
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2151 0.4.2 Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2152 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2153 The USER_INDEX definition introduced in 0.4.1 was too restrictive in its
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2154 allowing replacement of 'assignedto' with the user's userid. Users must change
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2155 the None value of 'assignedto' to 'CURRENT USER' (the string, in quotes) for
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2156 the replacement behaviour to occur now.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2157
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2158 The new configuration variables are:
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2159
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2160 - EMAIL_KEEP_QUOTED_TEXT
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2161 - EMAIL_LEAVE_BODY_UNCHANGED
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2162 - ADD_RECIPIENTS_TO_NOSY
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2163
798
faf164ab8ed9 Docco changes.
Richard Jones <richard@users.sourceforge.net>
parents: 782
diff changeset
2164 See the sample configuration files in::
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2165
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2166 <roundup source>/roundup/templates/classic/instance_config.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2167
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2168 and::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2169
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2170 <roundup source>/roundup/templates/extended/instance_config.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2171
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2172 and the `customisation documentation`_ for information on how they're used.
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2173
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2174
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2175 0.4.2 Changes to detectors
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2176 --------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2177 You will need to copy the detectors from the distribution into your instance
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2178 home "detectors" directory. If you used the classic schema, the detectors
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2179 are in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2180
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2181 <roundup source>/roundup/templates/classic/detectors/
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2182
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2183 If you used the extended schema, the detectors are in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2184
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2185 <roundup source>/roundup/templates/extended/detectors/
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2186
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2187 The change means that schema-specific code has been removed from the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2188 mail gateway and cgi interface and made into auditors:
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2189
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2190 - nosyreactor.py has now got an updatenosy auditor which updates the nosy
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2191 list with author, recipient and assignedto information.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2192 - statusauditor.py makes the unread or resolved -> chatting changes and
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2193 presets the status of an issue to unread.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2194
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2195 There's also a bug or two fixed in the nosyreactor code.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2196
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2197 0.4.2 HTML templating changes
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2198 -----------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2199 The link() htmltemplate function now has a "showid" option for links and
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 1051
diff changeset
2200 multilinks. When true, it only displays the linked item id as the anchor
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2201 text. The link value is displayed as a tooltip using the title anchor
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2202 attribute. To use in eg. the superseder field, have something like this::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2203
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2204 <td>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2205 <display call="field('superseder', showid=1)">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2206 <display call="classhelp('issue', 'id,title', label='list', width=500)">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2207 <property name="superseder">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2208 <br>View: <display call="link('superseder', showid=1)">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2209 </property>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2210 </td>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2211
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2212 The stylesheets have been cleaned up too. You may want to use the newer
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2213 versions in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2214
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2215 <roundup source>/roundup/templates/<template>/html/default.css
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2216
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2217
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2218
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2219 Migrating from 0.4.0 to 0.4.1
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2220 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2221
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2222 0.4.1 Files storage
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2223 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2224
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2225 Messages and files from newly created issues will be put into subdierectories
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2226 in thousands e.g. msg123 will be put into files/msg/0/msg123, file2003
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2227 will go into files/file/2/file2003. Previous messages are still found, but
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2228 could be put into this structure.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2229
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2230 0.4.1 Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2231 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2232
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2233 To allow more fine-grained access control, the variable used to check
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2234 permission to auto-register users in the mail gateway is now called
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2235 ANONYMOUS_REGISTER_MAIL rather than overloading ANONYMOUS_REGISTER. If the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2236 variable doesn't exist, then ANONYMOUS_REGISTER is tested as before.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2237
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2238 Configuring the links in the web header is now easier too. The following
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2239 variables have been added to the classic instance_config.py::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2240
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2241 HEADER_INDEX_LINKS - defines the "index" links to be made available
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2242 HEADER_ADD_LINKS - defines the "add" links
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2243 DEFAULT_INDEX - specifies the index view for DEFAULT
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2244 UNASSIGNED_INDEX - specifies the index view for UNASSIGNED
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2245 USER_INDEX - specifies the index view for USER
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2246
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2247 See the <roundup source>/roundup/templates/classic/instance_config.py for more
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2248 information - including how the variables are to be set up. Most users will
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2249 just be able to copy the variables from the source to their instance home. If
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2250 you've modified the header by changing the source of the interfaces.py file in
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2251 the instance home, you'll need to remove that customisation and move it into
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2252 the appropriate variables in instance_config.py.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2253
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2254 The extended schema has similar variables added too - see the source for more
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2255 info.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2256
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2257 0.4.1 Alternate E-Mail Addresses
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2258 --------------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2259
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2260 If you add the property "alternate_addresses" to your user class, your users
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2261 will be able to register alternate email addresses that they may use to
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2262 communicate with roundup as. All email from roundup will continue to be sent
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2263 to their primary address.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2264
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2265 If you have not edited the dbinit.py file in your instance home directory,
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2266 you may simply copy the new dbinit.py file from the core code. If you used
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2267 the classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2268
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2269 <roundup source>/roundup/templates/classic/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2270
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2271 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2272
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2273 <roundup source>/roundup/templates/extended/dbinit.py
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2274
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2275 If you have modified your dbinit.py file, you need to edit the dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2276 file in your instance home directory. Find the lines which define the user
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2277 class::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2278
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2279 user = Class(db, "msg",
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2280 username=String(), password=Password(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2281 address=String(), realname=String(),
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2282 phone=String(), organisation=String(),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2283 alternate_addresses=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2284
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2285 You will also want to add the property to the user's details page. The
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2286 template for this is the "user.item" file in your instance home "html"
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2287 directory. Similar to above, you may copy the file from the roundup source if
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2288 you haven't modified it. Otherwise, add the following to the template::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2289
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2290 <display call="multiline('alternate_addresses')">
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2291
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2292 with appropriate labelling etc. See the standard template for an idea.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2293
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2294
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2295
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2296 Migrating from 0.3.x to 0.4.0
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2297 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2298
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2299 0.4.0 Message-ID and In-Reply-To addition
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2300 -----------------------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2301 0.4.0 adds the tracking of messages by message-id and allows threading
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2302 using in-reply-to. Most e-mail clients support threading using this
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2303 feature, and we hope to add support for it to the web gateway. If you
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2304 have not edited the dbinit.py file in your instance home directory, you may
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2305 simply copy the new dbinit.py file from the core code. If you used the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2306 classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2307
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2308 <roundup source>/roundup/templates/classic/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2309
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2310 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2311
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2312 <roundup source>/roundup/templates/extended/dbinit.py
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2313
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2314 If you have modified your dbinit.py file, you need to edit the dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2315 file in your instance home directory. Find the lines which define the msg
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2316 class::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2317
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2318 msg = FileClass(db, "msg",
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2319 author=Link("user"), recipients=Multilink("user"),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2320 date=Date(), summary=String(),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2321 files=Multilink("file"))
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2322
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2323 and add the messageid and inreplyto properties like so::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2324
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2325 msg = FileClass(db, "msg",
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2326 author=Link("user"), recipients=Multilink("user"),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2327 date=Date(), summary=String(),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2328 files=Multilink("file"),
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2329 messageid=String(), inreplyto=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2330
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2331 Also, configuration is being cleaned up. This means that your dbinit.py will
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2332 also need to be changed in the open function. If you haven't changed your
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2333 dbinit.py, the above copy will be enough. If you have, you'll need to change
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2334 the line (round line 50)::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2335
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2336 db = Database(instance_config.DATABASE, name)
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2337
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2338 to::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2339
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2340 db = Database(instance_config, name)
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2341
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2342
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2343 0.4.0 Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2344 --------------------
1096
fa7df238e2d4 More cleaning up of configuration, and the "instance" -> "tracker" renaming.
Richard Jones <richard@users.sourceforge.net>
parents: 1091
diff changeset
2345 ``TRACKER_NAME`` and ``EMAIL_SIGNATURE_POSITION`` have been added to the
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2346 instance_config.py. The simplest solution is to copy the default values
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2347 from template in the core source.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2348
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2349 The mail gateway now checks ``ANONYMOUS_REGISTER`` to see if unknown users
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2350 are to be automatically registered with the tracker. If it is set to "deny"
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2351 then unknown users will not have access. If it is set to "allow" they will be
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2352 automatically registered with the tracker.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2353
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2354
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2355 0.4.0 CGI script roundup.cgi
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2356 ----------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2357 The CGI script has been updated with some features and a bugfix, so you should
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2358 copy it from the roundup cgi-bin source directory again. Make sure you update
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2359 the ROUNDUP_INSTANCE_HOMES after the copy.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2360
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2361
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2362 0.4.0 Nosy reactor
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2363 ------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2364 The nosy reactor has also changed - copy the nosyreactor.py file from the core
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2365 source::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2366
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2367 <roundup source>/roundup/templates/<template>/detectors/nosyreactor.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2368
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2369 to your instance home "detectors" directory.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2370
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2371
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2372 0.4.0 HTML templating
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2373 ---------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2374 The field() function was incorrectly implemented - links and multilinks now
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2375 display as text fields when rendered using field(). To display a menu (drop-
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2376 down or select box) you need to use the menu() function.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2377
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2378
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2379
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2380 Migrating from 0.2.x to 0.3.x
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2381 =============================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2382
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2383 0.3.x Cookie Authentication changes
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2384 -----------------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2385 0.3.0 introduces cookie authentication - you will need to copy the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2386 interfaces.py file from the roundup source to your instance home to enable
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2387 authentication. If you used the classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2388
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2389 <roundup source>/roundup/templates/classic/interfaces.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2390
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2391 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2392
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2393 <roundup source>/roundup/templates/extended/interfaces.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2394
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2395 If you have modified your interfaces.Client class, you will need to take
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2396 note of the login/logout functionality provided in roundup.cgi_client.Client
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2397 (classic schema) or roundup.cgi_client.ExtendedClient (extended schema) and
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2398 modify your instance code apropriately.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2399
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2400
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2401 0.3.x Password encoding
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2402 -----------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2403 This release also introduces encoding of passwords in the database. If you
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2404 have not edited the dbinit.py file in your instance home directory, you may
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2405 simply copy the new dbinit.py file from the core code. If you used the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2406 classic schema, the interfaces file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2407
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2408 <roundup source>/roundup/templates/classic/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2409
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2410 If you used the extended schema, the file is in::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2411
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2412 <roundup source>/roundup/templates/extended/dbinit.py
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2413
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2414
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2415 If you have modified your dbinit.py file, you may use encoded passwords:
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2416
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2417 1. Edit the dbinit.py file in your instance home directory
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2418 a. At the first code line of the open() function::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2419
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2420 from roundup.hyperdb import String, Date, Link, Multilink
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2421
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2422 alter to include Password, as so::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2423
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2424 from roundup.hyperdb import String, Password, Date, Link, Multilink
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2425
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2426 b. Where the password property is defined (around line 66)::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2427
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2428 user = Class(db, "user",
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2429 username=String(), password=String(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2430 address=String(), realname=String(),
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2431 phone=String(), organisation=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2432 user.setkey("username")
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2433
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2434 alter the "password=String()" to "password=Password()"::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2435
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2436 user = Class(db, "user",
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2437 username=String(), password=Password(),
4663
519a22c1858b Rephrase sentence and clean up whitespace.
Ezio Melotti <ezio.melotti@gmail.com>
parents: 4643
diff changeset
2438 address=String(), realname=String(),
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2439 phone=String(), organisation=String())
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2440 user.setkey("username")
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2441
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2442 2. Any existing passwords in the database will remain cleartext until they
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2443 are edited. It is recommended that at a minimum the admin password be
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2444 changed immediately::
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2445
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2446 roundup-admin -i <instance home> set user1 password=<new password>
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2447
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2448
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2449 0.3.x Configuration
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2450 -------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2451 FILTER_POSITION, ANONYMOUS_ACCESS, ANONYMOUS_REGISTER have been added to
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2452 the instance_config.py. Simplest solution is to copy the default values from
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2453 template in the core source.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2454
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2455 MESSAGES_TO_AUTHOR has been added to the IssueClass in dbinit.py. Set to 'yes'
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2456 to send nosy messages to the author. Default behaviour is to not send nosy
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2457 messages to the author. You will need to add MESSAGES_TO_AUTHOR to your
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2458 dbinit.py in your instance home.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2459
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2460
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2461 0.3.x CGI script roundup.cgi
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2462 ----------------------------
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2463 There have been some structural changes to the roundup.cgi script - you will
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2464 need to install it again from the cgi-bin directory of the source
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2465 distribution. Make sure you update the ROUNDUP_INSTANCE_HOMES after the
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2466 copy.
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2467
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2468
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2469 .. _`customisation documentation`: customizing.html
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
2470 .. _`security documentation`: security.html
2409
Richard Jones <richard@users.sourceforge.net>
parents: 2374
diff changeset
2471 .. _`administration guide`: admin_guide.html
Roundup Issue Tracker: http://roundup-tracker.org/