Mercurial > p > roundup > code
annotate share/roundup/templates/minimal/schema.py @ 8566:e4191aa7b402 default tip
doc: issue2551415 correct doc for change input->input_payload
in 2.5 the rest interface changed a variable name from input to
input_payload. An earlier commit changed the rest docs. This commit
adds an item for it to the upgrading 2.4.0->2.5.0 section. Also cross
reference added to the rest docs with the updated examples.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 09 Apr 2026 00:19:06 -0400 |
| parents | 984bc9f94ec6 |
| children |
| rev | line source |
|---|---|
|
4069
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
1 # |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
2 # TRACKER SCHEMA |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
3 # |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
4 |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
5 # Class automatically gets these properties: |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
6 # creation = Date() |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
7 # activity = Date() |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
8 # creator = Link('user') |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
9 # actor = Link('user') |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
10 |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
11 # The "Minimal" template gets only one class, the required "user" |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
12 # class. That's it. And even that has the bare minimum of properties. |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
13 |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
14 # Note: roles is a comma-separated string of Role names |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
15 user = Class(db, "user", username=String(), password=Password(), |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
16 address=String(), alternate_addresses=String(), roles=String()) |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
17 user.setkey("username") |
|
4735
0c54c846ea6a
Fix minimal template, which was failing with:
anatoly techtonik <techtonik@gmail.com>
parents:
4308
diff
changeset
|
18 db.security.addPermission(name='Register', klass='user', |
|
0c54c846ea6a
Fix minimal template, which was failing with:
anatoly techtonik <techtonik@gmail.com>
parents:
4308
diff
changeset
|
19 description='User is allowed to register new user') |
|
4069
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
20 # |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
21 # TRACKER SECURITY SETTINGS |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
22 # |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
23 # See the configuration and customisation document for information |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
24 # about security setup. |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
25 |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
26 # |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
27 # REGULAR USERS |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
28 # |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
29 # Give the regular users access to the web and email interface |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
30 db.security.addPermissionToRole('User', 'Web Access') |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
31 db.security.addPermissionToRole('User', 'Email Access') |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
4902
diff
changeset
|
32 db.security.addPermissionToRole('User', 'Rest Access') |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
4902
diff
changeset
|
33 db.security.addPermissionToRole('User', 'Xmlrpc Access') |
|
4069
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
34 |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
35 # May users view other user information? |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
36 # Comment these lines out if you don't want them to |
|
8231
984bc9f94ec6
chore: format schema.pys in templates so ruff is ok.
John Rouillard <rouilj@ieee.org>
parents:
7132
diff
changeset
|
37 p = db.security.addPermission(name='View', klass='user', |
|
4902
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4735
diff
changeset
|
38 properties=('id', 'username')) |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4735
diff
changeset
|
39 db.security.addPermissionToRole('User', p) |
|
4069
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
40 |
|
8231
984bc9f94ec6
chore: format schema.pys in templates so ruff is ok.
John Rouillard <rouilj@ieee.org>
parents:
7132
diff
changeset
|
41 |
|
4069
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
42 # Users should be able to edit their own details -- this permission is |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
43 # limited to only the situation where the Viewed or Edited item is their own. |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
44 def own_record(db, userid, itemid): |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
45 '''Determine whether the userid matches the item being accessed.''' |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
46 return userid == itemid |
|
8231
984bc9f94ec6
chore: format schema.pys in templates so ruff is ok.
John Rouillard <rouilj@ieee.org>
parents:
7132
diff
changeset
|
47 |
|
984bc9f94ec6
chore: format schema.pys in templates so ruff is ok.
John Rouillard <rouilj@ieee.org>
parents:
7132
diff
changeset
|
48 |
|
4069
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
49 p = db.security.addPermission(name='View', klass='user', check=own_record, |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
50 description="User is allowed to view their own user details") |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
51 db.security.addPermissionToRole('User', p) |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
52 p = db.security.addPermission(name='Edit', klass='user', check=own_record, |
|
4308
b30bdfae4461
Fix security hole allowing user permission escalation
Richard Jones <richard@users.sourceforge.net>
parents:
4146
diff
changeset
|
53 properties=('username', 'password', 'address', 'alternate_addresses'), |
|
4069
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
54 description="User is allowed to edit their own user details") |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
55 db.security.addPermissionToRole('User', p) |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
56 |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
57 # |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
58 # ANONYMOUS USER PERMISSIONS |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
59 # |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
60 # Let anonymous users access the web interface. Note that almost all |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
61 # trackers will need this Permission. The only situation where it's not |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
62 # required is in a tracker that uses an HTTP Basic Authenticated front-end. |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
63 db.security.addPermissionToRole('Anonymous', 'Web Access') |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
64 |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
65 # Let anonymous users access the email interface (note that this implies |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
66 # that they will be registered automatically, hence they will need the |
|
7132
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
67 # "Register" user Permission below) |
|
4069
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
68 db.security.addPermissionToRole('Anonymous', 'Email Access') |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
69 |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
70 # Assign the appropriate permissions to the anonymous user's |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
71 # Anonymous Role. Choices here are: |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
72 # - Allow anonymous users to register |
| 4146 | 73 db.security.addPermissionToRole('Anonymous', 'Register', 'user') |
|
4069
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
74 |
|
a6fdaaa3a8bd
Move templates/ to share/roundup/templates/
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
75 # vim: set et sts=4 sw=4 : |