| changeset | 19152fd94fcf |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | bug: move import findargspec out of Permission __init__ method We have a few places where imports are done inside a method/function. For methods that are called once it's not an issue but the Permissions __init__ method is called often and accounts for > 10% of the time in the __init__ function when looking at wsgi-lineprof output. So move it to the module level. |
| files |
| changeset | 224ccb8b49ca |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | refactor: change some classes to use __slots__ Speed up access to and reduce size of some low level classes. A few classes in security.py, rest.py are heavily used. But for all, it prevents adding random properties to lower level classes that people shouldn't be mucking with. While doing this I found some test cases accessing an invalid property name and this change caused the cases to crash. admin.py: Use new method Role.props_dict() and Permission.props_dict() where original code just referenced __dict__ when printing Role/Permission. mlink_expr.py: Add slots to multiple classes. Classes Binary and Unary set real properties/attributes. Classes that inherit from them (Equals, Empty, Not, Or, And) define empty slots tuple to eliminate need for __dict__. Class Expression also gets a slot. rate_limit.py: RateLimit and Gcra classes get slots. A couple of pep8 fixes: sort imports, remove trailing spaces on a line, remove unused noqa comment. rest.py: Add slots to class SimulateFieldStorageFromJson and FsValue classes. The memory savings from this could be useful as well as speedier access to the attributes. security.py: Add slots to Permission class. To prevent conflict between slot limit_perm_to_props_only and the class variable of the same name, rename the class variable to limit_perm_to_props_only_default. Also define method props_dict() to allow other code to get a dict to iterate over when checking permissions. Add slots to class Role along with props_dict() method. Add slots to class Security. Also have to add explicit __dict__ slot to support test override of the hasPermission() method. Add props_dict() method, currently unused, but added for symmetry. support.py: TruthDict and PrioList gets slots. test/test_cgi.py: Fix incorrect setting of permission property. Was setting permissions. So testing may not have been doing what we thought it was. Multiple places found with this typo. Remove setting of permissions in some places where it should have no effect on the test and looks like it was just copypasta. test/test_xmlrpc.py Remove setting of permissions in some places where it should have no effect on the test and looks like it was just copypasta. |
| files |
| changeset | 43899d99fc4d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | refactor(ruff): multiple changes to clear ruff issues Fix a couple of missing returns of booleans for security checks. Turns an implicit return None into an explicit return False. Fix loop index variable being reassigned inside loop by renaming index variable. 2 instances. Consolidate 2 isinstance calls to 1 with tuple class argument. Replace dict(list comprehension) with dict conprehension. Variable renames. Removal of unused variable. Whitespace fixes. sort imports |
| files |
| changeset | 302c797756e6 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix: issue2550962. remove assert in Role::hasPermission issue2550962 - Check uses of assert in roundup code. An assert was used to make sure that a classname always accompoanied an itemid in hasPermission. The Security::hasPErmission has an if clause that does the same check and raises a ValueError. Remove asserts because they ae removed when running python in optimized mode. |
| files |
| changeset | e9af08743759 |
|---|---|
| branch | permission-performance |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Add check_factory For Permission objects where we're given a filter function but no check function, manufacture a check function. |
| files |
| changeset | de58ff07890e |
|---|---|
| branch | permission-performance |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Rename parameter of hasPermission Rename only_no_check to skip_permissions_with_check. Revert explicit no-properties check in Permission.searchable, this check is already taken care of by the _properties_dict check. Add a comment on what _properties_dict does. |
| files |
| changeset | 8e9181dfc9fa |
|---|---|
| branch | permission-performance |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Fix searchable checks in roundup/security.py |
| files |
| changeset | b358da7c89e5 |
|---|---|
| branch | permission-performance |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Optimize filtering of search results Now the Permission class constructor takes an optional argument 'filter'. Now if we do not find a permission on the whole class *and* all permission objects on the current class with a check method also have a filter method we can improve search performance by filtering in the database (instead of in python). |
| files |
| changeset | 2a4d0413bd20 |
|---|---|
| branch | permission-performance |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | When computing batch check class-permissions first |
| files |
| changeset | d4fa7a9c3a21 |
|---|---|
| branch | permission-performance |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Remove debug code |
| files |
| changeset | c12377fb4144 |
|---|---|
| branch | permission-performance |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Change permission representation Now permissions are checked in different order. Permissions without a check method (which are cheap to check) are checked first. Only if no permission is found do we check permissions with check methods. |
| files |
| changeset | 06e6bc21b67e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | flake8 changes whitepace and formatting |
| files |
| changeset | 3fa026621f69 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: comparisons. Python 3 no longer has the cmp function, or cmp= arguments to sorting functions / methods (key= must be used instead), and requires rich comparison methods such as __lt__ to be defined instead of using __cmp__. All of the comparison mechanisms supported in Python 3 are also supported in Python 2. This patch makes the corresponding changes in Roundup to use key functions and rich comparison methods. In the case of the JournalPassword and Permission classes, only __eq__ and __ne__ are defined as I don't see ordered comparisons as useful there (and for Permission, the old __cmp__ function didn't try to provide a valid ordering). In the case of the Date class, I kept the __cmp__ method and implemented the others in terms of it, to avoid excess repetitiveness in duplicating implementation code for all six rich comparison methods. In roundup/admin.py, help_commands_html used operator.attrgetter to produce the second argument of sorted() - which would be reasonable for a key function, but the second argument is the cmp function in Python 2, not a key function (and the key function must be a named argument not a positional argument in Python 3). That function appears to be completely unused, so I expect that code never worked. This patch adds the missing key= to that sorted() call, but it would also be reasonable to remove the unused function completely instead. |
| files |
| changeset | 23b8e6067f7c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: update calls to dict methods. Tool-assisted patch. Changes of iterkeys / itervalues / iteritems to keys / values / items are fully automated, but may make things less efficient in Python 2. Automated tools want to add list() around many calls to keys / values / items, but I thought most such list() additions were unnecessary because it seemed the result of keys / values / items was just iterated over while the set of dict keys remained unchanged, rather than used in a way requiring an actual list, or used while the set of keys in the dict could change. It's quite possible I missed some cases where list() was really needed, or left in some unnecessary list() calls. In cases where list() was only needed because the resulting list was then sorted in-place, I changed the code to use calls to sorted(). |
| files |
| changeset | 35ea9b1efc14 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: "raise" syntax. Changing "raise Exception, value" to "raise Exception(value)". Tool-assisted patch. Particular cases to check carefully are the one place in frontends/ZRoundup/ZRoundup.py where a string exception needed to be fixed, and the one in roundup/cgi/client.py involving raising an exception with a traceback (requires three-argument form of raise in Python 2, which as I understand it requires exec() to avoid a Python 3 syntax error). |
| files |
| changeset | c94fd717e28c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Fix http://issues.roundup-tracker.org/issue2550952 make __call__ method of a class usable as a check function. |
| files |
| changeset | 1f72b73d7770 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Still trying to figure out why travis ci fails without a call to self.db.security.set_props_only_default(props_only=False) Trying a call to new function get_props.... in the instance init routine to see if the class prop is misconfigured or something. |
| files |
| changeset | e0732fd6a6c7 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | rouilj@uland |
| description | Implement props_only feature for permissions. |
| files |
| changeset | 36630a062fb5 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Check in enhanced form for check command used by addPermission. New form can include a **context dictionary that allows access to the name of the property, class, and permission being checked. This should make designing more complex permission requirements easier. |
| files |
| changeset | 4058fc1ec746 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | replacing depricated has_key references by in to support python 3. Errors reported by python -3 roundup_server. Unit tests test_config test_security pass although test_config is a bit weak in coverage. |
| files |
| changeset | 425b4c4fc345 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2550831: Make the classic template query.edit page work. More edits: 1) Admin was unable to restore a deleted query but could retire it. Add 'restore' security permission to admin in security.py. This seems like it should be a standard perm. 2) If a search you had in your "Your Queries" list was made private to somebody else, you lost the ability to drop it from your list. Modified the query.edit.html so that re-private and retired queries are listed at the bottom and you can uninstall them. Ideally a re-privated query should just dissapear from your listing. issue2550915 opened to track this. |
| files |
| changeset | 87b0358790ed |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Adding some tests for admin.py. Specifically for issue2550572: setting nosy=+foo on multiple issues gives them all the same exact nosy list. To make this work had to change the admin.py code to use "sys.stdout.write" in place of "print". In the test I now hijack stdout.write following an existing example of this for admin's import/export command that hijacks sys.stderr.write. Also I corrected a misspelling in security.py. The word "everything" was misspelled. It is not inside _() markers so I don't think it's going to affect translation and grepping the locale subdir doesn't show the original string. |
| files |
| changeset | 8137456a86f3 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | more fixes to search permissions: - require that for links and multilinks the searching user has access to at least the orderprop, labelprop, and ID of the linked class - allow combinations of roles: we previosly required that for transitive properties all elements where searchable by the same role. We now allow that the roles can be different for each property. This allows assigning different roles to different sub-systems and allowing users having all required roles to search across subsystems. - regression test updated - fix doc/upgrading example for new signature of roleHasSearchPermission |
| files |
| changeset | 9edbab31e2ac |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | - admin permissions are special: the classname is None which means "access everywhere". Now search-permissions work for admin, too... |
| files |
| changeset | 222efa59ee6c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | search permissions must allow transitive properties |
| files |
| changeset | 261c9f913ff7 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | - Add explicit "Search" permissions, see Security Fix below. - Security Fix: Add a check for search-permissions: now we allow searching for properties only if the property is readable without a check method or if an explicit search permission (see above unter "Features) is given for the property. This fixes cases where a user doesn't have access to a property but can deduce the content by crafting a clever search, group or sort query. see doc/upgrading.txt for how to fix your trackers! |
| files |
| changeset | 966592263fb8 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | Clean up all the places where role processing occurs. This is now in a central place in hyperdb.Class and is used consistently throughout. This also means now a template can override the way role processing occurs (e.g. for elaborate permission schemes). Thanks to intevation for funding the change. Note: On first glance the hyperdb.Class may not be the ideal place for role processing. On second thought: Roles may appear in other classes, too (e.g., a user_group or similar) which then don't need to reinvent the wheel. And I didn't want to introduce a separate UserClass (as is the case for the HTML classes) due to compatibility issues with existing schema.py out there. |
| files |
| changeset | 34434785f308 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Plug a number of security holes: - EditCSV and ExportCSV altered to include permission checks - HTTP POST required on actions which alter data - HTML file uploads served as application/octet-stream - New item action reject creation of new users - Item retirement was not being controlled Additionally include documentation of the changes and modify affected tests. |
| files |
| changeset | 75dc225613cc |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | fix security check for hasPermission(Permission, None) add hasRole to HTMLUser |
| files |
| changeset | 460eb0209a9e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Permissions improvements. - have Permissions only test the check function if itemid is suppled - modify index templates to check for row-level Permission - more documentation of security mechanisms - better unit tests for security mechanisms |
| files |
| changeset | 090abbcc7b19 |
|---|---|
| branch | maint-0.8 |
| bookmark | |
| tag | |
| user | Alexander Smishlajev <a1s@users.sourceforge.net> |
| description | fix Permission.__repr__() |
| files |
| changeset | b9a55628a78d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | more doc fixes simplified the security API, and bumped those changes around a couple more TODO items so I don't forget |
| files |
| changeset | 9614a101b68f |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Stuff from the train ride this morning: - Extend the property concept in Permissions to allow a list of properties - Fix the cgi templating code to check the correct permission when rendering edit fields - A swag of changes (just the start) fixing up the customisation doc for the new tracker layout and permissions setup |
| files |
| changeset | 3f93d4b29620 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | uh |
| files |
| changeset | 673851f3fc0c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | admin needs create too |
| files |
| changeset | 281beec48408 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Alexander Smishlajev <a1s@users.sourceforge.net> |
| description | add note about new functionality to Permission class docstring; remove obsolete permission defaults; fix vim modeline |
| files |
| changeset | 1df7d4a41da4 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Buncha stuff (sorry about the large checkin): - Permissions may now be defined on a per-property basis - added "Create" Permission. Replaces the "Web"- and "Email Registration" Permissions. - added option to turn off registration confirmation via email ("instant_registration" in config) Migrated the user edit/view permission to use check code. Fixed a buncha stuff in the default templates. Needs a thorough review though. |
| files |
| changeset | fc52d57c6c3e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | documentation cleanup |
| files |
| changeset | c98d20ba4445 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | strip whitespace from Role names so "User, Admin" will work |
| files |
| changeset | 9b93d140b8e6 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Andrey Lebedev <kedder@users.sourceforge.net> |
| description | role names made case insensitive |
| files |
| changeset | 4c9882cb16a3 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | more docco work |
| files |
| changeset | 9b910e8d987d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | removed Log |
| files |
| changeset | 6003d6fa02a5 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | new CGI frontend support |
| files |
| changeset | 62c49e259047 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | preparation for moving cgi modules around |
| files |
| changeset | ef9c759c243e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Fix to hasPermission, thanks Stefan Seefeld. |
| files |
| changeset | a8d80ffe37cc |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Removed the unnecessary volatiledb and the related complications. Security much simpler and self-contained now. |
| files |
| changeset | 502a5ae11cc5 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Very close now. The cgi and mailgw now use the new security API. The two templates have been migrated to that setup. Lots of unit tests. Still some issue in the web form for editing Roles assigned to users. |
| files |
| changeset | b0d3d3535998 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Bugger it. Here's the current shape of the new security implementation. Still to do: . call the security funcs from cgi and mailgw . change shipped templates to include correct initialisation and remove the old config vars ... that seems like a lot. The bulk of the work has been done though. Honest :) |
| files |