| changeset | f7bd22bdef9d |
|---|---|
| branch | permission-performance |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Move permission check code to hyperdb Now the hyperdb has a method filter_with_permissions that performs the permission checks before (for filtering on sort/group/filterspec arguments) and after a call to hyperdb.filter. This also fixes possible problems on the unfiltered sort/group/filterspec arguments in roundup/rest.py and roundup/cgi/templating.py |
| files |
| changeset | af1067e0f6d9 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | flake8 changes; move imports before first statements; whitespace normalization. |
| files |
| changeset | ed02a1e0aa5d |
|---|---|
| branch | REST-rebased |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Fix actions Permission for retire in roundup/actions.py was with 'Edit' permission, not 'Retire' permission. Add a 'restore' action to roundup/actions.py. Both are now correctly used in rest.py and xmlrpc.py (the latter had some errors when printint error messages). Also reworked the rest implementation: Despite the warnings in the roundup API in hyperdb.py the DELETE http method would *destroy* and not *retire* an item. This has been fixed. We also do not allow retire of a complete class (although this was implemented) because this seems to dangerous and we see no use-case. |
| files |
| changeset | 7f3dfdd6a620 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Christof Meerwald <cmeerw@cmeerw.org> |
| description | make sure everything is sorted in the xmlrpc schema |
| files |
| changeset | 56c9bcdea47f |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: unicode. This patch introduces roundup/anypy/strings.py, which has a comment explaining the string representations generally used and common functions to handle the required conversions. Places in the code that explicitly reference the "unicode" type / built-in function are generally changed to use the new functions (or, in a few places where those new functions don't seem to fit well, other approaches such as references to type(u'') or use of the codecs module). This patch does not generally attempt to address text conversions in any places not currently referencing the "unicode" type (although scripts/import_sf.py is made to use binary I/O in places as fixing the "unicode" reference didn't seem coherent otherwise). |
| files |
| changeset | e46ce04d5bbc |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports. New roundup/anypy/xmlrpc_.py added. Manual patch. |
| files |
| changeset | 23b8e6067f7c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: update calls to dict methods. Tool-assisted patch. Changes of iterkeys / itervalues / iteritems to keys / values / items are fully automated, but may make things less efficient in Python 2. Automated tools want to add list() around many calls to keys / values / items, but I thought most such list() additions were unnecessary because it seemed the result of keys / values / items was just iterated over while the set of dict keys remained unchanged, rather than used in a way requiring an actual list, or used while the set of keys in the dict could change. It's quite possible I missed some cases where list() was really needed, or left in some unnecessary list() calls. In cases where list() was only needed because the resulting list was then sorted in-place, I changed the code to use calls to sorted(). |
| files |
| changeset | 0942fe89e82e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: change "x.has_key(y)" to "y in x". (Also likewise "not in" where appropriate.) Tool-generated patch. |
| files |
| changeset | 35ea9b1efc14 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: "raise" syntax. Changing "raise Exception, value" to "raise Exception(value)". Tool-assisted patch. Particular cases to check carefully are the one place in frontends/ZRoundup/ZRoundup.py where a string exception needed to be fixed, and the one in roundup/cgi/client.py involving raising an exception with a traceback (requires three-argument form of raise in Python 2, which as I understand it requires exec() to avoid a Python 3 syntax error). |
| files |
| changeset | db8659c4e8eb |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | xmlrpc: logging; content property The 'content' property is special: It should not be set to None when receiving an empty string (creation of an empty file) but to an empty string instead. Otherwise we'll get a traceback from the backend. |
| files |
| changeset | 198b6e810c67 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Eric S. Raymond <esr@thyrsus.com> |
| description | Use Python-3-compatible 'as' syntax for except statements Many raise statements near these are also fixed. So are two ivorrect file encoding marks ('utf8'->'utf-8'). |
| files |
| changeset | 1c792cf0a574 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Kristensen <john@jerrykan.com> |
| description | Remove 'import *' statement from xmlrpc.py There are various 'import *' statements scattered through the code which are generally not a good thing. These should be fairly safe changes, but I'll commit them one file at a time to make it easier to track down issues with a bisect if they crop up later. |
| files |
| changeset | 6b7f257e5de8 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Kristensen <john@jerrykan.com> |
| description | Simplify SimpleXMLRPCDispatcher initialisation Support for Python v2.4 has been dropped a while ago so we can remove the compatibility support for initialising SimpleXMLRPCDispatcher with version of Python older than v2.5 |
| files |
| changeset | d9e5539303bd |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Implement XMLRPC MultiCall (including test), see http://docs.python.org/2/library/xmlrpclib.html#xmlrpclib.MultiCall |
| files |
| changeset | c9b85ca1f985 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Fix xmlrpc permissions for lookup method. Allow if the key attribute is either searchable or viewable, don't check id attribute. |
| files |
| changeset | 3f251efd5f48 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck) |
| files |
| changeset | 261c9f913ff7 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | - Add explicit "Search" permissions, see Security Fix below. - Security Fix: Add a check for search-permissions: now we allow searching for properties only if the property is readable without a check method or if an explicit search permission (see above unter "Features) is given for the property. This fixes cases where a user doesn't have access to a property but can deduce the content by crafting a clever search, group or sort query. see doc/upgrading.txt for how to fix your trackers! |
| files |
| changeset | 40d7414592ac |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | - fix coding style from yesterday - Allow encoding of parameters as "Binary" (this is encoded as base64 in xmlrpc). Example: s.create("file", "name=bla", "type=application/octet-stream", xmlrpclib.Binary("content=\0")) |
| files |
| changeset | 2188c9de5bdd |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | xmlrpc handling of unicode characters, see http://thread.gmane.org/gmane.comp.bug-tracking.roundup.user/10040 |
| files |
| changeset | 7291130fad82 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | - fix create permission for xmlrpc, too |
| files |
| changeset | 712549bb7fe5 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | Small fix for CGI-handling of XMLRPC requests for python2.4... ...this worked only for 2.5 and beyond due to a change in the xmlrpc interface in python |
| files |
| changeset | 4498f5252f8b |
|---|---|
| branch | gsoc-2009 |
| bookmark | |
| tag | |
| user | Pygi <pygi@users.sourceforge.net> |
| description | Some preparations for 3.0 migration |
| files |
| changeset | 3f6cadb98c2f |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Stefan Seefeld <stefan@seefeld.name> |
| description | Move db.commit() call from handle_xmlrpc() to individual methods... ...so actions can control it themselves. |
| files |
| changeset | 3c4545f55949 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Stefan Seefeld <stefan@seefeld.name> |
| description | Allow XMLRPC clients to fetch tracker schema. |
| files |
| changeset | 0ad79301f055 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Stefan Seefeld <stefan@seefeld.name> |
| description | Restrict user creation rights in XMLRPC frontend. |
| files |
| changeset | bbab97f8ffb2 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Stefan Seefeld <stefan@seefeld.name> |
| description | XMLRPC improvements: * Add support for actions to XMLRPC interface. * Provide bridge so user actions may be executed either via CGI or XMLRPC. * Adjust XMLRPC tests to recent work. * Cleanup. |
| files |
| changeset | edf526c91412 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Stefan Seefeld <stefan@seefeld.name> |
| description | * Refactor XMLRPC interface. * Make it accessible through web-server. |
| files |
| changeset | f7f3068b32a1 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Add filter() to XML-RPC interface [SF#966456] |
| files |
| changeset | 85cbaa50eba1 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | xml-rpc security checks and tests across all backends [SF#1907211] also add some leap year tests |
| files |
| changeset | 3c3077582c16 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Add security checks and tests for xmlrpc interface. |
| files |
| changeset | c31da624ae3b |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Alexander Smishlajev <a1s@users.sourceforge.net> |
| description | fix RoundupRequest: the database must not be left open when an error is raised from the constructor |
| files |
| changeset | 9596a516d78c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Alexander Smishlajev <a1s@users.sourceforge.net> |
| description | fix compatibility with Python2.3: try/except/finally statement first appeared in Python2.5; add vim modeline |
| files |
| changeset | cf6c45201980 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Stefan Seefeld <stefan@seefeld.name> |
| description | Varia |
| files |
| changeset | ba6ba8d6bcc1 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Stefan Seefeld <stefan@seefeld.name> |
| description | Initial checkin for new xmlrpc frontend. |
| files |