| changeset | 984bc9f94ec6 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | chore: format schema.pys in templates so ruff is ok. Also makes comparing them easier. |
| files |
| changeset | c087ad45bf4d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | update Anonymous Create user to Register user permissions the devel and responsive tracker templates still had the old Create user permissions for the anonymous user. Replace with the Regiter permission that has been the standard since 1.4.11 maybe. Also update references to Create permission in comment for the Email Access permission for anon user. |
| files |
| changeset | 94a7669677ae |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | add permissions to control user of rest and xmlrpc API interfaces. issue2551058: Add new permissions: 'Rest Access' and 'Xmlrpc Access' to allow per-user access control to rest and xmlrpc interfaces using roles. Updated all schemas to add these new perms to all authenticated roles. Error conditions in handle_xmlrpc were not working right in manual testing. I tried to make it a little better, but I don't actually understand how the fault xmlrpc object is supposed to be used. So I may have messed something up. I'll try to ping the people who wrote the xmlrpc code to have them review. |
| files |
| changeset | a403c29ffaf9 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Security fix default user permissions Default user permissions should not include all user attributes. We now limit this to the username, realname and some further attributes depending on the schema. Note that we no longer include the email addresses, depending on your installation you may want to further restrict this or add some attributes like ``address`` and ``alternate_addresses``. |
| files |
| changeset | 0c54c846ea6a |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | Fix minimal template, which was failing with: C:\roundup>demo.py -t minimal Traceback (most recent call last): File "C:\roundup\demo\schema.py", line 64, in <module> db.security.addPermissionToRole('Anonymous', 'Register', 'user') File "C:\roundup\roundup\security.py", line 304, in addPermissionToRole properties, check) File "C:\roundup\roundup\security.py", line 148, in getPermission raise ValueError, 'No permission "%s" defined'%permission ValueError: No permission "Register" defined |
| files |
| changeset | b30bdfae4461 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Fix security hole allowing user permission escalation (thanks Ralf Schlatterbeck) also update docs and prepare for a release |
| files |
| changeset | 42331c201b02 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Stefan Seefeld <stefan@seefeld.name> |
| description | Fix issue2550553. |
| files |
| changeset | a6fdaaa3a8bd |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Stefan Seefeld <stefan@seefeld.name> |
| description | Move templates/ to share/roundup/templates/ |
| files |