Mercurial > p > roundup > code

comparison templates/classic/schema.py @ 3040:14322134dcef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix permissions checks in cgi templating [SF#1082755]
author Richard Jones <richard@users.sourceforge.net>
date Tue, 04 Jan 2005 00:51:54 +0000
parents b9a55628a78d
children 3124e578db02
comparison
equal deleted inserted replaced
3036:8fa6b5747a53 3040:14322134dcef
104 # Users should be able to edit their own details -- this permission is 104 # Users should be able to edit their own details -- this permission is
105 # limited to only the situation where the Viewed or Edited item is their own. 105 # limited to only the situation where the Viewed or Edited item is their own.
106 def own_record(db, userid, itemid): 106 def own_record(db, userid, itemid):
107 '''Determine whether the userid matches the item being accessed.''' 107 '''Determine whether the userid matches the item being accessed.'''
108 return userid == itemid 108 return userid == itemid
109 p = db.security.addPermission(name='View Self', klass='user', check=own_record, 109 p = db.security.addPermission(name='View', klass='user', check=own_record,
110 description="User is allowed to view their own user details") 110 description="User is allowed to view their own user details")
111 db.security.addPermissionToRole('User', p) 111 db.security.addPermissionToRole('User', p)
112 p = db.security.addPermission(name='Edit Self', klass='user', check=own_record, 112 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
113 description="User is allowed to edit their own user details") 113 description="User is allowed to edit their own user details")
114 db.security.addPermissionToRole('User', p) 114 db.security.addPermissionToRole('User', p)
115 115
116 # 116 #
117 # ANONYMOUS USER PERMISSIONS 117 # ANONYMOUS USER PERMISSIONS
Roundup Issue Tracker: http://roundup-tracker.org/