Mercurial > p > roundup > code
comparison templates/classic/schema.py @ 3042:24e31de4f3a1 maint-0.8
merge from HEAD
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Tue, 04 Jan 2005 00:55:37 +0000 |
| parents | b9a55628a78d |
| children | 3124e578db02 |
comparison
equal
deleted
inserted
replaced
| 3039:70c9954f619f | 3042:24e31de4f3a1 |
|---|---|
| 104 # Users should be able to edit their own details -- this permission is | 104 # Users should be able to edit their own details -- this permission is |
| 105 # limited to only the situation where the Viewed or Edited item is their own. | 105 # limited to only the situation where the Viewed or Edited item is their own. |
| 106 def own_record(db, userid, itemid): | 106 def own_record(db, userid, itemid): |
| 107 '''Determine whether the userid matches the item being accessed.''' | 107 '''Determine whether the userid matches the item being accessed.''' |
| 108 return userid == itemid | 108 return userid == itemid |
| 109 p = db.security.addPermission(name='View Self', klass='user', check=own_record, | 109 p = db.security.addPermission(name='View', klass='user', check=own_record, |
| 110 description="User is allowed to view their own user details") | 110 description="User is allowed to view their own user details") |
| 111 db.security.addPermissionToRole('User', p) | 111 db.security.addPermissionToRole('User', p) |
| 112 p = db.security.addPermission(name='Edit Self', klass='user', check=own_record, | 112 p = db.security.addPermission(name='Edit', klass='user', check=own_record, |
| 113 description="User is allowed to edit their own user details") | 113 description="User is allowed to edit their own user details") |
| 114 db.security.addPermissionToRole('User', p) | 114 db.security.addPermissionToRole('User', p) |
| 115 | 115 |
| 116 # | 116 # |
| 117 # ANONYMOUS USER PERMISSIONS | 117 # ANONYMOUS USER PERMISSIONS |