Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 2076:2a4309450202
security fixes and doc updates
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 12 Mar 2004 05:36:26 +0000 |
| parents | 48600089c73d |
| children | 3e0961d6d44d |
comparison
equal
deleted
inserted
replaced
| 2075:b1704ba7be41 | 2076:2a4309450202 |
|---|---|
| 8 | 8 |
| 9 .. contents:: | 9 .. contents:: |
| 10 | 10 |
| 11 Migrating from 0.6 to 0.7 | 11 Migrating from 0.6 to 0.7 |
| 12 ========================= | 12 ========================= |
| 13 | |
| 14 0.7.0 Permission setup | |
| 15 ---------------------- | |
| 16 | |
| 17 0.7 automatically sets up the Edit and View Permissions for all classes, | |
| 18 thus you don't need to do so. Feel free to remove the code:: | |
| 19 | |
| 20 # Add new Permissions for this schema | |
| 21 for cl in 'issue', 'file', 'msg', 'user', 'query', 'keyword': | |
| 22 db.security.addPermission(name="Edit", klass=cl, | |
| 23 description="User is allowed to edit "+cl) | |
| 24 db.security.addPermission(name="View", klass=cl, | |
| 25 description="User is allowed to access "+cl) | |
| 26 | |
| 27 from your ``dbinit.py``. | |
| 28 | |
| 29 | |
| 30 0.7.0 Permission assignments | |
| 31 ---------------------------- | |
| 32 | |
| 33 Due to a change in the rendering of web widgets, permissions are now | |
| 34 checked on Classes where they previously weren't (this is a good thing). | |
| 35 | |
| 36 You will need to add some additional Permission assignments for your | |
| 37 regular users, or some displays will break. After the following in your | |
| 38 tracker's ``dbinit.py``:: | |
| 39 | |
| 40 # Assign the access and edit Permissions for issue, file and message | |
| 41 # to regular users now | |
| 42 for cl in 'issue', 'file', 'msg', 'query', 'keyword': | |
| 43 p = db.security.getPermission('View', cl) | |
| 44 db.security.addPermissionToRole('User', p) | |
| 45 p = db.security.getPermission('Edit', cl) | |
| 46 db.security.addPermissionToRole('User', p) | |
| 47 | |
| 48 add:: | |
| 49 | |
| 50 for cl in 'priority', 'status': | |
| 51 p = db.security.getPermission('View', cl) | |
| 52 db.security.addPermissionToRole('User', p) | |
| 53 | |
| 13 | 54 |
| 14 0.7.0 Extending the cgi interface | 55 0.7.0 Extending the cgi interface |
| 15 --------------------------------- | 56 --------------------------------- |
| 16 | 57 |
| 17 Before 0.7.0 adding or extending web actions was done by overriding or adding | 58 Before 0.7.0 adding or extending web actions was done by overriding or adding |
| 21 documentation. You might also want to take a look at the `Using an external | 62 documentation. You might also want to take a look at the `Using an external |
| 22 password validation source`__ example. | 63 password validation source`__ example. |
| 23 | 64 |
| 24 __ customizing.html#defining-new-web-actions | 65 __ customizing.html#defining-new-web-actions |
| 25 __ customizing.html#using-an-external-password-validation-source | 66 __ customizing.html#using-an-external-password-validation-source |
| 67 | |
| 26 | 68 |
| 27 0.7.0 Getting the current user id | 69 0.7.0 Getting the current user id |
| 28 --------------------------------- | 70 --------------------------------- |
| 29 | 71 |
| 30 Removed Database.curuserid attribute. Any code referencing this attribute | 72 Removed Database.curuserid attribute. Any code referencing this attribute |