Mercurial > p > roundup > code

comparison doc/customizing.txt @ 5186:36630a062fb5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Check in enhanced form for check command used by addPermission. New form can include a **context dictionary that allows access to the name of the property, class, and permission being checked. This should make designing more complex permission requirements easier.
author John Rouillard <rouilj@ieee.org>
date Fri, 17 Feb 2017 21:18:34 -0500
parents 349bef975367
children e0732fd6a6c7
comparison
equal deleted inserted replaced
5185:349bef975367 5186:36630a062fb5
1181 db.security.addPermissionToRole('User', 'View', 'user') 1181 db.security.addPermissionToRole('User', 'View', 'user')
1182 1182
1183 # Users should be able to edit their own details -- this permission 1183 # Users should be able to edit their own details -- this permission
1184 # is limited to only the situation where the Viewed or Edited item 1184 # is limited to only the situation where the Viewed or Edited item
1185 # is their own. 1185 # is their own.
1186 def own_record(db, userid, itemid): 1186 def own_record(db, userid, itemid, **ctx):
1187 '''Determine whether the userid matches the item being accessed.''' 1187 '''Determine whether the userid matches the item being accessed.'''
1188 return userid == itemid 1188 return userid == itemid
1189 p = db.security.addPermission(name='View', klass='user', check=own_record, 1189 p = db.security.addPermission(name='View', klass='user', check=own_record,
1190 description="User is allowed to view their own user details") 1190 description="User is allowed to view their own user details")
1191 db.security.addPermissionToRole('User', p) 1191 db.security.addPermissionToRole('User', p)
1295 **properties** 1295 **properties**
1296 A sequence of property names that are the only properties to apply the 1296 A sequence of property names that are the only properties to apply the
1297 new Permission to (eg. ``... klass='user', properties=('name', 1297 new Permission to (eg. ``... klass='user', properties=('name',
1298 'email') ...``) 1298 'email') ...``)
1299 **check** 1299 **check**
1300 A function to be execute which returns boolean determining whether the 1300 A function to be executed which returns boolean determining whether
1301 Permission is allowed. The function has the signature ``check(db, userid, 1301 the Permission is allowed. If it returns True, the permission is
1302 itemid)`` where ``db`` is a handle on the open database, ``userid`` is 1302 allowed, if it returns False the permission is denied. The function
1303 can have one of two signatures::
1304
1305 check(db, userid, itemid)
1306
1307 or::
1308
1309 check(db, userid, itemid, **ctx)
1310
1311 where ``db`` is a handle on the open database, ``userid`` is
1303 the user attempting access and ``itemid`` is the specific item being 1312 the user attempting access and ``itemid`` is the specific item being
1304 accessed. 1313 accessed. If the second form is used the ``ctx`` dictionary is
1314 defined with the following values::
1315
1316 ctx['property'] the name of the property being checked or None if
1317 it's a class check.
1318
1319 ctx['classname'] the name of the class that is being checked
1320 (issue, query ....).
1321
1322 ctx['permission'] the name of the permission (e.g. View, Edit...).
1323
1324 The second form is preferred as it makes it easier to implement more
1325 complex permission schemes. An example of the use of ``ctx`` can be
1326 found in the ``upgrading.txt`` or `upgrading.html`_ document.
1327
1328 .. _`upgrading.html`: upgrading.html
1305 1329
1306 Example Scenarios 1330 Example Scenarios
1307 ~~~~~~~~~~~~~~~~~ 1331 ~~~~~~~~~~~~~~~~~
1308 1332
1309 See the `examples`_ section for longer examples of customisation. 1333 See the `examples`_ section for longer examples of customisation.
Roundup Issue Tracker: http://roundup-tracker.org/