comparison doc/upgrading.txt @ 4312:594eee0d43fc

fixes
author Richard Jones <richard@users.sourceforge.net>
date Wed, 23 Dec 2009 00:34:39 +0000
parents 8e0d350ce644
children 05d3f47003fc
comparison
equal deleted inserted replaced
4311:7291130fad82 4312:594eee0d43fc
23 to create. 23 to create.
24 24
25 Migrating from 1.4.x to 1.4.11 25 Migrating from 1.4.x to 1.4.11
26 ============================== 26 ==============================
27 27
28 Close poential security hole 28 Close potential security hole
29 ---------------------------- 29 -----------------------------
30 30
31 If your tracker has untrusted users you should examine its ``schema.py`` 31 If your tracker has untrusted users you should examine its ``schema.py``
32 file and look for the section granting the "Edit" permission to your users. 32 file and look for the section granting the "Edit" permission to your users.
33 This should look something like:: 33 This should look something like::
34 34
52 52
53 A separate "Register" permission has been introduced to allow 53 A separate "Register" permission has been introduced to allow
54 anonymous users to register. This means you will need to add the 54 anonymous users to register. This means you will need to add the
55 following to your tracker's ``schema.py`` to add the permission and 55 following to your tracker's ``schema.py`` to add the permission and
56 assign it to the Anonymous role (replacing any previously assigned 56 assign it to the Anonymous role (replacing any previously assigned
57 "Create user" permission for the Anonymous role): 57 "Create user" permission for the Anonymous role)::
58 58
59 +db.security.addPermission(name='Register', klass='user', 59 +db.security.addPermission(name='Register', klass='user',
60 + description='User is allowed to register new user') 60 + description='User is allowed to register new user')
61 61
62 # Assign the appropriate permissions to the anonymous user's Anonymous 62 # Assign the appropriate permissions to the anonymous user's Anonymous
63 # Role. Choices here are: 63 # Role. Choices here are:
64 # - Allow anonymous users to register 64 # - Allow anonymous users to register
65 -db.security.addPermissionToRole('Anonymous', 'Create', 'user') 65 -db.security.addPermissionToRole('Anonymous', 'Create', 'user')

Roundup Issue Tracker: http://roundup-tracker.org/