Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 4312:594eee0d43fc
fixes
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Wed, 23 Dec 2009 00:34:39 +0000 |
| parents | 8e0d350ce644 |
| children | 05d3f47003fc |
comparison
equal
deleted
inserted
replaced
| 4311:7291130fad82 | 4312:594eee0d43fc |
|---|---|
| 23 to create. | 23 to create. |
| 24 | 24 |
| 25 Migrating from 1.4.x to 1.4.11 | 25 Migrating from 1.4.x to 1.4.11 |
| 26 ============================== | 26 ============================== |
| 27 | 27 |
| 28 Close poential security hole | 28 Close potential security hole |
| 29 ---------------------------- | 29 ----------------------------- |
| 30 | 30 |
| 31 If your tracker has untrusted users you should examine its ``schema.py`` | 31 If your tracker has untrusted users you should examine its ``schema.py`` |
| 32 file and look for the section granting the "Edit" permission to your users. | 32 file and look for the section granting the "Edit" permission to your users. |
| 33 This should look something like:: | 33 This should look something like:: |
| 34 | 34 |
| 52 | 52 |
| 53 A separate "Register" permission has been introduced to allow | 53 A separate "Register" permission has been introduced to allow |
| 54 anonymous users to register. This means you will need to add the | 54 anonymous users to register. This means you will need to add the |
| 55 following to your tracker's ``schema.py`` to add the permission and | 55 following to your tracker's ``schema.py`` to add the permission and |
| 56 assign it to the Anonymous role (replacing any previously assigned | 56 assign it to the Anonymous role (replacing any previously assigned |
| 57 "Create user" permission for the Anonymous role): | 57 "Create user" permission for the Anonymous role):: |
| 58 | 58 |
| 59 +db.security.addPermission(name='Register', klass='user', | 59 +db.security.addPermission(name='Register', klass='user', |
| 60 + description='User is allowed to register new user') | 60 + description='User is allowed to register new user') |
| 61 | 61 |
| 62 # Assign the appropriate permissions to the anonymous user's Anonymous | 62 # Assign the appropriate permissions to the anonymous user's Anonymous |
| 63 # Role. Choices here are: | 63 # Role. Choices here are: |
| 64 # - Allow anonymous users to register | 64 # - Allow anonymous users to register |
| 65 -db.security.addPermissionToRole('Anonymous', 'Create', 'user') | 65 -db.security.addPermissionToRole('Anonymous', 'Create', 'user') |