Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 5267:64ae2108df60
Add section on allowing user access to the labelprop for a class so
that iterating over the class will work.
Ezio found this flaw in the docs while working with the python
tracker.
Mark one other section as Required. Shorten another section heading.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 16 Sep 2017 11:29:46 -0400 |
| parents | d4cc71beb102 |
| children | 84a844f50d1f |
comparison
equal
deleted
inserted
replaced
| 5266:e9158c0a6eba | 5267:64ae2108df60 |
|---|---|
| 20 .. contents:: | 20 .. contents:: |
| 21 :local: | 21 :local: |
| 22 | 22 |
| 23 Migrating from 1.5.1 to 1.6.0 | 23 Migrating from 1.5.1 to 1.6.0 |
| 24 ============================= | 24 ============================= |
| 25 | |
| 26 Make sure that user can view labelprop on classes (REQUIRED) | |
| 27 ------------------------------------------------------------ | |
| 28 | |
| 29 If you have View permissions that use ```properties=...```, | |
| 30 make sure that the labelprop for the class is listed in the | |
| 31 properties list. | |
| 32 | |
| 33 The first one of these that exists must must be in the list: | |
| 34 | |
| 35 1. the property set by a call to setlabelprop for the class | |
| 36 2. the key of the class (as set by setkey()) | |
| 37 3. the "name" property (if it exists) | |
| 38 4. the "title" property (if it exists) | |
| 39 | |
| 40 if none of those apply, you must allow | |
| 41 | |
| 42 * the "id" property | |
| 43 | |
| 44 E.G. If your class does a setlabelprop("foo") you must include "foo" | |
| 45 in the properties list even if the class has name or title properties. | |
| 46 | |
| 47 See: | |
| 48 http://www.roundup-tracker.org/docs/customizing.html#setlabelprop-property | |
| 49 for further details on the labelprop. | |
| 50 | |
| 51 If you don't do this, you will find that multilinks (and possibly | |
| 52 links) may not be displayed properly. E.G. templates that iterate over | |
| 53 a mutlilink field (with tal:repeat for example) may not show any | |
| 54 content. | |
| 55 | |
| 56 See: https://sourceforge.net/p/roundup/mailman/message/35763294/ | |
| 57 for the initial discussion of the issue. | |
| 25 | 58 |
| 26 Cross Site Request Forgery Detection Added | 59 Cross Site Request Forgery Detection Added |
| 27 ------------------------------------------ | 60 ------------------------------------------ |
| 28 | 61 |
| 29 Roundup 1.6. supports a number of defenses against CSRF. | 62 Roundup 1.6. supports a number of defenses against CSRF. |
| 129 security issue required a directory with a specific unusual name. This | 162 security issue required a directory with a specific unusual name. This |
| 130 made it difficult to exploit. However allowing the use of | 163 made it difficult to exploit. However allowing the use of |
| 131 subdirectories to organize the templates required that it be fixed. | 164 subdirectories to organize the templates required that it be fixed. |
| 132 | 165 |
| 133 | 166 |
| 134 Database back end specified in config.ini | 167 Database back end specified in config.ini (REQUIRED) |
| 135 ----------------------------------------- | 168 ---------------------------------------------------- |
| 136 | 169 |
| 137 The ``db/backend_name`` file is no longer used to configure the database | 170 The ``db/backend_name`` file is no longer used to configure the database |
| 138 backend being used for a tracker. The backend is now configured in the | 171 backend being used for a tracker. The backend is now configured in the |
| 139 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]`` | 172 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]`` |
| 140 section. For example if ``db/backend_name`` file contains ``sqlite``, a new | 173 section. For example if ``db/backend_name`` file contains ``sqlite``, a new |
| 369 Find the tal:repeat line that loops over all queries. Then | 402 Find the tal:repeat line that loops over all queries. Then |
| 370 change the value assigned to @dispname in the href attribute from | 403 change the value assigned to @dispname in the href attribute from |
| 371 ${qs/name} to ${qs/name/url_quote}. Note that you should *not* change | 404 ${qs/name} to ${qs/name/url_quote}. Note that you should *not* change |
| 372 the value for tal:content. | 405 the value for tal:content. |
| 373 | 406 |
| 374 Schema change to allow "Show Unassigned" issues link to work for Anonymous user | 407 Allow "Show Unassigned" issues link to work for Anonymous user |
| 375 ------------------------------------------------------------------------------- | 408 -------------------------------------------------------------- |
| 376 | 409 |
| 377 In this release the anonymous user is allowed to search the user | 410 In this release the anonymous user is allowed to search the user |
| 378 class. The following was added to the schema for all templates that | 411 class. The following was added to the schema for all templates that |
| 379 provide the search option:: | 412 provide the search option:: |
| 380 | 413 |