Mercurial > p > roundup > code
comparison doc/customizing.txt @ 4781:6e9b9743de89
Implementation for:
http://issues.roundup-tracker.org/issue2550731
Add mechanism for the detectors to be able to tell the source of the
data changes.
Support for tx_Source property on database handle. Can be
used by detectors to find out the source of a change in an auditor to
block changes arriving by unauthenticated mechanisms (e.g. plain email
where headers can be faked). The property db.tx_Source has the
following values:
* None - Default value set to None. May be valid if it's a script
that is created by the user. Otherwise it's an error and indicates
that some code path is not properly setting the tx_Source property.
* "cli" - this string value is set when using roundup-admin and
supplied scripts.
* "web" - this string value is set when using any web based
technique: html interface, xmlrpc ....
* "email" - this string value is set when using an unauthenticated
email based technique.
* "email-sig-openpgp" - this string value is set when email with a
valid pgp signature is used. (*NOTE* the testing for this mode
is incomplete. If you have a pgp infrastructure you should test
and verify that this is properly set.)
This also includes some (possibly incomplete) tests cases for the
modes above and an example of using ts_Source in the customization.txt
document.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 23 Apr 2013 23:06:09 -0400 |
| parents | 0040fb6e659f |
| children | 07014a4b8a49 |
comparison
equal
deleted
inserted
replaced
| 4774:3adff0fb0207 | 4781:6e9b9743de89 |
|---|---|
| 4537 many users this will be a serious performance bottleneck. | 4537 many users this will be a serious performance bottleneck. |
| 4538 A way out would be to link from the keywords to the users who | 4538 A way out would be to link from the keywords to the users who |
| 4539 selected these keywords as nosy keywords. This will eliminate the | 4539 selected these keywords as nosy keywords. This will eliminate the |
| 4540 loop over all users. | 4540 loop over all users. |
| 4541 | 4541 |
| 4542 Restricting updates that arrive by email | |
| 4543 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 4544 | |
| 4545 Roundup supports multiple update methods: | |
| 4546 | |
| 4547 1. command line | |
| 4548 2. plain email | |
| 4549 3. pgp signed email | |
| 4550 4. web access | |
| 4551 | |
| 4552 in some cases you may need to prevent changes to properties by some of | |
| 4553 these methods. For example you can set up issues that are viewable | |
| 4554 only by people on the nosy list. So you must prevent unauthenticated | |
| 4555 changes to the nosy list. | |
| 4556 | |
| 4557 Since plain email can be easily forged, it does not provide sufficient | |
| 4558 authentication in this senario. | |
| 4559 | |
| 4560 To prevent this we can add a detector that audits the source of the | |
| 4561 transaction and rejects the update if it changes the nosy list. | |
| 4562 | |
| 4563 Create the detector (auditor) module and add it to the detectors | |
| 4564 directory of your tracker:: | |
| 4565 | |
| 4566 from roundup import roundupdb, hyperdb | |
| 4567 | |
| 4568 from roundup.mailgw import Unauthorized | |
| 4569 | |
| 4570 def restrict_nosy_changes(db, cl, nodeid, newvalues): | |
| 4571 '''Do not permit changes to nosy via email.''' | |
| 4572 | |
| 4573 if not (newvalues.has_key('nosy')): | |
| 4574 # the nosy field has not changed so no need to check. | |
| 4575 return | |
| 4576 | |
| 4577 if db.tx_Source in ['web', 'email-sig-openpgp', 'cli' ]: | |
| 4578 # if the source of the transaction is from an authenticated | |
| 4579 # source or a privileged process allow the transaction. | |
| 4580 # Other possible sources: 'email' | |
| 4581 return | |
| 4582 | |
| 4583 # otherwise raise an error | |
| 4584 raise Unauthorized, \ | |
| 4585 'Changes to nosy property not allowed via %s for this issue.'%\ | |
| 4586 tx_Source | |
| 4587 | |
| 4588 def init(db): | |
| 4589 ''' Install restrict_nosy_changes to run after other auditors. | |
| 4590 | |
| 4591 Allow initial creation email to set nosy. | |
| 4592 So don't execute: db.issue.audit('create', requestedbyauditor) | |
| 4593 | |
| 4594 Set priority to 110 to run this auditor after other auditors | |
| 4595 that can cause nosy to change. | |
| 4596 ''' | |
| 4597 db.issue.audit('set', restrict_nosy_changes, 110) | |
| 4598 | |
| 4599 This detector (auditor) will prevent updates to the nosy field if it | |
| 4600 arrives by email. Since it runs after other auditors (due to the | |
| 4601 priority of 110), it will also prevent changes to the nosy field that | |
| 4602 are done by other auditors if triggered by an email. | |
| 4603 | |
| 4604 Note that db.tx_Source was not present in roundup versions before | |
| 4605 1.4.21, so you must be running a newer version to use this detector. | |
| 4606 Read the CHANGES.txt document in the roundup source code for further | |
| 4607 details on tx_Source. | |
| 4608 | |
| 4542 Changes to Security and Permissions | 4609 Changes to Security and Permissions |
| 4543 ----------------------------------- | 4610 ----------------------------------- |
| 4544 | 4611 |
| 4545 Restricting the list of users that are assignable to a task | 4612 Restricting the list of users that are assignable to a task |
| 4546 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 4613 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |