Mercurial Repository: p/roundup/code: doc/customizing.txt comparison

more doc

author	Richard Jones <richard@users.sourceforge.net>
date	Mon, 16 Sep 2002 04:28:59 +0000
parents	20d42d7e4642
children	22c78fb54af4

comparison

equal deleted inserted replaced

-:20d42d7e4642
+:7ae32787d981
 ===================
 Customising Roundup
 ===================
-:Version: $Revision: 1.37 $
+:Version: $Revision: 1.38 $
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
 http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
 .. contents::
 selected python:user.id == context.assignedto"
 tal:content="user/realname"></option>
 </tal:block>
 </select>
-For extra security, you may wish to overload the hasEditItemPermission method
+For extra security, you may wish to set up an auditor to enforce the
-on your tracker's interfaces.Client class to enforce the Permission
+Permission requirement::
-requirement::
+def assignedtoMustBeFixer(db, cl, nodeid, newvalues):
-XXX
+''' Ensure the assignedto value in newvalues is a used with the Fixer
+Permission
+'''
+if not newvalues.has_key('assignedto'):
+# don't care
+return
+# get the userid
+userid = newvalues['assignedto']
+if not db.security.hasPermission('Fixer', userid, cl.classname):
+raise ValueError, 'You do not have permission to edit %s'%cl.classname
+def init(db):
+db.issue.audit('set', assignedtoMustBeFixer)
+db.issue.audit('create', assignedtoMustBeFixer)
+So now, if the edit attempts to set the assignedto to a user that doesn't have
+the "Fixer" Permission, the error will be raised.
 -------------------
 Back to `Table of Contents`_

Mercurial > p > roundup > code