Mercurial > p > roundup > code

comparison templates/classic/schema.py @ 3518:7fb8cfe3c737

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
enable editing of public queries [SF#966144]
author Richard Jones <richard@users.sourceforge.net>
date Fri, 27 Jan 2006 03:30:39 +0000
parents 3124e578db02
children 7b25567f0f54
comparison
equal deleted inserted replaced
3516:fe75b55fc49d 3518:7fb8cfe3c737
88 db.security.addPermissionToRole('User', 'Web Access') 88 db.security.addPermissionToRole('User', 'Web Access')
89 db.security.addPermissionToRole('User', 'Email Access') 89 db.security.addPermissionToRole('User', 'Email Access')
90 90
91 # Assign the access and edit Permissions for issue, file and message 91 # Assign the access and edit Permissions for issue, file and message
92 # to regular users now 92 # to regular users now
93 for cl in 'issue', 'file', 'msg', 'query', 'keyword': 93 for cl in 'issue', 'file', 'msg', 'keyword':
94 db.security.addPermissionToRole('User', 'View', cl) 94 db.security.addPermissionToRole('User', 'View', cl)
95 db.security.addPermissionToRole('User', 'Edit', cl) 95 db.security.addPermissionToRole('User', 'Edit', cl)
96 db.security.addPermissionToRole('User', 'Create', cl) 96 db.security.addPermissionToRole('User', 'Create', cl)
97 for cl in 'priority', 'status': 97 for cl in 'priority', 'status':
98 db.security.addPermissionToRole('User', 'View', cl) 98 db.security.addPermissionToRole('User', 'View', cl)
110 description="User is allowed to view their own user details") 110 description="User is allowed to view their own user details")
111 db.security.addPermissionToRole('User', p) 111 db.security.addPermissionToRole('User', p)
112 p = db.security.addPermission(name='Edit', klass='user', check=own_record, 112 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
113 description="User is allowed to edit their own user details") 113 description="User is allowed to edit their own user details")
114 db.security.addPermissionToRole('User', p) 114 db.security.addPermissionToRole('User', p)
115
116 # Users should be able to edit and view their own queries. They should also
117 # be able to view any marked as not private. They should not be able to
118 # edit others' queries, even if they're not private
119 def view_query(db, userid, itemid):
120 private_for = db.query.get(itemid, 'private_for')
121 if not private_for: return True
122 return userid == private_for
123 def edit_query(db, userid, itemid):
124 return userid == db.query.get(itemid, 'creator')
125 p = db.security.addPermission(name='View', klass='query', check=view_query,
126 description="User is allowed to view their own and public queries")
127 db.security.addPermissionToRole('User', p)
128 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
129 description="User is allowed to edit their queries")
130 db.security.addPermissionToRole('User', p)
131 p = db.security.addPermission(name='Create', klass='query',
132 description="User is allowed to create queries")
133 db.security.addPermissionToRole('User', p)
134
115 135
116 # 136 #
117 # ANONYMOUS USER PERMISSIONS 137 # ANONYMOUS USER PERMISSIONS
118 # 138 #
119 # Let anonymous users access the web interface. Note that almost all 139 # Let anonymous users access the web interface. Note that almost all
Roundup Issue Tracker: http://roundup-tracker.org/