Mercurial Repository: p/roundup/code: doc/upgrading.txt comparison

comparison doc/upgrading.txt @ 5879:94a7669677ae

add permissions to control user of rest and xmlrpc API interfaces. issue2551058: Add new permissions: 'Rest Access' and 'Xmlrpc Access' to allow per-user access control to rest and xmlrpc interfaces using roles. Updated all schemas to add these new perms to all authenticated roles. Error conditions in handle_xmlrpc were not working right in manual testing. I tried to make it a little better, but I don't actually understand how the fault xmlrpc object is supposed to be used. So I may have messed something up. I'll try to ping the people who wrote the xmlrpc code to have them review.

author	John Rouillard <rouilj@ieee.org>
date	Fri, 27 Sep 2019 23:29:59 -0400
parents	e48b039b0ec0
children	9938c40e03bc

comparison

equal deleted inserted replaced

-:1b57d8f3eb97
+:94a7669677ae
 Although the ``MySQLdb`` module from
 https://pypi.org/project/MySQL-python/ is still supported, it is
 recommended to switch to the updated module from
 https://pypi.org/project/mysqlclient/.
+XMLRPC Access Role
+------------------
+A new permission has been added to control access to the XMLRPC
+endpoint. If the user doesn't have the new "Xmlrpc Access" permission,
+they will not be able to log in using the /xmlrpc end point.  To add
+this new permission to the "User" role you should change your
+tracker's schema.py and add::
+db.security.addPermissionToRole('User', 'Xmlrpc Access')
+This is usually included near where other permissions like "Web Access"
+or "Email Access" are assigned.
 Python 3 support
 ----------------
 Many of the ``.html`` and ``.py`` files from Roundup that are copied

Mercurial > p > roundup > code

comparison doc/upgrading.txt @ 5879:94a7669677ae