Mercurial > p > roundup > code
comparison doc/xmlrpc.txt @ 5879:94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
issue2551058: Add new permissions: 'Rest Access' and 'Xmlrpc Access'
to allow per-user access control to rest and xmlrpc interfaces using
roles.
Updated all schemas to add these new perms to all authenticated roles.
Error conditions in handle_xmlrpc were not working right in manual
testing. I tried to make it a little better, but I don't actually
understand how the fault xmlrpc object is supposed to be used. So I
may have messed something up. I'll try to ping the people who wrote
the xmlrpc code to have them review.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Fri, 27 Sep 2019 23:29:59 -0400 |
| parents | d0689aaa83db |
| children | e2b70d43d0fc |
comparison
equal
deleted
inserted
replaced
| 5878:1b57d8f3eb97 | 5879:94a7669677ae |
|---|---|
| 21 | 21 |
| 22 Enabling XML-RPC server | 22 Enabling XML-RPC server |
| 23 ----------------------- | 23 ----------------------- |
| 24 There are two ways to run the XML-RPC interface: | 24 There are two ways to run the XML-RPC interface: |
| 25 | 25 |
| 26 through roundup itself | |
| 27 | |
| 26 stand alone roundup-xmlrpc-server | 28 stand alone roundup-xmlrpc-server |
| 27 | 29 |
| 28 through roundup itself | 30 |
| 31 through roundup | |
| 32 --------------- | |
| 33 The XML-RPC service is available from the roundup HTTP server under | |
| 34 /xmlrpc. | |
| 35 | |
| 36 To enable this set ``enable_xmlrpc`` to ``yes`` in the ``[web]`` | |
| 37 section of the ``config.ini`` file in your tracker. | |
| 38 | |
| 39 Each user that needs access must include the "Xmlrpc Access" role. To | |
| 40 add this new permission to the "User" role you should change your | |
| 41 schema.py to add:: | |
| 42 | |
| 43 db.security.addPermissionToRole('User', 'Xmlrpc Access') | |
| 44 | |
| 45 This is usually included near where other permissions like "Web Access" | |
| 46 or "Email Access" are assigned. | |
| 29 | 47 |
| 30 stand alone roundup-xmlrpc-server | 48 stand alone roundup-xmlrpc-server |
| 31 --------------------------------- | 49 --------------------------------- |
| 50 Using roundup to access the xmlrpc interface is preferred. Roundup | |
| 51 provides better control over who can use the interface. | |
| 52 | |
| 32 The Roundup XML-RPC standalone server must be started before remote clients can access the | 53 The Roundup XML-RPC standalone server must be started before remote clients can access the |
| 33 tracker via XML-RPC. ``roundup-xmlrpc-server`` is installed in the scripts | 54 tracker via XML-RPC. ``roundup-xmlrpc-server`` is installed in the scripts |
| 34 directory alongside ``roundup-server`` and roundup-admin``. When invoked, the | 55 directory alongside ``roundup-server`` and roundup-admin``. When invoked, the |
| 35 location of the tracker instance must be specified. | 56 location of the tracker instance must be specified. |
| 36 | 57 |
| 37 roundup-xmlrpc-server -i ``/path/to/tracker`` | 58 roundup-xmlrpc-server -i ``/path/to/tracker`` |
| 38 | 59 |
| 39 The default port is ``8000``. An alternative port can be specified with the | 60 The default port is ``8000``. An alternative port can be specified with the |
| 40 ``--port`` switch. | 61 ``--port`` switch. |
| 41 | |
| 42 through roundup | |
| 43 --------------- | |
| 44 In addition to running a stand alone server described above, the | |
| 45 XML-RPC service is available from the roundup HTTP server. | |
| 46 | 62 |
| 47 security consideration | 63 security consideration |
| 48 ---------------------- | 64 ---------------------- |
| 49 Note that the current ``roundup-xmlrpc-server`` implementation does not | 65 Note that the current ``roundup-xmlrpc-server`` implementation does not |
| 50 support SSL. This means that usernames and passwords will be passed in | 66 support SSL. This means that usernames and passwords will be passed in |