Mercurial > p > roundup > code
comparison doc/customizing.txt @ 1954:a71bc3a6f433
Added 'Users may only edit their issues' customisation example.
Fixed permission check in page.html template.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Wed, 10 Dec 2003 01:40:12 +0000 |
| parents | c40ed9113285 |
| children | c8d8d03b6d94 |
comparison
equal
deleted
inserted
replaced
| 1953:800b226bba58 | 1954:a71bc3a6f433 |
|---|---|
| 1 =================== | 1 =================== |
| 2 Customising Roundup | 2 Customising Roundup |
| 3 =================== | 3 =================== |
| 4 | 4 |
| 5 :Version: $Revision: 1.106 $ | 5 :Version: $Revision: 1.107 $ |
| 6 | 6 |
| 7 .. This document borrows from the ZopeBook section on ZPT. The original is at: | 7 .. This document borrows from the ZopeBook section on ZPT. The original is at: |
| 8 http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx | 8 http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx |
| 9 | 9 |
| 10 .. contents:: | 10 .. contents:: |
| 3582 <a tal:attributes="href | 3582 <a tal:attributes="href |
| 3583 string:issue${i/id}?:assignedto=${request/user/id}&:action=edit">take</a> | 3583 string:issue${i/id}?:assignedto=${request/user/id}&:action=edit">take</a> |
| 3584 | 3584 |
| 3585 ... and so on | 3585 ... and so on |
| 3586 | 3586 |
| 3587 Users may only edit their issues | |
| 3588 -------------------------------- | |
| 3589 | |
| 3590 Users registering themselves are granted Provisional access - meaning they | |
| 3591 have access to edit the issues they submit, but not others. We create a new | |
| 3592 Role called "Provisional User" which is granted to newly-registered users, | |
| 3593 and has limited access. One of the Permissions they have is the new "Edit | |
| 3594 Own" on issues (regular users have "Edit".) We back up the permissions with | |
| 3595 an auditor. | |
| 3596 | |
| 3597 First up, we create the new Role and Permission structure in | |
| 3598 ``dbinit.py``:: | |
| 3599 | |
| 3600 # New users not approved by the admin | |
| 3601 db.security.addRole(name='Provisional User', | |
| 3602 description='New user registered via web or email') | |
| 3603 p = db.security.addPermission(name='Edit Own', klass='issue', | |
| 3604 description='Can only edit own issues') | |
| 3605 db.security.addPermissionToRole('Provisional User', p) | |
| 3606 | |
| 3607 # Assign the access and edit Permissions for issue to new users now | |
| 3608 p = db.security.getPermission('View', 'issue') | |
| 3609 db.security.addPermissionToRole('Provisional User', p) | |
| 3610 p = db.security.getPermission('Edit', 'issue') | |
| 3611 db.security.addPermissionToRole('Provisional User', p) | |
| 3612 | |
| 3613 # and give the new users access to the web and email interface | |
| 3614 p = db.security.getPermission('Web Access') | |
| 3615 db.security.addPermissionToRole('Provisional User', p) | |
| 3616 p = db.security.getPermission('Email Access') | |
| 3617 db.security.addPermissionToRole('Provisional User', p) | |
| 3618 | |
| 3619 | |
| 3620 Then in the ``config.py`` we change the Role assigned to newly-registered | |
| 3621 users, replacing the existing ``'User'`` values:: | |
| 3622 | |
| 3623 NEW_WEB_USER_ROLES = 'Provisional User' | |
| 3624 NEW_EMAIL_USER_ROLES = 'Provisional User' | |
| 3625 | |
| 3626 Finally we add a new *auditor* to the ``detectors`` directory called | |
| 3627 ``provisional_user_auditor.py``:: | |
| 3628 | |
| 3629 def audit_provisionaluser(db, cl, nodeid, newvalues): | |
| 3630 ''' New users are only allowed to modify their own issues. | |
| 3631 ''' | |
| 3632 if (db.getuid() != cl.get(nodeid, 'creator') | |
| 3633 and db.security.hasPermission('Edit Own', db.getuid(), cl.classname)): | |
| 3634 raise ValueError, ('You are only allowed to edit your own %s' | |
| 3635 % cl.classname) | |
| 3636 | |
| 3637 def init(db): | |
| 3638 # fire before changes are made | |
| 3639 db.issue.audit('set', audit_provisionaluser) | |
| 3640 db.issue.audit('retire', audit_provisionaluser) | |
| 3641 db.issue.audit('restore', audit_provisionaluser) | |
| 3642 | |
| 3643 Note that some older trackers might also want to change the ``page.html`` | |
| 3644 template as follows:: | |
| 3645 | |
| 3646 <p class="classblock" | |
| 3647 - tal:condition="python:request.user.username != 'anonymous'"> | |
| 3648 + tal:condition="python:request.user.hasPermission('View', 'user')"> | |
| 3649 <b>Administration</b><br> | |
| 3650 <tal:block tal:condition="python:request.user.hasPermission('Edit', None)"> | |
| 3651 <a href="home?:template=classlist">Class List</a><br> | |
| 3652 | |
| 3653 (note that the "-" indicates a removed line, and the "+" indicates an added | |
| 3654 line). | |
| 3655 | |
| 3656 | |
| 3587 ------------------- | 3657 ------------------- |
| 3588 | 3658 |
| 3589 Back to `Table of Contents`_ | 3659 Back to `Table of Contents`_ |
| 3590 | 3660 |
| 3591 .. _`Table of Contents`: index.html | 3661 .. _`Table of Contents`: index.html |