Mercurial > p > roundup > code
comparison templates/classic/schema.py @ 2991:b9a55628a78d
more doc fixes
simplified the security API, and bumped those changes around
a couple more TODO items so I don't forget
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Tue, 07 Dec 2004 23:32:50 +0000 |
| parents | 09e0d37abada |
| children | 14322134dcef |
comparison
equal
deleted
inserted
replaced
| 2988:f4023f1cc1d6 | 2991:b9a55628a78d |
|---|---|
| 83 | 83 |
| 84 # | 84 # |
| 85 # REGULAR USERS | 85 # REGULAR USERS |
| 86 # | 86 # |
| 87 # Give the regular users access to the web and email interface | 87 # Give the regular users access to the web and email interface |
| 88 p = db.security.getPermission('Web Access') | 88 db.security.addPermissionToRole('User', 'Web Access') |
| 89 db.security.addPermissionToRole('User', p) | 89 db.security.addPermissionToRole('User', 'Email Access') |
| 90 p = db.security.getPermission('Email Access') | |
| 91 db.security.addPermissionToRole('User', p) | |
| 92 | 90 |
| 93 # Assign the access and edit Permissions for issue, file and message | 91 # Assign the access and edit Permissions for issue, file and message |
| 94 # to regular users now | 92 # to regular users now |
| 95 for cl in 'issue', 'file', 'msg', 'query', 'keyword': | 93 for cl in 'issue', 'file', 'msg', 'query', 'keyword': |
| 96 p = db.security.getPermission('View', cl) | 94 db.security.addPermissionToRole('User', 'View', cl) |
| 97 db.security.addPermissionToRole('User', p) | 95 db.security.addPermissionToRole('User', 'Edit', cl) |
| 98 p = db.security.getPermission('Edit', cl) | 96 db.security.addPermissionToRole('User', 'Create', cl) |
| 99 db.security.addPermissionToRole('User', p) | |
| 100 p = db.security.getPermission('Create', cl) | |
| 101 db.security.addPermissionToRole('User', p) | |
| 102 for cl in 'priority', 'status': | 97 for cl in 'priority', 'status': |
| 103 p = db.security.getPermission('View', cl) | 98 db.security.addPermissionToRole('User', 'View', cl) |
| 104 db.security.addPermissionToRole('User', p) | |
| 105 | 99 |
| 106 # May users view other user information? Comment these lines out | 100 # May users view other user information? Comment these lines out |
| 107 # if you don't want them to | 101 # if you don't want them to |
| 108 p = db.security.getPermission('View', 'user') | 102 db.security.addPermissionToRole('User', 'View', 'user') |
| 109 db.security.addPermissionToRole('User', p) | |
| 110 | 103 |
| 111 # Users should be able to edit their own details. Note that this | 104 # Users should be able to edit their own details -- this permission is |
| 112 # permission is limited to only the situation where the Viewed or | 105 # limited to only the situation where the Viewed or Edited item is their own. |
| 113 # Edited item is their own. | |
| 114 def own_record(db, userid, itemid): | 106 def own_record(db, userid, itemid): |
| 115 '''Determine whether the userid matches the item being accessed.''' | 107 '''Determine whether the userid matches the item being accessed.''' |
| 116 return userid == itemid | 108 return userid == itemid |
| 117 p = db.security.addPermission(name='View', klass='user', check=own_record, | 109 p = db.security.addPermission(name='View Self', klass='user', check=own_record, |
| 118 description="User is allowed to view their own user details") | 110 description="User is allowed to view their own user details") |
| 119 p = db.security.addPermission(name='Edit', klass='user', check=own_record, | 111 db.security.addPermissionToRole('User', p) |
| 112 p = db.security.addPermission(name='Edit Self', klass='user', check=own_record, | |
| 120 description="User is allowed to edit their own user details") | 113 description="User is allowed to edit their own user details") |
| 121 db.security.addPermissionToRole('User', p) | 114 db.security.addPermissionToRole('User', p) |
| 122 | 115 |
| 123 # | 116 # |
| 124 # ANONYMOUS USER PERMISSIONS | 117 # ANONYMOUS USER PERMISSIONS |
| 125 # | 118 # |
| 126 # Let anonymous users access the web interface. Note that almost all | 119 # Let anonymous users access the web interface. Note that almost all |
| 127 # trackers will need this Permission. The only situation where it's not | 120 # trackers will need this Permission. The only situation where it's not |
| 128 # required is in a tracker that uses an HTTP Basic Authenticated front-end. | 121 # required is in a tracker that uses an HTTP Basic Authenticated front-end. |
| 129 p = db.security.getPermission('Web Access') | 122 db.security.addPermissionToRole('Anonymous', 'Web Access') |
| 130 db.security.addPermissionToRole('Anonymous', p) | |
| 131 | 123 |
| 132 # Let anonymous users access the email interface (note that this implies | 124 # Let anonymous users access the email interface (note that this implies |
| 133 # that they will be registered automatically, hence they will need the | 125 # that they will be registered automatically, hence they will need the |
| 134 # "Create" user Permission below) | 126 # "Create" user Permission below) |
| 135 p = db.security.getPermission('Email Access') | 127 db.security.addPermissionToRole('Anonymous', 'Email Access') |
| 136 db.security.addPermissionToRole('Anonymous', p) | |
| 137 | 128 |
| 138 # Assign the appropriate permissions to the anonymous user's Anonymous | 129 # Assign the appropriate permissions to the anonymous user's Anonymous |
| 139 # Role. Choices here are: | 130 # Role. Choices here are: |
| 140 # - Allow anonymous users to register | 131 # - Allow anonymous users to register |
| 141 p = db.security.getPermission('Create', 'user') | 132 db.security.addPermissionToRole('Anonymous', 'Create', 'user') |
| 142 db.security.addPermissionToRole('Anonymous', p) | |
| 143 | 133 |
| 144 # Allow anonymous users access to view issues (and the related, linked | 134 # Allow anonymous users access to view issues (and the related, linked |
| 145 # information) | 135 # information) |
| 146 for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status': | 136 for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status': |
| 147 p = db.security.getPermission('View', cl) | 137 db.security.addPermissionToRole('Anonymous', 'View', cl) |
| 148 db.security.addPermissionToRole('Anonymous', p) | |
| 149 | 138 |
| 150 # [OPTIONAL] | 139 # [OPTIONAL] |
| 151 # Allow anonymous users access to create or edit "issue" items (and the | 140 # Allow anonymous users access to create or edit "issue" items (and the |
| 152 # related file and message items) | 141 # related file and message items) |
| 153 #for cl in 'issue', 'file', 'msg': | 142 #for cl in 'issue', 'file', 'msg': |
| 154 # p = db.security.getPermission('Create', cl) | 143 # db.security.addPermissionToRole('Anonymous', 'Create', cl) |
| 155 # db.security.addPermissionToRole('Anonymous', p) | 144 # db.security.addPermissionToRole('Anonymous', 'Edit', cl) |
| 156 # p = db.security.getPermission('Edit', cl) | |
| 157 # db.security.addPermissionToRole('Anonymous', p) | |
| 158 | 145 |
| 159 | 146 |
| 160 # vim: set filetype=python sts=4 sw=4 et si : | 147 # vim: set filetype=python sts=4 sw=4 et si : |