Mercurial > p > roundup > code
comparison templates/minimal/schema.py @ 2991:b9a55628a78d
more doc fixes
simplified the security API, and bumped those changes around
a couple more TODO items so I don't forget
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Tue, 07 Dec 2004 23:32:50 +0000 |
| parents | 45c65345e909 |
| children | a4393350e4eb |
comparison
equal
deleted
inserted
replaced
| 2988:f4023f1cc1d6 | 2991:b9a55628a78d |
|---|---|
| 23 | 23 |
| 24 # | 24 # |
| 25 # REGULAR USERS | 25 # REGULAR USERS |
| 26 # | 26 # |
| 27 # Give the regular users access to the web and email interface | 27 # Give the regular users access to the web and email interface |
| 28 p = db.security.getPermission('Web Access') | 28 db.security.addPermissionToRole('User', 'Web Access') |
| 29 db.security.addPermissionToRole('User', p) | 29 db.security.addPermissionToRole('User', 'Email Access') |
| 30 p = db.security.getPermission('Email Access') | |
| 31 db.security.addPermissionToRole('User', p) | |
| 32 | 30 |
| 33 # May users view other user information? | 31 # May users view other user information? |
| 34 # Comment these lines out if you don't want them to | 32 # Comment these lines out if you don't want them to |
| 35 p = db.security.getPermission('View', 'user') | 33 db.security.addPermissionToRole('User', 'View', 'user') |
| 36 db.security.addPermissionToRole('User', p) | |
| 37 | 34 |
| 38 # Users should be able to edit their own details. | 35 # Users should be able to edit their own details -- this permission is |
| 39 # Note that this permission is limited to only the situation | 36 # limited to only the situation where the Viewed or Edited item is their own. |
| 40 # where the Viewed or Edited item is their own. | |
| 41 def own_record(db, userid, itemid): | 37 def own_record(db, userid, itemid): |
| 42 '''Determine whether the userid matches the item being accessed.''' | 38 '''Determine whether the userid matches the item being accessed.''' |
| 43 return userid == itemid | 39 return userid == itemid |
| 44 p = db.security.addPermission(name='View', klass='user', check=own_record, | 40 p = db.security.addPermission(name='View Self', klass='user', check=own_record, |
| 45 description="User is allowed to view their own user details") | 41 description="User is allowed to view their own user details") |
| 46 p = db.security.addPermission(name='Edit', klass='user', check=own_record, | 42 db.security.addPermissionToRole('User', p) |
| 43 p = db.security.addPermission(name='Edit Self', klass='user', check=own_record, | |
| 47 description="User is allowed to edit their own user details") | 44 description="User is allowed to edit their own user details") |
| 48 db.security.addPermissionToRole('User', p) | 45 db.security.addPermissionToRole('User', p) |
| 49 | 46 |
| 50 # | 47 # |
| 51 # ANONYMOUS USER PERMISSIONS | 48 # ANONYMOUS USER PERMISSIONS |
| 52 # | 49 # |
| 53 # Let anonymous users access the web interface. Note that almost all | 50 # Let anonymous users access the web interface. Note that almost all |
| 54 # trackers will need this Permission. The only situation where it's not | 51 # trackers will need this Permission. The only situation where it's not |
| 55 # required is in a tracker that uses an HTTP Basic Authenticated front-end. | 52 # required is in a tracker that uses an HTTP Basic Authenticated front-end. |
| 56 p = db.security.getPermission('Web Access') | 53 db.security.addPermissionToRole('Anonymous', 'Web Access') |
| 57 db.security.addPermissionToRole('Anonymous', p) | |
| 58 | 54 |
| 59 # Let anonymous users access the email interface (note that this implies | 55 # Let anonymous users access the email interface (note that this implies |
| 60 # that they will be registered automatically, hence they will need the | 56 # that they will be registered automatically, hence they will need the |
| 61 # "Create" user Permission below) | 57 # "Create" user Permission below) |
| 62 p = db.security.getPermission('Email Access') | 58 db.security.addPermissionToRole('Anonymous', 'Email Access') |
| 63 db.security.addPermissionToRole('Anonymous', p) | |
| 64 | 59 |
| 65 # Assign the appropriate permissions to the anonymous user's | 60 # Assign the appropriate permissions to the anonymous user's |
| 66 # Anonymous Role. Choices here are: | 61 # Anonymous Role. Choices here are: |
| 67 # - Allow anonymous users to register | 62 # - Allow anonymous users to register |
| 68 p = db.security.getPermission('Create', 'user') | 63 db.security.addPermissionToRole('Anonymous', 'Create', 'user') |
| 69 db.security.addPermissionToRole('Anonymous', p) | |
| 70 | 64 |
| 71 # vim: set et sts=4 sw=4 : | 65 # vim: set et sts=4 sw=4 : |