Mercurial > p > roundup > code
comparison doc/customizing.txt @ 5897:d0aebd4aec72
Provide a method for identifying invalid properties in permissions
issue2551062: roundup-admin security validates all properties in
permissions. It reports invalid properties.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 05 Oct 2019 12:33:23 -0400 |
| parents | 6e341009593b |
| children | c3728772c594 |
comparison
equal
deleted
inserted
replaced
| 5896:a8df94ec8040 | 5897:d0aebd4aec72 |
|---|---|
| 1256 # related file and message items) | 1256 # related file and message items) |
| 1257 #for cl in 'issue', 'file', 'msg': | 1257 #for cl in 'issue', 'file', 'msg': |
| 1258 # db.security.addPermissionToRole('Anonymous', 'Create', cl) | 1258 # db.security.addPermissionToRole('Anonymous', 'Create', cl) |
| 1259 # db.security.addPermissionToRole('Anonymous', 'Edit', cl) | 1259 # db.security.addPermissionToRole('Anonymous', 'Edit', cl) |
| 1260 | 1260 |
| 1261 You can use ``roundup-admin security`` to verify the permissions | |
| 1262 defined in the schema. It also verifies that properties specified in | |
| 1263 permissions are valid for the class. This helps detect typos that can | |
| 1264 cause baffling permission issues. | |
| 1261 | 1265 |
| 1262 Automatic Permission Checks | 1266 Automatic Permission Checks |
| 1263 --------------------------- | 1267 --------------------------- |
| 1264 | 1268 |
| 1265 Permissions are automatically checked when information is rendered | 1269 Permissions are automatically checked when information is rendered |
| 1341 class or an issue item can use any View permission for the issue | 1345 class or an issue item can use any View permission for the issue |
| 1342 class even if that permission has a property list. This can be | 1346 class even if that permission has a property list. This can be |
| 1343 confusing and surprising as you would think that a permission | 1347 confusing and surprising as you would think that a permission |
| 1344 including properties would be used only for determining the | 1348 including properties would be used only for determining the |
| 1345 access permission for those properties. | 1349 access permission for those properties. |
| 1350 | |
| 1351 ``roundup-admin security`` will report invalid properties for the | |
| 1352 class. For example a permission with an invalid summary property is | |
| 1353 presented as:: | |
| 1354 | |
| 1355 Allowed to see content of object regardless of spam status | |
| 1356 (View for "file": ('content', 'summary') only) | |
| 1357 | |
| 1358 **Invalid properties for file: ['summary'] | |
| 1346 | 1359 |
| 1347 Setting ``props_only=True`` will make the permission valid only for | 1360 Setting ``props_only=True`` will make the permission valid only for |
| 1348 those properties. | 1361 those properties. |
| 1349 | 1362 |
| 1350 If you use a lot of permissions with property checks, it can be | 1363 If you use a lot of permissions with property checks, it can be |