Mercurial > p > roundup > code
comparison doc/design.txt @ 1091:d870139aeb5c
more doc
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Tue, 10 Sep 2002 00:45:46 +0000 |
| parents | 43ab730ee194 |
| children | 8dd4f736370b |
comparison
equal
deleted
inserted
replaced
| 1090:9b910e8d987d | 1091:d870139aeb5c |
|---|---|
| 187 >>> Interval(" 3w 1 d 2:00") | 187 >>> Interval(" 3w 1 d 2:00") |
| 188 <Interval 22d 2:00> | 188 <Interval 22d 2:00> |
| 189 >>> Date(". + 2d") - Interval("3w") | 189 >>> Date(". + 2d") - Interval("3w") |
| 190 <Date 2000-06-07.00:34:02> | 190 <Date 2000-06-07.00:34:02> |
| 191 | 191 |
| 192 Nodes and Classes | 192 Items and Classes |
| 193 ~~~~~~~~~~~~~~~~~ | 193 ~~~~~~~~~~~~~~~~~ |
| 194 | 194 |
| 195 Nodes contain data in properties. To Python, these | 195 Items contain data in properties. To Python, these |
| 196 properties are presented as the key-value pairs of a dictionary. | 196 properties are presented as the key-value pairs of a dictionary. |
| 197 Each item belongs to a class which defines the names | 197 Each item belongs to a class which defines the names |
| 198 and types of its properties. The database permits the creation | 198 and types of its properties. The database permits the creation |
| 199 and modification of classes as well as items. | 199 and modification of classes as well as items. |
| 200 | 200 |
| 210 the item's numeric identifier. | 210 the item's numeric identifier. |
| 211 | 211 |
| 212 For example, if "spam" and "eggs" are classes, the first | 212 For example, if "spam" and "eggs" are classes, the first |
| 213 item created in class "spam" has id 1 and designator "spam1". | 213 item created in class "spam" has id 1 and designator "spam1". |
| 214 The first item created in class "eggs" also has id 1 but has | 214 The first item created in class "eggs" also has id 1 but has |
| 215 the distinct designator "eggs1". Node designators are | 215 the distinct designator "eggs1". Item designators are |
| 216 conventionally enclosed in square brackets when mentioned | 216 conventionally enclosed in square brackets when mentioned |
| 217 in plain text. This permits a casual mention of, say, | 217 in plain text. This permits a casual mention of, say, |
| 218 "[patch37]" in an e-mail message to be turned into an active | 218 "[patch37]" in an e-mail message to be turned into an active |
| 219 hyperlink. | 219 hyperlink. |
| 220 | 220 |
| 466 may collide with the names of existing properties, or a ValueError | 466 may collide with the names of existing properties, or a ValueError |
| 467 is raised before any properties have been added. | 467 is raised before any properties have been added. |
| 468 """ | 468 """ |
| 469 | 469 |
| 470 def getitem(self, itemid, cache=1): | 470 def getitem(self, itemid, cache=1): |
| 471 ''' Return a Node convenience wrapper for the item. | 471 ''' Return a Item convenience wrapper for the item. |
| 472 | 472 |
| 473 'itemid' must be the id of an existing item of this class or an | 473 'itemid' must be the id of an existing item of this class or an |
| 474 IndexError is raised. | 474 IndexError is raised. |
| 475 | 475 |
| 476 'cache' indicates whether the transaction cache should be queried | 476 'cache' indicates whether the transaction cache should be queried |
| 477 for the item. If the item has been modified and you need to | 477 for the item. If the item has been modified and you need to |
| 478 determine what its values prior to modification are, you need to | 478 determine what its values prior to modification are, you need to |
| 479 set cache=0. | 479 set cache=0. |
| 480 ''' | 480 ''' |
| 481 | 481 |
| 482 class Node: | 482 class Item: |
| 483 ''' A convenience wrapper for the given item. It provides a mapping | 483 ''' A convenience wrapper for the given item. It provides a mapping |
| 484 interface to a single item's properties | 484 interface to a single item's properties |
| 485 ''' | 485 ''' |
| 486 | 486 |
| 487 Hyperdatabase Implementations | 487 Hyperdatabase Implementations |
| 1410 Roles. These definitions are not persistent - they're defined when the | 1410 Roles. These definitions are not persistent - they're defined when the |
| 1411 application initialises. | 1411 application initialises. |
| 1412 | 1412 |
| 1413 There will be two levels of Permission. The Class level permissions define | 1413 There will be two levels of Permission. The Class level permissions define |
| 1414 logical permissions associated with all items of a particular class (or all | 1414 logical permissions associated with all items of a particular class (or all |
| 1415 classes). The Node level permissions define logical permissions associated | 1415 classes). The Item level permissions define logical permissions associated |
| 1416 with specific items by way of their user-linked properties. | 1416 with specific items by way of their user-linked properties. |
| 1417 | 1417 |
| 1418 | 1418 |
| 1419 Access Control Interface Specification | 1419 Access Control Interface Specification |
| 1420 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 1420 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 1455 def hasPermission(self, permission, userid, classname=None): | 1455 def hasPermission(self, permission, userid, classname=None): |
| 1456 ''' Look through all the Roles, and hence Permissions, and see if | 1456 ''' Look through all the Roles, and hence Permissions, and see if |
| 1457 "permission" is there for the specified classname. | 1457 "permission" is there for the specified classname. |
| 1458 ''' | 1458 ''' |
| 1459 | 1459 |
| 1460 def hasNodePermission(self, classname, itemid, **propspec): | 1460 def hasItemPermission(self, classname, itemid, **propspec): |
| 1461 ''' Check the named properties of the given item to see if the | 1461 ''' Check the named properties of the given item to see if the |
| 1462 userid appears in them. If it does, then the user is granted | 1462 userid appears in them. If it does, then the user is granted |
| 1463 this permission check. | 1463 this permission check. |
| 1464 | 1464 |
| 1465 'propspec' consists of a set of properties and values that | 1465 'propspec' consists of a set of properties and values that |
| 1527 user.create(username="admin", password=Password(adminpw), | 1527 user.create(username="admin", password=Password(adminpw), |
| 1528 address=config.ADMIN_EMAIL, roles='Admin') | 1528 address=config.ADMIN_EMAIL, roles='Admin') |
| 1529 user.create(username="anonymous", roles='Anonymous') | 1529 user.create(username="anonymous", roles='Anonymous') |
| 1530 | 1530 |
| 1531 Then in the code that matters, calls to ``hasPermission`` and | 1531 Then in the code that matters, calls to ``hasPermission`` and |
| 1532 ``hasNodePermission`` are made to determine if the user has permission | 1532 ``hasItemPermission`` are made to determine if the user has permission |
| 1533 to perform some action:: | 1533 to perform some action:: |
| 1534 | 1534 |
| 1535 if db.security.hasPermission('issue', 'Edit', userid): | 1535 if db.security.hasPermission('issue', 'Edit', userid): |
| 1536 # all ok | 1536 # all ok |
| 1537 | 1537 |
| 1538 if db.security.hasNodePermission('issue', itemid, assignedto=userid): | 1538 if db.security.hasItemPermission('issue', itemid, assignedto=userid): |
| 1539 # all ok | 1539 # all ok |
| 1540 | 1540 |
| 1541 Code in the core will make use of these methods, as should code in auditors in | 1541 Code in the core will make use of these methods, as should code in auditors in |
| 1542 custom templates. The htmltemplate will implement a new tag, ``<require>`` | 1542 custom templates. The htmltemplate will implement a new tag, ``<require>`` |
| 1543 which has the form:: | 1543 which has the form:: |
| 1551 where: | 1551 where: |
| 1552 | 1552 |
| 1553 - the permission attribute gives a comma-separated list of permission names. | 1553 - the permission attribute gives a comma-separated list of permission names. |
| 1554 These are checked in turn using ``hasPermission`` and requires one to | 1554 These are checked in turn using ``hasPermission`` and requires one to |
| 1555 be OK. | 1555 be OK. |
| 1556 - the other attributes are lookups on the item using ``hasNodePermission``. If | 1556 - the other attributes are lookups on the item using ``hasItemPermission``. If |
| 1557 the attribute value is "$userid" then the current user's userid is tested. | 1557 the attribute value is "$userid" then the current user's userid is tested. |
| 1558 | 1558 |
| 1559 Any of these tests must pass or the ``<require>`` check will fail. The section | 1559 Any of these tests must pass or the ``<require>`` check will fail. The section |
| 1560 of html within the side of the ``<else>`` that fails is remove from processing. | 1560 of html within the side of the ``<else>`` that fails is remove from processing. |
| 1561 | 1561 |