Mercurial > p > roundup > code

comparison doc/upgrading.txt @ 5196:e0732fd6a6c7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implement props_only feature for permissions.
author rouilj@uland
date Sat, 18 Mar 2017 10:44:10 -0400
parents 3124be3cc197
children a9ace22e0a2f
comparison
equal deleted inserted replaced
5195:270003714e5f 5196:e0732fd6a6c7
393 393
394 It is suggested that you change your checks to use the ``**ctx`` 394 It is suggested that you change your checks to use the ``**ctx``
395 parameter. This is expected to be the preferred form in the future. 395 parameter. This is expected to be the preferred form in the future.
396 You do not need to use the ``ctx`` parameter in the function if you do 396 You do not need to use the ``ctx`` parameter in the function if you do
397 not need it. 397 not need it.
398
399 Changes to property permissions
400 -------------------------------
401
402 If you create a permission:
403
404 db.security.addPermission(name='View', klass='user',
405 properties=['theme'], check=own_record,
406 description="User is allowed to view their own theme")
407
408 that combines checks and properties, the permission also matches a
409 permission check for the View permission on the user class. So this
410 also allows the user to see their user record. It is unexpected that
411 checking for access without a property would match this permission.
412
413 This release adds support for making a permission like above only be
414 used during property permission tests. See ``customizing.txt`` and
415 search for props_only and set_props_only_default in the section
416 'Adding a new Permission'
398 417
399 Improve query editing 418 Improve query editing
400 --------------------- 419 ---------------------
401 420
402 If a user creates a query with the same name as one of their existing 421 If a user creates a query with the same name as one of their existing
Roundup Issue Tracker: http://roundup-tracker.org/