Mercurial > p > roundup > code
diff templates/classic/schema.py @ 2649:1df7d4a41da4
Buncha stuff (sorry about the large checkin):
- Permissions may now be defined on a per-property basis
- added "Create" Permission. Replaces the "Web"- and "Email Registration"
Permissions.
- added option to turn off registration confirmation via email
("instant_registration" in config)
Migrated the user edit/view permission to use check code.
Fixed a buncha stuff in the default templates. Needs a thorough review
though.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Wed, 28 Jul 2004 02:29:46 +0000 |
| parents | 18e86941c950 |
| children | 09e0d37abada |
line wrap: on
line diff
--- a/templates/classic/schema.py Tue Jul 27 11:36:01 2004 +0000 +++ b/templates/classic/schema.py Wed Jul 28 02:29:46 2004 +0000 @@ -80,6 +80,16 @@ # # See the configuration and customisation document for information # about security setup. + +# +# REGULAR USERS +# +# Give the regular users access to the web and email interface +p = db.security.getPermission('Web Access') +db.security.addPermissionToRole('User', p) +p = db.security.getPermission('Email Access') +db.security.addPermissionToRole('User', p) + # Assign the access and edit Permissions for issue, file and message # to regular users now for cl in 'issue', 'file', 'msg', 'query', 'keyword': @@ -87,43 +97,64 @@ db.security.addPermissionToRole('User', p) p = db.security.getPermission('Edit', cl) db.security.addPermissionToRole('User', p) + p = db.security.getPermission('Create', cl) + db.security.addPermissionToRole('User', p) for cl in 'priority', 'status': p = db.security.getPermission('View', cl) db.security.addPermissionToRole('User', p) -# and give the regular users access to the web and email interface -p = db.security.getPermission('Web Access') -db.security.addPermissionToRole('User', p) -p = db.security.getPermission('Email Access') -db.security.addPermissionToRole('User', p) - # May users view other user information? Comment these lines out # if you don't want them to p = db.security.getPermission('View', 'user') db.security.addPermissionToRole('User', p) +# Users should be able to edit their own details. Note that this +# permission is limited to only the situation where the Viewed or +# Edited item is their own. +def own_record(db, userid, itemid): + '''Determine whether the userid matches the item being accessed.''' + return userid == itemid +p = db.security.addPermission(name='View', klass='user', check=own_record, + description="User is allowed to view their own user details") +p = db.security.addPermission(name='Edit', klass='user', check=own_record, + description="User is allowed to edit their own user details") +db.security.addPermissionToRole('User', p) + +# +# ANONYMOUS USER PERMISSIONS +# +# Let anonymous users access the web interface. Note that almost all +# trackers will need this Permission. The only situation where it's not +# required is in a tracker that uses an HTTP Basic Authenticated front-end. +p = db.security.getPermission('Web Access') +db.security.addPermissionToRole('Anonymous', p) + +# Let anonymous users access the email interface (note that this implies +# that they will be registered automatically, hence they will need the +# "Create" user Prmission below) +p = db.security.getPermission('Email Access') +db.security.addPermissionToRole('Anonymous', p) + # Assign the appropriate permissions to the anonymous user's Anonymous # Role. Choices here are: -# - Allow anonymous users to register through the web -p = db.security.getPermission('Web Registration') +# - Allow anonymous users to register +p = db.security.getPermission('Create', 'user') db.security.addPermissionToRole('Anonymous', p) -# - Allow anonymous (new) users to register through the email gateway -p = db.security.getPermission('Email Registration') -db.security.addPermissionToRole('Anonymous', p) -# - Allow anonymous users access to view issues (which implies being -# able to view all linked information too + +# Allow anonymous users access to view issues (and the related, linked +# information) for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status': p = db.security.getPermission('View', cl) db.security.addPermissionToRole('Anonymous', p) -# - Allow anonymous users access to edit the "issue" class of data -# Note: this also grants access to create related information like -# files and messages etc that are linked to issues -#p = db.security.getPermission('Edit', 'issue') -#db.security.addPermissionToRole('Anonymous', p) -# oh, g'wan, let anonymous access the web interface too -p = db.security.getPermission('Web Access') -db.security.addPermissionToRole('Anonymous', p) +# [OPTIONAL] +# Allow anonymous users access to create or edit "issue" items (and the +# related file and message items) +#for cl in 'issue', 'file', 'msg': +# p = db.security.getPermission('Create', cl) +# db.security.addPermissionToRole('Anonymous', p) +# p = db.security.getPermission('Edit', cl) +# db.security.addPermissionToRole('Anonymous', p) # vim: set filetype=python sts=4 sw=4 et si