Mercurial > p > roundup > code
diff roundup/templates/classic/dbinit.py @ 928:23c9d4f86380
Added the web access and email access permissions..
...so people can restrict access to users who register through the
email interface (for example). Also added "security" command to the
roundup-admin interface to display the Role/Permission config for an
instance.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Thu, 01 Aug 2002 00:56:22 +0000 |
| parents | 502a5ae11cc5 |
| children | e02093543d59 |
line wrap: on
line diff
--- a/roundup/templates/classic/dbinit.py Wed Jul 31 23:57:37 2002 +0000 +++ b/roundup/templates/classic/dbinit.py Thu Aug 01 00:56:22 2002 +0000 @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: dbinit.py,v 1.21 2002-07-26 08:26:59 richard Exp $ +# $Id: dbinit.py,v 1.22 2002-08-01 00:56:22 richard Exp $ import os @@ -98,6 +98,19 @@ db.security.addPermission(name="View", klass=cl, description="User is allowed to access "+cl) + # Assign the access and edit permissions for issue, file and message + # to regular users now + for cl in 'issue', 'file', 'msg': + p = db.security.getPermission('View', cl) + db.security.addPermissionToRole('User', p) + p = db.security.getPermission('Edit', cl) + db.security.addPermissionToRole('User', p) + # and give the regular users access to the web and email interface + p = db.security.getPermission('Web Access') + db.security.addPermissionToRole('User', p) + p = db.security.getPermission('Email Access') + db.security.addPermissionToRole('User', p) + # Assign the appropriate permissions to the anonymous user's Anonymous # Role. Choices here are: # - Allow anonymous users to register through the web @@ -117,13 +130,9 @@ #p = db.security.getPermission('Edit', 'issue') #db.security.addPermissionToRole('Anonymous', p) - # Assign the access and edit permissions for issue, file and message - # to regular users now - for cl in 'issue', 'file', 'msg': - p = db.security.getPermission('View', cl) - db.security.addPermissionToRole('User', p) - p = db.security.getPermission('Edit', cl) - db.security.addPermissionToRole('User', p) + # oh, g'wan, let anonymous access the web interface too + p = db.security.getPermission('Web Access') + db.security.addPermissionToRole('Anonymous', p) import detectors detectors.init(db) @@ -176,6 +185,11 @@ # # $Log: not supported by cvs2svn $ +# Revision 1.21 2002/07/26 08:26:59 richard +# Very close now. The cgi and mailgw now use the new security API. The two +# templates have been migrated to that setup. Lots of unit tests. Still some +# issue in the web form for editing Roles assigned to users. +# # Revision 1.20 2002/07/17 12:39:10 gmcm # Saving, running & editing queries. #