Mercurial > p > roundup > code
diff doc/customizing.txt @ 2076:2a4309450202
security fixes and doc updates
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 12 Mar 2004 05:36:26 +0000 |
| parents | d8c7fd205cd8 |
| children | 90769be53b4b |
line wrap: on
line diff
--- a/doc/customizing.txt Fri Mar 12 04:09:00 2004 +0000 +++ b/doc/customizing.txt Fri Mar 12 05:36:26 2004 +0000 @@ -2,7 +2,7 @@ Customising Roundup =================== -:Version: $Revision: 1.118 $ +:Version: $Revision: 1.119 $ .. This document borrows from the ZopeBook section on ZPT. The original is at: http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx @@ -613,6 +613,9 @@ - Edit (everything) - View (everything) +Every Class you define in your tracker's schema also gets an Edit and View +Permission of its own. + The default interfaces define: - Web Registration @@ -643,13 +646,6 @@ # # SECURITY SETTINGS # - # new permissions for this schema - for cl in ('user', ): - db.security.addPermission(name="Edit", klass=cl, - description="User is allowed to edit "+cl) - db.security.addPermission(name="View", klass=cl, - description="User is allowed to access "+cl) - # and give the regular users access to the web and email interface p = db.security.getPermission('Web Access') db.security.addPermissionToRole('User', p) @@ -697,7 +693,13 @@ When adding a new Permission, you will need to: -1. add it to your tracker's dbinit so it is created +1. add it to your tracker's dbinit so it is created, using + ``security.addPermission``, for example:: + + self.security.addPermission(name="View", klass='frozzle', + description="User is allowed to access frozzles") + + will set up a new "View" permission on the Class "frozzle". 2. enable it for the Roles that should have it (verify with "``roundup-admin security``") 3. add it to the relevant HTML interface templates