Mercurial > p > roundup > code
diff doc/whatsnew-0.8.txt @ 3117:460eb0209a9e
Permissions improvements.
- have Permissions only test the check function if itemid is suppled
- modify index templates to check for row-level Permission
- more documentation of security mechanisms
- better unit tests for security mechanisms
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 28 Jan 2005 03:51:19 +0000 |
| parents | 4e7eaf475ad7 |
| children | 7308c3c5a943 |
line wrap: on
line diff
--- a/doc/whatsnew-0.8.txt Wed Jan 26 17:27:21 2005 +0000 +++ b/doc/whatsnew-0.8.txt Fri Jan 28 03:51:19 2005 +0000 @@ -66,6 +66,19 @@ Permissions may also have code attached which is executed to check whether the Permission is valid for the current user and item. +Permissions are now automatically checked when information is rendered +through the web. This includes: + +1. View checks for properties when being rendered via the ``plain()`` or + similar methods. If the check fails, the text "[hidden]" will be + displayed. +2. Edit checks for properties when the edit field is being rendered via + the ``field()`` or similar methods. If the check fails, the property + will be rendered via the ``plain()`` method (see point 1. for additional + checking performed) +3. View checks are performed in index pages for each item being displayed + such that if the user does not have permission, the row is not rendered. + Extending Roundup ================= @@ -134,7 +147,6 @@ The listing popup may be used in query forms. - Standard templates We hide "(list)" popup links when issue is only viewable