Mercurial > p > roundup > code

diff CHANGES.txt @ 4781:6e9b9743de89

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implementation for: http://issues.roundup-tracker.org/issue2550731 Add mechanism for the detectors to be able to tell the source of the data changes. Support for tx_Source property on database handle. Can be used by detectors to find out the source of a change in an auditor to block changes arriving by unauthenticated mechanisms (e.g. plain email where headers can be faked). The property db.tx_Source has the following values: * None - Default value set to None. May be valid if it's a script that is created by the user. Otherwise it's an error and indicates that some code path is not properly setting the tx_Source property. * "cli" - this string value is set when using roundup-admin and supplied scripts. * "web" - this string value is set when using any web based technique: html interface, xmlrpc .... * "email" - this string value is set when using an unauthenticated email based technique. * "email-sig-openpgp" - this string value is set when email with a valid pgp signature is used. (*NOTE* the testing for this mode is incomplete. If you have a pgp infrastructure you should test and verify that this is properly set.) This also includes some (possibly incomplete) tests cases for the modes above and an example of using ts_Source in the customization.txt document.
author John Rouillard <rouilj@ieee.org>
date Tue, 23 Apr 2013 23:06:09 -0400
parents 3adff0fb0207
children cda9ca8befd7
line wrap: on
line diff
--- a/CHANGES.txt	Fri Mar 22 15:53:27 2013 +0100
+++ b/CHANGES.txt	Tue Apr 23 23:06:09 2013 -0400
@@ -7,6 +7,24 @@
 
 Features:
 
+- Support for tx_Source property on database handle. Can be used by
+  detectors to find out the source of a change in an auditor to block
+  changes arriving by unauthenticated mechanisms (e.g. plain email
+  where headers can be faked). The property db.tx_Source has the
+  following values:
+  * None - Default value set to None. May be valid if it's a script
+    that is created by the user. Otherwise it's an error and indicates
+    that some code path is not properly setting the tx_Source property.
+  * "cli" - this string value is set when using roundup-admin and
+    supplied scripts.
+  * "web" - this string value is set when using any web based
+    technique: html interface, xmlrpc ....
+  * "email" - this string value is set when using an unauthenticated
+    email based technique.
+  * "email-sig-openpgp" - this string value is set when email with a
+    valid pgp signature is used. (*NOTE* the testing for this mode
+    is incomplete. If you have a pgp infrastructure you should test
+    and verify that this is properly set.)
 - Introducing Template Loader API (anatoly techtonik)
 - Experimental support for Jinja2, try 'jinja2' for template_engine
   in config (anatoly techtonik)
Roundup Issue Tracker: http://roundup-tracker.org/