Mercurial > p > roundup > code
diff doc/customizing.txt @ 4781:6e9b9743de89
Implementation for:
http://issues.roundup-tracker.org/issue2550731
Add mechanism for the detectors to be able to tell the source of the
data changes.
Support for tx_Source property on database handle. Can be
used by detectors to find out the source of a change in an auditor to
block changes arriving by unauthenticated mechanisms (e.g. plain email
where headers can be faked). The property db.tx_Source has the
following values:
* None - Default value set to None. May be valid if it's a script
that is created by the user. Otherwise it's an error and indicates
that some code path is not properly setting the tx_Source property.
* "cli" - this string value is set when using roundup-admin and
supplied scripts.
* "web" - this string value is set when using any web based
technique: html interface, xmlrpc ....
* "email" - this string value is set when using an unauthenticated
email based technique.
* "email-sig-openpgp" - this string value is set when email with a
valid pgp signature is used. (*NOTE* the testing for this mode
is incomplete. If you have a pgp infrastructure you should test
and verify that this is properly set.)
This also includes some (possibly incomplete) tests cases for the
modes above and an example of using ts_Source in the customization.txt
document.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 23 Apr 2013 23:06:09 -0400 |
| parents | 0040fb6e659f |
| children | 07014a4b8a49 |
line wrap: on
line diff
--- a/doc/customizing.txt Fri Mar 22 15:53:27 2013 +0100 +++ b/doc/customizing.txt Tue Apr 23 23:06:09 2013 -0400 @@ -4539,6 +4539,73 @@ selected these keywords as nosy keywords. This will eliminate the loop over all users. +Restricting updates that arrive by email +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Roundup supports multiple update methods: + +1. command line +2. plain email +3. pgp signed email +4. web access + +in some cases you may need to prevent changes to properties by some of +these methods. For example you can set up issues that are viewable +only by people on the nosy list. So you must prevent unauthenticated +changes to the nosy list. + +Since plain email can be easily forged, it does not provide sufficient +authentication in this senario. + +To prevent this we can add a detector that audits the source of the +transaction and rejects the update if it changes the nosy list. + +Create the detector (auditor) module and add it to the detectors +directory of your tracker:: + + from roundup import roundupdb, hyperdb + + from roundup.mailgw import Unauthorized + + def restrict_nosy_changes(db, cl, nodeid, newvalues): + '''Do not permit changes to nosy via email.''' + + if not (newvalues.has_key('nosy')): + # the nosy field has not changed so no need to check. + return + + if db.tx_Source in ['web', 'email-sig-openpgp', 'cli' ]: + # if the source of the transaction is from an authenticated + # source or a privileged process allow the transaction. + # Other possible sources: 'email' + return + + # otherwise raise an error + raise Unauthorized, \ + 'Changes to nosy property not allowed via %s for this issue.'%\ + tx_Source + + def init(db): + ''' Install restrict_nosy_changes to run after other auditors. + + Allow initial creation email to set nosy. + So don't execute: db.issue.audit('create', requestedbyauditor) + + Set priority to 110 to run this auditor after other auditors + that can cause nosy to change. + ''' + db.issue.audit('set', restrict_nosy_changes, 110) + +This detector (auditor) will prevent updates to the nosy field if it +arrives by email. Since it runs after other auditors (due to the +priority of 110), it will also prevent changes to the nosy field that +are done by other auditors if triggered by an email. + +Note that db.tx_Source was not present in roundup versions before +1.4.21, so you must be running a newer version to use this detector. +Read the CHANGES.txt document in the roundup source code for further +details on tx_Source. + Changes to Security and Permissions -----------------------------------