Mercurial > p > roundup > code

diff roundup/cgi/client.py @ 4781:6e9b9743de89

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implementation for: http://issues.roundup-tracker.org/issue2550731 Add mechanism for the detectors to be able to tell the source of the data changes. Support for tx_Source property on database handle. Can be used by detectors to find out the source of a change in an auditor to block changes arriving by unauthenticated mechanisms (e.g. plain email where headers can be faked). The property db.tx_Source has the following values: * None - Default value set to None. May be valid if it's a script that is created by the user. Otherwise it's an error and indicates that some code path is not properly setting the tx_Source property. * "cli" - this string value is set when using roundup-admin and supplied scripts. * "web" - this string value is set when using any web based technique: html interface, xmlrpc .... * "email" - this string value is set when using an unauthenticated email based technique. * "email-sig-openpgp" - this string value is set when email with a valid pgp signature is used. (*NOTE* the testing for this mode is incomplete. If you have a pgp infrastructure you should test and verify that this is properly set.) This also includes some (possibly incomplete) tests cases for the modes above and an example of using ts_Source in the customization.txt document.
author John Rouillard <rouilj@ieee.org>
date Tue, 23 Apr 2013 23:06:09 -0400
parents fe9568a6cbd6
children b474adb17fda
line wrap: on
line diff
--- a/roundup/cgi/client.py	Fri Mar 22 15:53:27 2013 +0100
+++ b/roundup/cgi/client.py	Tue Apr 23 23:06:09 2013 -0400
@@ -792,12 +792,15 @@
         # open the database or only set the user
         if not hasattr(self, 'db'):
             self.db = self.instance.open(username)
+            self.db.tx_Source = "web"
         else:
             if self.instance.optimize:
                 self.db.setCurrentUser(username)
+                self.db.tx_Source = "web"
             else:
                 self.db.close()
                 self.db = self.instance.open(username)
+                self.db.tx_Source = "web"
                 # The old session API refers to the closed database;
                 # we can no longer use it.
                 self.session_api = Session(self)
Roundup Issue Tracker: http://roundup-tracker.org/