Mercurial > p > roundup > code

--- a/roundup/rest.py	Fri Mar 08 21:32:57 2019 -0500
+++ b/roundup/rest.py	Fri Mar 08 22:30:11 2019 -0500
@@ -557,14 +557,19 @@
         node = class_obj.getnode(item_id)
         etag = calculate_etag(node, class_name, item_id)
         props = None
+        protected=False
         for form_field in input.value:
             key = form_field.name
             value = form_field.value
             if key == "fields":
                 props = value.split(",")
+            if key == "@protected":
+                # allow client to request read only
+                # properties like creator, activity etc.
+                protected = value.lower() == "true"

         if props is None:
-            props = list(sorted(class_obj.properties.keys()))
+            props = list(sorted(class_obj.getprops(protected=protected)))

         try:
             result = [
author	John Rouillard <rouilj@ieee.org>
date	Fri, 08 Mar 2019 22:30:11 -0500
parents	528b902f98fc
children	f576957cbb1f