Mercurial > p > roundup > code
diff doc/upgrading.txt @ 5879:94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
issue2551058: Add new permissions: 'Rest Access' and 'Xmlrpc Access'
to allow per-user access control to rest and xmlrpc interfaces using
roles.
Updated all schemas to add these new perms to all authenticated roles.
Error conditions in handle_xmlrpc were not working right in manual
testing. I tried to make it a little better, but I don't actually
understand how the fault xmlrpc object is supposed to be used. So I
may have messed something up. I'll try to ping the people who wrote
the xmlrpc code to have them review.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Fri, 27 Sep 2019 23:29:59 -0400 |
| parents | e48b039b0ec0 |
| children | 9938c40e03bc |
line wrap: on
line diff
--- a/doc/upgrading.txt Fri Sep 27 20:38:31 2019 -0400 +++ b/doc/upgrading.txt Fri Sep 27 23:29:59 2019 -0400 @@ -50,6 +50,20 @@ recommended to switch to the updated module from https://pypi.org/project/mysqlclient/. +XMLRPC Access Role +------------------ + +A new permission has been added to control access to the XMLRPC +endpoint. If the user doesn't have the new "Xmlrpc Access" permission, +they will not be able to log in using the /xmlrpc end point. To add +this new permission to the "User" role you should change your +tracker's schema.py and add:: + + db.security.addPermissionToRole('User', 'Xmlrpc Access') + +This is usually included near where other permissions like "Web Access" +or "Email Access" are assigned. + Python 3 support ----------------