Mercurial > p > roundup > code

diff share/roundup/templates/classic/schema.py @ 8231:984bc9f94ec6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
chore: format schema.pys in templates so ruff is ok. Also makes comparing them easier.
author John Rouillard <rouilj@ieee.org>
date Sat, 21 Dec 2024 15:23:12 -0500
parents c087ad45bf4d
children
line wrap: on
line diff
--- a/share/roundup/templates/classic/schema.py	Thu Dec 19 17:58:10 2024 -0500
+++ b/share/roundup/templates/classic/schema.py	Sat Dec 21 15:23:12 2024 -0500
@@ -103,16 +103,19 @@
 
 # May users view other user information? Comment these lines out
 # if you don't want them to
-p = db.security.addPermission(name='View', klass='user', 
+p = db.security.addPermission(name='View', klass='user',
     properties=('id', 'organisation', 'phone', 'realname', 'timezone',
     'username'))
 db.security.addPermissionToRole('User', p)
 
+
 # Users should be able to edit their own details -- this permission is
 # limited to only the situation where the Viewed or Edited item is their own.
 def own_record(db, userid, itemid):
     '''Determine whether the userid matches the item being accessed.'''
     return userid == itemid
+
+
 p = db.security.addPermission(name='View', klass='user', check=own_record,
     description="User is allowed to view their own user details")
 db.security.addPermissionToRole('User', p)
@@ -122,6 +125,7 @@
     description="User is allowed to edit their own user details")
 db.security.addPermissionToRole('User', p)
 
+
 # Users should be able to edit and view their own queries. They should also
 # be able to view any marked as not private. They should not be able to
 # edit others' queries, even if they're not private
@@ -129,8 +133,12 @@
     private_for = db.query.get(itemid, 'private_for')
     if not private_for: return True
     return userid == private_for
+
+
 def edit_query(db, userid, itemid):
     return userid == db.query.get(itemid, 'creator')
+
+
 p = db.security.addPermission(name='View', klass='query', check=view_query,
     description="User is allowed to view their own and public queries")
 db.security.addPermissionToRole('User', p)
@@ -181,7 +189,7 @@
 # anonymous, you should remove this entry as it can be used to perform
 # a username guessing attack against a roundup install.
 p = db.security.addPermission(name='Search', klass='user')
-db.security.addPermissionToRole ('Anonymous', p)
+db.security.addPermissionToRole('Anonymous', p)
 
 # [OPTIONAL]
 # Allow anonymous users access to create or edit "issue" items (and the
Roundup Issue Tracker: http://roundup-tracker.org/