Mercurial > p > roundup > code

diff share/roundup/templates/minimal/schema.py @ 4308:b30bdfae4461

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix security hole allowing user permission escalation (thanks Ralf Schlatterbeck) also update docs and prepare for a release
author Richard Jones <richard@users.sourceforge.net>
date Sun, 20 Dec 2009 23:24:21 +0000
parents 42331c201b02
children 0c54c846ea6a
line wrap: on
line diff
--- a/share/roundup/templates/minimal/schema.py	Fri Dec 18 11:00:34 2009 +0000
+++ b/share/roundup/templates/minimal/schema.py	Sun Dec 20 23:24:21 2009 +0000
@@ -41,6 +41,7 @@
     description="User is allowed to view their own user details")
 db.security.addPermissionToRole('User', p)
 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
+    properties=('username', 'password', 'address', 'alternate_addresses'),
     description="User is allowed to edit their own user details")
 db.security.addPermissionToRole('User', p)
Roundup Issue Tracker: http://roundup-tracker.org/