Mercurial > p > roundup > code
diff templates/classic/schema.py @ 2991:b9a55628a78d
more doc fixes
simplified the security API, and bumped those changes around
a couple more TODO items so I don't forget
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Tue, 07 Dec 2004 23:32:50 +0000 |
| parents | 09e0d37abada |
| children | 14322134dcef |
line wrap: on
line diff
--- a/templates/classic/schema.py Fri Dec 03 22:19:41 2004 +0000 +++ b/templates/classic/schema.py Tue Dec 07 23:32:50 2004 +0000 @@ -85,38 +85,31 @@ # REGULAR USERS # # Give the regular users access to the web and email interface -p = db.security.getPermission('Web Access') -db.security.addPermissionToRole('User', p) -p = db.security.getPermission('Email Access') -db.security.addPermissionToRole('User', p) +db.security.addPermissionToRole('User', 'Web Access') +db.security.addPermissionToRole('User', 'Email Access') # Assign the access and edit Permissions for issue, file and message # to regular users now for cl in 'issue', 'file', 'msg', 'query', 'keyword': - p = db.security.getPermission('View', cl) - db.security.addPermissionToRole('User', p) - p = db.security.getPermission('Edit', cl) - db.security.addPermissionToRole('User', p) - p = db.security.getPermission('Create', cl) - db.security.addPermissionToRole('User', p) + db.security.addPermissionToRole('User', 'View', cl) + db.security.addPermissionToRole('User', 'Edit', cl) + db.security.addPermissionToRole('User', 'Create', cl) for cl in 'priority', 'status': - p = db.security.getPermission('View', cl) - db.security.addPermissionToRole('User', p) + db.security.addPermissionToRole('User', 'View', cl) # May users view other user information? Comment these lines out # if you don't want them to -p = db.security.getPermission('View', 'user') -db.security.addPermissionToRole('User', p) +db.security.addPermissionToRole('User', 'View', 'user') -# Users should be able to edit their own details. Note that this -# permission is limited to only the situation where the Viewed or -# Edited item is their own. +# Users should be able to edit their own details -- this permission is +# limited to only the situation where the Viewed or Edited item is their own. def own_record(db, userid, itemid): '''Determine whether the userid matches the item being accessed.''' return userid == itemid -p = db.security.addPermission(name='View', klass='user', check=own_record, +p = db.security.addPermission(name='View Self', klass='user', check=own_record, description="User is allowed to view their own user details") -p = db.security.addPermission(name='Edit', klass='user', check=own_record, +db.security.addPermissionToRole('User', p) +p = db.security.addPermission(name='Edit Self', klass='user', check=own_record, description="User is allowed to edit their own user details") db.security.addPermissionToRole('User', p) @@ -126,35 +119,29 @@ # Let anonymous users access the web interface. Note that almost all # trackers will need this Permission. The only situation where it's not # required is in a tracker that uses an HTTP Basic Authenticated front-end. -p = db.security.getPermission('Web Access') -db.security.addPermissionToRole('Anonymous', p) +db.security.addPermissionToRole('Anonymous', 'Web Access') # Let anonymous users access the email interface (note that this implies # that they will be registered automatically, hence they will need the # "Create" user Permission below) -p = db.security.getPermission('Email Access') -db.security.addPermissionToRole('Anonymous', p) +db.security.addPermissionToRole('Anonymous', 'Email Access') # Assign the appropriate permissions to the anonymous user's Anonymous # Role. Choices here are: # - Allow anonymous users to register -p = db.security.getPermission('Create', 'user') -db.security.addPermissionToRole('Anonymous', p) +db.security.addPermissionToRole('Anonymous', 'Create', 'user') # Allow anonymous users access to view issues (and the related, linked # information) for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status': - p = db.security.getPermission('View', cl) - db.security.addPermissionToRole('Anonymous', p) + db.security.addPermissionToRole('Anonymous', 'View', cl) # [OPTIONAL] # Allow anonymous users access to create or edit "issue" items (and the # related file and message items) #for cl in 'issue', 'file', 'msg': -# p = db.security.getPermission('Create', cl) -# db.security.addPermissionToRole('Anonymous', p) -# p = db.security.getPermission('Edit', cl) -# db.security.addPermissionToRole('Anonymous', p) +# db.security.addPermissionToRole('Anonymous', 'Create', cl) +# db.security.addPermissionToRole('Anonymous', 'Edit', cl) # vim: set filetype=python sts=4 sw=4 et si :