Mercurial > p > roundup > code
diff templates/minimal/schema.py @ 2991:b9a55628a78d
more doc fixes
simplified the security API, and bumped those changes around
a couple more TODO items so I don't forget
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Tue, 07 Dec 2004 23:32:50 +0000 |
| parents | 45c65345e909 |
| children | a4393350e4eb |
line wrap: on
line diff
--- a/templates/minimal/schema.py Fri Dec 03 22:19:41 2004 +0000 +++ b/templates/minimal/schema.py Tue Dec 07 23:32:50 2004 +0000 @@ -25,25 +25,22 @@ # REGULAR USERS # # Give the regular users access to the web and email interface -p = db.security.getPermission('Web Access') -db.security.addPermissionToRole('User', p) -p = db.security.getPermission('Email Access') -db.security.addPermissionToRole('User', p) +db.security.addPermissionToRole('User', 'Web Access') +db.security.addPermissionToRole('User', 'Email Access') # May users view other user information? # Comment these lines out if you don't want them to -p = db.security.getPermission('View', 'user') -db.security.addPermissionToRole('User', p) +db.security.addPermissionToRole('User', 'View', 'user') -# Users should be able to edit their own details. -# Note that this permission is limited to only the situation -# where the Viewed or Edited item is their own. +# Users should be able to edit their own details -- this permission is +# limited to only the situation where the Viewed or Edited item is their own. def own_record(db, userid, itemid): '''Determine whether the userid matches the item being accessed.''' return userid == itemid -p = db.security.addPermission(name='View', klass='user', check=own_record, +p = db.security.addPermission(name='View Self', klass='user', check=own_record, description="User is allowed to view their own user details") -p = db.security.addPermission(name='Edit', klass='user', check=own_record, +db.security.addPermissionToRole('User', p) +p = db.security.addPermission(name='Edit Self', klass='user', check=own_record, description="User is allowed to edit their own user details") db.security.addPermissionToRole('User', p) @@ -53,19 +50,16 @@ # Let anonymous users access the web interface. Note that almost all # trackers will need this Permission. The only situation where it's not # required is in a tracker that uses an HTTP Basic Authenticated front-end. -p = db.security.getPermission('Web Access') -db.security.addPermissionToRole('Anonymous', p) +db.security.addPermissionToRole('Anonymous', 'Web Access') # Let anonymous users access the email interface (note that this implies # that they will be registered automatically, hence they will need the # "Create" user Permission below) -p = db.security.getPermission('Email Access') -db.security.addPermissionToRole('Anonymous', p) +db.security.addPermissionToRole('Anonymous', 'Email Access') # Assign the appropriate permissions to the anonymous user's # Anonymous Role. Choices here are: # - Allow anonymous users to register -p = db.security.getPermission('Create', 'user') -db.security.addPermissionToRole('Anonymous', p) +db.security.addPermissionToRole('Anonymous', 'Create', 'user') # vim: set et sts=4 sw=4 :