Mercurial > p > roundup > code
diff doc/upgrading.txt @ 5113:cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
This lets the "show unassigned" search work for anonymous.
Patch by Stuart McGraw.
Added warning to upgrading.txt and a comment block before the schema
change in every template tracker except minimal (doesn't have the
search).
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 30 Jun 2016 21:08:15 -0400 |
| parents | 67fad01d2009 |
| children | 722394a48d7b |
line wrap: on
line diff
--- a/doc/upgrading.txt Thu Jun 30 20:38:23 2016 -0400 +++ b/doc/upgrading.txt Thu Jun 30 21:08:15 2016 -0400 @@ -118,6 +118,19 @@ devel templates and has not changed the html/_generic.404.html file, you can copy in the new file to get this additional functionality. +Schema change to allow "Show Unassigned" issues link to work for Anonymous user +------------------------------------------------------------------------------- + +In this release the anonymous user is allowed to search the user +class. The following was added to the schema for all templates that +provide the search option:: + + p = db.security.addPermission(name='Search', klass='user') + db.security.addPermissionToRole ('Anonymous', p) + +If you are running a tracker that **does not** allow read access for +anonymous, you should remove this entry as it can be used to perform +a username guessing attack against a roundup install. Migrating from 1.5.0 to 1.5.1 =============================