Mercurial > p > roundup > code
diff roundup/admin.py @ 5897:d0aebd4aec72
Provide a method for identifying invalid properties in permissions
issue2551062: roundup-admin security validates all properties in
permissions. It reports invalid properties.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 05 Oct 2019 12:33:23 -0400 |
| parents | b76be13e027e |
| children | 33a7b10618a6 |
line wrap: on
line diff
--- a/roundup/admin.py Wed Oct 02 22:06:02 2019 -0400 +++ b/roundup/admin.py Sat Oct 05 12:33:23 2019 -0400 @@ -1446,6 +1446,17 @@ if permission.properties: sys.stdout.write( _(' %(description)s (%(name)s for "%(klass)s"' + ': %(properties)s only)\n')%d ) + # verify that properties exist; report bad props + bad_props=[] + cl = self.db.getclass(permission.klass) + class_props = cl.getprops(protected=True) + for p in permission.properties: + if p in class_props: + continue + else: + bad_props.append(p) + if bad_props: + sys.stdout.write( _('\n **Invalid properties for %(class)s: %(props)s\n\n') % { "class": permission.klass, "props": bad_props }) else: sys.stdout.write( _(' %(description)s (%(name)s for "%(klass)s" ' + 'only)\n')%d )