Mercurial > p > roundup > code

diff doc/customizing.txt @ 3260:e41e1540a287

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix provisional user so they can view their own record
author Richard Jones <richard@users.sourceforge.net>
date Tue, 05 Apr 2005 22:58:31 +0000
parents 1cbde34afa77
children 3124e578db02
line wrap: on
line diff
--- a/doc/customizing.txt	Tue Apr 05 01:06:54 2005 +0000
+++ b/doc/customizing.txt	Tue Apr 05 22:58:31 2005 +0000
@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.175 $
+:Version: $Revision: 1.176 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -4058,6 +4058,16 @@
     db.security.addPermissionToRole('Provisional User', 'Web Access')
     db.security.addPermissionToRole('Provisional User', 'Email Access')
 
+    # make sure they can view & edit their own user record
+    def own_record(db, userid, itemid):
+        '''Determine whether the userid matches the item being accessed.'''
+        return userid == itemid
+    p = db.security.addPermission(name='View', klass='user', check=own_record,
+        description="User is allowed to view their own user details")
+    db.security.addPermissionToRole('Provisional User', p)
+    p = db.security.addPermission(name='Edit', klass='user', check=own_record,
+        description="User is allowed to edit their own user details")
+    db.security.addPermissionToRole('Provisional User', p)
 
 Then, in ``config.ini``, we change the Role assigned to newly-registered
 users, replacing the existing ``'User'`` values::
Roundup Issue Tracker: http://roundup-tracker.org/