Mercurial > p > roundup > code

view doc/features.txt @ 8412:0663a7bcef6c reauth-confirm_id

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
feat: finish reauth docs, enhance code. Decided to keep name Reauth for now. admin_guide.txt: add reference mark to roundup admin help. Used for template command reference in upgrading.txt. customizing.txt: added worked example of adding a reauth auditor for address and password. Also links to OWASP recommendations. Added link to example code in design.doc on detectors. glossary.txt: reference using roundup-admin template command in def for tracker templates. pydoc.txt: Added methods for Client class. Added class and methods for (cgi) Action, LoginAction and ReauthAction. reference.txt Edited and restructured detector section. Added section on registering a detector and priority use/execution order. (reference to design doc was used before). Added/enhanced description of exception an auditor can raise (includes Reauth). Added section on Reauth implementation and use (Confirming the User). Also has paragraph on future ideas. upgrading.txt Stripped down the original section. Moved a lot to reference.txt. Referenced customizing example, mention installation of _generic.reauth.html and reference reference.txt. cgi/actions.py: fixed bad ReST that was breaking pydoc.txt processing changed doc on limitations of Reauth code. added docstring for Reauth::verifyPassword cgi/client.py: fix ReST for a method breaking pydoc.py processing cgi/templating.py: fix docstring on embed_form_fields templates/*/html/_generic.reauth.html disable spelling for password field add timing info to the javascript function that processes file data. reformat javascript IIFE templates/jinja2/html/_generic.reauth.html create a valid jinja2 template. Looks like my original jinja template got overwritten and committed. feature parity with the other reauth templates. test/test_liveserver.py add test case for Reauth workflow. Makefile add doc.
author John Rouillard <rouilj@ieee.org>
date Wed, 13 Aug 2025 23:52:49 -0400
parents a0f9ef08c36c
children 695399dea532
line wrap: on
line source

.. meta::
    :description:
        Features of using the Roundup Issue Tracker. Describes
        all access methods, configuration and workflow capabilities.
	Links to detailed documentation.

================
Roundup Features
================

Roundup is an easy-to-use and -install issue-tracking system with
web, e-mail and command-line interfaces. Based on the winning design
from Ka-Ping Yee in the :index:`Software Carpentry` "Track" design
competition. 

**Installation and Setup**

- Start using the software in `instant-gratification (demo) mode`_ with
  ``python demo.py`` or `a Docker container`_ in under 5 minutes. 
- Choose from `five included templates`_ for your tracker.
- `Customize`_ and use the demo as a template for your production tracker.
- No need for additional support software, just Python (3.7+)
  to get started.
- Basic installation (including a web interface) takes about 30 minutes.
- Supports embedded databases like `SQLite`_ and dbm. Upgradable
  to databases like `MySQL`_ or `PostgreSQL`_ if needed.
- Can be run in a container like Docker or kubernetes.
- Deploy in your network as a standalone web server or `through
  various methods`_ like WSGI, FastCGI, plain CGI, etc.
- Essential tracking features depend on the Python standard
  library. Supplementary packages from PyPI are optional and can be
  tailored to fit your unique threat model and security needs.

**Issue Tracking and Management**

- Manage your issues your way. Handle bugs, features, milestones, 
  user feedback, fleet maintenance, office issues etc.
- Issues become a mini mailing list to keep everyone informed.
- Searches on specific properties (e.g. open issues with a high
  priority) can be saved and reused or shared with other users.
- Full Text Search for quick searches across messages.
- Keeps a detailed history of issue changes.
- Email is a first class method for interacting with issues.

**Scalability and Performance**

- Default trackers use simple HTML with low resource requirements.
- Fast and scalable with sqlite, mysql, and postgresql backends.
- Indexes are automatically configured.
- Supports full-text indexing engines (xapian, whoosh, SQLite,
  PostgreSQL) for large trackers.

**Customization**

- The database schema can be updated to `track additional data`_.
- The web interface can be redesigned to fit your workflow.
- Extensible web interface with various features like `wizards`_,
  bug displays, etc.
- Add business rules using `auditors and reactors`_ for actions before
  and after database changes.
- Comprehensive documentation for customization, installation,
  maintenance, and user guidance.

**Data Security, Privacy and Authorization**

- Your data remains on your servers.
- You can choose if AI can access the data.
- Can use HTTPS for security over the web.
- Fine-grained authorization (`ABAC`_, `ReBAC`_, `RBAC`_) based on
  user, resource, and external properties.

.. _`ABAC`: https://en.wikipedia.org/wiki/Attribute-based_access_control 
.. _`ReBAC`: https://en.wikipedia.org/wiki/Relationship-based_access_control
.. _`RBAC`: https://en.wikipedia.org/wiki/Role-based_access_control

**Documentation and User Management**

- Users can sign up through the web interface or new user creation
  can be limited to admin users.
- Can use an `external user database`_ (LDAP, password file)
- Self-serve password reset for users via email.

**Email Integration and Automation**

- Update issues via email with new messages and the ability to
  change properties of issues (e.g. close an issue).
- Secure email handling with features like TLS, APOP, IMAPS/OAUTH.
- Optional auto-registration for email users.
- Configurable nosy list for each issue controls email notifications.
- Proper handling of email attachments and content types.

**Command-Line and API Access**

- Manage database interactively from the command line.
- Automate modifications using standard shell scripting.
- Python programs can use the Roundup Python API to manage/automate issues.
- Sample scripts provided for various tasks.

**Remote Access Interfaces**

- `RESTful API`_ accessible with basic HTTP authentication or optional JWT.
- `XMLRPC interface`_ for remote tracker access with basic
  HTTP authentication.
- Configurable CORS support for third-party web pages.
- Ability to `generate and authenticate JSON Web Tokens (JWT)
  <rest.html#changing-access-roles-with-json-web-tokens>`_.

.. _`auditors and reactors`: reference.html#auditor-or-reactor
.. _`customize`: customizing.html
.. _`external user database`: customizing.html#using-external-user-databases
.. _`five included templates`: installation.html#choosing-your-template
.. _`instant-gratification (demo) mode`:
     installation.html#for-the-really-impatient
.. _`a Docker container`: installation.html#running-in-demo-mode-with-docker
.. _mysql: https://pypi.org/project/MySQL-python/
.. _postgresql: https://www.psycopg.org/
.. _`restful api`: rest.html
.. _`run in a container`: installation.html#docker-support
.. _sqlite: https://www.sqlite.org/index.html
.. _`track additional data`:
    customizing.html#adding-a-new-field-to-the-classic-schema
.. _`through various methods`: installation.html#configure-a-web-interface
.. _wizards:
   customizing.html#setting-up-a-wizard-or-druid-for-controlled-adding-of-issues
.. _`xmlrpc interface`: xmlrpc.html
Roundup Issue Tracker: http://roundup-tracker.org/