Mercurial > p > roundup > code

view roundup/actions.py @ 5200:16a8a3f0772c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Reset state of: self.db.security.set_props_only_default(False) at end of testGetPermission. I thought each test_X module had a fresh environment an load of all modules. I guess that is not the case as not resetting the props_only default to false seemed to bleed into the testAuthFilter in text_xmlrpc.py. However the funny part is it only caused problem in travis ci. Not in my manual running of the full test suite on two platforms. However I am pulling errors because the framework is not skipping the postgres tests for text_xmlrpc. Maybe that failure is hiding something?? If I run just the test_xmlrpc module I would not expect an issue since the security test suite won't be invoked. I am using different versions of the test harness and python so maybe.....
author John Rouillard <rouilj@ieee.org>
date Sat, 18 Mar 2017 15:12:39 -0400
parents a7541077cf12
children ed02a1e0aa5d
line wrap: on
line source

#
# Copyright (C) 2009 Stefan Seefeld
# All rights reserved.
# For license terms see the file COPYING.txt.
#

from roundup.exceptions import Unauthorised
from roundup import hyperdb
from roundup.i18n import _

class Action:
    def __init__(self, db, translator):
        self.db = db
        self.translator = translator

    def handle(self, *args):
        """Action handler procedure"""
        raise NotImplementedError

    def execute(self, *args):
        """Execute the action specified by this object."""

        self.permission(*args)
        return self.handle(*args)


    def permission(self, *args):
        """Check whether the user has permission to execute this action.

        If not, raise Unauthorised."""

        pass


    def gettext(self, msgid):
        """Return the localized translation of msgid"""
        return self.translator.gettext(msgid)


    _ = gettext


class Retire(Action):

    def handle(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        # make sure we don't try to retire admin or anonymous
        if (classname == 'user' and
            self.db.user.get(itemid, 'username') in ('admin', 'anonymous')):
            raise ValueError(self._(
                'You may not retire the admin or anonymous user'))

        # do the retire
        self.db.getclass(classname).retire(itemid)
        self.db.commit()


    def permission(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        if not self.db.security.hasPermission('Edit', self.db.getuid(),
                                              classname=classname, itemid=itemid):
            raise Unauthorised(self._('You do not have permission to '
                                      'retire the %(classname)s class.')%classname)
Roundup Issue Tracker: http://roundup-tracker.org/