Mercurial > p > roundup > code

view roundup/actions.py @ 7322:485cecfba982

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Simplify TOC; older docs pushed a level down; Consolidate debugging Restructured docs.txt. Pulled out older documents into Old Docs. I wish I could add whitespace between documents in the toc. Current order split into groupings: Roundup Features Roundup Features Installing Roundup Upgrading to newer versions of Roundup Reporting Security Issues with Roundup Roundup FAQ User Guide Customising Roundup REST API for Roundup XML-RPC access to Roundup Roundup Reference Roundup Glossary Administration Guide License Acknowledgements Other Docs debugging.txt removed. Its contents replaced a reference in developer.txt. Added olderdocs for: docs/upgrading-history docs/tracker_templates Design Overview <docs/overview> Design (original) <docs/design> docs/developers Notes about the MySQL Database backend <docs/mysql> Notes about the PostgreSQL Database backend <docs/postgresql> Richard Jones implementation notes <docs/implementation> docs/security-history to keep them out of the docs.txt sidebar.
author John Rouillard <rouilj@ieee.org>
date Thu, 11 May 2023 13:50:57 -0400
parents 4c9acc580769
children 1287b0c3d261
line wrap: on
line source

#
# Copyright (C) 2009 Stefan Seefeld
# All rights reserved.
# For license terms see the file COPYING.txt.
# Actions used in REST and XMLRPC APIs
#

from roundup.exceptions import Unauthorised
from roundup import hyperdb


class Action:
    def __init__(self, db, translator):
        self.db = db
        self.translator = translator

    def handle(self, *args):
        """Action handler procedure"""
        raise NotImplementedError

    def execute(self, *args):
        """Execute the action specified by this object."""

        self.permission(*args)
        return self.handle(*args)

    def permission(self, *args):
        """Check whether the user has permission to execute this action.

        If not, raise Unauthorised."""

        pass

    def gettext(self, msgid):
        """Return the localized translation of msgid"""
        return self.translator.gettext(msgid)

    _ = gettext


class PermCheck(Action):
    def permission(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)
        perm = self.db.security.hasPermission

        if not perm('Retire', self.db.getuid(), classname=classname,
                    itemid=itemid):
            raise Unauthorised(self._('You do not have permission to retire '
                                      'or restore the %(classname)s class.')
                               % locals())


class Retire(PermCheck):

    def handle(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        # make sure we don't try to retire admin or anonymous
        if (classname == 'user' and
            self.db.user.get(itemid, 'username') in ('admin', 'anonymous')):

            raise ValueError(self._(
                'You may not retire the admin or anonymous user'))

        # do the retire
        self.db.getclass(classname).retire(itemid)
        self.db.commit()


class Restore(PermCheck):

    def handle(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        # do the restore
        self.db.getclass(classname).restore(itemid)
        self.db.commit()
Roundup Issue Tracker: http://roundup-tracker.org/