Mercurial > p > roundup > code

view roundup/actions.py @ 4781:6e9b9743de89

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implementation for: http://issues.roundup-tracker.org/issue2550731 Add mechanism for the detectors to be able to tell the source of the data changes. Support for tx_Source property on database handle. Can be used by detectors to find out the source of a change in an auditor to block changes arriving by unauthenticated mechanisms (e.g. plain email where headers can be faked). The property db.tx_Source has the following values: * None - Default value set to None. May be valid if it's a script that is created by the user. Otherwise it's an error and indicates that some code path is not properly setting the tx_Source property. * "cli" - this string value is set when using roundup-admin and supplied scripts. * "web" - this string value is set when using any web based technique: html interface, xmlrpc .... * "email" - this string value is set when using an unauthenticated email based technique. * "email-sig-openpgp" - this string value is set when email with a valid pgp signature is used. (*NOTE* the testing for this mode is incomplete. If you have a pgp infrastructure you should test and verify that this is properly set.) This also includes some (possibly incomplete) tests cases for the modes above and an example of using ts_Source in the customization.txt document.
author John Rouillard <rouilj@ieee.org>
date Tue, 23 Apr 2013 23:06:09 -0400
parents 13b3155869e0
children a7541077cf12
line wrap: on
line source

#
# Copyright (C) 2009 Stefan Seefeld
# All rights reserved.
# For license terms see the file COPYING.txt.
#

from roundup.exceptions import *
from roundup import hyperdb
from roundup.i18n import _

class Action:
    def __init__(self, db, translator):
        self.db = db
        self.translator = translator

    def handle(self, *args):
        """Action handler procedure"""
        raise NotImplementedError

    def execute(self, *args):
        """Execute the action specified by this object."""

        self.permission(*args)
        return self.handle(*args)


    def permission(self, *args):
        """Check whether the user has permission to execute this action.

        If not, raise Unauthorised."""

        pass


    def gettext(self, msgid):
        """Return the localized translation of msgid"""
        return self.translator.gettext(msgid)


    _ = gettext


class Retire(Action):

    def handle(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        # make sure we don't try to retire admin or anonymous
        if (classname == 'user' and
            self.db.user.get(itemid, 'username') in ('admin', 'anonymous')):
            raise ValueError(self._(
                'You may not retire the admin or anonymous user'))

        # do the retire
        self.db.getclass(classname).retire(itemid)
        self.db.commit()


    def permission(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        if not self.db.security.hasPermission('Edit', self.db.getuid(),
                                              classname=classname, itemid=itemid):
            raise Unauthorised(self._('You do not have permission to '
                                      'retire the %(classname)s class.')%classname)
Roundup Issue Tracker: http://roundup-tracker.org/