Mercurial > p > roundup > code

view roundup/actions.py @ 5222:9bf221cebef3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Make properties method return only properties the user can search. See: https://sourceforge.net/p/roundup/mailman/roundup-devel/thread/20170405002844.2004B80690%40vm71.cs.umb.edu/#msg35769250 [Roundup-devel] Bug in context/properties, lists properties user can't search. The HTMLClass::properties() method returns a list of all properties. This is used when creating sort on/group by filters on index pages. However somewhere in the code, a user needs search permission on the property in order for it to be used for grouping or sorting. This means the user can choose to sort/group an index page by a property that they have no search permission for. As a result the sort/group is ignored. This is confusing. I have changed the properties method to only return properties the user has View/Search permissions on. I also added a new cansearch argument set by default to True. If set to False, all properties regardless of Search permission are returned. Doc updated to include the new default operation and mention the use of cansearch argument.
author John Rouillard <rouilj@ieee.org>
date Wed, 05 Apr 2017 21:38:32 -0400
parents a7541077cf12
children ed02a1e0aa5d
line wrap: on
line source

#
# Copyright (C) 2009 Stefan Seefeld
# All rights reserved.
# For license terms see the file COPYING.txt.
#

from roundup.exceptions import Unauthorised
from roundup import hyperdb
from roundup.i18n import _

class Action:
    def __init__(self, db, translator):
        self.db = db
        self.translator = translator

    def handle(self, *args):
        """Action handler procedure"""
        raise NotImplementedError

    def execute(self, *args):
        """Execute the action specified by this object."""

        self.permission(*args)
        return self.handle(*args)


    def permission(self, *args):
        """Check whether the user has permission to execute this action.

        If not, raise Unauthorised."""

        pass


    def gettext(self, msgid):
        """Return the localized translation of msgid"""
        return self.translator.gettext(msgid)


    _ = gettext


class Retire(Action):

    def handle(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        # make sure we don't try to retire admin or anonymous
        if (classname == 'user' and
            self.db.user.get(itemid, 'username') in ('admin', 'anonymous')):
            raise ValueError(self._(
                'You may not retire the admin or anonymous user'))

        # do the retire
        self.db.getclass(classname).retire(itemid)
        self.db.commit()


    def permission(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        if not self.db.security.hasPermission('Edit', self.db.getuid(),
                                              classname=classname, itemid=itemid):
            raise Unauthorised(self._('You do not have permission to '
                                      'retire the %(classname)s class.')%classname)
Roundup Issue Tracker: http://roundup-tracker.org/