Mercurial > p > roundup > code
view roundup/cgi/wsgi_handler.py @ 5222:9bf221cebef3
Make properties method return only properties the user can search.
See:
https://sourceforge.net/p/roundup/mailman/roundup-devel/thread/20170405002844.2004B80690%40vm71.cs.umb.edu/#msg35769250
[Roundup-devel] Bug in context/properties, lists properties user can't search.
The HTMLClass::properties() method returns a list of all
properties. This is used when creating sort on/group by filters on
index pages.
However somewhere in the code, a user needs search permission on the
property in order for it to be used for grouping or sorting.
This means the user can choose to sort/group an index page by a
property that they have no search permission for. As a result the
sort/group is ignored. This is confusing.
I have changed the properties method to only return properties the
user has View/Search permissions on. I also added a new cansearch
argument set by default to True. If set to False, all properties
regardless of Search permission are returned.
Doc updated to include the new default operation and mention the use
of cansearch argument.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 05 Apr 2017 21:38:32 -0400 |
| parents | 7aa72c31464d |
| children | 92757447dcf0 35ea9b1efc14 ab37c1705dbf |
line wrap: on
line source
# WSGI interface for Roundup Issue Tracker # # This module is free software, you may redistribute it # and/or modify under the same terms as Python. # import os import cgi import weakref import roundup.instance from roundup.cgi import TranslationService from BaseHTTPServer import BaseHTTPRequestHandler, DEFAULT_ERROR_MESSAGE class Writer(object): '''Perform a start_response if need be when we start writing.''' def __init__(self, request): self.request = request #weakref.ref(request) def write(self, data): f = self.request.get_wfile() self.write = f return f(data) class RequestDispatcher(object): def __init__(self, home, debug=False, timing=False, lang=None): assert os.path.isdir(home), '%r is not a directory'%(home,) self.home = home self.debug = debug self.timing = timing if lang: self.translator = TranslationService.get_translation(lang, tracker_home=home) else: self.translator = None def __call__(self, environ, start_response): """Initialize with `apache.Request` object""" self.environ = environ request = RequestDispatcher(self.home, self.debug, self.timing) request.__start_response = start_response request.wfile = Writer(request) request.__wfile = None if environ ['REQUEST_METHOD'] == 'OPTIONS': code = 501 message, explain = BaseHTTPRequestHandler.responses[code] request.start_response([('Content-Type', 'text/html'), ('Connection', 'close')], code) request.wfile.write(DEFAULT_ERROR_MESSAGE % locals()) return [] tracker = roundup.instance.open(self.home, not self.debug) # need to strip the leading '/' environ["PATH_INFO"] = environ["PATH_INFO"][1:] if request.timing: environ["CGI_SHOW_TIMING"] = request.timing form = cgi.FieldStorage(fp=environ['wsgi.input'], environ=environ) client = tracker.Client(tracker, request, environ, form, request.translator) try: client.main() except roundup.cgi.client.NotFound: request.start_response([('Content-Type', 'text/html')], 404) request.wfile.write('Not found: %s'%client.path) # all body data has been written using wfile return [] def start_response(self, headers, response_code): """Set HTTP response code""" message, explain = BaseHTTPRequestHandler.responses[response_code] self.__wfile = self.__start_response('%d %s'%(response_code, message), headers) def get_wfile(self): if self.__wfile is None: raise ValueError, 'start_response() not called' return self.__wfile