Mercurial > p > roundup > code

view roundup/actions.py @ 5272:c6fbd4803eae

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
If you upgrade to the newer query edit interface but did not allow users full access to search queries, the edit interface displays public queries that the user does not own in the section labeled "Queries I created". Updated upgrading.txt to discuss this problem and link back to the 1.4.17 upgrading instructions. Also included schema.py permissions that can be used to make the edit interface work correctly without allow full search access for queries. Updated the test script in the 1.4.17 upgrading instructions to display protected properties (like creator) to make dignosing this easier.
author John Rouillard <rouilj@ieee.org>
date Sat, 23 Sep 2017 13:05:48 -0400
parents a7541077cf12
children ed02a1e0aa5d
line wrap: on
line source

#
# Copyright (C) 2009 Stefan Seefeld
# All rights reserved.
# For license terms see the file COPYING.txt.
#

from roundup.exceptions import Unauthorised
from roundup import hyperdb
from roundup.i18n import _

class Action:
    def __init__(self, db, translator):
        self.db = db
        self.translator = translator

    def handle(self, *args):
        """Action handler procedure"""
        raise NotImplementedError

    def execute(self, *args):
        """Execute the action specified by this object."""

        self.permission(*args)
        return self.handle(*args)


    def permission(self, *args):
        """Check whether the user has permission to execute this action.

        If not, raise Unauthorised."""

        pass


    def gettext(self, msgid):
        """Return the localized translation of msgid"""
        return self.translator.gettext(msgid)


    _ = gettext


class Retire(Action):

    def handle(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        # make sure we don't try to retire admin or anonymous
        if (classname == 'user' and
            self.db.user.get(itemid, 'username') in ('admin', 'anonymous')):
            raise ValueError(self._(
                'You may not retire the admin or anonymous user'))

        # do the retire
        self.db.getclass(classname).retire(itemid)
        self.db.commit()


    def permission(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        if not self.db.security.hasPermission('Edit', self.db.getuid(),
                                              classname=classname, itemid=itemid):
            raise Unauthorised(self._('You do not have permission to '
                                      'retire the %(classname)s class.')%classname)
Roundup Issue Tracker: http://roundup-tracker.org/