Mercurial > p > roundup > code

view roundup/actions.py @ 5095:d3ba0b254dbb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
The patch to implement: Validate properties specified for sorting and grouping in index views. Original patch from martin.v.loewis via: https://hg.python.org/tracker/roundup/rev/439bd3060df2 Applied by John Rouillard with some modification to properly identify if the bad property is a sort or grouping property. Tests added. has an issue with the current code base. Apparently sometime it can be entered without self.classname being defined. As a result the property lookup fails. So guard it by checking for self.classname in a couple of spots and if self.classname is not set just append the property and let the target action sort it out.
author John Rouillard <rouilj@ieee.org>
date Wed, 22 Jun 2016 21:29:14 -0400
parents a7541077cf12
children ed02a1e0aa5d
line wrap: on
line source

#
# Copyright (C) 2009 Stefan Seefeld
# All rights reserved.
# For license terms see the file COPYING.txt.
#

from roundup.exceptions import Unauthorised
from roundup import hyperdb
from roundup.i18n import _

class Action:
    def __init__(self, db, translator):
        self.db = db
        self.translator = translator

    def handle(self, *args):
        """Action handler procedure"""
        raise NotImplementedError

    def execute(self, *args):
        """Execute the action specified by this object."""

        self.permission(*args)
        return self.handle(*args)


    def permission(self, *args):
        """Check whether the user has permission to execute this action.

        If not, raise Unauthorised."""

        pass


    def gettext(self, msgid):
        """Return the localized translation of msgid"""
        return self.translator.gettext(msgid)


    _ = gettext


class Retire(Action):

    def handle(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        # make sure we don't try to retire admin or anonymous
        if (classname == 'user' and
            self.db.user.get(itemid, 'username') in ('admin', 'anonymous')):
            raise ValueError(self._(
                'You may not retire the admin or anonymous user'))

        # do the retire
        self.db.getclass(classname).retire(itemid)
        self.db.commit()


    def permission(self, designator):

        classname, itemid = hyperdb.splitDesignator(designator)

        if not self.db.security.hasPermission('Edit', self.db.getuid(),
                                              classname=classname, itemid=itemid):
            raise Unauthorised(self._('You do not have permission to '
                                      'retire the %(classname)s class.')%classname)
Roundup Issue Tracker: http://roundup-tracker.org/