Mercurial > p > roundup > code
changeset 1149:7ae32787d981
more doc
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Mon, 16 Sep 2002 04:28:59 +0000 |
| parents | 20d42d7e4642 |
| children | 22c78fb54af4 |
| files | doc/customizing.txt |
| diffstat | 1 files changed, 22 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/doc/customizing.txt Mon Sep 16 02:22:23 2002 +0000 +++ b/doc/customizing.txt Mon Sep 16 04:28:59 2002 +0000 @@ -2,7 +2,7 @@ Customising Roundup =================== -:Version: $Revision: 1.37 $ +:Version: $Revision: 1.38 $ .. This document borrows from the ZopeBook section on ZPT. The original is at: http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx @@ -1847,11 +1847,28 @@ </tal:block> </select> -For extra security, you may wish to overload the hasEditItemPermission method -on your tracker's interfaces.Client class to enforce the Permission -requirement:: +For extra security, you may wish to set up an auditor to enforce the +Permission requirement:: -XXX + def assignedtoMustBeFixer(db, cl, nodeid, newvalues): + ''' Ensure the assignedto value in newvalues is a used with the Fixer + Permission + ''' + if not newvalues.has_key('assignedto'): + # don't care + return + + # get the userid + userid = newvalues['assignedto'] + if not db.security.hasPermission('Fixer', userid, cl.classname): + raise ValueError, 'You do not have permission to edit %s'%cl.classname + + def init(db): + db.issue.audit('set', assignedtoMustBeFixer) + db.issue.audit('create', assignedtoMustBeFixer) + +So now, if the edit attempts to set the assignedto to a user that doesn't have +the "Fixer" Permission, the error will be raised. -------------------