Mercurial > p > roundup > code
changeset 1058:a55ef5a98fd3
more docco... and we need to check for web access Permission!
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 06 Sep 2002 03:21:30 +0000 |
| parents | 8b9feca82090 |
| children | 3f20880c2a7e |
| files | TODO.txt doc/customizing.txt roundup/cgi/client.py roundup/templates/classic/html/user.item |
| diffstat | 4 files changed, 89 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/TODO.txt Fri Sep 06 03:08:35 2002 +0000 +++ b/TODO.txt Fri Sep 06 03:21:30 2002 +0000 @@ -47,14 +47,15 @@ query values pending web: have roundup.cgi pick up instance config from the environment pending web: UNIX init.d script for roundup-server -pending web: rewritten documentation (can come after the beta though so stuff - is settled) pending web: modify cgitb to handle PageTemplate errors better (see how Zope handles __traceback_supplement__ and __traceback_info__) pending web: title is stoopid +pending web: rewritten documentation (can come after the beta though so stuff + is settled) ... including relevant file names in customisation doc bug: request.url is incorrect in cgi-bin environments + done web: Re-enable link backrefs from messages (feature request #568714) (RJ) done web: have the page layout (header/footer) be templatable (RJ) done web: fixing the templating so it works (RJ)
--- a/doc/customizing.txt Fri Sep 06 03:08:35 2002 +0000 +++ b/doc/customizing.txt Fri Sep 06 03:21:30 2002 +0000 @@ -2,7 +2,7 @@ Customising Roundup =================== -:Version: $Revision: 1.17 $ +:Version: $Revision: 1.18 $ .. contents:: @@ -675,6 +675,86 @@ - only classname suplied: "index" - full item designator supplied: "item" +Actions are triggered by using a ``:action`` CGI variable, where the value is +one of: + +login + Attempt to log a user in. +logout + Log the user out - make them "anonymous". +register + Attempt to create a new user based on the contents of the form and then log + them in. +edit + Perform an edit of an item in the database. There are some special form + elements you may use: + + :link=designator:property and :multilink=designator:property + The value specifies a node designator and the property on that + node to add _this_ node to as a link or multilink. + __note + Create a message and attach it to the current node's + "messages" property. + __file + Create a file and attach it to the current node's + "files" property. Attach the file to the message created from + the __note if it's supplied. + :required=property,property,... + The named properties are required to be filled in the form. + +new + Add a new item to the database. You may use the same special form elements + as in the "edit" action. + +editCSV + Performs an edit of all of a class' items in one go. See also the + *class*.csv templating method which generates the CSV data to be edited, and + the "_generic.index" template which uses both of these features. + +search + Mangle some of the form variables. + + Set the form ":filter" variable based on the values of the + filter variables - if they're set to anything other than + "dontcare" then add them to :filter. + + Also handle the ":queryname" variable and save off the query to + the user's query list. + +Each of the actions is implemented by a corresponding *name*Action method on +the roundup.cgi.Client class, which also happens to be in your instance as +interfaces.Client. So if you need to define new actions, you may add them +there (see `definining new web actions`_). + +Each action also has a corresponding *name*Permission method which determines +whether the action is permissible given the current user. The base permission +checks are: + +login + XXX TODO +logout + No permission checks are made. +register + Determine whether the user has permission to register + Base behaviour is to check the user has "Web Registration". +edit + Determine whether the user has permission to edit this item. + Base behaviour is to check the user can edit this class. If we're + editing the "user" class, users are allowed to edit their own + details. Unless it's the "roles" property, which requires the + special Permission "Web Roles". +new + Determine whether the user has permission to create (edit) this item. + Base behaviour is to check the user can edit this class. No + additional property checks are made. Additionally, new user items + may be created if the user has the "Web Registration" Permission. +editCSV + Determine whether the user has permission to edit this class. + Base behaviour is to check the user can edit this class. +search + Determine whether the user has permission to search this class. + Base behaviour is to check the user can view this class. + Repurcussions of changing the instance schema ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- a/roundup/cgi/client.py Fri Sep 06 03:08:35 2002 +0000 +++ b/roundup/cgi/client.py Fri Sep 06 03:21:30 2002 +0000 @@ -1,4 +1,4 @@ -# $Id: client.py,v 1.16 2002-09-05 23:48:55 richard Exp $ +# $Id: client.py,v 1.17 2002-09-06 03:21:30 richard Exp $ __doc__ = """ WWW request handler (also used in the stand-alone server). @@ -496,6 +496,8 @@ self.error_message.append(_('Incorrect password')) return + # XXX check for web access permission!!!! + # set the session cookie self.set_cookie(self.user, password)
--- a/roundup/templates/classic/html/user.item Fri Sep 06 03:08:35 2002 +0000 +++ b/roundup/templates/classic/html/user.item Fri Sep 06 03:21:30 2002 +0000 @@ -11,6 +11,8 @@ <tal:block tal:condition="editok"> <form method="POST" onSubmit="return submit_once()" enctype="multipart/form-data"> +<input type="hidden" name=":required" value="username,address"> + <table class="form"> <tr> <th>Name</th>