rev |
line source |
pankso@64
|
1
|
pankso@64
|
2 #
|
pankso@64
|
3 # TRACKER SCHEMA
|
pankso@64
|
4 #
|
pankso@64
|
5
|
pankso@64
|
6 # Class automatically gets these properties:
|
pankso@64
|
7 # creation = Date()
|
pankso@64
|
8 # activity = Date()
|
pankso@64
|
9 # creator = Link('user')
|
pankso@64
|
10 # actor = Link('user')
|
pankso@64
|
11
|
pankso@64
|
12 # Priorities
|
pankso@64
|
13 pri = Class(db, "priority",
|
pankso@64
|
14 name=String(),
|
pankso@64
|
15 order=Number())
|
pankso@64
|
16 pri.setkey("name")
|
pankso@64
|
17
|
pankso@64
|
18 # Statuses
|
pankso@64
|
19 stat = Class(db, "status",
|
pankso@64
|
20 name=String(),
|
pankso@64
|
21 order=Number())
|
pankso@64
|
22 stat.setkey("name")
|
pankso@64
|
23
|
pankso@64
|
24 # Keywords
|
pankso@64
|
25 keyword = Class(db, "keyword",
|
pankso@64
|
26 name=String())
|
pankso@64
|
27 keyword.setkey("name")
|
pankso@64
|
28
|
pankso@64
|
29 # User-defined saved searches
|
pankso@64
|
30 query = Class(db, "query",
|
pankso@64
|
31 klass=String(),
|
pankso@64
|
32 name=String(),
|
pankso@64
|
33 url=String(),
|
pankso@64
|
34 private_for=Link('user'))
|
pankso@64
|
35
|
pankso@64
|
36 # add any additional database schema configuration here
|
pankso@64
|
37
|
pankso@64
|
38 user = Class(db, "user",
|
pankso@64
|
39 username=String(),
|
pankso@64
|
40 password=Password(),
|
pankso@64
|
41 address=String(),
|
pankso@64
|
42 realname=String(),
|
pankso@64
|
43 website=String(),
|
pankso@64
|
44 alternate_addresses=String(),
|
pankso@64
|
45 queries=Multilink('query'),
|
pankso@64
|
46 roles=String(), # comma-separated string of Role names
|
pankso@64
|
47 timezone=String())
|
pankso@64
|
48 user.setkey("username")
|
pankso@64
|
49 db.security.addPermission(name='Register', klass='user',
|
pankso@64
|
50 description='User is allowed to register new user')
|
pankso@64
|
51
|
pankso@64
|
52 # FileClass automatically gets this property in addition to the Class ones:
|
pankso@64
|
53 # content = String() [saved to disk in <tracker home>/db/files/]
|
pankso@64
|
54 # type = String() [MIME type of the content, default 'text/plain']
|
pankso@64
|
55 msg = FileClass(db, "msg",
|
pankso@64
|
56 author=Link("user", do_journal='no'),
|
pankso@64
|
57 recipients=Multilink("user", do_journal='no'),
|
pankso@64
|
58 date=Date(),
|
pankso@64
|
59 summary=String(),
|
pankso@64
|
60 files=Multilink("file"),
|
pankso@64
|
61 messageid=String(),
|
pankso@64
|
62 inreplyto=String())
|
pankso@64
|
63
|
pankso@64
|
64 file = FileClass(db, "file",
|
pankso@64
|
65 name=String())
|
pankso@64
|
66
|
pankso@64
|
67 # IssueClass automatically gets these properties in addition to the Class ones:
|
pankso@64
|
68 # title = String()
|
pankso@64
|
69 # messages = Multilink("msg")
|
pankso@64
|
70 # files = Multilink("file")
|
pankso@64
|
71 # nosy = Multilink("user")
|
pankso@64
|
72 # superseder = Multilink("issue")
|
pankso@64
|
73 issue = IssueClass(db, "issue",
|
pankso@64
|
74 assignedto=Link("user"),
|
pankso@64
|
75 keyword=Multilink("keyword"),
|
pankso@64
|
76 priority=Link("priority"),
|
pankso@64
|
77 status=Link("status"))
|
pankso@64
|
78
|
pankso@64
|
79 #
|
pankso@64
|
80 # TRACKER SECURITY SETTINGS
|
pankso@64
|
81 #
|
pankso@64
|
82 # See the configuration and customisation document for information
|
pankso@64
|
83 # about security setup.
|
pankso@64
|
84
|
pankso@64
|
85 #
|
pankso@64
|
86 # REGULAR USERS
|
pankso@64
|
87 #
|
pankso@64
|
88 # Give the regular users access to the web and email interface
|
pankso@64
|
89 db.security.addPermissionToRole('User', 'Web Access')
|
pankso@64
|
90 db.security.addPermissionToRole('User', 'Email Access')
|
pankso@64
|
91
|
pankso@64
|
92 # Assign the access and edit Permissions for issue, file and message
|
pankso@64
|
93 # to regular users now
|
pankso@64
|
94 for cl in 'issue', 'file', 'msg', 'keyword':
|
pankso@64
|
95 db.security.addPermissionToRole('User', 'View', cl)
|
pankso@64
|
96 db.security.addPermissionToRole('User', 'Edit', cl)
|
pankso@64
|
97 db.security.addPermissionToRole('User', 'Create', cl)
|
pankso@64
|
98 for cl in 'priority', 'status':
|
pankso@64
|
99 db.security.addPermissionToRole('User', 'View', cl)
|
pankso@64
|
100
|
pankso@64
|
101 # May users view other user information? Comment these lines out
|
pankso@64
|
102 # if you don't want them to
|
pankso@64
|
103 db.security.addPermissionToRole('User', 'View', 'user')
|
pankso@64
|
104
|
pankso@64
|
105 # Users should be able to edit their own details -- this permission is
|
pankso@64
|
106 # limited to only the situation where the Viewed or Edited item is their own.
|
pankso@64
|
107 def own_record(db, userid, itemid):
|
pankso@64
|
108 '''Determine whether the userid matches the item being accessed.'''
|
pankso@64
|
109 return userid == itemid
|
pankso@64
|
110 p = db.security.addPermission(name='View', klass='user', check=own_record,
|
pankso@64
|
111 description="User is allowed to view their own user details")
|
pankso@64
|
112 db.security.addPermissionToRole('User', p)
|
pankso@64
|
113 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
|
pankso@64
|
114 properties=('username', 'password', 'address', 'realname', 'website',
|
pankso@64
|
115 'alternate_addresses', 'queries', 'timezone'),
|
pankso@64
|
116 description="User is allowed to edit their own user details")
|
pankso@64
|
117 db.security.addPermissionToRole('User', p)
|
pankso@64
|
118
|
pankso@64
|
119 # Users should be able to edit and view their own queries. They should also
|
pankso@64
|
120 # be able to view any marked as not private. They should not be able to
|
pankso@64
|
121 # edit others' queries, even if they're not private
|
pankso@64
|
122 def view_query(db, userid, itemid):
|
pankso@64
|
123 private_for = db.query.get(itemid, 'private_for')
|
pankso@64
|
124 if not private_for: return True
|
pankso@64
|
125 return userid == private_for
|
pankso@64
|
126 def edit_query(db, userid, itemid):
|
pankso@64
|
127 return userid == db.query.get(itemid, 'creator')
|
pankso@64
|
128 p = db.security.addPermission(name='View', klass='query', check=view_query,
|
pankso@64
|
129 description="User is allowed to view their own and public queries")
|
pankso@64
|
130 db.security.addPermissionToRole('User', p)
|
pankso@64
|
131 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
|
pankso@64
|
132 description="User is allowed to edit their queries")
|
pankso@64
|
133 db.security.addPermissionToRole('User', p)
|
pankso@64
|
134 p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
|
pankso@64
|
135 description="User is allowed to retire their queries")
|
pankso@64
|
136 db.security.addPermissionToRole('User', p)
|
pankso@64
|
137 p = db.security.addPermission(name='Create', klass='query',
|
pankso@64
|
138 description="User is allowed to create queries")
|
pankso@64
|
139 db.security.addPermissionToRole('User', p)
|
pankso@64
|
140
|
pankso@64
|
141
|
pankso@64
|
142 #
|
pankso@64
|
143 # ANONYMOUS USER PERMISSIONS
|
pankso@64
|
144 #
|
pankso@64
|
145 # Let anonymous users access the web interface. Note that almost all
|
pankso@64
|
146 # trackers will need this Permission. The only situation where it's not
|
pankso@64
|
147 # required is in a tracker that uses an HTTP Basic Authenticated front-end.
|
pankso@64
|
148 db.security.addPermissionToRole('Anonymous', 'Web Access')
|
pankso@64
|
149
|
pankso@64
|
150 # Let anonymous users access the email interface (note that this implies
|
pankso@64
|
151 # that they will be registered automatically, hence they will need the
|
pankso@64
|
152 # "Create" user Permission below)
|
pankso@64
|
153 # This is disabled by default to stop spam from auto-registering users on
|
pankso@64
|
154 # public trackers.
|
pankso@64
|
155 #db.security.addPermissionToRole('Anonymous', 'Email Access')
|
pankso@64
|
156
|
pankso@64
|
157 # Assign the appropriate permissions to the anonymous user's Anonymous
|
pankso@64
|
158 # Role. Choices here are:
|
pankso@64
|
159 # - Allow anonymous users to register
|
pankso@64
|
160 db.security.addPermissionToRole('Anonymous', 'Register', 'user')
|
pankso@64
|
161
|
pankso@64
|
162 # Allow anonymous users access to view issues (and the related, linked
|
pankso@64
|
163 # information)
|
pankso@64
|
164 for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status':
|
pankso@64
|
165 db.security.addPermissionToRole('Anonymous', 'View', cl)
|
pankso@64
|
166
|
pankso@64
|
167 # [OPTIONAL]
|
pankso@64
|
168 # Allow anonymous users access to create or edit "issue" items (and the
|
pankso@64
|
169 # related file and message items)
|
pankso@64
|
170 #for cl in 'issue', 'file', 'msg':
|
pankso@64
|
171 # db.security.addPermissionToRole('Anonymous', 'Create', cl)
|
pankso@64
|
172 # db.security.addPermissionToRole('Anonymous', 'Edit', cl)
|
pankso@64
|
173
|
pankso@64
|
174
|
pankso@64
|
175 # vim: set filetype=python sts=4 sw=4 et si :
|
pankso@64
|
176 #SHA: d935a2b51c5922fb4e7a5fefc5ed70ef5fcbcac8
|