have roundup server pass though the cause of a "403 Forbidden" response

Richard Jones · Richard Jones · commit 0c5fb006d4b5 · 2004-05-09T23:41:13.000Z
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -7,6 +7,7 @@ Fixed:
 - typo in roundup/instance.py
 - missing CRLF var in rfc822.py (sf patch 949471)
 - fix user creation page
+- have roundup server pass though the cause of a "403 Forbidden" response
 
 
 2004-05-06 0.7.0
diff --git a/doc/upgrading.txt b/doc/upgrading.txt
@@ -6,8 +6,40 @@ Please read each section carefully and edit your tracker home files
 accordingly. Note that there is information about upgrade procedures in the
 `administration guide`_.
 
+If a specific version transition isn't mentioned here (eg. 0.6.7 to 0.6.8)
+then you don't need to do anything. If you're upgrading from 0.5.6 to
+0.6.8 though, you'll need to check the "0.5 to 0.6" and "0.6.x to 0.6.3"
+steps.
+
 .. contents::
 
+Migrating from 0.7.0 to 0.7.1
+=============================
+
+0.7.1 Permission assignments
+----------------------------
+
+If you allow anonymous access to your tracker, you might need to assign
+some additional View (or Edit if your tracker is that open) permissions
+to the "anonymous" user. To do so, find the code in your ``dbinit.py`` that
+says::
+
+    for cl in 'issue', 'file', 'msg', 'query', 'keyword':
+        p = db.security.getPermission('View', cl)
+        db.security.addPermissionToRole('User', p)
+        p = db.security.getPermission('Edit', cl)
+        db.security.addPermissionToRole('User', p)
+    for cl in 'priority', 'status':
+        p = db.security.getPermission('View', cl)
+        db.security.addPermissionToRole('User', p)
+
+Add add a line::
+
+        db.security.addPermissionToRole('Anonymous', p)
+
+next to the existing ``'User'`` lines for the Permissions you wish to
+assign to the anonymous user.
+
 
 Migrating from 0.6 to 0.7
 =========================
diff --git a/roundup/scripts/roundup_server.py b/roundup/scripts/roundup_server.py
@@ -17,7 +17,7 @@
 
 """Command-line script that runs a server over roundup.cgi.client.
 
-$Id: roundup_server.py,v 1.46 2004-04-20 21:57:16 richard Exp $
+$Id: roundup_server.py,v 1.46.2.1 2004-05-09 23:41:13 richard Exp $
 """
 __docformat__ = 'restructuredtext'
 
@@ -94,8 +94,8 @@ def run_cgi(self):
             self.inner_run_cgi()
         except client.NotFound:
             self.send_error(404, self.path)
-        except client.Unauthorised:
-            self.send_error(403, self.path)
+        except client.Unauthorised, message:
+            self.send_error(403, '%s (%s)'%(self.path, message))
         except:
             exc, val, tb = sys.exc_info()
             if hasattr(socket, 'timeout') and isinstance(val, socket.timeout):
