Add "rest" and "xmlrpc" values for database tx_Source property

issue2551059: added new values for tx_Source to indicate when /rest
or /xmlrpc endpoint is being used rather than the html web
interface.

Author: rouilj

CHANGES.txt

@@ -94,7 +94,10 @@ Features:
 - issue2551058: Add new permissions: 'Rest Access' and 'Xmlrpc Access'
   to allow per-user access control to rest and xmlrpc interfaces using
   roles.
-
+- issue2551059: added new values for tx_Source to indicate when /rest
+  or /xmlrpc endpoint is being used rather than the normal web
+  endpoints. (John Rouillard)
+  
 Fixed:
 
 - issue2550811: work around Unicode encoding issues in jinja2 template

doc/customizing.txt

@@ -4923,7 +4923,7 @@ directory of your tracker::
            # the nosy field has not changed so no need to check.
            return
 
-       if db.tx_Source in ['web', 'email-sig-openpgp', 'cli' ]:
+       if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]:
 	   # if the source of the transaction is from an authenticated
 	   # source or a privileged process allow the transaction.
 	   # Other possible sources: 'email'

doc/upgrading.txt

@@ -64,6 +64,30 @@ tracker's schema.py and add::
 This is usually included near where other permissions like "Web Access"
 or "Email Access" are assigned.
 
+New values for db.tx_Source
+---------------------------
+
+The database attribute tx_Source reports "xmlrpc" and "rest" when the
+/xmlrpc and /rest web endpoints are used. Check all code (extensions,
+detectors, lib) in trackers looking for tx_Source. If you have code
+like::
+
+    if db.tx_Source == "web":
+
+or::
+
+    if db.tx_Source in ['web', 'email-sig-openpgp', 'cli' ]:
+
+you may need to change these to include matches to "rest" and
+"xmlrpc". For example::
+
+    if db.tx_Source in [ "web", "rest", "xmlrpc" ]
+
+or::
+
+    if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]:
+
+
 Python 3 support
 ----------------
 

roundup/cgi/client.py

@@ -503,6 +503,7 @@ def handle_xmlrpc(self):
         # Open the database as the correct user.
         try:
             self.determine_user()
+            self.db.tx_Source = "xmlrpc"
         except LoginError as msg:
             output = xmlrpc_.client.dumps(
                 xmlrpc_.client.Fault(401, "%s" % msg),
@@ -557,6 +558,7 @@ def handle_rest(self):
         # TODO: add everything to RestfulDispatcher
         try:
             self.determine_user()
+            self.db.tx_Source = "rest"
         except LoginError as err:
             self.response_code = http_.client.UNAUTHORIZED
             output = s2b("Invalid Login - %s"%str(err))

test/tx_Source_detector.py

@@ -26,7 +26,9 @@ def tx_SourceCheckAudit(db, cl, nodeid, newvalues):
           None - Reported when using a script or it is an error if
                  the change arrives by another method.
           "cli" - reported when using roundup-admin
-          "web" - reported when using any web based technique
+          "web" - reported when using html based web pages
+          "rest" - reported when using the /rest web API
+          "xmlrpc" - reported when using the /xmlrpc web API
           "email" - reported when using an unautheticated email based technique
           "email-sig-openpgp" - reported when email with a valid pgp
                                 signature is used
@@ -51,7 +53,9 @@ def tx_SourceCheckReact(db, cl, nodeid, oldvalues):
           None - Reported when using a script or it is an error if
                  the change arrives by another method.
           "cli" - reported when using roundup-admin
-          "web" - reported when using any web based technique
+          "web" - reported when using html based web pages
+          "rest" - reported when using the /rest web API
+          "xmlrpc" - reported when using the /xmlrpc web API
           "email" - reported when using an unautheticated email based technique
           "email-sig-openpgp" - reported when email with a valid pgp
                                 signature is used