@@ -30,11 +30,9 @@ Class.safeget() was removed from the API. Test your item ids before calling
3030Class.get() instead.
3131
3232
33- 0.8.0 new tracker layout
33+ 0.8.0 New tracker layout
3434------------------------
3535
36- XXX describe any mandatory changes to tracker layout
37-
3836The ``config.py`` file has been replaced by ``config.ini``. You may use the
3937roundup-admin command "genconfig" to generate a new config file::
4038
@@ -83,36 +81,78 @@ the `what's new in 0.8`__ documentation for more information.
8381
8482__ whatsnew-0.8.html
8583
86- 0.8.0 8-bit character set support
87- ---------------------------------
8884
89- Added support for custom encodings in http data.
85+ 0.8.0 Permissions Changes
86+ -------------------------
87+
88+ The creation of a new item in the user interfaces is now controlled by the
89+ "Create" Permission. You will need to add an assignment of this Permission
90+ to your users who are allowed to create items. The most common form of this
91+ is the following in your ``schema.py`` added just under the current
92+ assignation of the Edit Permission::
93+
94+ for cl in 'issue', 'file', 'msg', 'query', 'keyword':
95+ p = db.security.getPermission('Create', cl)
96+ db.security.addPermissionToRole('User', p)
97+
98+ You will need to explicitly let anonymous users access the web interface so
99+ that regular users are able to see the login form. Note that almost all
100+ trackers will need this Permission. The only situation where it's not
101+ required is in a tracker that uses an HTTP Basic Authenticated front-end.
102+ It's enabled by adding to your ``schema.py``::
103+
104+ p = db.security.getPermission('Web Access')
105+ db.security.addPermissionToRole('Anonymous', p)
106+
107+ Finally, you will need to enable permission for your users to edit their
108+ own details by adding the following to ``schema.py``::
109+
110+ # Users should be able to edit their own details. Note that this
111+ # permission is limited to only the situation where the Viewed or
112+ # Edited item is their own.
113+ def own_record(db, userid, itemid):
114+ '''Determine whether the userid matches the item being accessed.'''
115+ return userid == itemid
116+ p = db.security.addPermission(name='View', klass='user', check=own_record,
117+ description="User is allowed to view their own user details")
118+ p = db.security.addPermission(name='Edit', klass='user', check=own_record,
119+ description="User is allowed to edit their own user details")
120+ db.security.addPermissionToRole('User', p)
121+
122+
123+ 0.8.0 Use of TemplatingUtils
124+ ----------------------------
125+
126+ If you used custom python functions in TemplatingUtils, they need to
127+ be moved from interfaces.py to a new file in the ``extensions`` directory.
128+ Each Function that should be available through TAL needs to be defined
129+ as a toplevel function in the newly created file. Furthermore you
130+ add an inititialization function, that registers the functions with the
131+ tracker.
132+
133+ If you find this too tedious, donfu wrote an automatic init function that
134+ takes an existing TemplatingUtils class, and registers all class methods
135+ that do not start with an underscore. The following hack should be placed
136+ in the ``extensions`` directory alongside other extensions::
90137
91- Inside Roundup, all strings are stored and processed in utf-8.
92- Unfortunately, some older browsers do not work properly with
93- utf8-encoded pages (e.g. Netscape Navigator 4 displays wrong
94- characters in form fields). This version allows to change
95- the character set for http transfers. To do so, you may add
96- the following code to your ``page.html`` template::
138+ class TemplatingUtils:
139+ # copy from interfaces.py
97140
98- <tal:block define="uri string:${request/base}${request/env/PATH_INFO}">
99- <a tal:attributes="href python:request.indexargs_href(uri,
100- {'@charset':'utf-8'})">utf-8</a>
101- <a tal:attributes="href python:request.indexargs_href(uri,
102- {'@charset':'koi8-r'})">koi8-r</a>
103- </tal:block>
141+ def init(tracker):
142+ util = TemplatingUtils()
104143
105- (substitute ``koi8-r`` with appropriate charset for your language).
106- Charset preference is kept in the browser cookie ``roundup_charset``.
144+ def setClient(tu):
145+ util.client = tu.client
146+ return util
107147
108- Lines ``meta http-equiv`` added to the tracker templates in version 0.6.0
109- should be changed to include actual character set name::
148+ def execUtil(name):
149+ return lambda tu, *args, **kwargs: \
150+ getattr(setClient(tu), name)(*args, **kwargs)
110151
111- <meta http-equiv="Content-Type"
112- tal:attributes="content string:text/html;; charset=${request/client/charset}"
113- />
152+ for name in dir(util):
153+ if callable(getattr(util, name)) and not name.startswith('_'):
154+ tracker.registerUtil(name, execUtil(name))
114155
115- Actual charset is also sent in the http header.
116156
1171570.8.0 Logging Configuration
118158---------------------------
0 commit comments