upgrading notes to fix security assertions

Richard Jones · Richard Jones · commit 74d7b94bc95b · 2004-12-15T00:11:50.000Z
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -8,7 +8,8 @@ Fixed:
 - fix typo (sf patch 1076629)
 - fix hyperlinking of items (sf bug 1080251)
 - fix roundup-admin find command handling of Multilinks
-- fix some security assertions (sf bug 1085481)
+- fix some security assertions (sf bug 1085481) (see doc/upgrading.txt for
+  notes)
 
 
 2004-10-26 0.7.9
diff --git a/doc/upgrading.txt b/doc/upgrading.txt
@@ -13,6 +13,35 @@ steps.
 
 .. contents::
 
+Migrating from 0.7.10
+=============================
+
+0.7.10 Security assertions
+--------------------------
+
+Some security assertions were missing in relation to stored query editing.
+You should edit the following tal statements into the ``page.html`` template:
+
+   <p class="classblock">
+    <b>Your Queries</b> (<a href="query?@template=edit">edit</a>)<br>
+
+becomes::
+
+   <p class="classblock"
+      tal:condition="python:request.user.hasPermission('View', 'query')">
+     <b>Your Queries</b> (<a href="query?@template=edit">edit</a>)<br>
+
+And the ``issue.search.html`` template:
+
+  <tr>
+  <th>Query name**:</th>
+
+becomes::
+
+  <tr tal:condition="python:request.user.hasPermission('Edit', 'query')">
+  <th>Query name**:</th>
+
+
 Migrating from 0.7.2 to 0.7.3
 =============================
 
