update Anonymous Create user to Register user permissions

rouilj · rouilj · commit 8bee3a7de2a0 · 2023-02-02T12:55:27.000-05:00
the devel and responsive tracker templates still had the old Create
user permissions for the anonymous user. Replace with the Regiter
permission that has been the standard since 1.4.11 maybe.

Also update references to Create permission in comment for the Email
Access permission for anon user.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -63,6 +63,8 @@ Fixed:
   different files).
 - Fix Traceback when a numeric order attribute is empty (Ralf
   Schlatterbeck)
+- Update some template schema files to assign Register permissions for the
+  Anonymous user. Replaces the old Create permission. (John Rouillard)
 
 Features:
 
diff --git a/doc/upgrading.txt b/doc/upgrading.txt
@@ -66,8 +66,8 @@ You can then merge any local comments from the tracker's
 ``config.ini`` to ``newconfig.ini`` and replace
 ``config.ini`` with ``newconfig.ini``.
 
-Using the roundup-mailgw script
--------------------------------
+Using the roundup-mailgw script (required)
+------------------------------------------
 
 In previous versions the roundup-mailgw script had a ``-C`` (or
 ``--class``) option for specifying a class to be used with ``-S`` (or
@@ -96,6 +96,24 @@ versions).
 If you do not use the ``-C`` (or ``--class``) option in your current
 setup of mailgw you don't need to change anything.
 
+Replace Create User permission for Anonymous with Register (required)
+---------------------------------------------------------------------
+
+Check your trackers schema.py. If you have the following code::
+
+    db.security.addPermissionToRole('Anonymous', 'Create', 'user')
+
+after the permission for Anonymous 'Email Access', change it to::
+
+    db.security.addPermissionToRole('Anonymous', 'Register', 'user')
+
+The comment for Anonymous 'Email Access' may refer to Create. Change
+it to refer to Register.
+
+This will be an issue if you used the devel or responsive tracker
+templates. If you used a classic, minimal or jinja2 template the
+permission change (but not the comment change) should be done already.
+
 Rdbms version change from 7 to 8 (required)
 -------------------------------------------
 
diff --git a/share/roundup/templates/classic/schema.py b/share/roundup/templates/classic/schema.py
@@ -160,7 +160,7 @@ def edit_query(db, userid, itemid):
 
 # Let anonymous users access the email interface (note that this implies
 # that they will be registered automatically, hence they will need the
-# "Create" user Permission below)
+# "Register" user Permission below)
 # This is disabled by default to stop spam from auto-registering users on
 # public trackers.
 #db.security.addPermissionToRole('Anonymous', 'Email Access')
diff --git a/share/roundup/templates/devel/schema.py b/share/roundup/templates/devel/schema.py
@@ -363,15 +363,15 @@ def edit_query(db, userid, itemid):
 
 # Let anonymous users access the email interface (note that this implies
 # that they will be registered automatically, hence they will need the
-# "Create" user Permission below)
+# "Register" user Permission below)
 # This is disabled by default to stop spam from auto-registering users on
 # public trackers.
 #db.security.addPermissionToRole('Anonymous', 'Email Access')
 
 # Assign the appropriate permissions to the anonymous user's Anonymous
 # Role. Choices here are:
 # - Allow anonymous users to register
-db.security.addPermissionToRole('Anonymous', 'Create', 'user')
+db.security.addPermissionToRole('Anonymous', 'Register', 'user')
 
 # Allow anonymous users access to view issues (and the related, linked
 # information).
diff --git a/share/roundup/templates/jinja2/schema.py b/share/roundup/templates/jinja2/schema.py
@@ -160,7 +160,7 @@ def edit_query(db, userid, itemid):
 
 # Let anonymous users access the email interface (note that this implies
 # that they will be registered automatically, hence they will need the
-# "Create" user Permission below)
+# "Register" user Permission below)
 # This is disabled by default to stop spam from auto-registering users on
 # public trackers.
 #db.security.addPermissionToRole('Anonymous', 'Email Access')
diff --git a/share/roundup/templates/minimal/schema.py b/share/roundup/templates/minimal/schema.py
@@ -61,7 +61,7 @@ def own_record(db, userid, itemid):
 
 # Let anonymous users access the email interface (note that this implies
 # that they will be registered automatically, hence they will need the
-# "Create" user Permission below)
+# "Register" user Permission below)
 db.security.addPermissionToRole('Anonymous', 'Email Access')
 
 # Assign the appropriate permissions to the anonymous user's
diff --git a/share/roundup/templates/responsive/schema.py b/share/roundup/templates/responsive/schema.py
@@ -363,15 +363,15 @@ def edit_query(db, userid, itemid):
 
 # Let anonymous users access the email interface (note that this implies
 # that they will be registered automatically, hence they will need the
-# "Create" user Permission below)
+# "Register" user Permission below)
 # This is disabled by default to stop spam from auto-registering users on
 # public trackers.
 #db.security.addPermissionToRole('Anonymous', 'Email Access')
 
 # Assign the appropriate permissions to the anonymous user's Anonymous
 # Role. Choices here are:
 # - Allow anonymous users to register
-db.security.addPermissionToRole('Anonymous', 'Create', 'user')
+db.security.addPermissionToRole('Anonymous', 'Register', 'user')
 
 # Allow anonymous users access to view issues (and the related, linked
 # information).
