Mitigation for issue2551246 -u opton to roundup-admin

The -u option ignores the password and doesn't limit access to the
data.

Not a huge issue as currently anybody running it must have read access
to the tracker home and all the credentials. So they can change the
data directly using a db client or read anything they want.

But this wasn't documented. Now it is.

Author: rouilj

CHANGES.txt

@@ -50,6 +50,8 @@ Fixed:
   more than one issue with a matching parent message, fall back to
   subject matching. See upgrading.txt for details. (John Rouillard)
 - issue2551195 - port scripts from optparse to argparse (Ralf Schlatterbeck)
+- issue2551246 - mitigation, document how -u doesn't work for
+  roundup-admin. (John Rouillard)
 
 Features:
 
@@ -182,6 +184,9 @@ Fixed:
   if the user doesn't have edit permissions. (John Rouillard)
 - issue2551216 - create new mysql databases using COLLATE
   utf8_general_ci to prevent crashes in test suite. (John Rouillard)
+- issue2551146 - fix issues with strings that have multiple %s
+  substutions that were not labeled making i18n difficult/impossible.
+  (John Rouillard)
 
 Features:
 

doc/admin_guide.txt

@@ -878,6 +878,22 @@ A brief (incomplete) summary is::
 
 Run ``roundup-admin help commands`` for a complete list of subcommands.
 
+One thing to note, The ``-u user`` setting does not currently operate
+like a user logging in via the web. The user running roundup-admin
+must have read access to the tracker home directory. As a result the
+user has access to the files and the database info contained in
+config.ini.
+
+Using ``-u user`` sets the actor/user parameter in the
+journal. Changes that are made are attributed to that
+user. The password is ignored if provided. Any existing
+username has full access to the data just like the admin
+user. This is an area for further development so that
+roundup-admin could be used with sudo to provide secure
+command line access to a tracker.
+
+In general you should forget that there is a -u parameter.
+
 .. _`customisation documentation`: customizing.html
 .. _`upgrading documentation`: upgrading.html
 .. _`installation documentation`: installation.html

doc/user_guide.txt

@@ -850,6 +850,20 @@ login may be specified as either "``name``" or "``name:password``".
 If either the name or password is not supplied, they are obtained from
 the command-line.
 
+The ``-u user`` setting does not currently operate like a
+user logging in via the web. The user running roundup-admin
+must have read access to the tracker home directory. As a
+result the user has access to the files and the database
+info contained in config.ini.
+
+Using ``-u user`` sets the actor/user parameter in the
+journal. Changes that are made are attributed to that
+user. The password is ignored if provided. Any existing
+username has full access to the data just like the admin
+user. This is an area for further development so that
+roundup-admin could be used with sudo to provide secure
+command line access to a tracker.
+
 When you initialise a new tracker instance you are prompted for the
 admin password. If you want to initialise a tracker non-interactively
 you can put the initialise command and password on the command

roundup/admin.py

@@ -240,7 +240,7 @@ def help_all(self):
  . ROUNDUP_LOGIN environment variable
  . the -u command-line option
 If either the name or password is not supplied, they are obtained from the
-command-line.
+command-line. (See admin guide before using -u.)
 
 Date format examples:
   "2000-04-17.03:45" means <Date 2000-04-17.08:45:00>