documentation reorg post-new-security

Author: Richard Jones

TODO.txt

@@ -12,7 +12,6 @@ pending  hyperdb: range searching of values (dates in particular)
            [value, value, ...] implies "in"
 pending  hyperdb: make creator, creation and activity available pre-commit
 pending  hyperdb: migrate "id" property to be Number type
-active   hyperdb: modify design document to include all the changes made
 pending  instance: including much simpler upgrade path and the use of
                    non-Python configuration files (ConfigParser)
 pending  instance: cleanup to support config (feature request #498658)
@@ -30,7 +29,6 @@ pending  mailgw: Allow multiple email addresses at one gw with different default
                    roundup: "|roundup-mailgw /instances/dev"
                    vmbugs: "|roundup-mailgw /instances/dev component=voicemail"
 pending  project: switch to a Roundup instance for Roundup bug/feature tracking
-active   security: add info from doc/security.txt to design doc
 pending  security: at least an LDAP user database implementation
 pending  security: authenticate over a secure connection
 pending  security: use digital signatures in mailgw
@@ -44,6 +42,8 @@ pending  web: Quick help links next to the property labels giving a
               form element too, eg. how to use the nosy list edit box.
 pending  web: feature request #507842
 pending  web: clicking on a group header should filter for that type of entry
+pending  web: have index page handle mid-page errors better so header and footer are
+              still visible!
 
 ongoing  any bugs
 
@@ -52,7 +52,9 @@ done hyperdb: further split the *dbm backends from the core code, allowing
               easier non-dict-like backends (eg metakit, RDB) (RJ)
 done hyperdb: fix the journal bloat (RJ)
 done hyperdb: add Boolean and Number types (GM)
+done hyperdb: update design document (RJ)
 done mailgw: better help message (feature request #558562) (RJ)
+done security: add info from doc/security.txt to design doc (RJ)
 done security: switch to sessions for web authentication (RJ)
 done security: implement and use the new logical control mechanisms
 done web: saving of named queries (GM)

doc/customizing.txt

@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.13 $
+:Version: $Revision: 1.14 $
 
 .. contents::
 
@@ -912,6 +912,46 @@ eliminate sections of the spool section if the property has no entries::
       </tr>
      </property>
 
+
+Security
+--------
+
+A set of Permissions are built in to the security module by default:
+
+- Edit (everything)
+- View (everything)
+
+The default interfaces define:
+
+- Web Registration
+- Email Registration
+
+These are hooked into the default Roles:
+
+- Admin (Edit everything, View everything)
+- User ()
+- Anonymous (Web Registration, Email Registration)
+
+And finally, the "admin" user gets the "Admin" Role, and the "anonymous" user
+gets the "Anonymous" assigned when the database is initialised on installation.
+The two default schemas then define:
+
+- Edit issue, View issue (both)
+- Edit file, View file (both)
+- Edit msg, View msg (both)
+- Edit support, View support (extended only)
+
+and assign those Permissions to the "User" Role. New users are assigned the
+Roles defined in the config file as:
+
+- NEW_WEB_USER_ROLES
+- NEW_EMAIL_USER_ROLES
+
+You may alter the configuration variables to change the Role that new web or
+email users get, for example to not give them access to the web interface if
+they register through email.
+
+
 -----------------
 
 Back to `Table of Contents`_