Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)

Author: Ralf Schlatterbeck

CHANGES.txt

@@ -7,6 +7,7 @@ Richard Jones did the change.
 Features:
 
 - Add explicit "Search" permissions, see Security Fix below.
+- Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
 
 Fixed:
 

doc/xmlrpc.txt

@@ -65,6 +65,12 @@ set     arguments: *designator, arg_1 ... arg_N*
         ``designator``. The new values are specified in ``arg_1`` through
         ``arg_N``. The arguments are name=value pairs (e.g. ``status='3'``).
 
+lookup  arguments: *classname, key_value*
+
+        looks up the key_value for the given class. The class needs to
+        have a key and the user needs search permission on the key
+        attribute and id for the given classname.
+
 filter  arguments: *classname, list or None, attributes*
 
         list can be None (requires ``allow_none=True`` when
@@ -100,3 +106,5 @@ sample python client
         []
         >>> roundup_server.filter('user',[],{'username':'adm'})
         []
+        >>> roundup_server.lookup('user','admin')
+        '1'

roundup/xmlrpc.py

@@ -99,6 +99,15 @@ def filter(self, classname, search_matches, filterspec,
         x = [id for id in result if check('View', uid, classname, itemid=id)]
         return x
 
+    def lookup(self, classname, key):
+        cl = self.db.getclass(classname)
+        uid = self.db.getuid()
+        prop = cl.getkey()
+        check = self.db.security.hasSearchPermission
+        if not check(uid, classname, 'id') or not check(uid, classname, prop):
+            raise Unauthorised('Permission to search %s denied'%classname)
+        return cl.lookup(key)
+
     def display(self, designator, *properties):
         classname, itemid = hyperdb.splitDesignator(designator)
         cl = self.db.getclass(classname)