roundup-tracker
diff --git a/‎CHANGES.txt‎
Lines changed: 5 additions & 1 deletion b/‎CHANGES.txt‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎doc/customizing.txt‎
Lines changed: 25 additions & 1 deletion b/‎doc/customizing.txt‎
Lines changed: 25 additions & 1 deletion
diff --git a/‎doc/design.txt‎
Lines changed: 26 additions & 20 deletions b/‎doc/design.txt‎
Lines changed: 26 additions & 20 deletions
diff --git a/‎doc/whatsnew-0.8.txt‎
Lines changed: 13 additions & 1 deletion b/‎doc/whatsnew-0.8.txt‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎roundup/cgi/templating.py‎
Lines changed: 34 additions & 17 deletions b/‎roundup/cgi/templating.py‎
Lines changed: 34 additions & 17 deletions
@@ -1,12 +1,16 @@
 This file contains the changes to the Roundup system over time. The entries
 are given with the most recent entry first.
 
-2005-01-?? 0.8.0
+2005-01-?? 0.8.0b3
 Fixed:
 - fix roundup-server log and PID file paths to be absolute
 - fix initialisation of roundup-server in daemon mode so initialisation
   errors are visible
 - fix: 'Logout' link was enabled on issue index page only
+- have Permissions only test the check function if itemid is suppled
+- modify index templates to check for row-level Permission
+- more documentation of security mechanisms
+- better unit tests for security mechanisms
 
 
 2005-01-13 0.8.0b2
 
@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.161.2.4 $
+:Version: $Revision: 1.161.2.5 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -51,6 +51,7 @@ extensions/         Additional web actions and templating utilities.
 html/               Web interface templates, images and style sheets         
 =================== ======================================================== 
 
+
 Tracker Configuration
 =====================
 
@@ -855,6 +856,29 @@ Put together, these settings appear in the tracker's ``schema.py`` file::
     #   db.security.addPermissionToRole('Anonymous', p)
 
 
+Automatic Permission Checks
+---------------------------
+
+Permissions are automatically checked when information is rendered
+through the web. This includes:
+
+1. View checks for properties when being rendered via the ``plain()`` or
+   similar methods. If the check fails, the text "[hidden]" will be
+   displayed.
+2. Edit checks for properties when the edit field is being rendered via
+   the ``field()`` or similar methods. If the check fails, the property
+   will be rendered via the ``plain()`` method (see point 1. for subsequent
+   checking performed)
+3. View checks are performed in index pages for each item being displayed
+   such that if the user does not have permission, the row is not rendered.
+4. View checks are performed at the top of item pages for the Item being
+   displayed. If the user does not have permission, the text "You are not
+   allowed to view this page." will be displayed.
+5. View checks are performed at the top of index pages for the Class being
+   displayed. If the user does not have permission, the text "You are not
+   allowed to view this page." will be displayed.
+
+
 New User Roles
 --------------
 
 
@@ -1384,11 +1384,12 @@ this path, and allow the multiple assignment of Roles to Users, and
 multiple Permissions to Roles. These definitions are not persistent -
 they're defined when the application initialises.
 
-There will be two levels of Permission. The Class level permissions
+There will be three levels of Permission. The Class level permissions
 define logical permissions associated with all items of a particular
 class (or all classes). The Item level permissions define logical
 permissions associated with specific items by way of their user-linked
-properties.
+properties. The Property level permissions define logical permissions
+associated with a specific property of an item.
 
 
 Access Control Interface Specification
@@ -1430,36 +1431,41 @@ The security module defines::
                 the base roles (for admin user).
             '''
 
-        def getPermission(self, permission, classname=None):
-            ''' Find the Permission matching the name and for the class,
-                if the classname is specified.
+        def getPermission(self, permission, classname=None, properties=None,
+                check=None):
+            ''' Find the Permission exactly matching the name, class,
+                properties list and check function.
 
                 Raise ValueError if there is no exact match.
             '''
 
-        def hasPermission(self, permission, userid, classname=None):
+        def hasPermission(self, permission, userid, classname=None,
+                property=None, itemid=None):
             ''' Look through all the Roles, and hence Permissions, and
-                see if "permission" is there for the specified
-                classname.
-            '''
+                see if "permission" exists given the constraints of
+                classname, property and itemid.
+
+                If classname is specified (and only classname) then the
+                search will match if there is *any* Permission for that
+                classname, even if the Permission has additional
+                constraints.
 
-        def hasItemPermission(self, classname, itemid, **propspec):
-            ''' Check the named properties of the given item to see if
-                the userid appears in them. If it does, then the user is
-                granted this permission check.
+                If property is specified, the Permission matched must have
+                either no properties listed or the property must appear in
+                the list.
 
-                'propspec' consists of a set of properties and values
-                that must be present on the given item for access to be
-                granted.
+                If itemid is specified, the Permission matched must have
+                either no check function defined or the check function,
+                when invoked, must return a True value.
 
-                If a property is a Link, the value must match the
-                property value. If a property is a Multilink, the value
-                must appear in the Multilink list.
+                Note that this functionality is actually implemented by the
+                Permission.test() method.
             '''
 
         def addPermission(self, **propspec):
             ''' Create a new Permission with the properties defined in
-                'propspec'
+                'propspec'. See the Permission class for the possible
+                keyword args.
             '''
 
         def addRole(self, **propspec):
 
@@ -66,6 +66,19 @@ only specific properties on items.
 Permissions may also have code attached which is executed to check whether
 the Permission is valid for the current user and item.
 
+Permissions are now automatically checked when information is rendered
+through the web. This includes:
+
+1. View checks for properties when being rendered via the ``plain()`` or
+   similar methods. If the check fails, the text "[hidden]" will be
+   displayed.
+2. Edit checks for properties when the edit field is being rendered via
+   the ``field()`` or similar methods. If the check fails, the property
+   will be rendered via the ``plain()`` method (see point 1. for additional
+   checking performed)
+3. View checks are performed in index pages for each item being displayed
+   such that if the user does not have permission, the row is not rendered.
+
 
 Extending Roundup
 =================
@@ -134,7 +147,6 @@ Templating
 
   The listing popup may be used in query forms.
 
-
 Standard templates
   We hide "(list)" popup links when issue is only viewable
 
 
@@ -656,7 +656,8 @@ def submit(self, label=''"Submit New Entry"):
             self.input(type="submit", name="submit", value=self._(label))
 
     def history(self):
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
         return self._('New node - no history')
 
     def renderWith(self, name, **kwargs):
@@ -774,7 +775,8 @@ def journal(self, direction='descending'):
         return []
 
     def history(self, direction='descending', dre=re.compile('^\d+$')):
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         # pre-load the history with the current state
         current = {}
@@ -1143,7 +1145,8 @@ def plain(self, escape=0, hyperlink=0):
         - "hyperlink" turns on/off in-text hyperlinking of URLs, email
           addresses and designators
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         if self._value is None:
             return ''
@@ -1163,7 +1166,8 @@ def stext(self, escape=0):
 
             This requires the StructureText module to be installed separately.
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         s = self.plain(escape=escape)
         if not StructuredText:
@@ -1206,7 +1210,8 @@ def multiline(self, escape=0, rows=5, cols=40):
     def email(self, escape=1):
         ''' Render the value of the property as an obscured email address
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         if self._value is None:
             value = ''
@@ -1227,7 +1232,8 @@ class PasswordHTMLProperty(HTMLProperty):
     def plain(self):
         ''' Render a "plain" representation of the property
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         if self._value is None:
             return ''
@@ -1260,7 +1266,8 @@ class NumberHTMLProperty(HTMLProperty):
     def plain(self):
         ''' Render a "plain" representation of the property
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         if self._value is None:
             return ''
@@ -1298,7 +1305,8 @@ class BooleanHTMLProperty(HTMLProperty):
     def plain(self):
         ''' Render a "plain" representation of the property
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         if self._value is None:
             return ''
@@ -1342,7 +1350,8 @@ def __init__(self, client, classname, nodeid, prop, name, value,
     def plain(self):
         ''' Render a "plain" representation of the property
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         if self._value is None:
             return ''
@@ -1358,7 +1367,8 @@ def now(self, str_interval=None):
             This is useful for defaulting a new value. Returns a
             DateHTMLProperty.
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         ret = date.Date('.', translator=self._client)
 
@@ -1427,7 +1437,8 @@ def reldate(self, pretty=1):
 
             If the "pretty" flag is true, then make the display pretty.
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         if not self._value:
             return ''
@@ -1446,7 +1457,8 @@ def pretty(self, format=_marker):
             string, then it'll be stripped from the output. This is handy
             for the situatin when a date only specifies a month and a year.
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         if not self._value:
             return ''
@@ -1458,7 +1470,8 @@ def pretty(self, format=_marker):
     def local(self, offset):
         ''' Return the date/time as a local (timezone offset) date/time.
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         return DateHTMLProperty(self._client, self._classname, self._nodeid,
             self._prop, self._formname, self._value, offset=offset)
@@ -1474,7 +1487,8 @@ def __init__(self, client, classname, nodeid, prop, name, value,
     def plain(self):
         ''' Render a "plain" representation of the property
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         if self._value is None:
             return ''
@@ -1483,7 +1497,8 @@ def plain(self):
     def pretty(self):
         ''' Render the interval in a pretty format (eg. "yesterday")
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         return self._value.pretty()
 
@@ -1531,7 +1546,8 @@ def __getattr__(self, attr):
     def plain(self, escape=0):
         ''' Render a "plain" representation of the property
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         if self._value is None:
             return ''
@@ -1683,7 +1699,8 @@ def reverse(self):
     def plain(self, escape=0):
         ''' Render a "plain" representation of the property
         '''
-        self.view_check()
+        if not self.is_view_ok():
+            return _('[hidden]')
 
         linkcl = self._db.classes[self._prop.classname]
         k = linkcl.labelprop(1)