|
2 | 2 | Customising Roundup |
3 | 3 | =================== |
4 | 4 |
|
5 | | -:Version: $Revision: 1.37 $ |
| 5 | +:Version: $Revision: 1.38 $ |
6 | 6 |
|
7 | 7 | .. This document borrows from the ZopeBook section on ZPT. The original is at: |
8 | 8 | http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx |
@@ -1847,11 +1847,28 @@ Restricting the list of users that are assignable to a task |
1847 | 1847 | </tal:block> |
1848 | 1848 | </select> |
1849 | 1849 |
|
1850 | | -For extra security, you may wish to overload the hasEditItemPermission method |
1851 | | -on your tracker's interfaces.Client class to enforce the Permission |
1852 | | -requirement:: |
1853 | | - |
1854 | | -XXX |
| 1850 | +For extra security, you may wish to set up an auditor to enforce the |
| 1851 | +Permission requirement:: |
| 1852 | + |
| 1853 | + def assignedtoMustBeFixer(db, cl, nodeid, newvalues): |
| 1854 | + ''' Ensure the assignedto value in newvalues is a used with the Fixer |
| 1855 | + Permission |
| 1856 | + ''' |
| 1857 | + if not newvalues.has_key('assignedto'): |
| 1858 | + # don't care |
| 1859 | + return |
| 1860 | + |
| 1861 | + # get the userid |
| 1862 | + userid = newvalues['assignedto'] |
| 1863 | + if not db.security.hasPermission('Fixer', userid, cl.classname): |
| 1864 | + raise ValueError, 'You do not have permission to edit %s'%cl.classname |
| 1865 | + |
| 1866 | + def init(db): |
| 1867 | + db.issue.audit('set', assignedtoMustBeFixer) |
| 1868 | + db.issue.audit('create', assignedtoMustBeFixer) |
| 1869 | + |
| 1870 | +So now, if the edit attempts to set the assignedto to a user that doesn't have |
| 1871 | +the "Fixer" Permission, the error will be raised. |
1855 | 1872 |
|
1856 | 1873 |
|
1857 | 1874 | ------------------- |
|
0 commit comments