# HG changeset patch # Parent 72d09bb1ae5c688930b7cc47954014ba3ddd408a # Date 1287066659 -7200 New users get the role "Provisional User" with less privileges. diff -r 72d09bb1ae5c config.ini --- a/config.ini Thu Oct 14 16:10:10 2010 +0200 +++ b/config.ini Thu Oct 14 16:30:59 2010 +0200 @@ -57,12 +57,12 @@ # Roles that a user gets when they register with Web User Interface. # This is a comma-separated string of role names (e.g. 'Admin,User'). # Default: User -new_web_user_roles = User +new_web_user_roles = Provisional User # Roles that a user gets when they register with Email Gateway. # This is a comma-separated string of role names (e.g. 'Admin,User'). # Default: User -new_email_user_roles = User +new_email_user_roles = Provisional User # Send error message emails to the dispatcher, user, or both? # The dispatcher is configured using the DISPATCHER_EMAIL setting. diff -r 72d09bb1ae5c detectors/provuserauditor.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/detectors/provuserauditor.py Thu Oct 14 16:30:59 2010 +0200 @@ -0,0 +1,72 @@ +from roundup.exceptions import Reject + +def list_diff(old, new): + in_old = [x for x in old if x not in new] + in_both = [x for x in new if x in old] + in_new = [x for x in new if x not in old] + return in_old, in_both, in_new + +def creator(db, attribute, value): + if attribute == 'messages': + creator = db.getclass('msg').get(value, 'author') + elif attribute == 'files': + creator = db.getclass('file').get(value, 'creator') + elif attribute == 'nosy': + creator = value + else: + raise ValueError, ("creator called with wrong attribute '%r'" % + (attribute,)) + return creator + +def audit_provuser(db, cl, nodeid, newvalues): + '''Audit Provisional Users + + - allowed to modify their own issues. + - allowed to add some information to other issues. + ''' + role_limits = [ + # role, limited attributes, others unlimited? + ('provisional user', ['messages', 'files', 'nosy'], False), + ] + rejects = { + 'messages': ( + 'Do not remove messages of other users!', + 'Error while adding message!' + ), + 'files': ( + 'Do not remove files of other users!', + 'Error while adding file!' + ), + 'nosy': ( + 'Please do not remove other users from the nosy list.', + 'Please only add yourself to the nosy list.', + ), + } + uid = db.getuid() + if uid != cl.get(nodeid, 'creator'): + roles = [x.lower().strip() for x in db.user.get(uid, 'roles').split(',')] + for role, limited, unlimited in role_limits: + if role in roles: + for key, new in newvalues.items(): + if key in limited: + old = cl.get(nodeid, key) + in_old, in_both, in_new = list_diff(old, new) + for value in in_old: + if creator(db, key, value) != uid: + raise Reject, rejects[key][0] + for value in in_new: + if creator(db, key, value) != uid: + raise Reject, rejects[key][1] + elif not unlimited: + del newvalues[key] + + +def init(db): + # fire before changes are made + db.issue.audit('set', audit_provuser) + db.issue.audit('retire', audit_provuser) + db.issue.audit('restore', audit_provuser) + + + +# vim: set filetype=python ts=4 sw=4 et si diff -r 72d09bb1ae5c html/issue.item.html --- a/html/issue.item.html Thu Oct 14 16:10:10 2010 +0200 +++ b/html/issue.item.html Thu Oct 14 16:30:59 2010 +0200 @@ -54,7 +54,7 @@