Index: roundup/mailgw.py =================================================================== --- roundup/mailgw.py (revision 4385) +++ roundup/mailgw.py (working copy) @@ -1130,7 +1130,7 @@ # Don't create users if anonymous isn't allowed to register create = 1 anonid = self.db.user.lookup('anonymous') - if not (self.db.security.hasPermission('Create', anonid, 'user') + if not (self.db.security.hasPermission('Register', anonid, 'user') and self.db.security.hasPermission('Email Access', anonid)): create = 0 @@ -1150,7 +1150,7 @@ from_address = from_list[0][1] registration_info = "" if self.db.security.hasPermission('Web Access', author) and \ - self.db.security.hasPermission('Create', anonid, 'user'): + self.db.security.hasPermission('Register', anonid, 'user'): tracker_web = self.instance.config.TRACKER_WEB registration_info = """ Please register at: Index: doc/upgrading.txt =================================================================== --- doc/upgrading.txt (revision 4385) +++ doc/upgrading.txt (working copy) @@ -76,6 +76,29 @@ +Grant the "Register" permission to the Anonymous role +----------------------------------------------------- + +A separate "Register" permission has been introduced to allow +anonymous users to register. This means you will need to add the +following to your tracker's ``schema.py`` to add the permission and +assign it to the Anonymous role (replacing any previously assigned +"Create user" permission for the Anonymous role): + + +db.security.addPermission(name='Register', klass='user', + + description='User is allowed to register new user') + + # Assign the appropriate permissions to the anonymous user's Anonymous + # Role. Choices here are: + # - Allow anonymous users to register + -db.security.addPermissionToRole('Anonymous', 'Create', 'user') + +db.security.addPermissionToRole('Anonymous', 'Register', 'user') + +The lines marked "+" should be added and lines marked "-" should be +deleted (minus the "+"/"-" signs). + + + Migrating from 1.4.x to 1.4.7 =============================