Message5749
Hmm the schema looks right *I am looking in hg:website/issues/schema.py.
Pefu has both User an Developer roles.
# Users should be able to edit their own details -- this permission is
# limited to only the situation where the Viewed or Edited item is their
own.
def own_record(db, userid, itemid):
'''Determine whether the userid matches the item being accessed.'''
return userid == itemid
p = db.security.addPermission(name='View', klass='user', check=own_record,
description="User is allowed to view their own user details")
for r in 'User', 'Developer', 'Coordinator':
db.security.addPermissionToRole(r, p)
p = db.security.addPermission(name='Edit', klass='user', check=own_record,
description="User is allowed to edit their own user details",
properties=('username', 'password',
'address', 'realname',
'phone', 'organization',
'alternate_addresses',
'queries',
'timezone')) # Note: 'roles' excluded - users should not
be able to edit their own roles.
for r in 'User', 'Developer':
db.security.addPermissionToRole(r, p)
Bern, Ralf ideas? |
|
| Date |
User |
Action |
Args |
| 2016-07-04 20:48:31 | rouilj | set | messageid: <1467665311.6.0.975058318773.issue2550903@psf.upfronthosting.co.za> |
| 2016-07-04 20:48:31 | rouilj | set | recipients:
+ rouilj, schlatterbeck, ber, thomas_ah, techtonik, pefu |
| 2016-07-04 20:48:31 | rouilj | link | issue2550903 messages |
| 2016-07-04 20:48:31 | rouilj | create | |
|