Message5758
On Tue, Jul 05, 2016 at 08:21:44AM +0000, Peter Funk wrote:
>
> I just made a quick test and the behaviour of http://bugs.python.org/
> has changed since I wrote msg5487 back in march this year:
> I was now able to edit my user record there in
> http://bugs.python.org/user?@startwith=134&@pagesize=1
>
> But still no luck here : "You do not have permission to edit user".
OK:
- bugs.python.org works
- but http://issues.roundup-tracker.org doesn't
On Mon, Jul 04, 2016 at 08:48:31PM +0000, John Rouillard wrote:
> Hmm the schema looks right *I am looking in hg:website/issues/schema.py.
>
> Pefu has both User an Developer roles.
>
> # Users should be able to edit their own details -- this permission is
> # limited to only the situation where the Viewed or Edited item is their
> own.
> def own_record(db, userid, itemid):
> '''Determine whether the userid matches the item being accessed.'''
> return userid == itemid
> p = db.security.addPermission(name='View', klass='user', check=own_record,
> description="User is allowed to view their own user details")
> for r in 'User', 'Developer', 'Coordinator':
> db.security.addPermissionToRole(r, p)
> p = db.security.addPermission(name='Edit', klass='user', check=own_record,
> description="User is allowed to edit their own user details",
> properties=('username', 'password',
> 'address', 'realname',
> 'phone', 'organization',
> 'alternate_addresses',
> 'queries',
> 'timezone')) # Note: 'roles' excluded - users should not
> be able to edit their own roles.
> for r in 'User', 'Developer':
> db.security.addPermissionToRole(r, p)
>
> Bern, Ralf ideas?
Looks right to me.
Maybe the version running the tracker is not the latest?
Ralf |
|
Date |
User |
Action |
Args |
2016-07-05 08:34:20 | schlatterbeck | set | recipients:
+ schlatterbeck, ber, rouilj, thomas_ah, techtonik, pefu |
2016-07-05 08:34:20 | schlatterbeck | link | issue2550903 messages |
2016-07-05 08:34:19 | schlatterbeck | create | |
|