While working on the tracker for python.org, I found I
had to override some permission checking for the
mailgw. To do this without copy/pasting the full
handle_message, I factored out a hasPermissions method
which I could override in interfaces.mailgw. I know
more needs to be done (with the new permissions system
et al), but I would like to see this in Roundup 0.7.7
so I don't have to keep patching Roundup on python.org
every time I upgrade.

Logged In: YES 
user_id=6405

Could I ask exactly what the pydotorg tracker's implementation 
of hasPermission is in this case? 
 
Would the same effect be possible using a Reject exception in 
an auditor? 

Logged In: YES 
user_id=469548

I'm attaching a file with the relevant parts of interfaces.py.

Using a Reject exception is possible, but it would mean I
would have to give everyone the 'Edit' permission to even
get to the auditor. I don't like that, because that would
mean I'd have to override all places in the web frontend
where Edit permissions are checked to check whether they
also have the 'CreateOrReplyToSelf' permission.  In this
patches' scheme, I only have to override those parts where
they could create a class or reply to themselves.  That's
still four places:

actions._EditAction.editItemPermission
actions._EditAction.newItemPermission
templating.HTMLClass.is_edit_ok
templating.HTMLItem.is_edit_ok

but with everyone having Edit permissions, I'd have to
override a couple of other actions (EditCSV, Retire) to lock
them down as well, and I would have to keep watching where
you used Edit permissions next time.

Logged In: YES 
user_id=6405

Eugh. 0.8 makes all this so much easier. 
 
Have applied the patch.