Issue 1407342
Created on 2006-01-16 13:37 by anonymous, last changed 2006-01-20 02:11 by richard.
|
| msg2104 |
Author: [hidden] (anonymous) |
Date: 2006-01-16 13:37 |
|
When I define a permission checking function for a
permission (using the `check' argument of
db.security.addPermission), the checking function is
ignored on retire. So for instance, if I permit
editing only a certain subset of items in the checking
function, the given role can change only items from
that subset, while it can retire *any* item from the
given table.
Since this behaviour is counterintuitive and I couldn't
find it described in the documentation I think it is a bug.
FWIW, I use the following code in my extensions to work
around the problem:
class RetireAction (roundup.cgi.actions.RetireAction):
def hasPermission (self, permission,
classname=roundup.cgi.actions.RetireAction._marker,
itemid=None):
if itemid is None:
itemid = self.nodeid
return
roundup.cgi.actions.RetireAction.hasPermission (self,
permission, classname, itemid)
-- Milan Zamazal <pdm@zamazal.org>
|
| msg2105 |
Author: [hidden] (richard) |
Date: 2006-01-20 02:11 |
|
Logged In: YES
user_id=6405
I have applied your fix.
|
|
| Date |
User |
Action |
Args |
| 2006-01-16 13:37:13 | anonymous | create | |
|