Created on 2022-11-30 07:05 by rouilj, last changed 2022-11-30 07:05 by rouilj.
|msg7689||Author: [hidden] (rouilj)||Date: 2022-11-30 07:05|
roundup-admin has a -u option that supposedly sets the user. However it does not appear to actually apply the permissions schema that is defined. This isn't a huge problem as it would be for the html interface. In order to use roundup-admin you have to have access to the home directory at the OS level. If you have that you have the password to the database in config.ini. So all this bug does is make using something like: sudo -u roundup roundup-admin -u report -i demo not work as expected. If the report user changes data, the history does log that it was the report user who did the change. For example: roundup-admin -u anonymous -i demo table user id,username,password should return the password entry for the anonymous user only. It returns all passwords. roundup-admin -u anonymous display user1 should not display password etc. It returns all the info (password, addresses etc.) Some commands kind of work. For example: roundup_admin -u foo -i demo history user1 Error: no such class "user" where the user foo doesn't exist is a bit misleading, but doesn't disclose the history. Users demo and anonymous display the info (as in the web interface), so the command is valid. Also there is no need for a password (username:password) that is compared against the database. Not sure that a password is of much use since user validation would be done at the sudo level but there might be a valid use case. I updated the docs with a warning and added a note to the inline help in admin.py.