Roundup Tracker - Issues

Message2104

Author anonymous
Recipients
Date 2006-01-16.13:37:13
Message-id
In-reply-to 
When I define a permission checking function for a
permission (using the `check' argument of
db.security.addPermission), the checking function is
ignored on retire.  So for instance, if I permit
editing only a certain subset of items in the checking
function, the given role can change only items from
that subset, while it can retire *any* item from the
given table.  

Since this behaviour is counterintuitive and I couldn't
find it described in the documentation I think it is a bug.

FWIW, I use the following code in my extensions to work
around the problem:

class RetireAction (roundup.cgi.actions.RetireAction):

    def hasPermission (self, permission,
classname=roundup.cgi.actions.RetireAction._marker,
itemid=None):
        if itemid is None:
            itemid = self.nodeid
        return
roundup.cgi.actions.RetireAction.hasPermission (self,
permission, classname, itemid)

-- Milan Zamazal <pdm@zamazal.org>
History
Date User Action Args
2009-02-03 14:21:33adminlinkissue1407342 messages
2009-02-03 14:21:33admincreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020