Roundup Tracker - Issues

Message5052

Author schlatterbeck
Recipients MichaelChou, schlatterbeck
Date 2014-03-31.18:54:01
Message-id <1396292041.99.0.226877229605.issue2550812@psf.upfronthosting.co.za>
In-reply-to 
This is because search permissions in roundup are different from view
permissions. By default a view permission *without* a check function (as
in the statement you removed from schema.py) also automatically creates
a search permission. But if you have a check function you have to add a
search permission like so:

db.security.addPermissionToRole('User', 'Search', 'issue)

after this you should be able to search again. The restriction is there
so that users restricted by a check function can't circumvent the view
permission by specifying search conditions that give them information
about certain restricted properties. This security concern does not
apply to your check function but this cannot be determined automatically.
History
Date User Action Args
2014-03-31 18:54:01schlatterbecksetmessageid: <1396292041.99.0.226877229605.issue2550812@psf.upfronthosting.co.za>
2014-03-31 18:54:01schlatterbecksetrecipients: + schlatterbeck, MichaelChou
2014-03-31 18:54:01schlatterbecklinkissue2550812 messages
2014-03-31 18:54:01schlatterbeckcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020