Roundup Tracker - Issues


Author schlatterbeck
Recipients ber, pefu, rouilj, schlatterbeck, techtonik, thomas_ah
Date 2016-07-05.08:34:19
Message-id <>
In-reply-to <> <>
On Tue, Jul 05, 2016 at 08:21:44AM +0000, Peter Funk wrote:
> I just made a quick test and the behaviour of
> has changed since I wrote msg5487 back in march this year:
> I was now able to edit my user record there in 
> But still no luck here : "You do not have permission to edit user".

- works
- but doesn't

On Mon, Jul 04, 2016 at 08:48:31PM +0000, John Rouillard wrote:
> Hmm the schema looks right *I am looking in hg:website/issues/
> Pefu has both User an Developer roles.
> # Users should be able to edit their own details -- this permission is
> # limited to only the situation where the Viewed or Edited item is their
> own.
> def own_record(db, userid, itemid):
>     '''Determine whether the userid matches the item being accessed.'''
>     return userid == itemid
> p ='View', klass='user', check=own_record,
>     description="User is allowed to view their own user details")
> for r in 'User', 'Developer', 'Coordinator':
>, p)
> p ='Edit', klass='user', check=own_record,
>     description="User is allowed to edit their own user details",
>     properties=('username', 'password',
>                 'address', 'realname',
>                 'phone', 'organization',
>                 'alternate_addresses',
>                 'queries',
>                 'timezone')) # Note: 'roles' excluded - users should not
> be able to edit their own roles.
> for r in 'User', 'Developer':
>, p)
> Bern, Ralf ideas?

Looks right to me.
Maybe the version running the tracker is not the latest?

Date User Action Args
2016-07-05 08:34:20schlatterbecksetrecipients: + schlatterbeck, ber, rouilj, thomas_ah, techtonik, pefu
2016-07-05 08:34:20schlatterbecklinkissue2550903 messages
2016-07-05 08:34:19schlatterbeckcreate