Message7056
I am unable to list users and display their properties through xmlrpc remote access. I am getting the following error using admin user (even when i use a default tracker):
xmlrpclib.Fault: <Fault 1: "<class 'roundup.exceptions.Unauthorised'>:Permission to view username of user1 denied">
My current roundup is configured with mod_python handler. The security permissions in schema.py looks like:
db.security.addPermissionToRole('User', 'View', 'user')
# Users should be able to edit their own details -- this permission is
# limited to only the situation where the Viewed or Edited item is their own.
def own_record(db, userid, itemid):
'''Determine whether the userid matches the item being accessed.'''
return userid == itemid
p = db.security.addPermission(name='View', klass='user', check=own_record,
description="User is allowed to view their own user details")
db.security.addPermissionToRole('User', p)
p = db.security.addPermission(name='Edit', klass='user', check=own_record,
properties=('username', 'password', 'address', 'realname', 'phone',
'organisation', 'alternate_addresses', 'queries', 'timezone'),
description="User is allowed to edit their own user details")
db.security.addPermissionToRole('User', p)
# Users should be able to edit and view their own queries. They should also
# be able to view any marked as not private. They should not be able to
# edit others' queries, even if they're not private
def view_query(db, userid, itemid):
private_for = db.query.get(itemid, 'private_for')
if not private_for: return True
return userid == private_for
def edit_query(db, userid, itemid):
return userid == db.query.get(itemid, 'creator')
p = db.security.addPermission(name='View', klass='query', check=view_query,
description="User is allowed to view their own and public queries")
db.security.addPermissionToRole('User', p)
p = db.security.addPermission(name='Search', klass='query')
db.security.addPermissionToRole('User', p)
p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
description="User is allowed to edit their queries")
db.security.addPermissionToRole('User', p)
p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
description="User is allowed to retire their queries")
db.security.addPermissionToRole('User', p)
p = db.security.addPermission(name='Create', klass='query',
description="User is allowed to create queries")
db.security.addPermissionToRole('User', p) |
|
Date |
User |
Action |
Args |
2021-02-02 09:38:00 | zafati | set | recipients:
+ zafati |
2021-02-02 09:37:59 | zafati | set | messageid: <1612258679.96.0.0753593509866.issue2551111@roundup.psfhosted.org> |
2021-02-02 09:37:59 | zafati | link | issue2551111 messages |
2021-02-02 09:37:58 | zafati | create | |
|