0958c48d4b107e876e26c6ab2c8e5dec4fc099d3
1 ===================
2 Customising Roundup
3 ===================
5 :Version: $Revision: 1.38 $
7 .. This document borrows from the ZopeBook section on ZPT. The original is at:
8 http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
10 .. contents::
11 :depth: 1
13 What You Can Do
14 ===============
16 Customisation of Roundup can take one of five forms:
18 1. `tracker configuration`_ file changes
19 2. database, or `tracker schema`_ changes
20 3. "definition" class `database content`_ changes
21 4. behavioural changes, through detectors_
22 5. `access controls`_
24 The third case is special because it takes two distinctly different forms
25 depending upon whether the tracker has been initialised or not. The other two
26 may be done at any time, before or after tracker initialisation. Yes, this
27 includes adding or removing properties from classes.
30 Trackers in a Nutshell
31 ======================
33 Trackers have the following structure:
35 =================== ========================================================
36 Tracker File Description
37 =================== ========================================================
38 config.py Holds the basic `tracker configuration`_
39 dbinit.py Holds the `tracker schema`_
40 interfaces.py Defines the Web and E-Mail interfaces for the tracker
41 select_db.py Selects the database back-end for the tracker
42 db/ Holds the tracker's database
43 db/files/ Holds the tracker's upload files and messages
44 detectors/ Auditors and reactors for this tracker
45 html/ Web interface templates, images and style sheets
46 =================== ========================================================
48 Tracker Configuration
49 =====================
51 The config.py located in your tracker home contains the basic
52 configuration for the web and e-mail components of roundup's interfaces. This
53 file is a Python module. The configuration variables available are:
55 **TRACKER_HOME** - ``os.path.split(__file__)[0]``
56 The tracker home directory. The above default code will automatically
57 determine the tracker home for you.
59 **MAILHOST** - ``'localhost'``
60 The SMTP mail host that roundup will use to send e-mail.
62 **MAIL_DOMAIN** - ``'your.tracker.email.domain.example'``
63 The domain name used for email addresses.
65 **DATABASE** - ``os.path.join(TRACKER_HOME, 'db')``
66 This is the directory that the database is going to be stored in. By default
67 it is in the tracker home.
69 **TEMPLATES** - ``os.path.join(TRACKER_HOME, 'html')``
70 This is the directory that the HTML templates reside in. By default they are
71 in the tracker home.
73 **TRACKER_NAME** - ``'Roundup issue tracker'``
74 A descriptive name for your roundup tracker. This is sent out in e-mails and
75 appears in the heading of CGI pages.
77 **TRACKER_EMAIL** - ``'issue_tracker@%s'%MAIL_DOMAIN``
78 The email address that e-mail sent to roundup should go to. Think of it as the
79 tracker's personal e-mail address.
81 **TRACKER_WEB** - ``'http://your.tracker.url.example/'``
82 The web address that the tracker is viewable at. This will be included in
83 information sent to users of the tracker.
85 **ADMIN_EMAIL** - ``'roundup-admin@%s'%MAIL_DOMAIN``
86 The email address that roundup will complain to if it runs into trouble.
88 **MESSAGES_TO_AUTHOR** - ``'yes'`` or``'no'``
89 Send nosy messages to the author of the message.
91 **ADD_AUTHOR_TO_NOSY** - ``'new'``, ``'yes'`` or ``'no'``
92 Does the author of a message get placed on the nosy list automatically?
93 If ``'new'`` is used, then the author will only be added when a message
94 creates a new issue. If ``'yes'``, then the author will be added on followups
95 too. If ``'no'``, they're never added to the nosy.
97 **ADD_RECIPIENTS_TO_NOSY** - ``'new'``, ``'yes'`` or ``'no'``
98 Do the recipients (To:, Cc:) of a message get placed on the nosy list?
99 If ``'new'`` is used, then the recipients will only be added when a message
100 creates a new issue. If ``'yes'``, then the recipients will be added on
101 followups too. If ``'no'``, they're never added to the nosy.
103 **EMAIL_SIGNATURE_POSITION** - ``'top'``, ``'bottom'`` or ``'none'``
104 Where to place the email signature in messages that Roundup generates.
106 **EMAIL_KEEP_QUOTED_TEXT** - ``'yes'`` or ``'no'``
107 Keep email citations. Citations are the part of e-mail which the sender has
108 quoted in their reply to previous e-mail.
110 **EMAIL_LEAVE_BODY_UNCHANGED** - ``'no'``
111 Preserve the email body as is. Enabiling this will cause the entire message
112 body to be stored, including all citations and signatures. It should be
113 either ``'yes'`` or ``'no'``.
115 **MAIL_DEFAULT_CLASS** - ``'issue'`` or ``''``
116 Default class to use in the mailgw if one isn't supplied in email
117 subjects. To disable, comment out the variable below or leave it blank.
119 The default config.py is given below - as you
120 can see, the MAIL_DOMAIN must be edited before any interaction with the
121 tracker is attempted.::
123 # roundup home is this package's directory
124 TRACKER_HOME=os.path.split(__file__)[0]
126 # The SMTP mail host that roundup will use to send mail
127 MAILHOST = 'localhost'
129 # The domain name used for email addresses.
130 MAIL_DOMAIN = 'your.tracker.email.domain.example'
132 # This is the directory that the database is going to be stored in
133 DATABASE = os.path.join(TRACKER_HOME, 'db')
135 # This is the directory that the HTML templates reside in
136 TEMPLATES = os.path.join(TRACKER_HOME, 'html')
138 # A descriptive name for your roundup tracker
139 TRACKER_NAME = 'Roundup issue tracker'
141 # The email address that mail to roundup should go to
142 TRACKER_EMAIL = 'issue_tracker@%s'%MAIL_DOMAIN
144 # The web address that the tracker is viewable at
145 TRACKER_WEB = 'http://your.tracker.url.example/'
147 # The email address that roundup will complain to if it runs into trouble
148 ADMIN_EMAIL = 'roundup-admin@%s'%MAIL_DOMAIN
150 # Send nosy messages to the author of the message
151 MESSAGES_TO_AUTHOR = 'no' # either 'yes' or 'no'
153 # Does the author of a message get placed on the nosy list automatically?
154 # If 'new' is used, then the author will only be added when a message
155 # creates a new issue. If 'yes', then the author will be added on followups
156 # too. If 'no', they're never added to the nosy.
157 ADD_AUTHOR_TO_NOSY = 'new' # one of 'yes', 'no', 'new'
159 # Do the recipients (To:, Cc:) of a message get placed on the nosy list?
160 # If 'new' is used, then the recipients will only be added when a message
161 # creates a new issue. If 'yes', then the recipients will be added on followups
162 # too. If 'no', they're never added to the nosy.
163 ADD_RECIPIENTS_TO_NOSY = 'new' # either 'yes', 'no', 'new'
165 # Where to place the email signature
166 EMAIL_SIGNATURE_POSITION = 'bottom' # one of 'top', 'bottom', 'none'
168 # Keep email citations
169 EMAIL_KEEP_QUOTED_TEXT = 'no' # either 'yes' or 'no'
171 # Preserve the email body as is
172 EMAIL_LEAVE_BODY_UNCHANGED = 'no' # either 'yes' or 'no'
174 # Default class to use in the mailgw if one isn't supplied in email
175 # subjects. To disable, comment out the variable below or leave it blank.
176 # Examples:
177 MAIL_DEFAULT_CLASS = 'issue' # use "issue" class by default
178 #MAIL_DEFAULT_CLASS = '' # disable (or just comment the var out)
180 Tracker Schema
181 ==============
183 Note: if you modify the schema, you'll most likely need to edit the
184 `web interface`_ HTML template files and `detectors`_ to reflect
185 your changes.
187 A tracker schema defines what data is stored in the tracker's database.
188 The
189 schemas shipped with Roundup turn it into a typical software bug tracker or
190 help desk.
192 XXX make sure we ship the help desk
194 Schemas are defined using Python code in the ``dbinit.py`` module of your
195 tracker. The "classic" schema looks like this::
197 pri = Class(db, "priority", name=String(), order=String())
198 pri.setkey("name")
199 pri.create(name="critical", order="1")
200 pri.create(name="urgent", order="2")
201 pri.create(name="bug", order="3")
202 pri.create(name="feature", order="4")
203 pri.create(name="wish", order="5")
205 stat = Class(db, "status", name=String(), order=String())
206 stat.setkey("name")
207 stat.create(name="unread", order="1")
208 stat.create(name="deferred", order="2")
209 stat.create(name="chatting", order="3")
210 stat.create(name="need-eg", order="4")
211 stat.create(name="in-progress", order="5")
212 stat.create(name="testing", order="6")
213 stat.create(name="done-cbb", order="7")
214 stat.create(name="resolved", order="8")
216 keyword = Class(db, "keyword", name=String())
217 keyword.setkey("name")
219 user = Class(db, "user", username=String(), password=String(),
220 address=String(), realname=String(), phone=String(),
221 organisation=String())
222 user.setkey("username")
223 user.create(username="admin", password=adminpw,
224 address=config.ADMIN_EMAIL)
226 msg = FileClass(db, "msg", author=Link("user"), recipients=Multilink
227 ("user"), date=Date(), summary=String(), files=Multilink("file"))
229 file = FileClass(db, "file", name=String(), type=String())
231 issue = IssueClass(db, "issue", assignedto=Link("user"),
232 topic=Multilink("keyword"), priority=Link("priority"), status=Link
233 ("status"))
234 issue.setkey('title')
236 XXX security definitions
238 Classes and Properties - creating a new information store
239 ---------------------------------------------------------
241 In the tracker above, we've defined 7 classes of information:
243 priority
244 Defines the possible levels of urgency for issues.
246 status
247 Defines the possible states of processing the issue may be in.
249 keyword
250 Initially empty, will hold keywords useful for searching issues.
252 user
253 Initially holding the "admin" user, will eventually have an entry for all
254 users using roundup.
256 msg
257 Initially empty, will all e-mail messages sent to or generated by
258 roundup.
260 file
261 Initially empty, will all files attached to issues.
263 issue
264 Initially empty, this is where the issue information is stored.
266 We define the "priority" and "status" classes to allow two things: reduction in
267 the amount of information stored on the issue and more powerful, accurate
268 searching of issues by priority and status. By only requiring a link on the
269 issue (which is stored as a single number) we reduce the chance that someone
270 mis-types a priority or status - or simply makes a new one up.
272 Class and Items
273 ~~~~~~~~~~~~~~~
275 A Class defines a particular class (or type) of data that will be stored in the
276 database. A class comprises one or more properties, which given the information
277 about the class items.
278 The actual data entered into the database, using class.create() are called
279 items. They have a special immutable property called id. We sometimes refer to
280 this as the itemid.
282 Properties
283 ~~~~~~~~~~
285 A Class is comprised of one or more properties of the following types:
287 * String properties are for storing arbitrary-length strings.
288 * Password properties are for storing encoded arbitrary-length strings. The
289 default encoding is defined on the roundup.password.Password class.
290 * Date properties store date-and-time stamps. Their values are Timestamp
291 objects.
292 * Number properties store numeric values.
293 * Boolean properties store on/off, yes/no, true/false values.
294 * A Link property refers to a single other item selected from a specified
295 class. The class is part of the property; the value is an integer, the id
296 of the chosen item.
297 * A Multilink property refers to possibly many items in a specified class.
298 The value is a list of integers.
300 FileClass
301 ~~~~~~~~~
303 FileClasses save their "content" attribute off in a separate file from the rest
304 of the database. This reduces the number of large entries in the database,
305 which generally makes databases more efficient, and also allows us to use
306 command-line tools to operate on the files. They are stored in the files sub-
307 directory of the db directory in your tracker.
309 IssueClass
310 ~~~~~~~~~~
312 IssueClasses automatically include the "messages", "files", "nosy", and
313 "superseder" properties.
314 The messages and files properties list the links to the messages and files
315 related to the issue. The nosy property is a list of links to users who wish to
316 be informed of changes to the issue - they get "CC'ed" e-mails when messages
317 are sent to or generated by the issue. The nosy reactor (in the detectors
318 directory) handles this action. The superceder link indicates an issue which
319 has superceded this one.
320 They also have the dynamically generated "creation", "activity" and "creator"
321 properties.
322 The value of the "creation" property is the date when an item was created, and
323 the value of the "activity" property is the date when any property on the item
324 was last edited (equivalently, these are the dates on the first and last
325 records in the item's journal). The "creator" property holds a link to the user
326 that created the issue.
328 setkey(property)
329 ~~~~~~~~~~~~~~~~
331 Select a String property of the class to be the key property. The key property
332 muse be unique, and allows references to the items in the class by the content
333 of the key property. That is, we can refer to users by their username, e.g.
334 let's say that there's an issue in roundup, issue 23. There's also a user,
335 richard who happens to be user 2. To assign an issue to him, we could do either
336 of::
338 roundup-admin set issue assignedto=2
340 or::
342 roundup-admin set issue assignedto=richard
344 Note, the same thing can be done in the web and e-mail interfaces.
346 create(information)
347 ~~~~~~~~~~~~~~~~~~~
349 Create an item in the database. This is generally used to create items in the
350 "definitional" classes like "priority" and "status".
353 Examples of adding to your schema
354 ---------------------------------
356 TODO
359 Detectors - adding behaviour to your tracker
360 ============================================
361 .. _detectors:
363 The detectors in your tracker fire before (*auditors*) and after (*reactors*)
364 changes to the contents of your database. They are Python modules that sit in
365 your tracker's ``detectors`` directory. You will have some installed by
366 default - have a look. You can write new detectors or modify the existing
367 ones. The existing detectors installed for you are:
369 **nosyreaction.py**
370 This provides the automatic nosy list maintenance and email sending. The nosy
371 reactor (``nosyreaction``) fires when new messages are added to issues.
372 The nosy auditor (``updatenosy``) fires when issues are changed and figures
373 what changes need to be made to the nosy list (like adding new authors etc)
374 **statusauditor.py**
375 This provides the ``chatty`` auditor which changes the issue status from
376 ``unread`` or ``closed`` to ``chatting`` if new messages appear. It also
377 provides the ``presetunread`` auditor which pre-sets the status to
378 ``unread`` on new items if the status isn't explicitly defined.
380 See the detectors section in the `design document`__ for details of the
381 interface for detectors.
383 __ design.html
385 Sample additional detectors that have been found useful will appear in the
386 ``detectors`` directory of the Roundup distribution:
388 **newissuecopy.py**
389 This detector sends an email to a team address whenever a new issue is
390 created. The address is hard-coded into the detector, so edit it before you
391 use it (look for the text 'team@team.host') or you'll get email errors!
393 The detector code::
395 from roundup import roundupdb
397 def newissuecopy(db, cl, nodeid, oldvalues):
398 ''' Copy a message about new issues to a team address.
399 '''
400 # so use all the messages in the create
401 change_note = cl.generateCreateNote(nodeid)
403 # send a copy to the nosy list
404 for msgid in cl.get(nodeid, 'messages'):
405 try:
406 # note: last arg must be a list
407 cl.send_message(nodeid, msgid, change_note, ['team@team.host'])
408 except roundupdb.MessageSendError, message:
409 raise roundupdb.DetectorError, message
411 def init(db):
412 db.issue.react('create', newissuecopy)
415 Database Content
416 ================
418 Note: if you modify the content of definitional classes, you'll most likely
419 need to edit the tracker `detectors`_ to reflect your changes.
421 Customisation of the special "definitional" classes (eg. status, priority,
422 resolution, ...) may be done either before or after the tracker is
423 initialised. The actual method of doing so is completely different in each
424 case though, so be careful to use the right one.
426 **Changing content before tracker initialisation**
427 Edit the dbinit module in your tracker to alter the items created in using
428 the create() methods.
430 **Changing content after tracker initialisation**
431 Use the roundup-admin interface's create, set and retire methods to add,
432 alter or remove items from the classes in question.
434 XXX example
437 Web Interface
438 =============
440 .. contents::
441 :local:
442 :depth: 1
444 The web is provided by the roundup.cgi.client module and is used by
445 roundup.cgi, roundup-server and ZRoundup.
446 In all cases, we determine which tracker is being accessed
447 (the first part of the URL path inside the scope of the CGI handler) and pass
448 control on to the tracker interfaces.Client class - which uses the Client class
449 from roundup.cgi.client - which handles the rest of
450 the access through its main() method. This means that you can do pretty much
451 anything you want as a web interface to your tracker.
453 Repurcussions of changing the tracker schema
454 ---------------------------------------------
456 If you choose to change the `tracker schema`_ you will need to ensure the web
457 interface knows about it:
459 1. Index, item and search pages for the relevant classes may need to have
460 properties added or removed,
461 2. The "page" template may require links to be changed, as might the "home"
462 page's content arguments.
464 How requests are processed
465 --------------------------
467 The basic processing of a web request proceeds as follows:
469 1. figure out who we are, defaulting to the "anonymous" user
470 2. figure out what the request is for - we call this the "context"
471 3. handle any requested action (item edit, search, ...)
472 4. render a template, resulting in HTML output
474 In some situations, exceptions occur:
476 - HTTP Redirect (generally raised by an action)
477 - SendFile (generally raised by determine_context)
478 here we serve up a FileClass "content" property
479 - SendStaticFile (generally raised by determine_context)
480 here we serve up a file from the tracker "html" directory
481 - Unauthorised (generally raised by an action)
482 here the action is cancelled, the request is rendered and an error
483 message is displayed indicating that permission was not
484 granted for the action to take place
485 - NotFound (raised wherever it needs to be)
486 this exception percolates up to the CGI interface that called the client
488 Determining web context
489 -----------------------
491 To determine the "context" of a request, we look at the URL and the special
492 request variable ``:template``. The URL path after the tracker identifier
493 is examined. Typical URL paths look like:
495 1. ``/tracker/issue``
496 2. ``/tracker/issue1``
497 3. ``/tracker/_file/style.css``
498 4. ``/cgi-bin/roundup.cgi/tracker/file1``
499 5. ``/cgi-bin/roundup.cgi/tracker/file1/kitten.png``
501 where the "tracker identifier" is "tracker" in the above cases. That means
502 we're looking at "issue", "issue1", "_file/style.css", "file1" and
503 "file1/kitten.png" in the cases above. The path is generally only one
504 entry long - longer paths are handled differently.
506 a. if there is no path, then we are in the "home" context.
507 b. if the path starts with "_file" (as in example 3,
508 "/tracker/_file/style.css"), then the additional path entry,
509 "style.css" specifies the filename of a static file we're to serve up
510 from the tracker "html" directory. Raises a SendStaticFile
511 exception.
512 c. if there is something in the path (as in example 1, "issue"), it identifies
513 the tracker class we're to display.
514 d. if the path is an item designator (as in examples 2 and 4, "issue1" and
515 "file1"), then we're to display a specific item.
516 e. if the path starts with an item designator and is longer than
517 one entry (as in example 5, "file1/kitten.png"), then we're assumed
518 to be handling an item of a
519 FileClass, and the extra path information gives the filename
520 that the client is going to label the download with (ie
521 "file1/kitten.png" is nicer to download than "file1"). This
522 raises a SendFile exception.
524 Both b. and e. stop before we bother to
525 determine the template we're going to use. That's because they
526 don't actually use templates.
528 The template used is specified by the ``:template`` CGI variable,
529 which defaults to:
531 - only classname suplied: "index"
532 - full item designator supplied: "item"
535 Performing actions in web requests
536 ----------------------------------
538 When a user requests a web page, they may optionally also request for an
539 action to take place. As described in `how requests are processed`_, the
540 action is performed before the requested page is generated. Actions are
541 triggered by using a ``:action`` CGI variable, where the value is one of:
543 **login**
544 Attempt to log a user in.
545 **logout**
546 Log the user out - make them "anonymous".
547 **register**
548 Attempt to create a new user based on the contents of the form and then log
549 them in.
550 **edit**
551 Perform an edit of an item in the database. There are some special form
552 elements you may use:
554 :link=designator:property and :multilink=designator:property
555 The value specifies an item designator and the property on that
556 item to add _this_ item to as a link or multilink.
557 :note
558 Create a message and attach it to the current item's
559 "messages" property.
560 :file
561 Create a file and attach it to the current item's
562 "files" property. Attach the file to the message created from
563 the :note if it's supplied.
564 :required=property,property,...
565 The named properties are required to be filled in the form.
567 **new**
568 Add a new item to the database. You may use the same special form elements
569 as in the "edit" action.
571 **editCSV**
572 Performs an edit of all of a class' items in one go. See also the
573 *class*.csv templating method which generates the CSV data to be edited, and
574 the "_generic.index" template which uses both of these features.
576 **search**
577 Mangle some of the form variables.
579 Set the form ":filter" variable based on the values of the
580 filter variables - if they're set to anything other than
581 "dontcare" then add them to :filter.
583 Also handle the ":queryname" variable and save off the query to
584 the user's query list.
586 Each of the actions is implemented by a corresponding *actionAction* (where
587 "action" is the name of the action) method on
588 the roundup.cgi.Client class, which also happens to be in your tracker as
589 interfaces.Client. So if you need to define new actions, you may add them
590 there (see `defining new web actions`_).
592 Each action also has a corresponding *actionPermission* (where
593 "action" is the name of the action) method which determines
594 whether the action is permissible given the current user. The base permission
595 checks are:
597 **login**
598 Determine whether the user has permission to log in.
599 Base behaviour is to check the user has "Web Access".
600 **logout**
601 No permission checks are made.
602 **register**
603 Determine whether the user has permission to register
604 Base behaviour is to check the user has "Web Registration".
605 **edit**
606 Determine whether the user has permission to edit this item.
607 Base behaviour is to check the user can edit this class. If we're
608 editing the "user" class, users are allowed to edit their own
609 details. Unless it's the "roles" property, which requires the
610 special Permission "Web Roles".
611 **new**
612 Determine whether the user has permission to create (edit) this item.
613 Base behaviour is to check the user can edit this class. No
614 additional property checks are made. Additionally, new user items
615 may be created if the user has the "Web Registration" Permission.
616 **editCSV**
617 Determine whether the user has permission to edit this class.
618 Base behaviour is to check the user can edit this class.
619 **search**
620 Determine whether the user has permission to search this class.
621 Base behaviour is to check the user can view this class.
624 Default templates
625 -----------------
627 Most customisation of the web view can be done by modifying the templates in
628 the tracker **html** directory. There are several types of files in there:
630 **page**
631 This template defines the overall look of your tracker. When you
632 view an issue, it appears inside this template. When you view an index, it
633 also appears inside this template. It will have a ``tal:content`` or
634 ``tal:replace`` command with the expression ``structure content`` which
635 will show the issue, list of issues or whatever.
636 **home**
637 the default page displayed when no other page is indicated by the user
638 **home.classlist**
639 a special version of the default page that lists the classes in the tracker
640 **classname.item**
641 displays an item of the *classname* class
642 **classname.index**
643 displays a list of *classname* items
644 **classname.search**
645 displays a search page for *classname* items
646 **_generic.index**
647 used to display a list of items where there is no *classname*.index available
648 **_generic.help**
649 used to display a "class help" page where there is no *classname*.help
650 **user.register**
651 a special page just for the user class that renders the registration page
652 **style.css**
653 a static file that is served up as-is
655 Note: Remember that you can create any template extension you want to, so
656 if you just want to play around with the templating for new issues, you can
657 copy the current "issue.item" template to "issue.test", and then access the
658 test template using the ":template" URL argument::
660 http://your.tracker.example/tracker/issue?:template=test
662 and it won't affect your users using the "issue.item" template.
665 How the templates work
666 ----------------------
668 Roundup's templates consist of special attributes on your template tags. These
669 attributes form the Template Attribute Language, or TAL. The commands are:
672 **tal:define="variable expression; variable expression; ..."**
673 Define a new variable that is local to this tag and its contents. For
674 example::
676 <html tal:define="title request/description">
677 <head><title tal:content="title"></title></head>
678 </html>
680 In the example, the variable "title" is defined as being the result of the
681 expression "request/description". The tal:content command inside the <html>
682 tag may then use the "title" variable.
684 **tal:condition="expression"**
685 Only keep this tag and its contents if the expression is true. For example::
687 <p tal:condition="python:request.user.hasPermission('View', 'issue')">
688 Display some issue information.
689 </p>
691 In the example, the <p> tag and its contents are only displayed if the
692 user has the View permission for issues. We consider the number zero, a
693 blank string, an empty list, and the built-in variable nothing to be false
694 values. Nearly every other value is true, including non-zero numbers, and
695 strings with anything in them (even spaces!).
697 **tal:repeat="variable expression"**
698 Repeat this tag and its contents for each element of the sequence that the
699 expression returns, defining a new local variable and a special "repeat"
700 variable for each element. For example::
702 <tr tal:repeat="u user/list">
703 <td tal:content="u/id"></td>
704 <td tal:content="u/username"></td>
705 <td tal:content="u/realname"></td>
706 </tr>
708 The example would iterate over the sequence of users returned by
709 "user/list" and define the local variable "u" for each entry.
711 **tal:replace="expression"**
712 Replace this tag with the result of the expression. For example::
714 <span tal:replace="request/user/realname"></span>
716 The example would replace the <span> tag and its contents with the user's
717 realname. If the user's realname was "Bruce" then the resultant output
718 would be "Bruce".
720 **tal:content="expression"**
721 Replace the contents of this tag with the result of the expression. For
722 example::
724 <span tal:content="request/user/realname">user's name appears here</span>
726 The example would replace the contents of the <span> tag with the user's
727 realname. If the user's realname was "Bruce" then the resultant output
728 would be "<span>Bruce</span>".
730 **tal:attributes="attribute expression; attribute expression; ..."**
731 Set attributes on this tag to the results of expressions. For example::
733 <a tal:attributes="href string:user${request/user/id}">My Details</a>
735 In the example, the "href" attribute of the <a> tag is set to the value of
736 the "string:user${request/user/id}" expression, which will be something
737 like "user123".
739 **tal:omit-tag="expression"**
740 Remove this tag (but not its contents) if the expression is true. For
741 example::
743 <span tal:omit-tag="python:1">Hello, world!</span>
745 would result in output of::
747 Hello, world!
749 Note that the commands on a given tag are evaulated in the order above, so
750 *define* comes before *condition*, and so on.
752 Additionally, a tag is defined, tal:block, which is removed from output. Its
753 content is not, but the tag itself is (so don't go using any tal:attributes
754 commands on it). This is useful for making arbitrary blocks of HTML
755 conditional or repeatable (very handy for repeating multiple table rows,
756 which would othewise require an illegal tag placement to effect the repeat).
758 The expressions you may use in the attibute values may be one of the following
759 three forms:
761 **Path Expressions** - eg. ``item/status/checklist``
762 These are object attribute / item accesses. Roughly speaking, the path
763 ``item/status/checklist`` is broken into parts ``item``, ``status``
764 and ``checklist``. The ``item`` part is the root of the expression.
765 We then look for a ``status`` attribute on ``item``, or failing that, a
766 ``status`` item (as in ``item['status']``). If that
767 fails, the path expression fails. When we get to the end, the object we're
768 left with is evaluated to get a string - methods are called, objects are
769 stringified. Path expressions may have an optional ``path:`` prefix, though
770 they are the default expression type, so it's not necessary.
772 XXX | components of expressions
774 XXX "nothing" and "default"
776 **String Expressions** - eg. ``string:hello ${user/name}``
777 These expressions are simple string interpolations (though they can be just
778 plain strings with no interpolation if you want. The expression in the
779 ``${ ... }`` is just a path expression as above.
781 **Python Expressions** - eg. ``python: 1+1``
782 These expressions give the full power of Python. All the "root level"
783 variables are available, so ``python:item.status.checklist()`` would be
784 equivalent to ``item/status/checklist``, assuming that ``checklist`` is
785 a method.
787 Information available to templates
788 ----------------------------------
790 Note: this is implemented by roundup.cgi.templating.RoundupPageTemplate
792 The following variables are available to templates.
794 **context**
795 The current context. This is either None, a
796 `hyperdb class wrapper`_ or a `hyperdb item wrapper`_
797 **request**
798 Includes information about the current request, including:
799 - the url
800 - the current index information (``filterspec``, ``filter`` args,
801 ``properties``, etc) parsed out of the form.
802 - methods for easy filterspec link generation
803 - *user*, the current user item as an HTMLItem instance
804 - *form*
805 The current CGI form information as a mapping of form argument
806 name to value
807 **tracker**
808 The current tracker
809 **db**
810 The current database, through which db.config may be reached.
811 **nothing**
812 This is a special variable - if an expression evaluates to this, then the
813 tag (in the case of a tal:replace), its contents (in the case of
814 tal:content) or some attributes (in the case of tal:attributes) will not
815 appear in the the output. So for example::
817 <span tal:attributes="class nothing">Hello, World!</span>
819 would result in::
821 <span>Hello, World!</span>
823 **default**
824 Also a special variable - if an expression evaluates to this, then the
825 existing HTML in the template will not be replaced or removed, it will
826 remain. So::
828 <span tal:replace="default">Hello, World!</span>
830 would result in::
832 <span>Hello, World!</span>
834 **utils**
835 This variable makes available some utility functions like batching.
837 The context variable
838 ~~~~~~~~~~~~~~~~~~~~
840 The *context* variable is one of three things based on the current context
841 (see `determining web context`_ for how we figure this out):
843 1. if we're looking at a "home" page, then it's None
844 2. if we're looking at a specific hyperdb class, it's a
845 `hyperdb class wrapper`_.
846 3. if we're looking at a specific hyperdb item, it's a
847 `hyperdb item wrapper`_.
849 If the context is not None, we can access the properties of the class or item.
850 The only real difference between cases 2 and 3 above are:
852 1. the properties may have a real value behind them, and this will appear if
853 the property is displayed through ``context/property`` or
854 ``context/property/field``.
855 2. the context's "id" property will be a false value in the second case, but
856 a real, or true value in the third. Thus we can determine whether we're
857 looking at a real item from the hyperdb by testing "context/id".
859 Hyperdb class wrapper
860 :::::::::::::::::::::
862 Note: this is implemented by the roundup.cgi.templating.HTMLClass class.
864 This wrapper object provides access to a hyperb class. It is used primarily
865 in both index view and new item views, but it's also usable anywhere else that
866 you wish to access information about a class, or the items of a class, when
867 you don't have a specific item of that class in mind.
869 We allow access to properties. There will be no "id" property. The value
870 accessed through the property will be the current value of the same name from
871 the CGI form.
873 There are several methods available on these wrapper objects:
875 =========== =============================================================
876 Method Description
877 =========== =============================================================
878 properties return a `hyperdb property wrapper`_ for all of this class'
879 properties.
880 list lists all of the active (not retired) items in the class.
881 csv return the items of this class as a chunk of CSV text.
882 propnames lists the names of the properties of this class.
883 filter lists of items from this class, filtered and sorted
884 by the current *request* filterspec/filter/sort/group args
885 classhelp display a link to a javascript popup containing this class'
886 "help" template.
887 submit generate a submit button (and action hidden element)
888 renderWith render this class with the given template.
889 history returns 'New node - no history' :)
890 is_edit_ok is the user allowed to Edit the current class?
891 is_view_ok is the user allowed to View the current class?
892 =========== =============================================================
894 Note that if you have a property of the same name as one of the above methods,
895 you'll need to access it using a python "item access" expression. For example::
897 python:context['list']
899 will access the "list" property, rather than the list method.
902 Hyperdb item wrapper
903 ::::::::::::::::::::
905 Note: this is implemented by the roundup.cgi.templating.HTMLItem class.
907 This wrapper object provides access to a hyperb item.
909 We allow access to properties. There will be no "id" property. The value
910 accessed through the property will be the current value of the same name from
911 the CGI form.
913 There are several methods available on these wrapper objects:
915 =============== =============================================================
916 Method Description
917 =============== =============================================================
918 submit generate a submit button (and action hidden element)
919 journal return the journal of the current item (**not implemented**)
920 history render the journal of the current item as HTML
921 renderQueryForm specific to the "query" class - render the search form for
922 the query
923 hasPermission specific to the "user" class - determine whether the user
924 has a Permission
925 is_edit_ok is the user allowed to Edit the current item?
926 is_view_ok is the user allowed to View the current item?
927 =============== =============================================================
930 Note that if you have a property of the same name as one of the above methods,
931 you'll need to access it using a python "item access" expression. For example::
933 python:context['journal']
935 will access the "journal" property, rather than the journal method.
938 Hyperdb property wrapper
939 ::::::::::::::::::::::::
941 Note: this is implemented by subclasses roundup.cgi.templating.HTMLProperty
942 class (HTMLStringProperty, HTMLNumberProperty, and so on).
944 This wrapper object provides access to a single property of a class. Its
945 value may be either:
947 1. if accessed through a `hyperdb item wrapper`_, then it's a value from the
948 hyperdb
949 2. if access through a `hyperdb class wrapper`_, then it's a value from the
950 CGI form
953 The property wrapper has some useful attributes:
955 =============== =============================================================
956 Attribute Description
957 =============== =============================================================
958 _name the name of the property
959 _value the value of the property if any
960 =============== =============================================================
962 There are several methods available on these wrapper objects:
964 =========== =================================================================
965 Method Description
966 =========== =================================================================
967 plain render a "plain" representation of the property
968 field render a form edit field for the property
969 stext only on String properties - render the value of the
970 property as StructuredText (requires the StructureText module
971 to be installed separately)
972 multiline only on String properties - render a multiline form edit
973 field for the property
974 email only on String properties - render the value of the
975 property as an obscured email address
976 confirm only on Password properties - render a second form edit field for
977 the property, used for confirmation that the user typed the
978 password correctly. Generates a field with name "name:confirm".
979 reldate only on Date properties - render the interval between the
980 date and now
981 pretty only on Interval properties - render the interval in a
982 pretty format (eg. "yesterday")
983 menu only on Link and Multilink properties - render a form select
984 list for this property
985 reverse only on Multilink properties - produce a list of the linked
986 items in reverse order
987 =========== =================================================================
989 The request variable
990 ~~~~~~~~~~~~~~~~~~~~
992 Note: this is implemented by the roundup.cgi.templating.HTMLRequest class.
994 The request variable is packed with information about the current request.
996 .. taken from roundup.cgi.templating.HTMLRequest docstring
998 =========== =================================================================
999 Variable Holds
1000 =========== =================================================================
1001 form the CGI form as a cgi.FieldStorage
1002 env the CGI environment variables
1003 url the current URL path for this request
1004 base the base URL for this tracker
1005 user a HTMLUser instance for this user
1006 classname the current classname (possibly None)
1007 template the current template (suffix, also possibly None)
1008 form the current CGI form variables in a FieldStorage
1009 =========== =================================================================
1011 **Index page specific variables (indexing arguments)**
1013 =========== =================================================================
1014 Variable Holds
1015 =========== =================================================================
1016 columns dictionary of the columns to display in an index page
1017 show a convenience access to columns - request/show/colname will
1018 be true if the columns should be displayed, false otherwise
1019 sort index sort column (direction, column name)
1020 group index grouping property (direction, column name)
1021 filter properties to filter the index on
1022 filterspec values to filter the index on
1023 search_text text to perform a full-text search on for an index
1024 =========== =================================================================
1026 There are several methods available on the request variable:
1028 =============== =============================================================
1029 Method Description
1030 =============== =============================================================
1031 description render a description of the request - handle for the page
1032 title
1033 indexargs_form render the current index args as form elements
1034 indexargs_url render the current index args as a URL
1035 base_javascript render some javascript that is used by other components of
1036 the templating
1037 batch run the current index args through a filter and return a
1038 list of items (see `hyperdb item wrapper`_, and
1039 `batching`_)
1040 =============== =============================================================
1042 The form variable
1043 :::::::::::::::::
1045 The form variable is a little special because it's actually a python
1046 FieldStorage object. That means that you have two ways to access its
1047 contents. For example, to look up the CGI form value for the variable
1048 "name", use the path expression::
1050 request/form/name/value
1052 or the python expression::
1054 python:request.form['name'].value
1056 Note the "item" access used in the python case, and also note the explicit
1057 "value" attribute we have to access. That's because the form variables are
1058 stored as MiniFieldStorages. If there's more than one "name" value in
1059 the form, then the above will break since ``request/form/name`` is actually a
1060 *list* of MiniFieldStorages. So it's best to know beforehand what you're
1061 dealing with.
1064 The db variable
1065 ~~~~~~~~~~~~~~~
1067 Note: this is implemented by the roundup.cgi.templating.HTMLDatabase class.
1069 Allows access to all hyperdb classes as attributes of this variable. If you
1070 want access to the "user" class, for example, you would use::
1072 db/user
1073 python:db.user
1075 The access results in a `hyperdb class wrapper`_.
1078 The util variable
1079 ~~~~~~~~~~~~~~~~~
1081 Note: this is implemented by the roundup.cgi.templating.TemplatingUtils class.
1083 =============== =============================================================
1084 Method Description
1085 =============== =============================================================
1086 Batch return a batch object using the supplied list
1087 =============== =============================================================
1089 Batching
1090 ::::::::
1092 Use Batch to turn a list of items, or item ids of a given class, into a series
1093 of batches. Its usage is::
1095 python:util.Batch(sequence, size, start, end=0, orphan=0, overlap=0)
1097 or, to get the current index batch::
1099 request/batch
1101 The parameters are:
1103 ========= ==================================================================
1104 Parameter Usage
1105 ========= ==================================================================
1106 sequence a list of HTMLItems
1107 size how big to make the sequence.
1108 start where to start (0-indexed) in the sequence.
1109 end where to end (0-indexed) in the sequence.
1110 orphan if the next batch would contain less items than this
1111 value, then it is combined with this batch
1112 overlap the number of items shared between adjacent batches
1113 ========= ==================================================================
1115 All of the parameters are assigned as attributes on the batch object. In
1116 addition, it has several more attributes:
1118 =============== ============================================================
1119 Attribute Description
1120 =============== ============================================================
1121 start indicates the start index of the batch. *Note: unlike the
1122 argument, is a 1-based index (I know, lame)*
1123 first indicates the start index of the batch *as a 0-based
1124 index*
1125 length the actual number of elements in the batch
1126 sequence_length the length of the original, unbatched, sequence.
1127 =============== ============================================================
1129 And several methods:
1131 =============== ============================================================
1132 Method Description
1133 =============== ============================================================
1134 previous returns a new Batch with the previous batch settings
1135 next returns a new Batch with the next batch settings
1136 propchanged detect if the named property changed on the current item
1137 when compared to the last item
1138 =============== ============================================================
1140 An example of batching::
1142 <table class="otherinfo">
1143 <tr><th colspan="4" class="header">Existing Keywords</th></tr>
1144 <tr tal:define="keywords db/keyword/list"
1145 tal:repeat="start python:range(0, len(keywords), 4)">
1146 <td tal:define="batch python:utils.Batch(keywords, 4, start)"
1147 tal:repeat="keyword batch" tal:content="keyword/name">keyword here</td>
1148 </tr>
1149 </table>
1151 ... which will produce a table with four columns containing the items of the
1152 "keyword" class (well, their "name" anyway).
1154 Displaying Properties
1155 ---------------------
1157 Properties appear in the user interface in three contexts: in indices, in
1158 editors, and as search arguments.
1159 For each type of property, there are several display possibilities.
1160 For example, in an index view, a string property may just be
1161 printed as a plain string, but in an editor view, that property may be
1162 displayed in an editable field.
1165 Index Views
1166 -----------
1168 This is one of the class context views. It is also the default view for
1169 classes. The template used is "*classname*.index".
1171 Index View Specifiers
1172 ~~~~~~~~~~~~~~~~~~~~~
1174 An index view specifier (URL fragment) looks like this (whitespace has been
1175 added for clarity)::
1177 /issue?status=unread,in-progress,resolved&
1178 topic=security,ui&
1179 :group=+priority&
1180 :sort==activity&
1181 :filters=status,topic&
1182 :columns=title,status,fixer
1184 The index view is determined by two parts of the specifier: the layout part and
1185 the filter part. The layout part consists of the query parameters that begin
1186 with colons, and it determines the way that the properties of selected items
1187 are displayed. The filter part consists of all the other query parameters, and
1188 it determines the criteria by which items are selected for display.
1189 The filter part is interactively manipulated with the form widgets displayed in
1190 the filter section. The layout part is interactively manipulated by clicking on
1191 the column headings in the table.
1193 The filter part selects the union of the sets of items with values matching any
1194 specified Link properties and the intersection of the sets of items with values
1195 matching any specified Multilink properties.
1197 The example specifies an index of "issue" items. Only items with a "status" of
1198 either "unread" or "in-progres" or "resolved" are displayed, and only items
1199 with "topic" values including both "security" and "ui" are displayed. The items
1200 are grouped by priority, arranged in ascending order; and within groups, sorted
1201 by activity, arranged in descending order. The filter section shows filters for
1202 the "status" and "topic" properties, and the table includes columns for the
1203 "title", "status", and "fixer" properties.
1205 Filtering of indexes
1206 ~~~~~~~~~~~~~~~~~~~~
1208 TODO
1210 Searching Views
1211 ---------------
1213 This is one of the class context views. The template used is typically
1214 "*classname*.search".
1216 TODO
1218 Item Views
1219 ----------
1221 The basic view of a hyperdb item is provided by the "*classname*.item"
1222 template. It generally has three sections; an "editor", a "spool" and a
1223 "history" section.
1227 Editor Section
1228 ~~~~~~~~~~~~~~
1230 The editor section is used to manipulate the item - it may be a
1231 static display if the user doesn't have permission to edit the item.
1233 Here's an example of a basic editor template (this is the default "classic"
1234 template issue item edit form - from the "issue.item" template)::
1236 <table class="form">
1237 <tr>
1238 <th nowrap>Title</th>
1239 <td colspan=3 tal:content="structure python:context.title.field(size=60)">title</td>
1240 </tr>
1242 <tr>
1243 <th nowrap>Priority</th>
1244 <td tal:content="structure context/priority/menu">priority</td>
1245 <th nowrap>Status</th>
1246 <td tal:content="structure context/status/menu">status</td>
1247 </tr>
1249 <tr>
1250 <th nowrap>Superseder</th>
1251 <td>
1252 <span tal:replace="structure python:context.superseder.field(showid=1, size=20)" />
1253 <span tal:replace="structure python:db.issue.classhelp('id,title')" />
1254 <span tal:condition="context/superseder">
1255 <br>View: <span tal:replace="structure python:context.superseder.link(showid=1)" />
1256 </span>
1257 </td>
1258 <th nowrap>Nosy List</th>
1259 <td>
1260 <span tal:replace="structure context/nosy/field" />
1261 <span tal:replace="structure python:db.user.classhelp('username,realname,address,phone')" />
1262 </td>
1263 </tr>
1265 <tr>
1266 <th nowrap>Assigned To</th>
1267 <td tal:content="structure context/assignedto/menu">
1268 assignedto menu
1269 </td>
1270 <td> </td>
1271 <td> </td>
1272 </tr>
1274 <tr>
1275 <th nowrap>Change Note</th>
1276 <td colspan=3>
1277 <textarea name=":note" wrap="hard" rows="5" cols="60"></textarea>
1278 </td>
1279 </tr>
1281 <tr>
1282 <th nowrap>File</th>
1283 <td colspan=3><input type="file" name=":file" size="40"></td>
1284 </tr>
1286 <tr>
1287 <td> </td>
1288 <td colspan=3 tal:content="structure context/submit">
1289 submit button will go here
1290 </td>
1291 </tr>
1292 </table>
1295 When a change is submitted, the system automatically generates a message
1296 describing the changed properties. As shown in the example, the editor
1297 template can use the ":note" and ":file" fields, which are added to the
1298 standard change note message generated by Roundup.
1300 Spool Section
1301 ~~~~~~~~~~~~~
1303 The spool section lists related information like the messages and files of
1304 an issue.
1306 TODO
1309 History Section
1310 ~~~~~~~~~~~~~~~
1312 The final section displayed is the history of the item - its database journal.
1313 This is generally generated with the template::
1315 <tal:block tal:replace="structure context/history" />
1317 *To be done:*
1319 *The actual history entries of the item may be accessed for manual templating
1320 through the "journal" method of the item*::
1322 <tal:block tal:repeat="entry context/journal">
1323 a journal entry
1324 </tal:block>
1326 *where each journal entry is an HTMLJournalEntry.*
1328 Defining new web actions
1329 ------------------------
1331 XXX
1334 Access Controls
1335 ===============
1337 A set of Permissions are built in to the security module by default:
1339 - Edit (everything)
1340 - View (everything)
1342 The default interfaces define:
1344 - Web Registration
1345 - Web Access
1346 - Web Roles
1347 - Email Registration
1348 - Email Access
1350 These are hooked into the default Roles:
1352 - Admin (Edit everything, View everything, Web Roles)
1353 - User (Web Access, Email Access)
1354 - Anonymous (Web Registration, Email Registration)
1356 And finally, the "admin" user gets the "Admin" Role, and the "anonymous" user
1357 gets the "Anonymous" assigned when the database is initialised on installation.
1358 The two default schemas then define:
1360 - Edit issue, View issue (both)
1361 - Edit file, View file (both)
1362 - Edit msg, View msg (both)
1363 - Edit support, View support (extended only)
1365 and assign those Permissions to the "User" Role. New users are assigned the
1366 Roles defined in the config file as:
1368 - NEW_WEB_USER_ROLES
1369 - NEW_EMAIL_USER_ROLES
1371 You may alter the configuration variables to change the Role that new web or
1372 email users get, for example to not give them access to the web interface if
1373 they register through email.
1375 You may use the ``roundup-admin`` "``security``" command to display the
1376 current Role and Permission configuration in your tracker.
1378 Adding a new Permission
1379 -----------------------
1381 When adding a new Permission, you will need to:
1383 1. add it to your tracker's dbinit so it is created
1384 2. enable it for the Roles that should have it (verify with
1385 "``roundup-admin security``")
1386 3. add it to the relevant HTML interface templates
1387 4. add it to the appropriate xxxPermission methods on in your tracker
1388 interfaces module
1392 Examples
1393 ========
1395 Adding a new field to a roundup schema
1396 --------------------------------------
1398 This example shows how to add a new constrained property (ie. a selection of
1399 distinct values) to your tracker.
1401 Introduction
1402 ~~~~~~~~~~~~
1404 To make the classic schema of roundup useful as a todo tracking system
1405 for a group of systems administrators, it needed an extra data field
1406 per issue: a category.
1408 This would let sysads quickly list all todos in their particular
1409 area of interest without having to do complex queries, and without
1410 relying on the spelling capabilities of other sysads (a losing
1411 proposition at best).
1413 Adding a field to the database
1414 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1416 This is the easiest part of the change. The category would just be a plain
1417 string, nothing fancy. To change what is in the database you need to add
1418 some lines to the ``open()`` function in ``dbinit.py``::
1420 category = Class(db, "category", name=String())
1421 category.setkey("name")
1423 Here we are setting up a chunk of the database which we are calling
1424 "category". It contains a string, which we are refering to as "name" for
1425 lack of a more imaginative title. Then we are setting the key of this chunk
1426 of the database to be that "name". This is equivalent to an index for
1427 database types. This also means that there can only be one category with a
1428 given name.
1430 Adding the above lines allows us to create categories, but they're not tied
1431 to the issues that we are going to be creating. It's just a list of categories
1432 off on its own, which isn't much use. We need to link it in with the issues.
1433 To do that, find the lines in the ``open()`` function in ``dbinit.py`` which
1434 set up the "issue" class, and then add a link to the category::
1436 issue = IssueClass(db, "issue", ... , category=Multilink("category"), ... )
1438 The Multilink() means that each issue can have many categories. If you were
1439 adding something with a more one to one relationship use Link() instead.
1441 That is all you need to do to change the schema. The rest of the effort is
1442 fiddling around so you can actually use the new category.
1444 Setting up security on the new objects
1445 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1447 By default only the admin user can look at and change objects. This doesn't
1448 suit us, as we want any user to be able to create new categories as
1449 required, and obviously everyone needs to be able to view the categories of
1450 issues for it to be useful.
1452 We therefore need to change the security of the category objects. This is
1453 also done in the ``open()`` function of ``dbinit.py``.
1455 There are currently two loops which set up permissions and then assign them
1456 to various roles. Simply add the new "category" to both lists::
1458 # new permissions for this schema
1459 for cl in 'issue', 'file', 'msg', 'user', 'category':
1460 db.security.addPermission(name="Edit", klass=cl,
1461 description="User is allowed to edit "+cl)
1462 db.security.addPermission(name="View", klass=cl,
1463 description="User is allowed to access "+cl)
1465 # Assign the access and edit permissions for issue, file and message
1466 # to regular users now
1467 for cl in 'issue', 'file', 'msg', 'category':
1468 p = db.security.getPermission('View', cl)
1469 db.security.addPermissionToRole('User', p)
1470 p = db.security.getPermission('Edit', cl)
1471 db.security.addPermissionToRole('User', p)
1473 So you are in effect doing the following::
1475 db.security.addPermission(name="Edit", klass='category',
1476 description="User is allowed to edit "+'category')
1477 db.security.addPermission(name="View", klass='category',
1478 description="User is allowed to access "+'category')
1480 which is creating two permission types; that of editing and viewing
1481 "category" objects respectively. Then the following lines assign those new
1482 permissions to the "User" role, so that normal users can view and edit
1483 "category" objects::
1485 p = db.security.getPermission('View', 'category')
1486 db.security.addPermissionToRole('User', p)
1488 p = db.security.getPermission('Edit', 'category')
1489 db.security.addPermissionToRole('User', p)
1491 This is all the work that needs to be done for the database. It will store
1492 categories, and let users view and edit them. Now on to the interface
1493 stuff.
1495 Changing the web left hand frame
1496 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1498 We need to give the users the ability to create new categories, and the
1499 place to put the link to this functionality is in the left hand function
1500 bar, under the "Issues" area. The file that defines how this area looks is
1501 ``html/page``, which is what we are going to be editing next.
1503 If you look at this file you can see that it contains a lot of "classblock"
1504 sections which are chunks of HTML that will be included or excluded in the
1505 output depending on whether the condition in the classblock is met. Under
1506 the end of the classblock for issue is where we are going to add the
1507 category code::
1509 <p class="classblock"
1510 tal:condition="python:request.user.hasPermission('View', 'category')">
1511 <b>Categories</b><br>
1512 <a tal:condition="python:request.user.hasPermission('Edit', 'category')"
1513 href="category?:template=item">New Category<br></a>
1514 </p>
1516 The first two lines is the classblock definition, which sets up a condition
1517 that only users who have "View" permission to the "category" object will
1518 have this section included in their output. Next comes a plain "Categories"
1519 header in bold. Everyone who can view categories will get that.
1521 Next comes the link to the editing area of categories. This link will only
1522 appear if the condition is matched: that condition being that the user has
1523 "Edit" permissions for the "category" objects. If they do have permission
1524 then they will get a link to another page which will let the user add new
1525 categories.
1527 Note that if you have permission to view but not edit categories then all
1528 you will see is a "Categories" header with nothing underneath it. This is
1529 obviously not very good interface design, but will do for now. I just claim
1530 that it is so I can add more links in this section later on. However to fix
1531 the problem you could change the condition in the classblock statement, so
1532 that only users with "Edit" permission would see the "Categories" stuff.
1534 Setting up a page to edit categories
1535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1537 We defined code in the previous section which let users with the
1538 appropriate permissions see a link to a page which would let them edit
1539 conditions. Now we have to write that page.
1541 The link was for the item template for the category object. This translates
1542 into the system looking for a file called ``category.item`` in the ``html``
1543 tracker directory. This is the file that we are going to write now.
1545 First we add an id tag in a comment which doesn't affect the outcome
1546 of the code at all but is essential for managing the changes to this
1547 file. It is useful for debugging however, if you load a page in a
1548 browser and look at the page source, you can see which sections come
1549 from which files by looking for these comments::
1551 <!-- dollarId: category.item,v 1.3 2002/05/22 00:32:34 me Exp dollar-->
1553 Next we need to setup up a standard HTML form, which is the whole
1554 purpose of this file. We link to some handy javascript which sends the form
1555 through only once. This is to stop users hitting the send button
1556 multiple times when they are impatient and thus having the form sent
1557 multiple times::
1559 <form method="POST" onSubmit="return submit_once()"
1560 enctype="multipart/form-data">
1562 Next we define some code which sets up the minimum list of fields that we
1563 require the user to enter. There will be only one field, that of "name", so
1564 they user better put something in it otherwise the whole form is pointless::
1566 <input type="hidden" name=":required" value="name">
1568 To get everything to line up properly we will put everything in a table,
1569 and put a nice big header on it so the user has an idea what is happening::
1571 <table class="form">
1572 <tr><th class="header" colspan=2>Category</th></tr>
1574 Next we need the actual field that the user is going to enter the new
1575 category. The "context.name.field(size=60)" bit tells roundup to generate a
1576 normal HTML field of size 60, and the contents of that field will be the
1577 "name" variable of the current context (which is "category"). The upshot of
1578 this is that when the user types something in to the form, a new category
1579 will be created with that name::
1581 <tr>
1582 <th nowrap>Name</th>
1583 <td tal:content="structure python:context.name.field(size=60)">name</td>
1584 </tr>
1586 Finally a submit button so that the user can submit the new category::
1588 <tr>
1589 <td> </td>
1590 <td colspan=3 tal:content="structure context/submit">
1591 submit button will go here
1592 </td>
1593 </tr>
1595 So putting it all together, and closing the table and form we get::
1597 <!-- dollarId: category.item,v 1.3 2002/05/22 00:32:34 richard Exp dollar-->
1599 <form method="POST" onSubmit="return submit_once()"
1600 enctype="multipart/form-data">
1602 <input type="hidden" name=":required" value="name">
1604 <table class="form">
1605 <tr><th class="header" colspan=2>Category</th></tr>
1607 <tr>
1608 <th nowrap>Name</th>
1609 <td tal:content="structure python:context.name.field(size=60)">name</td>
1610 </tr>
1612 <tr>
1613 <td> </td>
1614 <td colspan=3 tal:content="structure context/submit">
1615 submit button will go here
1616 </td>
1617 </tr>
1618 </table>
1619 </form>
1621 This is quite a lot to just ask the user one simple question, but
1622 there is a lot of setup for basically one line (the form line) to do
1623 its work. To add another field to "category" would involve one more line
1624 (well maybe a few extra to get the formatting correct).
1626 Adding the category to the issue
1627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1629 We now have the ability to create issues to our hearts content, but
1630 that is pointless unless we can assign categories to issues. Just like
1631 the ``html/category.item`` file was used to define how to add a new
1632 category, the ``html/issue.item`` is used to define how a new issue is
1633 created.
1635 Just like ``category.issue`` this file defines a form which has a table to lay
1636 things out. It doesn't matter where in the table we add new stuff,
1637 it is entirely up to your sense of aesthetics::
1639 <th nowrap>Category</th>
1640 <td><span tal:replace="structure context/category/field" />
1641 <span tal:replace="structure db/category/classhelp" />
1642 </td>
1644 First we define a nice header so that the user knows what the next section
1645 is, then the middle line does what we are most interested in. This
1646 ``context/category/field`` gets replaced with a field which contains the
1647 category in the current context (the current context being the new issue).
1649 The classhelp lines generate a link (labelled "list") to a popup window
1650 which contains the list of currently known categories.
1652 Searching on categories
1653 ~~~~~~~~~~~~~~~~~~~~~~~
1655 We can add categories, and create issues with categories. The next obvious
1656 thing that we would like to be would be to search issues based on their
1657 category, so that any one working on the web server could look at all
1658 issues in the category "Web" for example.
1660 If you look in the html/page file and look for the "Search Issues" you will
1661 see that it looks something like ``<a href="issue?:template=search">Search
1662 Issues</a>`` which shows us that when you click on "Search Issues" it will
1663 be looking for a ``issue.search`` file to display. So that is indeed the file
1664 that we are going to change.
1666 If you look at this file it should be starting to seem familiar. It is a
1667 simple HTML form using a table to define structure. You can add the new
1668 category search code anywhere you like within that form::
1670 <tr>
1671 <th>Category:</th>
1672 <td>
1673 <select name="category">
1674 <option value="">don't care</option>
1675 <option value="">------------</option>
1676 <option tal:repeat="s db/category/list" tal:attributes="value s/name"
1677 tal:content="s/name">category to filter on</option>
1678 </select>
1679 </td>
1680 <td><input type="checkbox" name=":columns" value="category" checked></td>
1681 <td><input type="radio" name=":sort" value="category"></td>
1682 <td><input type="radio" name=":group" value="category"></td>
1683 </tr>
1685 Most of this is straightforward to anyone who knows HTML. It is just
1686 setting up a select list followed by a checkbox and a couple of radio
1687 buttons.
1689 The ``tal:repeat`` part repeats the tag for every item in the "category"
1690 table and setting "s" to be each category in turn.
1692 The ``tal:attributes`` part is setting up the ``value=`` part of the option tag
1693 to be the name part of "s" which is the current category in the loop.
1695 The ``tal:content`` part is setting the contents of the option tag to be the
1696 name part of "s" again. For objects more complex than category, obviously
1697 you would put an id in the value, and the descriptive part in the content;
1698 but for category they are the same.
1700 Adding category to the default view
1701 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1703 We can now add categories, add issues with categories, and search issues
1704 based on categories. This is everything that we need to do, however there
1705 is some more icing that we would like. I think the category of an issue is
1706 important enough that it should be displayed by default when listing all
1707 the issues.
1709 Unfortunately, this is a bit less obvious than the previous steps. The code
1710 defining how the issues look is in ``html/issue.index``. This is a large table
1711 with a form down the bottom for redisplaying and so forth.
1713 Firstly we need to add an appropriate header to the start of the table::
1715 <th tal:condition="request/show/category">Category</th>
1717 The condition part of this statement is so that if the user has selected
1718 not to see the Category column then they won't.
1720 The rest of the table is a loop which will go through every issue that
1721 matches the display criteria. The loop variable is "i" - which means that
1722 every issue gets assigned to "i" in turn.
1724 The new part of code to display the category will look like this::
1726 <td tal:condition="request/show/category" tal:content="i/category"></td>
1728 The condition is the same as above: only display the condition when the
1729 user hasn't asked for it to be hidden. The next part is to set the content
1730 of the cell to be the category part of "i" - the current issue.
1732 Finally we have to edit ``html/page`` again. This time to tell it that when the
1733 user clicks on "Unnasigned Issues" or "All Issues" that the category should
1734 be displayed. If you scroll down the page file, you can see the links with
1735 lots of options. The option that we are interested in is the ``:columns=`` one
1736 which tells roundup which fields of the issue to display. Simply add
1737 "category" to that list and it all should work.
1740 Adding in state transition control
1741 ----------------------------------
1743 Sometimes tracker admins want to control the states that users may move issues
1744 to.
1746 1. add a Multilink property to the status class::
1748 stat = Class(db, "status", ... , transitions=Multilink('status'), ...)
1750 and then edit the statuses already created through the web using the
1751 generic class list / CSV editor.
1753 2. add an auditor module ``checktransition.py`` in your tracker's
1754 ``detectors`` directory::
1756 def checktransition(db, cl, nodeid, newvalues):
1757 ''' Check that the desired transition is valid for the "status"
1758 property.
1759 '''
1760 if not newvalues.has_key('status'):
1761 return
1762 current = cl.get(nodeid, 'status')
1763 new = newvalues['status']
1764 if new == current:
1765 return
1766 ok = db.status.get(current, 'transitions')
1767 if new not in ok:
1768 raise ValueError, 'Status not allowed to move from "%s" to "%s"'%(
1769 db.status.get(current, 'name'), db.status.get(new, 'name'))
1771 def init(db):
1772 db.issue.audit('set', checktransition)
1774 3. in the ``issue.item`` template, change the status editing bit from::
1776 <th nowrap>Status</th>
1777 <td tal:content="structure context/status/menu">status</td>
1779 to::
1781 <th nowrap>Status</th>
1782 <td>
1783 <select tal:condition="context/id" name="status">
1784 <tal:block tal:define="ok context/status/transitions"
1785 tal:repeat="state db/status/list">
1786 <option tal:condition="python:state.id in ok"
1787 tal:attributes="value state/id;
1788 selected python:state.id == context.status.id"
1789 tal:content="state/name"></option>
1790 </tal:block>
1791 </select>
1792 <tal:block tal:condition="not:context/id"
1793 tal:replace="structure context/status/menu" />
1794 </td>
1796 which displays only the allowed status to transition to.
1799 Displaying entire message contents in the issue display
1800 -------------------------------------------------------
1802 Alter the issue.item template section for messages to::
1804 <table class="messages" tal:condition="context/messages">
1805 <tr><th colspan=3 class="header">Messages</th></tr>
1806 <tal:block tal:repeat="msg context/messages/reverse">
1807 <tr>
1808 <th><a tal:attributes="href string:msg${msg/id}"
1809 tal:content="string:msg${msg/id}"></a></th>
1810 <th tal:content="string:Author: ${msg/author}">author</th>
1811 <th tal:content="string:Date: ${msg/date}">date</th>
1812 </tr>
1813 <tr>
1814 <td colspan="3" class="content">
1815 <pre tal:content="msg/content">content</pre>
1816 </td>
1817 </tr>
1818 </tal:block>
1819 </table>
1821 Restricting the list of users that are assignable to a task
1822 -----------------------------------------------------------
1824 1. create a new Role, say "Developer"::
1826 db.security.addRole(name='Developer', description='A developer')
1828 2. create a new Permission, say "Fixer", specific to "issue"::
1830 p = db.security.addPermission(name='Fixer', klass='issue',
1831 description='User is allowed to be assigned to fix issues')
1833 3. assign the new Permission to your "Developer" Role::
1835 db.security.addPermissionToRole('Developer', p)
1837 4. use the new Permission in restricting the "assignedto" list in the issue
1838 item edit page::
1840 <select name="assignedto">
1841 <option value="-1">- no selection -</option>
1842 <tal:block tal:repeat="user db/user/list">
1843 <option tal:condition="python:user.hasPermission('Fixer', context.classname)"
1844 tal:attributes="value user/id;
1845 selected python:user.id == context.assignedto"
1846 tal:content="user/realname"></option>
1847 </tal:block>
1848 </select>
1850 For extra security, you may wish to set up an auditor to enforce the
1851 Permission requirement::
1853 def assignedtoMustBeFixer(db, cl, nodeid, newvalues):
1854 ''' Ensure the assignedto value in newvalues is a used with the Fixer
1855 Permission
1856 '''
1857 if not newvalues.has_key('assignedto'):
1858 # don't care
1859 return
1861 # get the userid
1862 userid = newvalues['assignedto']
1863 if not db.security.hasPermission('Fixer', userid, cl.classname):
1864 raise ValueError, 'You do not have permission to edit %s'%cl.classname
1866 def init(db):
1867 db.issue.audit('set', assignedtoMustBeFixer)
1868 db.issue.audit('create', assignedtoMustBeFixer)
1870 So now, if the edit attempts to set the assignedto to a user that doesn't have
1871 the "Fixer" Permission, the error will be raised.
1874 -------------------
1876 Back to `Table of Contents`_
1878 .. _`Table of Contents`: index.html