2 #
3 # TRACKER SCHEMA
4 #
6 # Class automatically gets these properties:
7 # creation = Date()
8 # activity = Date()
9 # creator = Link('user')
10 # actor = Link('user')
12 # Priorities
13 pri = Class(db, "priority",
14 name=String(),
15 order=Number())
16 pri.setkey("name")
18 # Statuses
19 stat = Class(db, "status",
20 name=String(),
21 order=Number())
22 stat.setkey("name")
24 # Keywords
25 keyword = Class(db, "keyword",
26 name=String())
27 keyword.setkey("name")
29 # User-defined saved searches
30 query = Class(db, "query",
31 klass=String(),
32 name=String(),
33 url=String(),
34 private_for=Link('user'))
36 # add any additional database schema configuration here
38 user = Class(db, "user",
39 username=String(),
40 password=Password(),
41 address=String(),
42 realname=String(),
43 phone=String(),
44 organisation=String(),
45 alternate_addresses=String(),
46 queries=Multilink('query'),
47 roles=String(), # comma-separated string of Role names
48 timezone=String())
49 user.setkey("username")
51 # FileClass automatically gets this property in addition to the Class ones:
52 # content = String() [saved to disk in <tracker home>/db/files/]
53 # type = String() [MIME type of the content, default 'text/plain']
54 msg = FileClass(db, "msg",
55 author=Link("user", do_journal='no'),
56 recipients=Multilink("user", do_journal='no'),
57 date=Date(),
58 summary=String(),
59 files=Multilink("file"),
60 messageid=String(),
61 inreplyto=String())
63 file = FileClass(db, "file",
64 name=String())
66 # IssueClass automatically gets these properties in addition to the Class ones:
67 # title = String()
68 # messages = Multilink("msg")
69 # files = Multilink("file")
70 # nosy = Multilink("user")
71 # superseder = Multilink("issue")
72 issue = IssueClass(db, "issue",
73 assignedto=Link("user"),
74 keyword=Multilink("keyword"),
75 priority=Link("priority"),
76 status=Link("status"))
78 #
79 # TRACKER SECURITY SETTINGS
80 #
81 # See the configuration and customisation document for information
82 # about security setup.
84 #
85 # REGULAR USERS
86 #
87 # Give the regular users access to the web and email interface
88 db.security.addPermissionToRole('User', 'Web Access')
89 db.security.addPermissionToRole('User', 'Email Access')
91 # Assign the access and edit Permissions for issue, file and message
92 # to regular users now
93 for cl in 'issue', 'file', 'msg', 'keyword':
94 db.security.addPermissionToRole('User', 'View', cl)
95 db.security.addPermissionToRole('User', 'Edit', cl)
96 db.security.addPermissionToRole('User', 'Create', cl)
97 for cl in 'priority', 'status':
98 db.security.addPermissionToRole('User', 'View', cl)
100 # May users view other user information? Comment these lines out
101 # if you don't want them to
102 db.security.addPermissionToRole('User', 'View', 'user')
104 # Users should be able to edit their own details -- this permission is
105 # limited to only the situation where the Viewed or Edited item is their own.
106 def own_record(db, userid, itemid):
107 '''Determine whether the userid matches the item being accessed.'''
108 return userid == itemid
109 p = db.security.addPermission(name='View', klass='user', check=own_record,
110 description="User is allowed to view their own user details")
111 db.security.addPermissionToRole('User', p)
112 p = db.security.addPermission(name='Edit', klass='user', check=own_record,
113 description="User is allowed to edit their own user details")
114 db.security.addPermissionToRole('User', p)
116 # Users should be able to edit and view their own queries. They should also
117 # be able to view any marked as not private. They should not be able to
118 # edit others' queries, even if they're not private
119 def view_query(db, userid, itemid):
120 private_for = db.query.get(itemid, 'private_for')
121 if not private_for: return True
122 return userid == private_for
123 def edit_query(db, userid, itemid):
124 return userid == db.query.get(itemid, 'creator')
125 p = db.security.addPermission(name='View', klass='query', check=view_query,
126 description="User is allowed to view their own and public queries")
127 db.security.addPermissionToRole('User', p)
128 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
129 description="User is allowed to edit their queries")
130 db.security.addPermissionToRole('User', p)
131 p = db.security.addPermission(name='Create', klass='query',
132 description="User is allowed to create queries")
133 db.security.addPermissionToRole('User', p)
136 #
137 # ANONYMOUS USER PERMISSIONS
138 #
139 # Let anonymous users access the web interface. Note that almost all
140 # trackers will need this Permission. The only situation where it's not
141 # required is in a tracker that uses an HTTP Basic Authenticated front-end.
142 db.security.addPermissionToRole('Anonymous', 'Web Access')
144 # Let anonymous users access the email interface (note that this implies
145 # that they will be registered automatically, hence they will need the
146 # "Create" user Permission below)
147 # This is disabled by default to stop spam from auto-registering users on
148 # public trackers.
149 #db.security.addPermissionToRole('Anonymous', 'Email Access')
151 # Assign the appropriate permissions to the anonymous user's Anonymous
152 # Role. Choices here are:
153 # - Allow anonymous users to register
154 db.security.addPermissionToRole('Anonymous', 'Create', 'user')
156 # Allow anonymous users access to view issues (and the related, linked
157 # information)
158 for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status':
159 db.security.addPermissionToRole('Anonymous', 'View', cl)
161 # [OPTIONAL]
162 # Allow anonymous users access to create or edit "issue" items (and the
163 # related file and message items)
164 #for cl in 'issue', 'file', 'msg':
165 # db.security.addPermissionToRole('Anonymous', 'Create', cl)
166 # db.security.addPermissionToRole('Anonymous', 'Edit', cl)
169 # vim: set filetype=python sts=4 sw=4 et si :