diff --git a/roundup/security.py b/roundup/security.py
index 0d50318d524cc635e20ae5abab68f8aad54a2b48..58496f452a18d35648ecb9886c4dfbaa986cce83 100644 (file)
--- a/roundup/security.py
+++ b/roundup/security.py
+"""Handle the security declarations used in Roundup trackers.
+"""
+__docformat__ = 'restructuredtext'
+
import weakref
from roundup import hyperdb
- permissions
'''
def __init__(self, name='', description='', permissions=None):
- self.name = name
+ self.name = name.lower()
self.description = description
if permissions is None:
permissions = []
description="User may register through the email")
# initialise the permissions and roles needed for the UIs
- from roundup import cgi_client, mailgw
- cgi_client.initialiseSecurity(self)
+ from roundup.cgi import client
+ client.initialiseSecurity(self)
+ from roundup import mailgw
mailgw.initialiseSecurity(self)
def getPermission(self, permission, classname=None):
'''
if not self.permission.has_key(permission):
raise ValueError, 'No permission "%s" defined'%permission
+
+ # look through all the permissions of the given name
for perm in self.permission[permission]:
+ # if we're passed a classname, the permission must match
if perm.klass is not None and perm.klass == classname:
return perm
+ # otherwise the permission klass must be unset
elif not perm.klass and not classname:
return perm
raise ValueError, 'No permission "%s" defined for "%s"'%(permission,
roles = self.db.user.get(userid, 'roles')
if roles is None:
return 0
- for rolename in roles.split(','):
- if not rolename:
+ for rolename in [x.lower().strip() for x in roles.split(',')]:
+ if not rolename or not self.role.has_key(rolename):
continue
+ # for each of the user's Roles, check the permissions
for perm in self.role[rolename].permissions:
- if perm.klass is None or perm.klass == classname:
- return 1
+ # permission name match?
+ if perm.name == permission:
+ # permission klass match?
+ if perm.klass is None or perm.klass == classname:
+ # we have a winner
+ return 1
return 0
def hasNodePermission(self, classname, nodeid, **propspec):
'rolename' is the name of the role to add the permission to.
'''
- role = self.role[rolename]
+ role = self.role[rolename.lower()]
role.permissions.append(permission)
+# vim: set filetype=python ts=4 sw=4 et si