From: richard Date: Mon, 16 Sep 2002 04:28:59 +0000 (+0000) Subject: more doc X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=dc1f0ec0264fc0a2ea3d68d0c53b1f89b9cdcb61;p=roundup.git more doc git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1173 57a73879-2fb5-44c3-a270-3262357dd7e2 --- diff --git a/doc/customizing.txt b/doc/customizing.txt index 6b6df79..0958c48 100644 --- a/doc/customizing.txt +++ b/doc/customizing.txt @@ -2,7 +2,7 @@ Customising Roundup =================== -:Version: $Revision: 1.37 $ +:Version: $Revision: 1.38 $ .. This document borrows from the ZopeBook section on ZPT. The original is at: http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx @@ -1847,11 +1847,28 @@ Restricting the list of users that are assignable to a task -For extra security, you may wish to overload the hasEditItemPermission method -on your tracker's interfaces.Client class to enforce the Permission -requirement:: - -XXX +For extra security, you may wish to set up an auditor to enforce the +Permission requirement:: + + def assignedtoMustBeFixer(db, cl, nodeid, newvalues): + ''' Ensure the assignedto value in newvalues is a used with the Fixer + Permission + ''' + if not newvalues.has_key('assignedto'): + # don't care + return + + # get the userid + userid = newvalues['assignedto'] + if not db.security.hasPermission('Fixer', userid, cl.classname): + raise ValueError, 'You do not have permission to edit %s'%cl.classname + + def init(db): + db.issue.audit('set', assignedtoMustBeFixer) + db.issue.audit('create', assignedtoMustBeFixer) + +So now, if the edit attempts to set the assignedto to a user that doesn't have +the "Fixer" Permission, the error will be raised. -------------------