From 82254374e5abbaede04ff126d401f97a16032a25 Mon Sep 17 00:00:00 2001 From: schlatterbeck Date: Fri, 29 Oct 2010 10:41:39 +0000 Subject: [PATCH] Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck) git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4558 57a73879-2fb5-44c3-a270-3262357dd7e2 --- CHANGES.txt | 1 + doc/xmlrpc.txt | 8 ++++++++ roundup/xmlrpc.py | 9 +++++++++ 3 files changed, 18 insertions(+) diff --git a/CHANGES.txt b/CHANGES.txt index 5cd7a38..37d9892 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -7,6 +7,7 @@ Richard Jones did the change. Features: - Add explicit "Search" permissions, see Security Fix below. +- Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck) Fixed: diff --git a/doc/xmlrpc.txt b/doc/xmlrpc.txt index c054715..e035372 100644 --- a/doc/xmlrpc.txt +++ b/doc/xmlrpc.txt @@ -65,6 +65,12 @@ set arguments: *designator, arg_1 ... arg_N* ``designator``. The new values are specified in ``arg_1`` through ``arg_N``. The arguments are name=value pairs (e.g. ``status='3'``). +lookup arguments: *classname, key_value* + + looks up the key_value for the given class. The class needs to + have a key and the user needs search permission on the key + attribute and id for the given classname. + filter arguments: *classname, list or None, attributes* list can be None (requires ``allow_none=True`` when @@ -100,3 +106,5 @@ sample python client [] >>> roundup_server.filter('user',[],{'username':'adm'}) [] + >>> roundup_server.lookup('user','admin') + '1' diff --git a/roundup/xmlrpc.py b/roundup/xmlrpc.py index 9dda5f8..0b85ab9 100644 --- a/roundup/xmlrpc.py +++ b/roundup/xmlrpc.py @@ -99,6 +99,15 @@ class RoundupInstance: x = [id for id in result if check('View', uid, classname, itemid=id)] return x + def lookup(self, classname, key): + cl = self.db.getclass(classname) + uid = self.db.getuid() + prop = cl.getkey() + check = self.db.security.hasSearchPermission + if not check(uid, classname, 'id') or not check(uid, classname, prop): + raise Unauthorised('Permission to search %s denied'%classname) + return cl.lookup(key) + def display(self, designator, *properties): classname, itemid = hyperdb.splitDesignator(designator) cl = self.db.getclass(classname) -- 2.30.2