From ba5d614e57b767e57f7ff05600a7258eefc7937a Mon Sep 17 00:00:00 2001 From: richard Date: Fri, 6 Sep 2002 03:21:30 +0000 Subject: [PATCH] more docco... and we need to check for web access Permission! git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1077 57a73879-2fb5-44c3-a270-3262357dd7e2 --- TODO.txt | 5 +- doc/customizing.txt | 82 +++++++++++++++++++++++- roundup/cgi/client.py | 4 +- roundup/templates/classic/html/user.item | 2 + 4 files changed, 89 insertions(+), 4 deletions(-) diff --git a/TODO.txt b/TODO.txt index b7b3abb..d4e9a20 100644 --- a/TODO.txt +++ b/TODO.txt @@ -47,14 +47,15 @@ pending web: search "refinement" query values pending web: have roundup.cgi pick up instance config from the environment pending web: UNIX init.d script for roundup-server -pending web: rewritten documentation (can come after the beta though so stuff - is settled) pending web: modify cgitb to handle PageTemplate errors better (see how Zope handles __traceback_supplement__ and __traceback_info__) pending web: title is stoopid +pending web: rewritten documentation (can come after the beta though so stuff + is settled) ... including relevant file names in customisation doc bug: request.url is incorrect in cgi-bin environments + done web: Re-enable link backrefs from messages (feature request #568714) (RJ) done web: have the page layout (header/footer) be templatable (RJ) done web: fixing the templating so it works (RJ) diff --git a/doc/customizing.txt b/doc/customizing.txt index 256583b..cf75193 100644 --- a/doc/customizing.txt +++ b/doc/customizing.txt @@ -2,7 +2,7 @@ Customising Roundup =================== -:Version: $Revision: 1.17 $ +:Version: $Revision: 1.18 $ .. contents:: @@ -675,6 +675,86 @@ which defaults to: - only classname suplied: "index" - full item designator supplied: "item" +Actions are triggered by using a ``:action`` CGI variable, where the value is +one of: + +login + Attempt to log a user in. +logout + Log the user out - make them "anonymous". +register + Attempt to create a new user based on the contents of the form and then log + them in. +edit + Perform an edit of an item in the database. There are some special form + elements you may use: + + :link=designator:property and :multilink=designator:property + The value specifies a node designator and the property on that + node to add _this_ node to as a link or multilink. + __note + Create a message and attach it to the current node's + "messages" property. + __file + Create a file and attach it to the current node's + "files" property. Attach the file to the message created from + the __note if it's supplied. + :required=property,property,... + The named properties are required to be filled in the form. + +new + Add a new item to the database. You may use the same special form elements + as in the "edit" action. + +editCSV + Performs an edit of all of a class' items in one go. See also the + *class*.csv templating method which generates the CSV data to be edited, and + the "_generic.index" template which uses both of these features. + +search + Mangle some of the form variables. + + Set the form ":filter" variable based on the values of the + filter variables - if they're set to anything other than + "dontcare" then add them to :filter. + + Also handle the ":queryname" variable and save off the query to + the user's query list. + +Each of the actions is implemented by a corresponding *name*Action method on +the roundup.cgi.Client class, which also happens to be in your instance as +interfaces.Client. So if you need to define new actions, you may add them +there (see `definining new web actions`_). + +Each action also has a corresponding *name*Permission method which determines +whether the action is permissible given the current user. The base permission +checks are: + +login + XXX TODO +logout + No permission checks are made. +register + Determine whether the user has permission to register + Base behaviour is to check the user has "Web Registration". +edit + Determine whether the user has permission to edit this item. + Base behaviour is to check the user can edit this class. If we're + editing the "user" class, users are allowed to edit their own + details. Unless it's the "roles" property, which requires the + special Permission "Web Roles". +new + Determine whether the user has permission to create (edit) this item. + Base behaviour is to check the user can edit this class. No + additional property checks are made. Additionally, new user items + may be created if the user has the "Web Registration" Permission. +editCSV + Determine whether the user has permission to edit this class. + Base behaviour is to check the user can edit this class. +search + Determine whether the user has permission to search this class. + Base behaviour is to check the user can view this class. + Repurcussions of changing the instance schema ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py index 9fc4371..bb41f2e 100644 --- a/roundup/cgi/client.py +++ b/roundup/cgi/client.py @@ -1,4 +1,4 @@ -# $Id: client.py,v 1.16 2002-09-05 23:48:55 richard Exp $ +# $Id: client.py,v 1.17 2002-09-06 03:21:30 richard Exp $ __doc__ = """ WWW request handler (also used in the stand-alone server). @@ -496,6 +496,8 @@ class Client: self.error_message.append(_('Incorrect password')) return + # XXX check for web access permission!!!! + # set the session cookie self.set_cookie(self.user, password) diff --git a/roundup/templates/classic/html/user.item b/roundup/templates/classic/html/user.item index dff2ee4..7e528b8 100644 --- a/roundup/templates/classic/html/user.item +++ b/roundup/templates/classic/html/user.item @@ -11,6 +11,8 @@ You are not allowed to view this page.
+ + -- 2.30.2
Name