[tokkee]

tokkee.org

Code

projects / roundup.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- Add explicit "Search" permissions, see Security Fix below.
[roundup.git] / share / roundup / templates / classic / schema.py
diff --git a/share/roundup/templates/classic/schema.py b/share/roundup/templates/classic/schema.py
index a0060a9586173edde5e0d35907233f7270dd9c06..af765a8650e2e8d0cd413ad5de41a9b2b13fa7ce 100644 (file)
--- a/share/roundup/templates/classic/schema.py
+++ b/share/roundup/templates/classic/schema.py
@@ -129,6 +129,8 @@ def edit_query(db, userid, itemid):
 p = db.security.addPermission(name='View', klass='query', check=view_query,
     description="User is allowed to view their own and public queries")
 db.security.addPermissionToRole('User', p)
+p = db.security.addPermission(name='Search', klass='query')
+db.security.addPermissionToRole('User', p)
 p = db.security.addPermission(name='Edit', klass='query', check=edit_query,
     description="User is allowed to edit their queries")
 db.security.addPermissionToRole('User', p)
Roundup Issue Tracker (SVN clone)