summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e020ff9)
raw | patch | inline | side by side (parent: e020ff9)
author | richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
Mon, 7 Dec 2009 05:13:27 +0000 (05:13 +0000) | ||
committer | richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
Mon, 7 Dec 2009 05:13:27 +0000 (05:13 +0000) |
the user is editing an existing db node. If not then check Create.
Fix some tests that were broken by the new assertions, the Create ->
Register change and finally for the new "not registered" message.
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4405 57a73879-2fb5-44c3-a270-3262357dd7e2
Fix some tests that were broken by the new assertions, the Create ->
Register change and finally for the new "not registered" message.
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4405 57a73879-2fb5-44c3-a270-3262357dd7e2
CHANGES.txt | patch | blob | history | |
roundup/mailgw.py | patch | blob | history | |
test/db_test_base.py | patch | blob | history | |
test/test_mailgw.py | patch | blob | history |
diff --git a/CHANGES.txt b/CHANGES.txt
index 566383a1b8bd579e9d293da8076c191c847f2c70..37f6709bd15a99074eaca6b086a979d5ed2886f7 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
This file contains the changes to the Roundup system over time. The entries
are given with the most recent entry first.
This file contains the changes to the Roundup system over time. The entries
are given with the most recent entry first.
-2009-XX-XX 1.4.XX (rXXXX)
+2009-12-XX 1.4.11 (rXXXX)
Features:
- Generic class editor may now restore retired items (thanks Ralf Hemmecke)
Features:
- Generic class editor may now restore retired items (thanks Ralf Hemmecke)
diff --git a/roundup/mailgw.py b/roundup/mailgw.py
index c9de63ae34d9b31af8c511ffdf936d7f2ae4c3e5..fb7b6a2e3ee796065580c80a38e2e8cf8ea7f080 100644 (file)
--- a/roundup/mailgw.py
+++ b/roundup/mailgw.py
#
# handle the attachments
#
#
# handle the attachments
#
- if properties.has_key('files'):
- files = []
+ files = []
+ if attachments and properties.has_key('files'):
for (name, mime_type, data) in attachments:
if not self.db.security.hasPermission('Create', author, 'file'):
raise Unauthorized, _(
for (name, mime_type, data) in attachments:
if not self.db.security.hasPermission('Create', author, 'file'):
raise Unauthorized, _(
pass
else:
files.append(fileid)
pass
else:
files.append(fileid)
- # attach the files to the issue
- if not self.db.security.hasPermission('Edit', author,
+ # allowed to attach the files to an existing node?
+ if nodeid and not self.db.security.hasPermission('Edit', author,
classname, 'files'):
raise Unauthorized, _(
'You are not permitted to add files to %(classname)s.'
classname, 'files'):
raise Unauthorized, _(
'You are not permitted to add files to %(classname)s.'
Mail message was rejected by a detector.
%(error)s
""") % locals()
Mail message was rejected by a detector.
%(error)s
""") % locals()
- # attach the message to the node
- if not self.db.security.hasPermission('Edit', author,
+ # allowed to attach the message to the existing node?
+ if nodeid and not self.db.security.hasPermission('Edit', author,
classname, 'messages'):
raise Unauthorized, _(
'You are not permitted to add messages to %(classname)s.'
classname, 'messages'):
raise Unauthorized, _(
'You are not permitted to add messages to %(classname)s.'
if not props.has_key(prop) :
props[prop] = issue_props[prop]
if not props.has_key(prop) :
props[prop] = issue_props[prop]
- # Check permissions for each property
- for prop in props.keys():
- if not self.db.security.hasPermission('Edit', author,
- classname, prop):
- raise Unauthorized, _('You are not permitted to edit '
- 'property %(prop)s of class %(classname)s.') % locals()
-
if nodeid:
if nodeid:
+ # Check permissions for each property
+ for prop in props.keys():
+ if not self.db.security.hasPermission('Edit', author,
+ classname, prop):
+ raise Unauthorized, _('You are not permitted to edit '
+ 'property %(prop)s of class %(classname)s.') % locals()
cl.set(nodeid, **props)
else:
cl.set(nodeid, **props)
else:
+ # Check permissions for each property
+ for prop in props.keys():
+ if not self.db.security.hasPermission('Create', author,
+ classname, prop):
+ raise Unauthorized, _('You are not permitted to set '
+ 'property %(prop)s of class %(classname)s.') % locals()
nodeid = cl.create(**props)
except (TypeError, IndexError, ValueError, exceptions.Reject), message:
raise MailUsageError, _("""
nodeid = cl.create(**props)
except (TypeError, IndexError, ValueError, exceptions.Reject), message:
raise MailUsageError, _("""
diff --git a/test/db_test_base.py b/test/db_test_base.py
index d5cada9fb4d3819bcc0aebde4a7242fa1c4e5fae..356fb7e56ef19e248b19a7898188394570dbf2cb 100644 (file)
--- a/test/db_test_base.py
+++ b/test/db_test_base.py
priority.create(name="bug", order="1")
db.commit()
priority.create(name="bug", order="1")
db.commit()
+ # nosy tests require this
+ db.security.addPermissionToRole('User', 'View', 'msg')
+
class MyTestCase(unittest.TestCase):
def tearDown(self):
if hasattr(self, 'db'):
class MyTestCase(unittest.TestCase):
def tearDown(self):
if hasattr(self, 'db'):
diff --git a/test/test_mailgw.py b/test/test_mailgw.py
index d763fb98701dccf40f699ff34b493a0d6bacb8aa..251b47cde591f84dbf720ffbf94d4ad2dd305be5 100644 (file)
--- a/test/test_mailgw.py
+++ b/test/test_mailgw.py
# Add Web Access role to anonymous, and try again to make sure
# we get a "please register at:" message this time.
p = [
# Add Web Access role to anonymous, and try again to make sure
# we get a "please register at:" message this time.
p = [
- db.security.getPermission('Create', 'user'),
+ db.security.getPermission('Register', 'user'),
db.security.getPermission('Web Access', None),
]
db.security.role['anonymous'].permissions=p
db.security.getPermission('Web Access', None),
]
db.security.role['anonymous'].permissions=p
''' set up callback for db open '''
# now with the permission
p = [
''' set up callback for db open '''
# now with the permission
p = [
- db.security.getPermission('Create', 'user'),
+ db.security.getPermission('Register', 'user'),
db.security.getPermission('Email Access', None),
]
db.security.role['anonymous'].permissions=p
db.security.getPermission('Email Access', None),
]
db.security.role['anonymous'].permissions=p
m.sort()
self.assertNotEqual(l, m)
m.sort()
self.assertNotEqual(l, m)
- def testNewUserAuthorHighBit(self):
+ def testNewUserAuthorEncodedName(self):
l = set(self.db.user.list())
# From: name has Euro symbol in it
message = '''Content-Type: text/plain;
l = set(self.db.user.list())
# From: name has Euro symbol in it
message = '''Content-Type: text/plain;
def hook (db, **kw):
''' set up callback for db open '''
p = [
def hook (db, **kw):
''' set up callback for db open '''
p = [
- db.security.getPermission('Create', 'user'),
+ db.security.getPermission('Register', 'user'),
db.security.getPermission('Email Access', None),
db.security.getPermission('Email Access', None),
+ db.security.getPermission('Create', 'issue'),
+ db.security.getPermission('Create', 'msg'),
]
]
- db.security.role['anonymous'].permissions=p
+ db.security.role['anonymous'].permissions = p
self.instance.schema_hook = hook
self._handle_mail(message)
m = set(self.db.user.list())
self.instance.schema_hook = hook
self._handle_mail(message)
m = set(self.db.user.list())
-You are not a registered user.
+You are not a registered user. Please register at:
+
+http://tracker.example/cgi-bin/roundup.cgi/bugs/user?template=register
+
+...before sending mail to the tracker.
Unknown address: nonexisting@bork.bork.bork
Unknown address: nonexisting@bork.bork.bork