Home / Browse / Roundup Issue Tracker / Mail / Archive

Roundup Issue Tracker

Email Archive: roundup-checkins (read-only)

2001:	_Jan	_Feb	_Mar	_Apr	_May	_Jun	_Jul (226)	_Aug (123)	_Sep (22)	_Oct (143)	_Nov (135)	_Dec (92)
2002:	_Jan (205)	_Feb (118)	_Mar (29)	_Apr (57)	_May (133)	_Jun (71)	_Jul (209)	_Aug (94)	_Sep (467)	_Oct (139)	_Nov (38)	_Dec (63)
2003:	_Jan (125)	_Feb (150)	_Mar (159)	_Apr (106)	_May (50)	_Jun (87)	_Jul (23)	_Aug (103)	_Sep (78)	_Oct (87)	_Nov (116)	_Dec (58)
2004:	_Jan (57)	_Feb (117)	_Mar (213)	_Apr (136)	_May (246)	_Jun (254)	_Jul (234)	_Aug (26)	_Sep (61)	_Oct (191)	_Nov (199)	_Dec (80)
2005:	_Jan (196)	_Feb (204)	_Mar (46)	_Apr (115)	_May (63)	_Jun (66)	_Jul (52)	_Aug (4)	_Sep (20)	_Oct (16)	_Nov (3)	_Dec (24)
2006:	_Jan (165)	_Feb (93)	_Mar (40)	_Apr (44)	_May (11)	_Jun (37)	_Jul (39)	_Aug (96)	_Sep (19)	_Oct (36)	_Nov (68)	_Dec (51)
2007:	_Jan (18)	_Feb (12)	_Mar (22)	_Apr (26)	_May (9)	_Jun (3)	_Jul (3)	_Aug (25)	_Sep (83)	_Oct (12)	_Nov (31)	_Dec (9)
2008:	_Jan (6)	_Feb (26)	_Mar (12)	_Apr (1)	_May	_Jun	_Jul (5)	_Aug (64)	_Sep (19)	_Oct	_Nov	_Dec (1)
2009:	_Jan	_Feb (97)	_Mar (36)	_Apr	_May (1)	_Jun (28)	_Jul (96)	_Aug (15)	_Sep (8)	_Oct (26)	_Nov (10)	_Dec (23)
2010:	_Jan (20)	_Feb (30)	_Mar (5)	_Apr (7)	_May (2)	_Jun (2)	_Jul (25)	_Aug (9)	_Sep (9)	_Oct (33)	_Nov (16)	_Dec (1)
2011:	_Jan (1)	_Feb (1)	_Mar (5)	_Apr (18)	_May (12)	_Jun (8)	_Jul (20)	_Aug (2)	_Sep (6)	_Oct (17)	_Nov	_Dec
2012:	_Jan	_Feb (1)	_Mar	_Apr (16)	_May (6)	_Jun (4)	_Jul (12)	_Aug (6)	_Sep (6)	_Oct (7)	_Nov (34)	_Dec (49)
2013:	_Jan (58)	_Feb (35)	_Mar (12)	_Apr (15)	_May (6)	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec


S	M	T	W	T	F	S
					1	2

3	4	5	6	7	8	9
	(1)	(1)	(5)	(5)	(3)
10	11	12	13	14	15	16
		(1)
17	18	19	20	21	22	23
	(1)	(2)	(6)	(4)	(1)
24	25	26	27	28	29	30
					(1)
31
(2)

[Roundup-checkins] SF.net SVN: roundup:[4556] roundup/trunk/roundup

From: <schlatterbeck@us...> - 2010-10-21 20:31

Revision: 4556
          http://roundup.svn.sourceforge.net/roundup/?rev=4556&view=rev
Author:   schlatterbeck
Date:     2010-10-21 20:31:13 +0000 (Thu, 21 Oct 2010)

Log Message:
-----------
python2.3 compatibility fixes

Modified Paths:
--------------
    roundup/trunk/roundup/backends/back_anydbm.py
    roundup/trunk/roundup/roundupdb.py

Added Paths:
-----------
    roundup/trunk/roundup/anypy/email_.py

Added: roundup/trunk/roundup/anypy/email_.py
===================================================================
--- roundup/trunk/roundup/anypy/email_.py	                        (rev 0)
+++ roundup/trunk/roundup/anypy/email_.py	2010-10-21 20:31:13 UTC (rev 4556)
@@ -0,0 +1,19 @@
+try:
+    # Python 2.5+
+    from email.parser import FeedParser
+except ImportError:
+    # Python 2.4
+    try :
+        from email.Parser import FeedParser
+    except ImportError:
+        from email.Parser import Parser
+        class FeedParser:
+            def __init__(self):
+                self.content = []
+
+            def feed(self, s):
+                self.content.append(s)
+
+            def close(self):
+                p = Parser()
+                return p.parsestr(''.join(self.content))

Modified: roundup/trunk/roundup/backends/back_anydbm.py
===================================================================
--- roundup/trunk/roundup/backends/back_anydbm.py	2010-10-21 19:53:51 UTC (rev 4555)
+++ roundup/trunk/roundup/backends/back_anydbm.py	2010-10-21 20:31:13 UTC (rev 4556)
@@ -158,7 +158,9 @@
 
     def getclasses(self):
         """Return a list of the names of all existing classes."""
-        return sorted(self.classes)
+        l = self.classes.keys()
+        l.sort()
+        return l
 
     def getclass(self, classname):
         """Get the Class object representing a particular class.

Modified: roundup/trunk/roundup/roundupdb.py
===================================================================
--- roundup/trunk/roundup/roundupdb.py	2010-10-21 19:53:51 UTC (rev 4555)
+++ roundup/trunk/roundup/roundupdb.py	2010-10-21 20:31:13 UTC (rev 4556)
@@ -31,12 +31,7 @@
 from email.MIMEText import MIMEText
 from email.MIMEBase import MIMEBase
 
-try:
-    # Python 2.5+
-    from email.parser import FeedParser
-except ImportError:
-    # Python 2.4
-    from email.Parser import FeedParser
+from anypy.email_ import FeedParser
 
 from roundup import password, date, hyperdb
 from roundup.i18n import _


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Roundup-checkins] SF.net SVN: roundup:[4555] roundup/trunk/test

From: <schlatterbeck@us...> - 2010-10-21 19:53

Revision: 4555
          http://roundup.svn.sourceforge.net/roundup/?rev=4555&view=rev
Author:   schlatterbeck
Date:     2010-10-21 19:53:51 +0000 (Thu, 21 Oct 2010)

Log Message:
-----------
fix broken tests by adding additional permissions now that we check for
permission on the destination class of a Link/Multilink when
searching...

Modified Paths:
--------------
    roundup/trunk/test/test_cgi.py
    roundup/trunk/test/test_xmlrpc.py

Modified: roundup/trunk/test/test_cgi.py
===================================================================
--- roundup/trunk/test/test_cgi.py	2010-10-21 19:19:58 UTC (rev 4554)
+++ roundup/trunk/test/test_cgi.py	2010-10-21 19:53:51 UTC (rev 4555)
@@ -741,6 +741,10 @@
         p = self.db.security.addPermission(name='View', klass='iss',
             properties=("title", "status"), check=lambda x,y,z: True)
         self.db.security.addPermissionToRole('User', p)
+        # Allow all relevant roles access to stat
+        p = self.db.security.addPermission(name='View', klass='stat')
+        self.db.security.addPermissionToRole('User', p)
+        self.db.security.addPermissionToRole('Project', p)
         # Allow role "Project" access to whole iss
         p = self.db.security.addPermission(name='View', klass='iss')
         self.db.security.addPermissionToRole('Project', p)

Modified: roundup/trunk/test/test_xmlrpc.py
===================================================================
--- roundup/trunk/test/test_xmlrpc.py	2010-10-21 19:19:58 UTC (rev 4554)
+++ roundup/trunk/test/test_xmlrpc.py	2010-10-21 19:53:51 UTC (rev 4555)
@@ -134,6 +134,10 @@
         # Allow role "Project" access to whole issue
         p = self.db.security.addPermission(name='View', klass='issue')
         self.db.security.addPermissionToRole('Project', p)
+        # Allow all access to status:
+        p = self.db.security.addPermission(name='View', klass='status')
+        self.db.security.addPermissionToRole('User', p)
+        self.db.security.addPermissionToRole('Project', p)
 
         keyword = self.db.keyword
         status = self.db.status


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Roundup-checkins] SF.net SVN: roundup:[4553] roundup/trunk

From: <schlatterbeck@us...> - 2010-10-21 08:59

Revision: 4553
          http://roundup.svn.sourceforge.net/roundup/?rev=4553&view=rev
Author:   schlatterbeck
Date:     2010-10-21 08:59:43 +0000 (Thu, 21 Oct 2010)

Log Message:
-----------
more fixes to search permissions:
- require that for links and multilinks the searching user has access to
  at least the orderprop, labelprop, and ID of the linked class
- allow combinations of roles: we previosly required that for transitive
  properties all elements where searchable by the same role. We now
  allow that the roles can be different for each property. This allows
  assigning different roles to different sub-systems and allowing users
  having all required roles to search across subsystems.
- regression test updated
- fix doc/upgrading example for new signature of roleHasSearchPermission

Modified Paths:
--------------
    roundup/trunk/doc/upgrading.txt
    roundup/trunk/roundup/security.py
    roundup/trunk/test/test_security.py

Modified: roundup/trunk/doc/upgrading.txt
===================================================================
--- roundup/trunk/doc/upgrading.txt	2010-10-20 20:24:09 UTC (rev 4552)
+++ roundup/trunk/doc/upgrading.txt	2010-10-21 08:59:43 UTC (rev 4553)
@@ -47,7 +47,7 @@
             print "    Property:", p
             roles = []
             for role in sorted(db.security.role.iterkeys()):
-                if db.security.roleHasSearchPermission(role,cl,p):
+                if db.security.roleHasSearchPermission(cl,p,role):
                     roles.append(role)
             print "        roles may search:", ', '.join(roles)
 

Modified: roundup/trunk/roundup/security.py
===================================================================
--- roundup/trunk/roundup/security.py	2010-10-20 20:24:09 UTC (rev 4552)
+++ roundup/trunk/roundup/security.py	2010-10-21 08:59:43 UTC (rev 4553)
@@ -197,29 +197,54 @@
                     return 1
         return 0
 
-    def roleHasSearchPermission(self, rolename, classname, property):
-        """ For each of the user's Roles, check the permissions.
+    def roleHasSearchPermission(self, classname, property, *rolenames):
+        """ For each of the given roles, check the permissions.
             Property can be a transitive property.
         """
-        cn = classname
-        last = None
+        perms = []
+        # pre-compute permissions
+        for rn in rolenames :
+            for perm in self.role[rn].permissions:
+                perms.append(perm)
         # Note: break from inner loop means "found"
         #       break from outer loop means "not found"
+        cn = classname
+        prev = None
+        prop = None
+        Link = hyperdb.Link
+        Multilink = hyperdb.Multilink
         for propname in property.split('.'):
-            if last:
+            if prev:
                 try:
-                    cls = self.db.getclass(cn)
-                    lprop = cls.getprops()[last]
-                except KeyError:
+                    cn = prop.classname
+                except AttributeError:
                     break
-                cn = lprop.classname
-            last = propname
-            for perm in self.role[rolename].permissions:
+            prev = propname
+            try:
+                cls = self.db.getclass(cn)
+                prop = cls.getprops()[propname]
+            except KeyError:
+                break
+            for perm in perms:
                 if perm.searchable(cn, propname):
                     break
             else:
                 break
         else:
+            # for Link and Multilink require search permission on label-
+            # and order-properties and on ID
+            if isinstance(prop, Multilink) or isinstance(prop, Link):
+                try:
+                    cls = self.db.getclass(prop.classname)
+                except KeyError:
+                    return 0
+                props = dict.fromkeys(('id', cls.labelprop(), cls.orderprop()))
+                for p in props.iterkeys():
+                    for perm in perms:
+                        if perm.searchable(prop.classname, p):
+                            break
+                    else:
+                        return 0
             return 1
         return 0
 
@@ -243,13 +268,9 @@
            either no properties listed or the property must appear in
            the list.
         '''
-        for rolename in self.db.user.get_roles(userid):
-            if not rolename or not self.role.has_key(rolename):
-                continue
-            # for each of the user's Roles, check the permissions
-            if self.roleHasSearchPermission (rolename, classname, property):
-                return 1
-        return 0
+        roles = [r for r in self.db.user.get_roles(userid)
+                 if r and self.role.has_key(r)]
+        return self.roleHasSearchPermission (classname, property, *roles)
 
     def addPermission(self, **propspec):
         ''' Create a new Permission with the properties defined in

Modified: roundup/trunk/test/test_security.py
===================================================================
--- roundup/trunk/test/test_security.py	2010-10-20 20:24:09 UTC (rev 4552)
+++ roundup/trunk/test/test_security.py	2010-10-21 08:59:43 UTC (rev 4553)
@@ -183,21 +183,31 @@
         has = self.db.security.hasSearchPermission
         addRole = self.db.security.addRole
         addToRole = self.db.security.addPermissionToRole
+        addRole(name='User')
+        addRole(name='Anonymous')
+        addRole(name='Issue')
+        addRole(name='Msg')
+        addRole(name='UV')
         user = self.db.user.create(username='user1', roles='User')
         anon = self.db.user.create(username='anonymous', roles='Anonymous')
-        addRole(name='User')
-        addRole(name='Anonymous')
+        ui = self.db.user.create(username='user2', roles='Issue')
+        uim = self.db.user.create(username='user3', roles='Issue,Msg')
+        uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV')
         iv = add(name="View", klass="issue")
         addToRole('User', iv)
         addToRole('Anonymous', iv)
+        addToRole('Issue', iv)
         ms = add(name="Search", klass="msg")
         addToRole('User', ms)
         addToRole('Anonymous', ms)
-        addToRole('User', add(name="View", klass="user"))
+        addToRole('Msg', ms)
+        uv = add(name="View", klass="user")
+        addToRole('User', uv)
+        addToRole('UV', uv)
         self.assertEquals(has(anon, 'issue', 'messages'), 1)
-        self.assertEquals(has(anon, 'issue', 'messages.author'), 1)
+        self.assertEquals(has(anon, 'issue', 'messages.author'), 0)
         self.assertEquals(has(anon, 'issue', 'messages.author.username'), 0)
-        self.assertEquals(has(anon, 'issue', 'messages.recipients'), 1)
+        self.assertEquals(has(anon, 'issue', 'messages.recipients'), 0)
         self.assertEquals(has(anon, 'issue', 'messages.recipients.username'), 0)
         self.assertEquals(has(user, 'issue', 'messages'), 1)
         self.assertEquals(has(user, 'issue', 'messages.author'), 1)
@@ -205,6 +215,24 @@
         self.assertEquals(has(user, 'issue', 'messages.recipients'), 1)
         self.assertEquals(has(user, 'issue', 'messages.recipients.username'), 1)
 
+        self.assertEquals(has(ui, 'issue', 'messages'), 0)
+        self.assertEquals(has(ui, 'issue', 'messages.author'), 0)
+        self.assertEquals(has(ui, 'issue', 'messages.author.username'), 0)
+        self.assertEquals(has(ui, 'issue', 'messages.recipients'), 0)
+        self.assertEquals(has(ui, 'issue', 'messages.recipients.username'), 0)
+
+        self.assertEquals(has(uim, 'issue', 'messages'), 1)
+        self.assertEquals(has(uim, 'issue', 'messages.author'), 0)
+        self.assertEquals(has(uim, 'issue', 'messages.author.username'), 0)
+        self.assertEquals(has(uim, 'issue', 'messages.recipients'), 0)
+        self.assertEquals(has(uim, 'issue', 'messages.recipients.username'), 0)
+
+        self.assertEquals(has(uimu, 'issue', 'messages'), 1)
+        self.assertEquals(has(uimu, 'issue', 'messages.author'), 1)
+        self.assertEquals(has(uimu, 'issue', 'messages.author.username'), 1)
+        self.assertEquals(has(uimu, 'issue', 'messages.recipients'), 1)
+        self.assertEquals(has(uimu, 'issue', 'messages.recipients.username'), 1)
+
 def test_suite():
     suite = unittest.TestSuite()
     suite.addTest(unittest.makeSuite(PermissionTest))


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Roundup-checkins] SF.net SVN: roundup:[4554] roundup/trunk

From: <schlatterbeck@us...> - 2010-10-21 19:20

Revision: 4554
          http://roundup.svn.sourceforge.net/roundup/?rev=4554&view=rev
Author:   schlatterbeck
Date:     2010-10-21 19:19:58 +0000 (Thu, 21 Oct 2010)

Log Message:
-----------
Fix setting of sys.path when importing schema.py, fixes issue2550675,
thanks to Bryce L Nordgren for reporting.

Modified Paths:
--------------
    roundup/trunk/CHANGES.txt
    roundup/trunk/doc/acknowledgements.txt
    roundup/trunk/roundup/instance.py

Modified: roundup/trunk/CHANGES.txt
===================================================================
--- roundup/trunk/CHANGES.txt	2010-10-21 08:59:43 UTC (rev 4553)
+++ roundup/trunk/CHANGES.txt	2010-10-21 19:19:58 UTC (rev 4554)
@@ -19,6 +19,8 @@
   see doc/upgrading.txt for how to fix your trackers! (Ralf Schlatterbeck).
 - Some minor typos fixed in doc/customizing.txt (Thanks Ralf Hemmecke).
 - XML-RPC documentation now linked from the docs/index (Bernhard Reiter).
+- Fix setting of sys.path when importing schema.py, fixes issue2550675,
+  thanks to Bryce L Nordgren for reporting.
 
 2010-10-08 1.4.16 (r4541)
 

Modified: roundup/trunk/doc/acknowledgements.txt
===================================================================
--- roundup/trunk/doc/acknowledgements.txt	2010-10-21 08:59:43 UTC (rev 4553)
+++ roundup/trunk/doc/acknowledgements.txt	2010-10-21 19:19:58 UTC (rev 4554)
@@ -94,6 +94,7 @@
 Toni Mueller,
 Stefan Niederhauser,
 Truls E. Næss,
+Bryce L Nordgren,
 Patrick Ohly,
 Luke Opperman,
 Eddie Parker,

Modified: roundup/trunk/roundup/instance.py
===================================================================
--- roundup/trunk/roundup/instance.py	2010-10-21 08:59:43 UTC (rev 4553)
+++ roundup/trunk/roundup/instance.py	2010-10-21 19:19:58 UTC (rev 4554)
@@ -113,6 +113,9 @@
             'db': backend.Database(self.config, name)
         }
 
+        libdir = os.path.join(self.tracker_home, 'lib')
+        if os.path.isdir(libdir):
+            sys.path.insert(1, libdir)
         if self.optimize:
             # execute preloaded schema object
             exec(self.schema, vars)
@@ -121,9 +124,6 @@
             # use preloaded detectors
             detectors = self.detectors
         else:
-            libdir = os.path.join(self.tracker_home, 'lib')
-            if os.path.isdir(libdir):
-                sys.path.insert(1, libdir)
             # execute the schema file
             self._load_python('schema.py', vars)
             if callable (self.schema_hook):
@@ -132,8 +132,8 @@
             for extension in self.get_extensions('extensions'):
                 extension(self)
             detectors = self.get_extensions('detectors')
-            if libdir in sys.path:
-                sys.path.remove(libdir)
+        if libdir in sys.path:
+            sys.path.remove(libdir)
         db = vars['db']
         # apply the detectors
         for detector in detectors:


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.