[Python-checkins] r56569 - tracker/instances/python-dev-spambayes-integration/schema.py

erik.forsberg python-checkins at python.org
Fri Jul 27 15:20:57 CEST 2007 

Author: erik.forsberg
Date: Fri Jul 27 15:20:57 2007
New Revision: 56569

Modified:
   tracker/instances/python-dev-spambayes-integration/schema.py
Log:

Modified permissions to make sure msg/file instances classified as
spam may not be viewed by anonymous users.


Modified: tracker/instances/python-dev-spambayes-integration/schema.py
==============================================================================
--- tracker/instances/python-dev-spambayes-integration/schema.py	(original)
+++ tracker/instances/python-dev-spambayes-integration/schema.py	Fri Jul 27 15:20:57 2007
@@ -145,11 +145,42 @@
 ##########################
 # User permissions
 ##########################
-for cl in ('issue_type', 'severity', 'component',
-           'version', 'priority', 'status', 'resolution',
-           'issue', 'file', 'msg', 'keyword'):
-    db.security.addPermissionToRole('User', 'View', cl)
-    db.security.addPermissionToRole('Anonymous', 'View', cl)
+
+class may_view_spam:
+    def __init__(self, klassname):
+        self.klassname = klassname
+
+    def __call__(self, db, userid, itemid):
+        klass = db.getclass(self.klassname)
+        roles = set(db.user.get(userid, "roles").lower().split(","))
+        allowed = set(db.config.detectors['SPAMBAYES_MAY_VIEW_SPAM'].lower().split(","))
+        return bool(roles.intersection(allowed))
+
+for cl in ('file', 'msg'):
+    p = db.security.addPermission(name='View', klass=cl,
+                                  description="allowed to see metadata of file object regardless of spam status",
+                                  properties=('creation', 'activity',
+                                              'creator', 'actor',
+                                              'name', 'spambayes_score',
+                                              'spambayes_misclassified',
+                                              'author', 'recipients',
+                                              'date', 'files', 'messageid',
+                                              'inreplyto', 'type',
+                                              ))
+
+    db.security.addPermissionToRole('Anonymous', p)
+    db.security.addPermissionToRole('User', p)    
+    
+    
+    spamcheck = db.security.addPermission(name='View', klass=cl,
+                                          description="allowed to see metadata of file object regardless of spam status",
+                                          properties=('content', 'summary'),
+                                          check=may_view_spam(cl))
+    
+    db.security.addPermissionToRole('User', spamcheck)    
+    db.security.addPermissionToRole('Anonymous', spamcheck)
+
+    
 
 for cl in 'file', 'msg':
     db.security.addPermissionToRole('User', 'Create', cl)
@@ -268,7 +299,7 @@
 
 # Allow anonymous users access to view issues (and the related, linked
 # information)
-for cl in 'issue', 'file', 'msg', 'severity', 'status', 'resolution':
+for cl in 'issue', 'severity', 'status', 'resolution':
     db.security.addPermissionToRole('Anonymous', 'View', cl)
 
 # [OPTIONAL]

More information about the Python-checkins mailing list