[Python-checkins] r56569 - tracker/instances/python-dev-spambayes-integration/schema.py
erik.forsberg
python-checkins at python.org
Fri Jul 27 15:20:57 CEST 2007
Author: erik.forsberg
Date: Fri Jul 27 15:20:57 2007
New Revision: 56569
Modified:
tracker/instances/python-dev-spambayes-integration/schema.py
Log:
Modified permissions to make sure msg/file instances classified as
spam may not be viewed by anonymous users.
Modified: tracker/instances/python-dev-spambayes-integration/schema.py
==============================================================================
--- tracker/instances/python-dev-spambayes-integration/schema.py (original)
+++ tracker/instances/python-dev-spambayes-integration/schema.py Fri Jul 27 15:20:57 2007
@@ -145,11 +145,42 @@
##########################
# User permissions
##########################
-for cl in ('issue_type', 'severity', 'component',
- 'version', 'priority', 'status', 'resolution',
- 'issue', 'file', 'msg', 'keyword'):
- db.security.addPermissionToRole('User', 'View', cl)
- db.security.addPermissionToRole('Anonymous', 'View', cl)
+
+class may_view_spam:
+ def __init__(self, klassname):
+ self.klassname = klassname
+
+ def __call__(self, db, userid, itemid):
+ klass = db.getclass(self.klassname)
+ roles = set(db.user.get(userid, "roles").lower().split(","))
+ allowed = set(db.config.detectors['SPAMBAYES_MAY_VIEW_SPAM'].lower().split(","))
+ return bool(roles.intersection(allowed))
+
+for cl in ('file', 'msg'):
+ p = db.security.addPermission(name='View', klass=cl,
+ description="allowed to see metadata of file object regardless of spam status",
+ properties=('creation', 'activity',
+ 'creator', 'actor',
+ 'name', 'spambayes_score',
+ 'spambayes_misclassified',
+ 'author', 'recipients',
+ 'date', 'files', 'messageid',
+ 'inreplyto', 'type',
+ ))
+
+ db.security.addPermissionToRole('Anonymous', p)
+ db.security.addPermissionToRole('User', p)
+
+
+ spamcheck = db.security.addPermission(name='View', klass=cl,
+ description="allowed to see metadata of file object regardless of spam status",
+ properties=('content', 'summary'),
+ check=may_view_spam(cl))
+
+ db.security.addPermissionToRole('User', spamcheck)
+ db.security.addPermissionToRole('Anonymous', spamcheck)
+
+
for cl in 'file', 'msg':
db.security.addPermissionToRole('User', 'Create', cl)
@@ -268,7 +299,7 @@
# Allow anonymous users access to view issues (and the related, linked
# information)
-for cl in 'issue', 'file', 'msg', 'severity', 'status', 'resolution':
+for cl in 'issue', 'severity', 'status', 'resolution':
db.security.addPermissionToRole('Anonymous', 'View', cl)
# [OPTIONAL]
More information about the Python-checkins
mailing list