[Python-checkins] r64898 - in tracker/instances/security: config.ini.template detectors/autoassign.py detectors/changes_xml_writer.py detectors/cia.py detectors/spambayes.py schema.py
martin.v.loewis
python-checkins at python.org
Sat Jul 12 22:57:22 CEST 2008
Author: martin.v.loewis
Date: Sat Jul 12 22:57:21 2008
New Revision: 64898
Log:
Disable anonymous access; remove unused detectors.
Removed:
tracker/instances/security/detectors/autoassign.py
tracker/instances/security/detectors/changes_xml_writer.py
tracker/instances/security/detectors/cia.py
tracker/instances/security/detectors/spambayes.py
Modified:
tracker/instances/security/config.ini.template
tracker/instances/security/schema.py
Modified: tracker/instances/security/config.ini.template
==============================================================================
--- tracker/instances/security/config.ini.template (original)
+++ tracker/instances/security/config.ini.template Sat Jul 12 22:57:21 2008
@@ -105,7 +105,7 @@
# A descriptive name for your roundup instance.
# Default: Roundup issue tracker
-name = Tracker
+name = Security Tracker
# The web address that the tracker is viewable at.
# This will be included in information sent to users of the tracker.
@@ -115,7 +115,7 @@
# Default: NO DEFAULT
#web = NO DEFAULT
#web = http://psf.upfronthosting.co.za/roundup/tracker/
-web = http://localhost:9999/python-dev/
+web = http://localhost:9999/security/
# Email address that mail to roundup should go to.
# Default: issue_tracker
Deleted: tracker/instances/security/detectors/autoassign.py
==============================================================================
--- tracker/instances/security/detectors/autoassign.py Sat Jul 12 22:57:21 2008
+++ (empty file)
@@ -1,28 +0,0 @@
-# Auditor to automatically assign issues to a user when
-# the component field gets set
-
-def autoassign(db, cl, nodeid, newvalues):
- try:
- components = newvalues['components']
- except KeyError:
- # Without components, nothing needs to be auto-assigned
- return
- if newvalues.has_key('assignee'):
- # If there is an explicit assignee in the new values
- # (even if it is None, in the case unassignment):
- # do nothing
- return
- # If the issue is already assigned, do nothing
- if nodeid and db.issue.get(nodeid, 'assignee'):
- return
- for component in components:
- user = db.component.get(component, 'assign_to')
- if user:
- # If there would be multiple auto-assigned users
- # arbitrarily pick the first one we find
- newvalues['assignee'] = user
- return
-
-def init(db):
- db.issue.audit('create', autoassign)
- db.issue.audit('set', autoassign)
Deleted: tracker/instances/security/detectors/changes_xml_writer.py
==============================================================================
--- tracker/instances/security/detectors/changes_xml_writer.py Sat Jul 12 22:57:21 2008
+++ (empty file)
@@ -1,194 +0,0 @@
-#
-# changes.xml writer detector.
-#
-# Copyright (c) 2007 Michal Kwiatkowski <constant.beta at gmail.com>
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# * Neither the name of the author nor the names of his contributors
-# may be used to endorse or promote products derived from this software
-# without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-"""changes.xml writer detector -- save each database change to an XML file.
-
-Root element is called `changes` and it has at most `ChangesXml.max_items`
-children, each called a `change`. Each `change` has the following attributes:
-
-:date: date in RFC2822 format when the change was made
-:id: unique identifier of this change (note: not an integer)
-:type: type of this change (see below)
-
-A structure of a `change` depends on its `type`. Currently implemented
-change types and their formats are listed below.
-
-* type = `file-added`
-
- Describes a new file attached to an existing issue. Child elements:
-
- :file-id: unique integer identifier of the file
- :file-name: name of the uploaded file
- :file-type: MIME type of the file content
- :file-url: permanent URL of the file
- :issue-id: unique integer identifier of an issue this file is attached to
-"""
-
-import os
-import urllib
-from xml.dom import minidom
-from xml.parsers.expat import ExpatError
-from time import gmtime, strftime
-
-# Relative to tracker home directory.
-FILENAME = os.path.join('%(TEMPLATES)s', 'recent-changes.xml')
-
-
-def tracker_url(db):
- return str(db.config.options[('tracker', 'web')])
-
-def changes_xml_path(db):
- return os.path.join(db.config.HOME, FILENAME % db.config.options)
-
-def rfc2822_date():
- return strftime("%a, %d %b %Y %H:%M:%S +0000", gmtime())
-
-class File(object):
- def __init__(self, db, id, issue_id):
- self.db = db
- self.id = id
- self.issue_id = issue_id
-
- self.name = db.file.get(id, 'name')
- self.type = db.file.get(id, 'type')
- # Based on roundup.cgi.templating._HTMLItem.download_url().
- self.download_url = tracker_url(self.db) +\
- urllib.quote('%s%s/%s' % ('file', self.id, self.name))
-
-class ChangesXml(object):
- # Maximum number of changes stored in a file.
- max_items = 20
-
- def __init__(self, filename):
- self.filename = filename
- self._read_document()
- self.modified = False
-
- def save(self):
- if not self.modified:
- return
-
- self._trim_to_max_items()
-
- fd = open(self.filename, 'w')
- self.document.writexml(fd, encoding="UTF-8")
- fd.close()
-
- def add_file(self, file):
- change = self._change("file%s-added-to-issue%s" % (file.id, file.issue_id),
- "file-added")
-
- change.appendChild(self._element_with_text("file-id", file.id))
- change.appendChild(self._element_with_text("file-name", file.name))
- change.appendChild(self._element_with_text("file-type", file.type))
- change.appendChild(self._element_with_text("file-url", file.download_url))
- change.appendChild(self._element_with_text("issue-id", file.issue_id))
-
- self.root.appendChild(change)
- self.modified = True
-
- def add_files(self, files):
- for file in files:
- self.add_file(file)
-
- def _change(self, id, type):
- """Return new 'change' element of a given type.
- <change id='id' date='now' type='type'></change>
- """
- change = self.document.createElement("change")
- change.setAttribute("id", id)
- change.setAttribute("type", type)
- change.setAttribute("date", rfc2822_date())
- return change
-
- def _element_with_text(self, name, value):
- """Return new element with given name and text node as a value.
- <name>value</name>
- """
- element = self.document.createElement(name)
- text = self.document.createTextNode(str(value))
- element.appendChild(text)
- return element
-
- def _trim_to_max_items(self):
- """Remove changes exceeding self.max_items.
- """
- # Assumes that changes are stored sequentially from oldest to newest.
- # Will do for now.
- for change in self.root.getElementsByTagName("change")[0:-self.max_items]:
- self.root.removeChild(change)
-
- def _read_document(self):
- try:
- self.document = minidom.parse(self.filename)
- self.root = self.document.firstChild
- except IOError, e:
- # File not found, create a new one then.
- if e.errno != 2:
- raise
- self._create_new_document()
- except ExpatError:
- # File has been damaged, forget about it and create a new one.
- self._create_new_document()
-
- def _create_new_document(self):
- self.document = minidom.Document()
- self.root = self.document.createElement("changes")
- self.document.appendChild(self.root)
-
-def get_new_files_ids(issue_now, issue_then):
- """Return ids of files added between `now` and `then`.
- """
- files_now = set(issue_now['files'])
- if issue_then:
- files_then = set(issue_then['files'])
- else:
- files_then = set()
- return map(int, files_now - files_then)
-
-def file_added_to_issue(db, cl, issue_id, olddata):
- try:
- changes = ChangesXml(changes_xml_path(db))
- issue = db.issue.getnode(issue_id)
- new_files = [ File(db, id, issue_id) for id in get_new_files_ids(issue, olddata) ]
-
- changes.add_files(new_files)
- changes.save()
- except:
- # We can't mess up with a database commit.
- pass
-
-
-def init(db):
- db.issue.react('create', file_added_to_issue)
- db.issue.react('set', file_added_to_issue)
Deleted: tracker/instances/security/detectors/cia.py
==============================================================================
--- tracker/instances/security/detectors/cia.py Sat Jul 12 22:57:21 2008
+++ (empty file)
@@ -1,86 +0,0 @@
-# Reactor for sending changes to CIA.vc
-import xmlrpclib
-import cgi
-
-server = "http://CIA.vc"
-
-parameters = {
- 'name':'Roundup Reactor for CIA',
- 'revision': "$Revision$"[11:-2],
- 'project': 'Python',
- 'branch': 'roundup',
- 'urlprefix': 'http://bugs.python.org/issue',
-}
-
-max_content = 150
-
-TEMPLATE = """
-<message>
-<generator>
- <name>Roundup Reactor for CIA</name>
- <version>%(revision)s</version>
-</generator>
-<source>
- <project>%(project)s</project>
- <module>#%(nodeid)s</module>
- <branch>%(branch)s</branch>
-</source>
-<body>
- <commit>
- <author>%(author)s</author>
- <files><file>%(file)s</file></files>
- <log>%(log)s</log>
- <url>%(urlprefix)s%(nodeid)s</url>
- </commit>
-</body>
-</message>
-"""
-
-
-def sendcia(db, cl, nodeid, oldvalues):
- messages = set(cl.get(nodeid, 'messages'))
- if oldvalues:
- messages -= set(oldvalues.get('messages',()))
- if not messages:
- return
- messages = list(messages)
-
- if oldvalues:
- oldstatus = oldvalues['status']
- else:
- oldstatus = None
- newstatus = db.issue.get(nodeid, 'status')
- if oldstatus != newstatus:
- if oldvalues:
- status = db.status.get(newstatus, 'name')
- else:
- status = 'new'
- log = '[' + status + '] '
- else:
- log = ''
- for msg in messages:
- log += db.msg.get(msg, 'content')
- if len(log) > max_content:
- log = log[:max_content-4] + ' ...'
- log = log.replace('\n', ' ')
-
- params = parameters.copy()
- params['file'] = cgi.escape(db.issue.get(nodeid, 'title'))
- params['nodeid'] = nodeid
- params['author'] = db.user.get(db.getuid(), 'username')
- params['log'] = cgi.escape(log)
-
- payload = TEMPLATE % params
-
- try:
- rpc = xmlrpclib.ServerProxy(server)
- rpc.hub.deliver(payload)
- except:
- # Ignore any errors in sending the CIA;
- # if the server is down, that's just bad luck
- # XXX might want to do some logging here
- pass
-
-def init(db):
- db.issue.react('create', sendcia)
- db.issue.react('set', sendcia)
Deleted: tracker/instances/security/detectors/spambayes.py
==============================================================================
--- tracker/instances/security/detectors/spambayes.py Sat Jul 12 22:57:21 2008
+++ (empty file)
@@ -1 +0,0 @@
-link ../../spambayes_integration/detectors/spambayes.py
\ No newline at end of file
Modified: tracker/instances/security/schema.py
==============================================================================
--- tracker/instances/security/schema.py (original)
+++ tracker/instances/security/schema.py Sat Jul 12 22:57:21 2008
@@ -155,7 +155,7 @@
'version', 'priority', 'status', 'resolution',
'issue', 'keyword'):
db.security.addPermissionToRole('User', 'View', cl)
- db.security.addPermissionToRole('Anonymous', 'View', cl)
+ #db.security.addPermissionToRole('Anonymous', 'View', cl)
class may_view_spam:
def __init__(self, klassname):
@@ -188,7 +188,7 @@
'description',
))
- db.security.addPermissionToRole('Anonymous', p)
+ #db.security.addPermissionToRole('Anonymous', p)
db.security.addPermissionToRole('User', p)
db.security.addPermissionToRole('User', 'Create', cl)
@@ -204,7 +204,7 @@
properties=('content', 'summary'),
check=may_view_spam(cl))
- db.security.addPermissionToRole('Anonymous', spamcheck)
+ #db.security.addPermissionToRole('Anonymous', spamcheck)
def may_edit_file(db, userid, itemid):
return userid == db.file.get(itemid, "creator")
@@ -327,15 +327,15 @@
# Assign the appropriate permissions to the anonymous user's Anonymous
# Role. Choices here are:
# - Allow anonymous users to register
-db.security.addPermissionToRole('Anonymous', 'Create', 'user')
+#db.security.addPermissionToRole('Anonymous', 'Create', 'user')
# Allow anonymous users access to view issues (and the related, linked
# information).
# Note permissions settings for file and msg above (due to spambayes
# integration).
-for cl in 'issue', 'severity', 'status', 'resolution':
- db.security.addPermissionToRole('Anonymous', 'View', cl)
+#for cl in 'issue', 'severity', 'status', 'resolution':
+# db.security.addPermissionToRole('Anonymous', 'View', cl)
# [OPTIONAL]
# Allow anonymous users access to create or edit "issue" items (and the
More information about the Python-checkins
mailing list