paul@2 | 1 | |
paul@2 | 2 | # |
paul@2 | 3 | # TRACKER SCHEMA |
paul@2 | 4 | # |
paul@2 | 5 | |
paul@2 | 6 | # Class automatically gets these properties: |
paul@2 | 7 | # creation = Date() |
paul@2 | 8 | # activity = Date() |
paul@2 | 9 | # creator = Link('user') |
paul@2 | 10 | # actor = Link('user') |
paul@2 | 11 | |
paul@2 | 12 | # Priorities |
paul@2 | 13 | pri = Class(db, "priority", |
paul@2 | 14 | name=String(), |
paul@2 | 15 | order=Number()) |
paul@2 | 16 | pri.setkey("name") |
paul@2 | 17 | |
paul@2 | 18 | # Statuses |
paul@2 | 19 | stat = Class(db, "status", |
paul@2 | 20 | name=String(), |
paul@2 | 21 | order=Number()) |
paul@2 | 22 | stat.setkey("name") |
paul@2 | 23 | |
paul@2 | 24 | # Keywords |
paul@2 | 25 | keyword = Class(db, "keyword", |
paul@2 | 26 | name=String()) |
paul@2 | 27 | keyword.setkey("name") |
paul@2 | 28 | |
paul@2 | 29 | # User-defined saved searches |
paul@2 | 30 | query = Class(db, "query", |
paul@2 | 31 | klass=String(), |
paul@2 | 32 | name=String(), |
paul@2 | 33 | url=String(), |
paul@2 | 34 | private_for=Link('user')) |
paul@2 | 35 | |
paul@2 | 36 | # add any additional database schema configuration here |
paul@2 | 37 | |
paul@2 | 38 | user = Class(db, "user", |
paul@2 | 39 | username=String(), |
paul@2 | 40 | password=Password(), |
paul@2 | 41 | address=String(), |
paul@2 | 42 | realname=String(), |
paul@2 | 43 | phone=String(), |
paul@2 | 44 | organisation=String(), |
paul@2 | 45 | alternate_addresses=String(), |
paul@2 | 46 | queries=Multilink('query'), |
paul@2 | 47 | roles=String(), # comma-separated string of Role names |
paul@2 | 48 | timezone=String()) |
paul@2 | 49 | user.setkey("username") |
paul@2 | 50 | db.security.addPermission(name='Register', klass='user', |
paul@2 | 51 | description='User is allowed to register new user') |
paul@2 | 52 | |
paul@2 | 53 | # FileClass automatically gets this property in addition to the Class ones: |
paul@2 | 54 | # content = String() [saved to disk in <tracker home>/db/files/] |
paul@2 | 55 | # type = String() [MIME type of the content, default 'text/plain'] |
paul@2 | 56 | msg = FileClass(db, "msg", |
paul@2 | 57 | author=Link("user", do_journal='no'), |
paul@2 | 58 | recipients=Multilink("user", do_journal='no'), |
paul@2 | 59 | date=Date(), |
paul@2 | 60 | summary=String(), |
paul@2 | 61 | files=Multilink("file"), |
paul@2 | 62 | messageid=String(), |
paul@2 | 63 | inreplyto=String()) |
paul@2 | 64 | |
paul@2 | 65 | file = FileClass(db, "file", |
paul@2 | 66 | name=String()) |
paul@2 | 67 | |
paul@2 | 68 | # IssueClass automatically gets these properties in addition to the Class ones: |
paul@2 | 69 | # title = String() |
paul@2 | 70 | # messages = Multilink("msg") |
paul@2 | 71 | # files = Multilink("file") |
paul@2 | 72 | # nosy = Multilink("user") |
paul@2 | 73 | # superseder = Multilink("issue") |
paul@2 | 74 | issue = IssueClass(db, "issue", |
paul@2 | 75 | assignedto=Link("user"), |
paul@2 | 76 | keyword=Multilink("keyword"), |
paul@2 | 77 | priority=Link("priority"), |
paul@2 | 78 | status=Link("status")) |
paul@2 | 79 | |
paul@2 | 80 | # |
paul@2 | 81 | # TRACKER SECURITY SETTINGS |
paul@2 | 82 | # |
paul@2 | 83 | # See the configuration and customisation document for information |
paul@2 | 84 | # about security setup. |
paul@2 | 85 | |
paul@2 | 86 | # |
paul@2 | 87 | # REGULAR USERS |
paul@2 | 88 | # |
paul@2 | 89 | # Give the regular users access to the web and email interface |
paul@2 | 90 | db.security.addPermissionToRole('User', 'Web Access') |
paul@2 | 91 | db.security.addPermissionToRole('User', 'Email Access') |
paul@2 | 92 | |
paul@2 | 93 | # Assign the access and edit Permissions for issue, file and message |
paul@2 | 94 | # to regular users now |
paul@2 | 95 | for cl in 'issue', 'file', 'msg', 'keyword': |
paul@2 | 96 | db.security.addPermissionToRole('User', 'View', cl) |
paul@2 | 97 | db.security.addPermissionToRole('User', 'Edit', cl) |
paul@2 | 98 | db.security.addPermissionToRole('User', 'Create', cl) |
paul@2 | 99 | for cl in 'priority', 'status': |
paul@2 | 100 | db.security.addPermissionToRole('User', 'View', cl) |
paul@2 | 101 | |
paul@2 | 102 | # May users view other user information? Comment these lines out |
paul@2 | 103 | # if you don't want them to |
paul@2 | 104 | db.security.addPermissionToRole('User', 'View', 'user') |
paul@2 | 105 | |
paul@2 | 106 | # Users should be able to edit their own details -- this permission is |
paul@2 | 107 | # limited to only the situation where the Viewed or Edited item is their own. |
paul@2 | 108 | def own_record(db, userid, itemid): |
paul@2 | 109 | '''Determine whether the userid matches the item being accessed.''' |
paul@2 | 110 | return userid == itemid |
paul@2 | 111 | p = db.security.addPermission(name='View', klass='user', check=own_record, |
paul@2 | 112 | description="User is allowed to view their own user details") |
paul@2 | 113 | db.security.addPermissionToRole('User', p) |
paul@2 | 114 | p = db.security.addPermission(name='Edit', klass='user', check=own_record, |
paul@2 | 115 | properties=('username', 'password', 'address', 'realname', 'phone', |
paul@2 | 116 | 'organisation', 'alternate_addresses', 'queries', 'timezone'), |
paul@2 | 117 | description="User is allowed to edit their own user details") |
paul@2 | 118 | db.security.addPermissionToRole('User', p) |
paul@2 | 119 | |
paul@2 | 120 | # Users should be able to edit and view their own queries. They should also |
paul@2 | 121 | # be able to view any marked as not private. They should not be able to |
paul@2 | 122 | # edit others' queries, even if they're not private |
paul@2 | 123 | def view_query(db, userid, itemid): |
paul@2 | 124 | private_for = db.query.get(itemid, 'private_for') |
paul@2 | 125 | if not private_for: return True |
paul@2 | 126 | return userid == private_for |
paul@2 | 127 | def edit_query(db, userid, itemid): |
paul@2 | 128 | return userid == db.query.get(itemid, 'creator') |
paul@2 | 129 | p = db.security.addPermission(name='View', klass='query', check=view_query, |
paul@2 | 130 | description="User is allowed to view their own and public queries") |
paul@2 | 131 | db.security.addPermissionToRole('User', p) |
paul@2 | 132 | p = db.security.addPermission(name='Edit', klass='query', check=edit_query, |
paul@2 | 133 | description="User is allowed to edit their queries") |
paul@2 | 134 | db.security.addPermissionToRole('User', p) |
paul@2 | 135 | p = db.security.addPermission(name='Retire', klass='query', check=edit_query, |
paul@2 | 136 | description="User is allowed to retire their queries") |
paul@2 | 137 | db.security.addPermissionToRole('User', p) |
paul@2 | 138 | p = db.security.addPermission(name='Create', klass='query', |
paul@2 | 139 | description="User is allowed to create queries") |
paul@2 | 140 | db.security.addPermissionToRole('User', p) |
paul@2 | 141 | |
paul@2 | 142 | |
paul@2 | 143 | # |
paul@2 | 144 | # ANONYMOUS USER PERMISSIONS |
paul@2 | 145 | # |
paul@2 | 146 | # Let anonymous users access the web interface. Note that almost all |
paul@2 | 147 | # trackers will need this Permission. The only situation where it's not |
paul@2 | 148 | # required is in a tracker that uses an HTTP Basic Authenticated front-end. |
paul@2 | 149 | db.security.addPermissionToRole('Anonymous', 'Web Access') |
paul@2 | 150 | |
paul@2 | 151 | # Let anonymous users access the email interface (note that this implies |
paul@2 | 152 | # that they will be registered automatically, hence they will need the |
paul@2 | 153 | # "Create" user Permission below) |
paul@2 | 154 | # This is disabled by default to stop spam from auto-registering users on |
paul@2 | 155 | # public trackers. |
paul@2 | 156 | #db.security.addPermissionToRole('Anonymous', 'Email Access') |
paul@2 | 157 | |
paul@2 | 158 | # Assign the appropriate permissions to the anonymous user's Anonymous |
paul@2 | 159 | # Role. Choices here are: |
paul@2 | 160 | # - Allow anonymous users to register |
paul@2 | 161 | db.security.addPermissionToRole('Anonymous', 'Register', 'user') |
paul@2 | 162 | |
paul@2 | 163 | # Allow anonymous users access to view issues (and the related, linked |
paul@2 | 164 | # information) |
paul@2 | 165 | for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status': |
paul@2 | 166 | db.security.addPermissionToRole('Anonymous', 'View', cl) |
paul@2 | 167 | |
paul@2 | 168 | # [OPTIONAL] |
paul@2 | 169 | # Allow anonymous users access to create or edit "issue" items (and the |
paul@2 | 170 | # related file and message items) |
paul@2 | 171 | #for cl in 'issue', 'file', 'msg': |
paul@2 | 172 | # db.security.addPermissionToRole('Anonymous', 'Create', cl) |
paul@2 | 173 | # db.security.addPermissionToRole('Anonymous', 'Edit', cl) |
paul@2 | 174 | |
paul@2 | 175 | |
paul@2 | 176 | # vim: set filetype=python sts=4 sw=4 et si : |