1 2 # 3 # TRACKER SCHEMA 4 # 5 6 # Class automatically gets these properties: 7 # creation = Date() 8 # activity = Date() 9 # creator = Link('user') 10 # actor = Link('user') 11 12 # Priorities 13 pri = Class(db, "priority", 14 name=String(), 15 order=Number()) 16 pri.setkey("name") 17 18 # Statuses 19 stat = Class(db, "status", 20 name=String(), 21 order=Number()) 22 stat.setkey("name") 23 24 # Keywords 25 keyword = Class(db, "keyword", 26 name=String()) 27 keyword.setkey("name") 28 29 # User-defined saved searches 30 query = Class(db, "query", 31 klass=String(), 32 name=String(), 33 url=String(), 34 private_for=Link('user')) 35 36 # add any additional database schema configuration here 37 38 user = Class(db, "user", 39 username=String(), 40 password=Password(), 41 address=String(), 42 realname=String(), 43 phone=String(), 44 organisation=String(), 45 alternate_addresses=String(), 46 queries=Multilink('query'), 47 roles=String(), # comma-separated string of Role names 48 timezone=String()) 49 user.setkey("username") 50 db.security.addPermission(name='Register', klass='user', 51 description='User is allowed to register new user') 52 53 # FileClass automatically gets this property in addition to the Class ones: 54 # content = String() [saved to disk in <tracker home>/db/files/] 55 # type = String() [MIME type of the content, default 'text/plain'] 56 msg = FileClass(db, "msg", 57 author=Link("user", do_journal='no'), 58 recipients=Multilink("user", do_journal='no'), 59 date=Date(), 60 summary=String(), 61 files=Multilink("file"), 62 messageid=String(), 63 inreplyto=String()) 64 65 file = FileClass(db, "file", 66 name=String()) 67 68 # IssueClass automatically gets these properties in addition to the Class ones: 69 # title = String() 70 # messages = Multilink("msg") 71 # files = Multilink("file") 72 # nosy = Multilink("user") 73 # superseder = Multilink("issue") 74 issue = IssueClass(db, "issue", 75 assignedto=Link("user"), 76 keyword=Multilink("keyword"), 77 priority=Link("priority"), 78 status=Link("status")) 79 80 # 81 # TRACKER SECURITY SETTINGS 82 # 83 # See the configuration and customisation document for information 84 # about security setup. 85 86 # 87 # REGULAR USERS 88 # 89 # Give the regular users access to the web and email interface 90 db.security.addPermissionToRole('User', 'Web Access') 91 db.security.addPermissionToRole('User', 'Email Access') 92 93 # Assign the access and edit Permissions for issue, file and message 94 # to regular users now 95 for cl in 'issue', 'file', 'msg', 'keyword': 96 db.security.addPermissionToRole('User', 'View', cl) 97 db.security.addPermissionToRole('User', 'Edit', cl) 98 db.security.addPermissionToRole('User', 'Create', cl) 99 for cl in 'priority', 'status': 100 db.security.addPermissionToRole('User', 'View', cl) 101 102 # May users view other user information? Comment these lines out 103 # if you don't want them to 104 db.security.addPermissionToRole('User', 'View', 'user') 105 106 # Users should be able to edit their own details -- this permission is 107 # limited to only the situation where the Viewed or Edited item is their own. 108 def own_record(db, userid, itemid): 109 '''Determine whether the userid matches the item being accessed.''' 110 return userid == itemid 111 p = db.security.addPermission(name='View', klass='user', check=own_record, 112 description="User is allowed to view their own user details") 113 db.security.addPermissionToRole('User', p) 114 p = db.security.addPermission(name='Edit', klass='user', check=own_record, 115 properties=('username', 'password', 'address', 'realname', 'phone', 116 'organisation', 'alternate_addresses', 'queries', 'timezone'), 117 description="User is allowed to edit their own user details") 118 db.security.addPermissionToRole('User', p) 119 120 # Users should be able to edit and view their own queries. They should also 121 # be able to view any marked as not private. They should not be able to 122 # edit others' queries, even if they're not private 123 def view_query(db, userid, itemid): 124 private_for = db.query.get(itemid, 'private_for') 125 if not private_for: return True 126 return userid == private_for 127 def edit_query(db, userid, itemid): 128 return userid == db.query.get(itemid, 'creator') 129 p = db.security.addPermission(name='View', klass='query', check=view_query, 130 description="User is allowed to view their own and public queries") 131 db.security.addPermissionToRole('User', p) 132 p = db.security.addPermission(name='Edit', klass='query', check=edit_query, 133 description="User is allowed to edit their queries") 134 db.security.addPermissionToRole('User', p) 135 p = db.security.addPermission(name='Retire', klass='query', check=edit_query, 136 description="User is allowed to retire their queries") 137 db.security.addPermissionToRole('User', p) 138 p = db.security.addPermission(name='Create', klass='query', 139 description="User is allowed to create queries") 140 db.security.addPermissionToRole('User', p) 141 142 143 # 144 # ANONYMOUS USER PERMISSIONS 145 # 146 # Let anonymous users access the web interface. Note that almost all 147 # trackers will need this Permission. The only situation where it's not 148 # required is in a tracker that uses an HTTP Basic Authenticated front-end. 149 db.security.addPermissionToRole('Anonymous', 'Web Access') 150 151 # Let anonymous users access the email interface (note that this implies 152 # that they will be registered automatically, hence they will need the 153 # "Create" user Permission below) 154 # This is disabled by default to stop spam from auto-registering users on 155 # public trackers. 156 #db.security.addPermissionToRole('Anonymous', 'Email Access') 157 158 # Assign the appropriate permissions to the anonymous user's Anonymous 159 # Role. Choices here are: 160 # - Allow anonymous users to register 161 db.security.addPermissionToRole('Anonymous', 'Register', 'user') 162 163 # Allow anonymous users access to view issues (and the related, linked 164 # information) 165 for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status': 166 db.security.addPermissionToRole('Anonymous', 'View', cl) 167 168 # [OPTIONAL] 169 # Allow anonymous users access to create or edit "issue" items (and the 170 # related file and message items) 171 #for cl in 'issue', 'file', 'msg': 172 # db.security.addPermissionToRole('Anonymous', 'Create', cl) 173 # db.security.addPermissionToRole('Anonymous', 'Edit', cl) 174 175 176 # vim: set filetype=python sts=4 sw=4 et si :