示例#1
0
 def check_refs(self):
     """ Check if all class objects are referenced by some other
         object.
     """
     referenced = {}
     for clsname, prop in linkclass_iter(self.db, self.classname):
         cls = db.getclass(clsname)
         for id in cls.getnodeids():
             items = cls.get(id, prop)
             if isinstance(cls.properties[prop], Multilink):
                 for k in items:
                     referenced[int(k)] = True
             else:
                 referenced[int(items)] = True
     destroy_list = []
     for id in self.nodeids():
         if id not in referenced:
             if self.opt.no_journalcheck:
                 print >> sys.stderr, "%s%s not referenced" \
                     % (self.classname, id)
             else:
                 jresult, jmsg = self.check_journal(id)
                 if not jresult or self.opt.verbose:
                     print >> sys.stderr, "%s%s not referenced: %s" \
                         % (self.classname, id, jmsg)
                 if self.opt.update and not jresult:
                     destroy_list.append(str(id))
     if destroy_list:
         sql = 'delete from %s__journal where nodeid in (%s)' \
             % (self.classname, ','.join (self.db.arg for x in destroy_list))
         self.db.sql(sql, destroy_list)
         for id in destroy_list:
             print id
             self.cls.destroy(id)
示例#2
0
def init(db):
    global _
    _   = get_translation \
        (db.config.TRACKER_LANGUAGE, db.config.TRACKER_HOME).gettext
    # certain checks of linking/unlinking of files and messages
    for x in 'msg', 'file':
        for cl, prop in linkclass_iter(db, x):
            if cl not in classprops:
                classprops[cl] = [prop]
                klass = db.getclass(cl)
                klass.audit("create", check_linking)
                klass.audit("create", check_unlinking)
                klass.audit("set", check_linking)
                klass.audit("set", check_unlinking)
            else:
                classprops[cl].append(prop)
示例#3
0
def security(db, **kw):
    roles = \
        [ ("Readonly-User"      , "User with less access")
        ]

    classes = \
        [ ("area",              ["Readonly-User"],    [])
        , ("doc_issue_status",  ["Readonly-User"],    [])
        , ("keyword",           ["Readonly-User"],    [])
        , ("kind",              ["Readonly-User"],    [])
        , ("msg_keyword",       ["Readonly-User"],    [])
        , ("severity",          ["Readonly-User"],    [])
        , ("status",            ["Readonly-User"],    [])
        , ("status_transition", ["Readonly-User"],    [])
        , ("ext_tracker_state", ["Readonly-User"],    [])
        , ("safety_level",      ["Readonly-User"],    [])
        , ("test_level",        ["Readonly-User"],    [])
        ]
    if 'fault_frequency' in db.classes:
        classes.append \
         (("fault_frequency",   ["Readonly-User"],    []))
    if 'kpm' in db.classes:
        classes.append \
         (("kpm",               ["Readonly-User"],    []))
    if 'kpm_function' in db.classes:
        classes.append \
         (("kpm_function",      ["Readonly-User"],    []))
    if 'kpm_hw_variant' in db.classes:
        classes.append \
         (("kpm_hw_variant",    ["Readonly-User"],    []))
    if 'kpm_occurrence' in db.classes:
        classes.append \
         (("kpm_occurrence",    ["Readonly-User"],    []))
    if 'kpm_release' in db.classes:
        classes.append \
         (("kpm_release",       ["Readonly-User"],    []))
    if 'kpm_tag' in db.classes:
        classes.append \
         (("kpm_tag",           ["Readonly-User"],    []))
    if 'ext_tracker_type' in db.classes:
        classes.append \
         (("ext_tracker_type",  ["Readonly-User"],    []))
    prop_perms = \
        [ ( "user",        "View", ["Readonly-User"]
          , ("username", "nickname", "status")
          )
        , ( "category",    "View", ["Readonly-User"]
          , ("name", "id")
          )
        , ( "user_status", "View", ["Readonly-User"]
          , ("name", )
          )
        ]
    linkperms = \
        [ ("file", ["Readonly-User"], ['View'], linkclass_iter (db, "file"))
        , ("msg",  ["Readonly-User"], ['View'], linkclass_iter (db, "msg"))
        ]

    schemadef.register_roles(db, roles)
    schemadef.register_class_permissions(db, classes, prop_perms)
    core.register_linkperms(db, linkperms)

    # don't allow Readonly-User for some issue attributes
    exceptions = dict.fromkeys \
        (('external_company', 'confidential'))
    issue_props = [
        p for p in db.issue.getprops().iterkeys() if p not in exceptions
    ]

    if 'external_users' in db.issue.properties:

        def ro_user_access(db, userid, itemid):
            """ Read-only users are allowed to view issue
                if they are on the list of allowed external users or
                there is a transitive permission via containers.
            """
            issue = db.issue.getnode(itemid)
            while True:
                if issue.external_users and userid in issue.external_users:
                    return True
                if not issue.part_of:
                    break
                issue = db.issue.getnode(issue.part_of)
            return False

        # end def ext_user_access

        p = db.security.addPermission \
            ( name        = 'View'
            , klass       = 'issue'
            , check       = ro_user_access
            , description = schemadef.security_doc_from_docstring
                (ro_user_access.__doc__)
            , properties  = issue_props
            )
        db.security.addPermissionToRole('Readonly-User', p)

    p = db.security.addPermission \
        ( name        = 'Edit'
        , klass       = 'user'
        , check       = schemadef.own_user_record
        , description = "Users are allowed to edit some of their details"
        , properties  = ("timezone", "csv_delimiter", "hide_message_files")
        )
    db.security.addPermissionToRole('Readonly-User', p)
    p = db.security.addPermission \
        ( name        = 'View'
        , klass       = 'user'
        , check       = schemadef.own_user_record
        , description = "Users are allowed to view some of their details"
        , properties  =
            ( "username", "realname", "firstname", "lastname"
            , "creation", "creator", "activity", "actor"
            )
        )
    db.security.addPermissionToRole('Readonly-User', p)

    p = db.security.getPermission('Search', 'file')
    db.security.addPermissionToRole('Readonly-User', p)
    p = db.security.getPermission('View', 'file', check=core.view_file)
    db.security.addPermissionToRole('Readonly-User', p)

    p = db.security.getPermission('Search', 'issue')
    db.security.addPermissionToRole('Readonly-User', p)
    # need search permission on username + id if we want to search for
    # user Link/Multilink properties on issue (e.g. responsible, nosy, ..)
    p = db.security.addPermission \
        ( name        = 'Search'
        , klass       = 'user'
        , properties  = ("username", "nickname", "id")
        )
    db.security.addPermissionToRole('Readonly-User', p)
    # Need search-permission on ext_tracker_state
    p = db.security.addPermission \
        ( name        = 'Search'
        , klass       = 'ext_tracker_state'
        , properties  = ("issue", "id")
        )
    db.security.addPermissionToRole('Readonly-User', p)

    p = db.security.getPermission('View', 'ext_tracker')
    db.security.addPermissionToRole('Readonly-User', p)

    p = db.security.getPermission('Search', 'msg')
    db.security.addPermissionToRole('Readonly-User', p)

    db.security.addPermissionToRole('Readonly-User', 'Web Access')
    db.security.addPermissionToRole('Readonly-User', 'Email Access')
示例#4
0
def security(db, **kw):
    roles = \
        [ ("External"      , "External user with less access")
        ]

    classes = \
        [ ("area",              ["External"],    [])
        , ("doc_issue_status",  ["External"],    [])
        , ("keyword",           ["External"],    [])
        , ("kind",              ["External"],    [])
        , ("msg_keyword",       ["External"],    [])
        , ("severity",          ["External"],    [])
        , ("status",            ["External"],    [])
        , ("status_transition", ["External"],    [])
        , ("ext_tracker_state", ["External"],    [])
        , ("safety_level",      ["External"],    [])
        , ("test_level",        ["External"],    [])
        ]
    if 'fault_frequency' in db.classes:
        classes.append \
         (("fault_frequency",   ["External"],    []))
    if 'kpm' in db.classes:
        classes.append \
         (("kpm",               ["External"],    ["External"]))
    if 'kpm_function' in db.classes:
        classes.append \
         (("kpm_function",      ["External"],    []))
    if 'kpm_hw_variant' in db.classes:
        classes.append \
         (("kpm_hw_variant",    ["External"],    []))
    if 'kpm_occurrence' in db.classes:
        classes.append \
         (("kpm_occurrence",    ["External"],    []))
    if 'kpm_release' in db.classes:
        classes.append \
         (("kpm_release",       ["External"],    []))
    if 'kpm_tag' in db.classes:
        classes.append \
         (("kpm_tag",           ["External"],    []))
    if 'ext_tracker_type' in db.classes:
        classes.append \
         (("ext_tracker_type",  ["External"],    []))
    prop_perms = \
        [ ( "user",        "View", ["External"]
          , ("username", "nickname", "status")
          )
        , ( "category",    "View", ["External"]
          , ("name", "id")
          )
        , ( "user_status", "View", ["External"]
          , ("name", )
          )
        ]
    linkperms = \
        [ ("file", ["External"], ['View'], linkclass_iter (db, "file"))
        , ("msg",  ["External"], ['View'], linkclass_iter (db, "msg"))
        ]

    schemadef.register_roles(db, roles)
    schemadef.register_class_permissions(db, classes, prop_perms)
    core.register_linkperms(db, linkperms)

    # don't allow external_company or External for some issue attributes
    exceptions = dict.fromkeys \
        (('external_company', 'confidential', 'external_users', 'inherit_ext'))
    issue_props = [
        p for p in db.issue.getprops().iterkeys() if p not in exceptions
    ]

    if 'external_company' in db.issue.properties:

        def ext_company_access(db, userid, itemid):
            """ Users are allowed to access issue
                if their external company has access
            """
            ec = db.user.get(userid, 'external_company')
            ecs = db.issue.get(itemid, 'external_company')
            return ecs and ec in ecs

        # end def ext_company_access

        for perm in ('View', 'Edit'):
            p = db.security.addPermission \
                ( name        = perm
                , klass       = 'issue'
                , check       = ext_company_access
                , description = schemadef.security_doc_from_docstring
                    (ext_company_access.__doc__)
                , properties  = issue_props
                )
            db.security.addPermissionToRole('External', p)

    if 'external_users' in db.issue.properties:
        issue_props.append('external_users')

        def ext_user_access(db, userid, itemid):
            """ External users are allowed to access issue
                if they are on the list of allowed external users or
                there is a transitive permission via containers.
            """
            issue = db.issue.getnode(itemid)
            while True:
                if issue.external_users and userid in issue.external_users:
                    return True
                if not issue.part_of:
                    break
                # check parent permissions for non-container or if the
                # container defines inherit_ext
                if issue.composed_of and not issue.inherit_ext:
                    break
                issue = db.issue.getnode(issue.part_of)
            return False

        # end def ext_user_access

        for perm in ('View', 'Edit'):
            p = db.security.addPermission \
                ( name        = perm
                , klass       = 'issue'
                , check       = ext_user_access
                , description = schemadef.security_doc_from_docstring
                    (ext_user_access.__doc__)
                , properties  = issue_props
                )
            db.security.addPermissionToRole('External', p)

    # Currently *never* allow any rights from being on nosy list
    if False:

        def is_on_nosy(db, userid, itemid):
            "User is allowed to access issue if on nosy list"
            item = db.issue.getnode(itemid)
            return userid in item.nosy

        # end def is_on_nosy

        for perm in ('View', 'Edit'):
            p = db.security.addPermission \
                ( name        = perm
                , klass       = 'issue'
                , check       = is_on_nosy
                , description = schemadef.security_doc_from_docstring
                    (is_on_nosy.__doc__)
                , properties  = issue_props
                )
            db.security.addPermissionToRole('External', p)

    p = db.security.addPermission \
        ( name        = 'Edit'
        , klass       = 'user'
        , check       = schemadef.own_user_record
        , description = "Users are allowed to edit some of their details"
        , properties  = ( "password", "timezone", "csv_delimiter"
                        , "hide_message_files"
                        )
        )
    db.security.addPermissionToRole('External', p)
    p = db.security.addPermission \
        ( name        = 'View'
        , klass       = 'user'
        , check       = schemadef.own_user_record
        , description = "Users are allowed to view some of their details"
        , properties  =
            ( "username", "realname", "firstname", "lastname"
            , "creation", "creator", "activity", "actor"
            )
        )
    db.security.addPermissionToRole('External', p)

    p = db.security.getPermission('Create', 'file')
    db.security.addPermissionToRole('External', p)
    p = db.security.getPermission('Search', 'file')
    db.security.addPermissionToRole('External', p)
    p = db.security.getPermission('View', 'file', check=core.view_file)
    db.security.addPermissionToRole('External', p)

    p = db.security.getPermission('Create', 'issue')
    db.security.addPermissionToRole('External', p)
    p = db.security.getPermission('Search', 'issue')
    db.security.addPermissionToRole('External', p)
    # need search permission on username + id if we want to search for
    # user Link/Multilink properties on issue (e.g. responsible, nosy, ..)
    p = db.security.addPermission \
        ( name        = 'Search'
        , klass       = 'user'
        , properties  = ("username", "nickname", "id")
        )
    db.security.addPermissionToRole('External', p)
    # Need search-permission on ext_tracker_state
    p = db.security.addPermission \
        ( name        = 'Search'
        , klass       = 'ext_tracker_state'
        , properties  = ("issue", "id")
        )
    db.security.addPermissionToRole('External', p)

    p = db.security.getPermission('View', 'ext_tracker')
    db.security.addPermissionToRole('External', p)

    p = db.security.getPermission('Create', 'msg')
    db.security.addPermissionToRole('External', p)
    p = db.security.getPermission('Search', 'msg')
    db.security.addPermissionToRole('External', p)

    p = db.security.getPermission('Create', 'query')
    db.security.addPermissionToRole('External', p)
    p = db.security.getPermission('Edit', 'query', check=core.edit_query)
    db.security.addPermissionToRole('External', p)
    p = db.security.getPermission('Retire', 'query', check=core.edit_query)
    db.security.addPermissionToRole('External', p)
    p = db.security.getPermission('Search', 'query')
    db.security.addPermissionToRole('External', p)
    p = db.security.getPermission('View', 'query', check=core.view_query)
    db.security.addPermissionToRole('External', p)

    db.security.addPermissionToRole('External', 'Web Access')
    db.security.addPermissionToRole('External', 'Email Access')
示例#5
0
def security (db, ** kw) :
    """ See the configuration and customisation document for information
        about security setup. Assign the access and edit Permissions for
        issue, file and message to regular users now
    """

    # Will have special handling for queries, see below
    #     classname        allowed to view   /  edit
    classes = \
        [ ("user_status", ["User"],  [])
        , ("query",       [],        [])
        ]

    linkperms = \
        [ ("file", ['User'],      ['View', 'Edit'], linkclass_iter (db, "file"))
        , ("file", ['IT'],        ['View', 'Edit'], linkclass_iter (db, "file"))
        , ("msg",  ['User'],              ['View'], linkclass_iter (db, "msg"))
        , ("msg",  ['Issue_Admin', 'IT'], ['Edit'], linkclass_iter (db, "msg"))
        ]

    schemadef.register_class_permissions (db, classes, [])
    # Allow creation of file and msg for normal users:
    db.security.addPermissionToRole ('User', 'Create', 'file')
    db.security.addPermissionToRole ('User', 'Create', 'msg')

    def view_msg(db, userid, itemid):
        return userid == db.msg.get(itemid, 'creator')
    # end def view_msg

    p = db.security.addPermission \
        ( name        = 'View'
        , klass       = 'msg'
        , check       = view_msg
        , description = "User is allowed to view their own messages"
        )
    db.security.addPermissionToRole('User', p)

    p = db.security.addPermission \
        ( name        = 'Search'
        , klass       = 'msg'
        , description = "User is allowed to search for their own messages"
        )
    db.security.addPermissionToRole('User', p)

    p = db.security.addPermission \
        ( name        = 'View'
        , klass       = 'file'
        , check       = view_file
        , description = "User is allowed to view their own files"
        )
    db.security.addPermissionToRole('User', p)

    register_linkperms (db, linkperms)
    p = db.security.addPermission \
        ( name        = 'Search'
        , klass       = 'file'
        , description = "User is allowed to search for their own files"
        )
    db.security.addPermissionToRole('User', p)


    ### Query permissions ###

    p = db.security.addPermission \
        ( name        = 'Search'
        , klass       = 'query'
        , description = "User is allowed to search for their queries"
        )
    db.security.addPermissionToRole('User', p)

    p = db.security.addPermission \
        ( name        = 'View'
        , klass       = 'query'
        , check       = view_query
        , description = schemadef.security_doc_from_docstring
            (view_query.__doc__)
        )
    db.security.addPermissionToRole('User', p)
    p = db.security.addPermission \
        ( name        = 'Edit'
        , klass       = 'query'
        , check       = edit_query
        , description = "User is allowed to edit their queries"
        )
    db.security.addPermissionToRole('User', p)
    p = db.security.addPermission \
        ( name        = 'Retire'
        , klass       = 'query'
        , check       = edit_query
        , description = "User is allowed to retire their queries"
        )
    db.security.addPermissionToRole('User', p)
    p = db.security.addPermission \
        ( name        = 'Create'
        , klass       = 'query'
        , description = "User is allowed to create queries"
        )
    db.security.addPermissionToRole('User', p)

    # and give the regular users access to the web and email interface
    db.security.addPermissionToRole ('User', 'Web Access')
    db.security.addPermissionToRole ('User', 'Email Access')
    db.security.addPermissionToRole ('User', 'Rest Access')
    db.security.addPermissionToRole ('User', 'Xmlrpc Access')