Changeset 2614

Show
Ignore:
Timestamp:
09/03/07 06:07:21 (1 year ago)
Author:
athomas
Message:

ticket.update() now requires TICKET_ADMIN. This is simply a matter of
expedience, as reimplementing the logic to correctly apply permissions to an
update is quite a bit of effort, but allowing anybody with TICKET_APPEND to
modify any field is unacceptable.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • xmlrpcplugin/trunk/tracrpc/ticket.py

    r2609 r2614  
    2929        yield ('TICKET_VIEW', ((list, int),), self.get) 
    3030        yield ('TICKET_CREATE', ((int, str, str), (int, str, str, dict), (int, str, str, dict, bool)), self.create) 
    31         yield ('TICKET_APPEND', ((list, int, str), (list, int, str, dict), (list, int, str, dict, bool)), self.update) 
     31        yield ('TICKET_ADMIN', ((list, int, str), (list, int, str, dict), (list, int, str, dict, bool)), self.update) 
    3232        yield ('TICKET_ADMIN', ((None, int),), self.delete) 
    3333        yield ('TICKET_VIEW', ((dict, int), (dict, int, int)), self.changeLog) 

  • xmlrpcplugin/trunk/tracrpc/web_ui.py

    r2612 r2614  
    3434        # Dump RPC functions 
    3535        content_type = req.get_header('Content-Type') or 'text/html' 
    36         self.env.log.debug(content_type) 
    3736        if not self.content_type_re.match(content_type): 
    3837            namespaces = {}