allura
Fork

提交

[#3892] ticket:97 Migration script, fix acl stuff

--- a/ForgeTracker/forgetracker/tests/functional/test_root.py

+++ b/ForgeTracker/forgetracker/tests/functional/test_root.py

		@@ -827,6 +827,7 @@ class TestFunctionalController(TrackerTestController):
827	827	ticket_url = response.headers['Location']
828	828	response = self.app.get(ticket_url,
829	829	extra_environ=dict(username='test-user-0'))
	830	+ assert not response.html.find('div',{'class': 'error'})
830	831	assert not response.html.find('a', {'class': 'edit_ticket'})
831	832
832	833	@td.with_tool('test', 'Tickets', 'tracker',

--- a/scripts/migrations/025-change-ticket-write-permissions.py

+++ b/scripts/migrations/025-change-ticket-write-permissions.py

		@@ -19,21 +19,16 @@ def main():
19	19	query = {'tool_name': {'$regex': '^tickets$', '$options': 'i'}}
20	20	for chunk in utils.chunked_find(M.AppConfig, query):
21	21	for a in chunk:
22		- # change 'write' permission
23		- it = (i for i, v in enumerate(a.acl) if v.permission == 'write')
24		- for i in it:
25		- role_id = a.acl[i].role_id
26		- del a.acl[i]
27		- a.acl.append(M.ACE.allow(role_id, 'create'))
28		- a.acl.append(M.ACE.allow(role_id, 'update'))
29		- # change 'deny write' permission
30		- it = (i for i, v in enumerate(a.acl)
31		- if v.permission == 'deny write')
32		- for i in it:
33		- role_id = a.acl[i].role_id
34		- del a.acl[i]
35		- a.acl.append(M.ACE.allow(role_id, 'deny create'))
36		- a.acl.append(M.ACE.allow(role_id, 'deny update'))
	22	+ # change 'deny write' and 'write' permission
	23	+ role_ids = [(p.role_id, p.access) for p in a.acl if p.permission == 'write']
	24	+ a.acl = [p for p in a.acl if p.permission != 'write']
	25	+ for role_id, access in role_ids:
	26	+ if access == M.ACE.DENY:
	27	+ a.acl.append(M.ACE.deny(role_id, 'create'))
	28	+ a.acl.append(M.ACE.deny(role_id, 'update'))
	29	+ else:
	30	+ a.acl.append(M.ACE.allow(role_id, 'create'))
	31	+ a.acl.append(M.ACE.allow(role_id, 'update'))
37	32
38	33	ThreadLocalORMSession.flush_all()
39	34