Commits

erik.forsberg  committed 5b77c11 Draft

Use roundup's security system for spambayes integration security.

  • Participants
  • Parent commits 28c46b7

Comments (0)

Files changed (4)

File html/file.item.html

 <p tal:condition="python:utils.sb_is_spam(context)" class="error-message">
    File has been classified as spam.</p>
 
-<a tal:condition="python:context.id and utils.sb_is_view_ok(context)"
+<a tal:condition="python:context.id and context.content.is_view_ok()"
  tal:attributes="href string:file${context/id}/${context/name}"
  i18n:translate="">download</a>
 
-<p tal:condition="python:context.id and not utils.sb_is_view_ok(context)">
+<p tal:condition="python:context.id and not context.content.is_view_ok()">
    Files classified as spam are not available for download by
    unathorized users. If you think the file has been misclassified,
    please login and click on the button for reclassification.
      <form method="POST" onSubmit="return submit_once()"
        enctype="multipart/form-data"
        tal:attributes="action context/designator"
-       tal:condition="python:utils.sb_may_classify(context)">
+       tal:condition="python:request.user.hasPermission('SB: May Classify')">
  
       <input type="hidden" name="@action" value="spambayes_classify">
       <input type="submit" name="trainspam" value="Mark as SPAM" i18n:attributes="value">

File html/issue.item.html

        tal:condition="python:utils.sb_is_spam(msg)">
        Message has been classified as spam.
     </p>
-    <pre tal:condition="python:utils.sb_is_view_ok(msg)"
+    <pre tal:condition="python:msg.content.is_view_ok()"
          tal:content="structure msg/content/hyperlinked">content</pre>
    </td>
   </tr>

File html/msg.item.html

 
 <table class="messages">
  <tr><th colspan=2 class="header" i18n:translate="">Content</th></tr>
-   <th class="header" tal:condition="python:utils.sb_may_classify(context)">
+   <th class="header" tal:condition="python:request.user.hasPermission('SB: May Classify')">
      <form method="POST" onSubmit="return submit_once()"
        enctype="multipart/form-data"
        tal:attributes="action context/designator">
    </th>
  <tr>
   <td class="content" colspan=2
-   tal:condition="python:utils.sb_is_view_ok(context)"><pre
+   tal:condition="python:context.content.is_view_ok()"><pre
    tal:content="structure context/content/hyperlinked"></pre></td>
   <td class="content" colspan=2
-      tal:condition="python:not utils.sb_is_view_ok(context)">
+      tal:condition="python:not context.content.is_view_ok()">
             Message has been classified as spam and is therefore not
       available to unathorized users. If you think this is
       incorrect, please login and report the message as being
 
 db.security.addRole(name='Coordinator', description='A coordinator')
 
+db.security.addPermission(name="SB: May Classify")
+db.security.addPermission(name="SB: May Report Misclassified")
+
+db.security.addPermissionToRole('Coordinator', 'SB: May Classify')
+
 #
 # REGULAR USERS
 #
             return True
 
         if score > cutoff_score:
-            roles = set(db.user.get(userid, "roles").lower().split(","))
-            allowed = set(db.config.detectors['SPAMBAYES_MAY_VIEW_SPAM'].lower().split(","))
-            return bool(roles.intersection(allowed))
+            return False
 
         return True
 
                                               ))
 
     db.security.addPermissionToRole('Anonymous', p)
+    db.security.addPermissionToRole('User', p)
+
+    p = db.security.addPermission(name='View', klass=cl,
+                                  description="Allowed to see content of object regardless of spam status",
+                                  properties = ('content', 'summary'))
+    
+    db.security.addPermissionToRole('User', p)    
     
     spamcheck = db.security.addPermission(name='View', klass=cl,
                                           description="allowed to see metadata of file object regardless of spam status",