diff --git a/html/issue.item.html b/html/issue.item.html
index 3a397c2..6e84f26 100644
--- a/html/issue.item.html
+++ b/html/issue.item.html
@@ -81,6 +81,10 @@ python:db.user.classhelp('username,realname,address', property='nosy', width='60
+
+ | Public |
+ is issue public? |
+
| Change Note |
diff --git a/schema.py b/schema.py
index 9c13df9..4db8c7f 100644
--- a/schema.py
+++ b/schema.py
@@ -75,7 +75,8 @@ issue = IssueClass(db, "issue",
assignedto=Link("user"),
keyword=Multilink("keyword"),
priority=Link("priority"),
- status=Link("status"))
+ status=Link("status")
+ ispublic=Boolean())
#
# TRACKER SECURITY SETTINGS
@@ -90,9 +91,32 @@ issue = IssueClass(db, "issue",
db.security.addPermissionToRole('User', 'Web Access')
db.security.addPermissionToRole('User', 'Email Access')
+# Users should be able to edit and view their assigned issues. They
+# should also be able to view any marked as public. They should not
+# be able to edit others' issues, even if they're public.
+def view_issue(db, userid, itemid):
+ # ispublic checking not implemented yet
+ # if not db.issue.get(itemid, 'ispublic'): return True
+ return userid == db.issue.get(itemid, 'assignedto')
+def edit_issue(db, userid, itemid):
+ return userid == db.issue.get(itemid, 'assignedto')
+p = db.security.addPermission(name='View', klass='issue', check=view_issue,
+ description="User is allowed to view their own and public issues")
+db.security.addPermissionToRole('User', p)
+p = db.security.addPermission(name='Edit', klass='issue', check=edit_issue,
+ description="User is allowed to edit their issues")
+db.security.addPermissionToRole('User', p)
+p = db.security.addPermission(name='Retire', klass='issue', check=edit_issue,
+ description="User is allowed to retire their issues")
+db.security.addPermissionToRole('User', p)
+p = db.security.addPermission(name='Create', klass='issue',
+ description="User is allowed to create issues")
+db.security.addPermissionToRole('User', p)
+
# Assign the access and edit Permissions for issue, file and message
-# to regular users now
-for cl in 'issue', 'file', 'msg', 'keyword':
+# to regular users now. These are way too lenient for files and
+# messages, but it's unlikely that students will figure that out.
+for cl in 'file', 'msg', 'keyword':
db.security.addPermissionToRole('User', 'View', cl)
db.security.addPermissionToRole('User', 'Edit', cl)
db.security.addPermissionToRole('User', 'Create', cl)