commit ed165dd386bd3e255c0e3ceeb5764c53b6ffdf6b
author Yuriy <yuriyarhipovua@yandex.ru> Mon Jul 02 17:35:19 2012 +0400
committer Yuriy <yuriyarhipovua@yandex.ru> Mon Jul 02 17:35:19 2012 +0400
tree f0bfd6869294434698ac09a6dcf5df28e4634290
parent 463dad5f0817c36e17d8e3c73db0395a38b8d2cb

	[#3892] ticket:97 Migration script, fix acl stuff

ForgeTracker/forgetracker/tests/functional/test_root.py

diff --git a/ForgeTracker/forgetracker/tests/functional/test_root.py b/ForgeTracker/forgetracker/tests/functional/test_root.py
index e66bc20..d7c6647 100644
--- a/ForgeTracker/forgetracker/tests/functional/test_root.py
+++ b/ForgeTracker/forgetracker/tests/functional/test_root.py
@@ -825,6 +825,7 @@
         ticket_url = response.headers['Location']
         response = self.app.get(ticket_url,
                                 extra_environ=dict(username='test-user-0'))
+        assert not response.html.find('div',{'class': 'error'})
         assert not response.html.find('a', {'class': 'edit_ticket'})
 
     @td.with_tool('test', 'Tickets', 'tracker',

scripts/migrations/025-change-ticket-write-permissions.py

diff --git a/scripts/migrations/025-change-ticket-write-permissions.py b/scripts/migrations/025-change-ticket-write-permissions.py
index 5151953..fa6cfbf 100644
--- a/scripts/migrations/025-change-ticket-write-permissions.py
+++ b/scripts/migrations/025-change-ticket-write-permissions.py
@@ -19,21 +19,16 @@
     query = {'tool_name': {'$regex': '^tickets$', '$options': 'i'}}
     for chunk in utils.chunked_find(M.AppConfig, query):
         for a in chunk:
-            # change 'write' permission
-            it = (i for i, v in enumerate(a.acl) if v.permission == 'write')
-            for i in it:
-                role_id = a.acl[i].role_id
-                del a.acl[i]
-                a.acl.append(M.ACE.allow(role_id, 'create'))
-                a.acl.append(M.ACE.allow(role_id, 'update'))
-            # change 'deny write' permission
-            it = (i for i, v in enumerate(a.acl)
-                    if v.permission == 'deny write')
-            for i in it:
-                role_id = a.acl[i].role_id
-                del a.acl[i]
-                a.acl.append(M.ACE.allow(role_id, 'deny create'))
-                a.acl.append(M.ACE.allow(role_id, 'deny update'))
+            # change 'deny write' and 'write' permission
+            role_ids = [(p.role_id, p.access) for p in a.acl if p.permission == 'write']
+            a.acl = [p for p in a.acl if p.permission != 'write']
+            for role_id, access in role_ids:
+                if access == M.ACE.DENY:
+                    a.acl.append(M.ACE.deny(role_id, 'create'))
+                    a.acl.append(M.ACE.deny(role_id, 'update'))
+                else:
+                    a.acl.append(M.ACE.allow(role_id, 'create'))
+                    a.acl.append(M.ACE.allow(role_id, 'update'))
 
         ThreadLocalORMSession.flush_all()