Customising Roundup

Version:	$Revision$

Tracker File	Description
config.ini	Holds the basic tracker configuration
schema.py	Holds the tracker schema
initial_data.py	Holds any data to be entered into the database when the tracker is initialised.
db/	Holds the tracker's database
db/files/	Holds the tracker's upload files and messages
db/backend_name	Names the database back-end for the tracker
detectors/	Auditors and reactors for this tracker
extensions/	Additional web actions and templating utilities.
html/	Web interface templates, images and style sheets

Tracker Configuration

The config.ini located in your tracker home contains the basic configuration for the web and e-mail components of roundup's interfaces.

Changes to the data captured by your tracker is controlled by the tracker schema. Some configuration is also performed using permissions - see the security / access controls section. For example, to allow users to automatically register through the email interface, you must grant the "Anonymous" Role the "Email Access" Permission.

The following is taken from the Python Library Reference (May 20, 2004) section "ConfigParser -- Configuration file parser":

The configuration file consists of sections, led by a "[section]" header and followed by "name = value" entries, with line continuations on a newline with leading whitespace. Note that leading whitespace is removed from values. The optional values can contain format strings which refer to other values in the same section. Lines beginning with "#" or ";" are ignored and may be used to provide comments.

For example:
[My Section]
foodir = %(dir)s/whatever
dir = frob
would resolve the "%(dir)s" to the value of "dir" ("frob" in this case) resulting in "foodir" being "frob/whatever".

Section main

database -- db: Database directory path. The path may be either absolute or relative to the directory containig this config file.
templates -- html: Path to the HTML templates directory. The path may be either absolute or relative to the directory containig this config file.
admin_email -- roundup-admin: Email address that roundup will complain to if it runs into trouble. If the email address doesn't contain an @ part, the MAIL_DOMAIN defined below is used.
dispatcher_email -- roundup-admin: The 'dispatcher' is a role that can get notified of new items to the database. It is used by the ERROR_MESSAGES_TO config setting. If the email address doesn't contain an @ part, the MAIL_DOMAIN defined below is used.
email_from_tag -- default blank: Additional text to include in the "name" part of the From: address used in nosy messages. If the sending user is "Foo Bar", the From: line is usually: "Foo Bar" <issue_tracker@tracker.example> the EMAIL_FROM_TAG goes inside the "Foo Bar" quotes like so: "Foo Bar EMAIL_FROM_TAG" <issue_tracker@tracker.example>
new_web_user_roles -- User: Roles that a user gets when they register with Web User Interface. This is a comma-separated list of role names (e.g. Admin,User).
new_email_user_roles -- User: Roles that a user gets when they register with Email Gateway. This is a comma-separated string of role names (e.g. Admin,User).
error_messages_to -- user: Send error message emails to the dispatcher, user, or both? The dispatcher is configured using the DISPATCHER_EMAIL setting. Allowed values: dispatcher, user, or both
html_version -- html4: HTML version to generate. The templates are html4 by default. If you wish to make them xhtml, then you'll need to change this var to xhtml too so all auto-generated HTML is compliant. Allowed values: html4, xhtml
timezone -- 0: Numeric timezone offset used when users do not choose their own in their settings.
instant_registration -- yes: Register new users instantly, or require confirmation via email? Allowed values: yes, no

Section tracker

name -- Roundup issue tracker: A descriptive name for your roundup instance.
web -- http://host.example/demo/: The web address that the tracker is viewable at. This will be included in information sent to users of the tracker. The URL MUST include the cgi-bin part or anything else that is required to get to the home page of the tracker. You MUST include a trailing '/' in the URL.
email -- issue_tracker: Email address that mail to roundup should go to.

Section rdbms

Settings in this section are used by Postgresql and MySQL backends only

name -- roundup: Name of the database to use.
host -- localhost: Database server host.
port -- default blank: TCP port number of the database server. Postgresql usually resides on port 5432 (if any), for MySQL default port number is 3306. Leave this option empty to use backend default.
user -- roundup: Database user name that Roundup should use.
password -- roundup: Database user password.

Section logging

config -- default blank: Path to configuration file for standard Python logging module. If this option is set, logging configuration is loaded from specified file; options 'filename' and 'level' in this section are ignored. The path may be either absolute or relative to the directory containig this config file.
filename -- default blank: Log file name for minimal logging facility built into Roundup. If no file name specified, log messages are written on stderr. If above 'config' option is set, this option has no effect. The path may be either absolute or relative to the directory containig this config file.
level -- ERROR: Minimal severity level of messages written to log file. If above 'config' option is set, this option has no effect. Allowed values: DEBUG, INFO, WARNING, ERROR

Section mail

Outgoing email options. Used for nosy messages, password reset and registration approval requests.

domain -- localhost: Domain name used for email addresses.
host -- default blank: SMTP mail host that roundup will use to send mail
username -- default blank: SMTP login name. Set this if your mail host requires authenticated access. If username is not empty, password (below) MUST be set!
password -- default blank: SMTP login password. Set this if your mail host requires authenticated access.
tls -- no: If your SMTP mail host provides or requires TLS (Transport Layer Security) then you may set this option to 'yes'. Allowed values: yes, no
tls_keyfile -- default blank: If TLS is used, you may set this option to the name of a PEM formatted file that contains your private key. The path may be either absolute or relative to the directory containig this config file.
tls_certfile -- default blank: If TLS is used, you may set this option to the name of a PEM formatted certificate chain file. The path may be either absolute or relative to the directory containig this config file.
charset -- utf-8: Character set to encode email headers with. We use utf-8 by default, as it's the most flexible. Some mail readers (eg. Eudora) can't cope with that, so you might need to specify a more limited character set (eg. iso-8859-1).
debug -- default blank: Setting this option makes Roundup to write all outgoing email messages to this file instead of sending them. This option has the same effect as environment variable SENDMAILDEBUG. Environment variable takes precedence. The path may be either absolute or relative to the directory containig this config file.

Section mailgw

Roundup Mail Gateway options

keep_quoted_text -- yes: Keep email citations when accepting messages. Setting this to no strips out "quoted" text from the message. Signatures are also stripped. Allowed values: yes, no
leave_body_unchanged -- no: Preserve the email body as is - that is, keep the citations and signatures. Allowed values: yes, no
default_class -- issue: Default class to use in the mailgw if one isn't supplied in email subjects. To disable, leave the value blank.
subject_prefix_parsing -- strict: Controls the parsing of the [prefix] on subject lines in incoming emails. strict will return an error to the sender if the [prefix] is not recognised. loose will attempt to parse the [prefix] but just pass it through as part of the issue title if not recognised. none will always pass any [prefix] through as part of the issue title.
subject_suffix_parsing -- strict: Controls the parsing of the [suffix] on subject lines in incoming emails. strict will return an error to the sender if the [suffix] is not recognised. loose will attempt to parse the [suffix] but just pass it through as part of the issue title if not recognised. none will always pass any [suffix] through as part of the issue title.
subject_suffix_delimiters -- []: Defines the brackets used for delimiting the commands suffix in a subject line.
subject_content_match -- always: Controls matching of the incoming email subject line against issue titles in the case where there is no designator [prefix]. never turns off matching. creation + interval or activity + interval will match an issue for the interval after the issue's creation or last activity. The interval is a standard Roundup interval.

Section nosy

Nosy messages sending

messages_to_author -- no: Send nosy messages to the author of the message. Allowed values: yes, no, new
signature_position -- bottom: Where to place the email signature. Allowed values: top, bottom, none
add_author -- new: Does the author of a message get placed on the nosy list automatically? If new is used, then the author will only be added when a message creates a new issue. If yes, then the author will be added on followups too. If no, they're never added to the nosy. Allowed values: yes, no, new
add_recipients -- new: Do the recipients (To:, Cc:) of a message get placed on the nosy list? If new is used, then the recipients will only be added when a message creates a new issue. If yes, then the recipients will be added on followups too. If no, they're never added to the nosy. Allowed values: yes, no, new
email_sending -- single: Controls the email sending from the nosy reactor. If multiple then a separate email is sent to each recipient. If single then a single email is sent with each recipient as a CC address.

You may generate a new default config file using the roundup-admin genconfig command.

Configuration variables may be referred to in lower or upper case. In code, variables not in the "main" section are referred to using their section and name, so "domain" in the section "mail" becomes MAIL_DOMAIN. The configuration variables available are:

Tracker Schema

Note

if you modify the schema, you'll most likely need to edit the web interface HTML template files and detectors to reflect your changes.

A tracker schema defines what data is stored in the tracker's database. Schemas are defined using Python code in the schema.py module of your tracker.

The `schema.py` module

The schema.py module contains two functions:

open: This function defines what your tracker looks like on the inside, the schema of the tracker. It defines the Classes and properties on each class. It also defines the security for those Classes. The next few sections describe how schemas work and what you can do with them.
init: This function is responsible for setting up the initial state of your tracker. It's called exactly once - but the roundup-admin initialise command. See the start of the section on database content for more info about how this works.

The "classic" schema

The "classic" schema looks like this (see section setkey(property) below for the meaning of 'setkey' -- you may also want to look into the sections setlabelprop(property) and setorderprop(property) for specifying (default) labelling and ordering of classes.):

pri = Class(db, "priority", name=String(), order=String())
pri.setkey("name")

stat = Class(db, "status", name=String(), order=String())
stat.setkey("name")

keyword = Class(db, "keyword", name=String())
keyword.setkey("name")

user = Class(db, "user", username=String(), organisation=String(),
    password=String(), address=String(), realname=String(),
    phone=String())
user.setkey("username")

msg = FileClass(db, "msg", author=Link("user"), summary=String(),
    date=Date(), recipients=Multilink("user"),
    files=Multilink("file"))

file = FileClass(db, "file", name=String(), type=String())

issue = IssueClass(db, "issue", topic=Multilink("keyword"),
    status=Link("status"), assignedto=Link("user"),
    priority=Link("priority"))
issue.setkey('title')

What you can't do to the schema

You must never:

Remove the users class: This class is the only required class in Roundup.
Remove the "username", "address", "password" or "realname" user properties: Various parts of Roundup require these properties. Don't remove them.
Change the type of a property: Property types must never be changed - the database simply doesn't take this kind of action into account. Note that you can't just remove a property and re-add it as a new type either. If you wanted to make the assignedto property a Multilink, you'd need to create a new property assignedto_list and remove the old assignedto property.

What you can do to the schema

Your schema may be changed at any time before or after the tracker has been initialised (or used). You may:

Add new properties to classes, or add whole new classes: This is painless and easy to do - there are generally no repurcussions from adding new information to a tracker's schema.
Remove properties: Removing properties is a little more tricky - you need to make sure that the property is no longer used in the web interface or by the detectors.

Classes and Properties - creating a new information store

In the tracker above, we've defined 7 classes of information:

priority

Defines the possible levels of urgency for issues.

status

Defines the possible states of processing the issue may be in.

keyword

Initially empty, will hold keywords useful for searching issues.

user

Initially holding the "admin" user, will eventually have an entry for all users using roundup.

msg

Initially empty, will hold all e-mail messages sent to or generated by roundup.

file

Initially empty, will hold all files attached to issues.

issue

Initially empty, this is where the issue information is stored.

We define the "priority" and "status" classes to allow two things: reduction in the amount of information stored on the issue and more powerful, accurate searching of issues by priority and status. By only requiring a link on the issue (which is stored as a single number) we reduce the chance that someone mis-types a priority or status - or simply makes a new one up.

Class and Items

A Class defines a particular class (or type) of data that will be stored in the database. A class comprises one or more properties, which gives the information about the class items.

The actual data entered into the database, using class.create(), are called items. They have a special immutable property called 'id'. We sometimes refer to this as the itemid.

Properties

A Class is comprised of one or more properties of the following types:

String properties are for storing arbitrary-length strings.
Password properties are for storing encoded arbitrary-length strings. The default encoding is defined on the roundup.password.Password class.
Date properties store date-and-time stamps. Their values are Timestamp objects.
Number properties store numeric values.
Boolean properties store on/off, yes/no, true/false values.
A Link property refers to a single other item selected from a specified class. The class is part of the property; the value is an integer, the id of the chosen item.
A Multilink property refers to possibly many items in a specified class. The value is a list of integers.

All Classes automatically have a number of properties by default:

creator: Link to the user that created the item.
creation: Date the item was created.
actor: Link to the user that last modified the item.
activity: Date the item was last modified.

FileClass

FileClasses save their "content" attribute off in a separate file from the rest of the database. This reduces the number of large entries in the database, which generally makes databases more efficient, and also allows us to use command-line tools to operate on the files. They are stored in the files sub-directory of the 'db' directory in your tracker.

IssueClass

IssueClasses automatically include the "messages", "files", "nosy", and "superseder" properties.

The messages and files properties list the links to the messages and files related to the issue. The nosy property is a list of links to users who wish to be informed of changes to the issue - they get "CC'ed" e-mails when messages are sent to or generated by the issue. The nosy reactor (in the 'detectors' directory) handles this action. The superseder link indicates an issue which has superseded this one.

They also have the dynamically generated "creation", "activity" and "creator" properties.

The value of the "creation" property is the date when an item was created, and the value of the "activity" property is the date when any property on the item was last edited (equivalently, these are the dates on the first and last records in the item's journal). The "creator" property holds a link to the user that created the issue.

setkey(property)

Select a String property of the class to be the key property. The key property must be unique, and allows references to the items in the class by the content of the key property. That is, we can refer to users by their username: for example, let's say that there's an issue in roundup, issue 23. There's also a user, richard, who happens to be user 2. To assign an issue to him, we could do either of:

roundup-admin set issue23 assignedto=2

or:

roundup-admin set issue23 assignedto=richard

Note, the same thing can be done in the web and e-mail interfaces.

setlabelprop(property)

Select a property of the class to be the label property. The label property is used whereever an item should be uniquely identified, e.g., when displaying a link to an item. If setlabelprop is not specified for a class, the following values are tried for the label:

the key of the class (see the setkey(property) section above)

the "name" property

the "title" property

the first property from the sorted property name list

So in most cases you can get away without specifying setlabelprop explicitly.

setorderprop(property)

Select a property of the class to be the order property. The order property is used whenever using a default sort order for the class, e.g., when grouping or sorting class A by a link to class B in the user interface, the order property of class B is used for sorting. If setorderprop is not specified for a class, the following values are tried for the order property:

the property named "order"

the label property (see setlabelprop(property) above)

So in most cases you can get away without specifying setorderprop explicitly.

create(information)

Create an item in the database. This is generally used to create items in the "definitional" classes like "priority" and "status".

A note about ordering

When we sort items in the hyperdb, we use one of a number of methods, depending on the properties being sorted on:

If it's a String, Number, Date or Interval property, we just sort the scalar value of the property. Strings are sorted case-sensitively.
If it's a Link property, we sort by either the linked item's "order" property (if it has one) or the linked item's "id".
Mulitlinks sort similar to #2, but we start with the first Multilink list item, and if they're the same, we sort by the second item, and so on.

Note that if an "order" property is defined on a Class that is used for sorting, all items of that Class must have a value against the "order" property, or sorting will result in random ordering.

Examples of adding to your schema

TODO

Detectors - adding behaviour to your tracker

Detectors are initialised every time you open your tracker database, so you're free to add and remove them any time, even after the database is initialised via the roundup-admin initialise command.

The detectors in your tracker fire before (auditors) and after (reactors) changes to the contents of your database. They are Python modules that sit in your tracker's detectors directory. You will have some installed by default - have a look. You can write new detectors or modify the existing ones. The existing detectors installed for you are:

nosyreaction.py: This provides the automatic nosy list maintenance and email sending. The nosy reactor (nosyreaction) fires when new messages are added to issues. The nosy auditor (updatenosy) fires when issues are changed, and figures out what changes need to be made to the nosy list (such as adding new authors, etc.)
statusauditor.py: This provides the chatty auditor which changes the issue status from unread or closed to chatting if new messages appear. It also provides the presetunread auditor which pre-sets the status to unread on new items if the status isn't explicitly defined.
messagesummary.py: Generates the summary property for new messages based on the message content.
userauditor.py: Verifies the content of some of the user fields (email addresses and roles lists).

If you don't want this default behaviour, you're completely free to change or remove these detectors.

See the detectors section in the design document for details of the interface for detectors.

Detector API

Auditors are called with the arguments:

audit(db, cl, itemid, newdata)

where db is the database, cl is an instance of Class or IssueClass within the database, and newdata is a dictionary mapping property names to values.

For a create() operation, the itemid argument is None and newdata contains all of the initial property values with which the item is about to be created.

For a set() operation, newdata contains only the names and values of properties that are about to be changed.

For a retire() or restore() operation, newdata is None.

Reactors are called with the arguments:

react(db, cl, itemid, olddata)

where db is the database, cl is an instance of Class or IssueClass within the database, and olddata is a dictionary mapping property names to values.

For a create() operation, the itemid argument is the id of the newly-created item and olddata is None.

For a set() operation, olddata contains the names and previous values of properties that were changed.

For a retire() or restore() operation, itemid is the id of the retired or restored item and olddata is None.

Additional Detectors Ready For Use

Sample additional detectors that have been found useful will appear in the 'detectors' directory of the Roundup distribution. If you want to use one, copy it to the 'detectors' of your tracker instance:

newissuecopy.py: This detector sends an email to a team address whenever a new issue is created. The address is hard-coded into the detector, so edit it before you use it (look for the text 'team@team.host') or you'll get email errors!
creator_resolution.py: Catch attempts to set the status to "resolved" - if the assignedto user isn't the creator, then set the status to "confirm-done". Note that "classic" Roundup doesn't have that status, so you'll have to add it. If you don't want to though, it'll just use "in-progress" instead.
email_auditor.py: If a file added to an issue is of type message/rfc822, we tack on the extension .eml. The reason for this is that Microsoft Internet Explorer will not open things with a .eml attachment, as they deem it 'unsafe'. Worse yet, they'll just give you an incomprehensible error message. For more information, see the detector code - it has a length explanation.

Auditor or Reactor?

Generally speaking, the following rules should be observed:

Auditors: Are used for vetoing creation of or changes to items. They might also make automatic changes to item properties.
Reactors: Detect changes in the database and react accordingly. They should avoid making changes to the database where possible, as this could create detector loops.

Vetoing creation of or changes to items

Auditors may raise the Reject exception to prevent the creation of or changes to items in the database. The mail gateway, for example, will not attach files or messages to issues when the creation of those files or messages are prevented through the Reject exception. It'll also not create users if that creation is Reject'ed too.

To use, simply add at the top of your auditor:

from roundup.exceptions import Reject

And then when your rejection criteria have been detected, simply:

raise Reject

Generating email from Roundup

The module roundup.mailer contains most of the nuts-n-bolts required to generate email messages from Roundup.

In addition, the IssueClass methods nosymessage() and send_message() are used to generate nosy messages, and may generate messages which only consist of a change note (ie. the message id parameter is not required - this is referred to as a "System Message" because it comes from "the system" and not a user).

Database Content

Note

if you modify the content of definitional classes, you'll most likely need to edit the tracker detectors to reflect your changes.

Customisation of the special "definitional" classes (eg. status, priority, resolution, ...) may be done either before or after the tracker is initialised. The actual method of doing so is completely different in each case though, so be careful to use the right one.

Changing content before tracker initialisation

Edit the initial_data.py module in your tracker to alter the items created using the create( ... ) methods.

Changing content after tracker initialisation

As the "admin" user, click on the "class list" link in the web interface to bring up a list of all database classes. Click on the name of the class you wish to change the content of.

You may also use the roundup-admin interface's create, set and retire methods to add, alter or remove items from the classes in question.

See "adding a new field to the classic schema" for an example that requires database content changes.

Security / Access Controls

A set of Permissions is built into the security module by default:

Create (everything)
Edit (everything)
View (everything)

These are assigned to the "Admin" Role by default, and allow a user to do anything. Every Class you define in your tracker schema also gets an Create, Edit and View Permission of its own. The web and email interfaces also define:

Email Access: If defined, the user may use the email interface. Used by default to deny Anonymous users access to the email interface. When granted to the Anonymous user, they will be automatically registered by the email interface (see also the new_email_user_roles configuration option).
Web Access: If defined, the user may use the web interface. All users are able to see the login form, regardless of this setting (thus enabling logging in).
Web Roles: Controls user access to editing the "roles" property of the "user" class. TODO: deprecate in favour of a property-based control.

These are hooked into the default Roles:

Admin (Create, Edit, View and everything; Web Roles)
User (Web Access; Email Access)
Anonymous (Web Access)

And finally, the "admin" user gets the "Admin" Role, and the "anonymous" user gets "Anonymous" assigned when the tracker is installed.

For the "User" Role, the "classic" tracker defines:

Create, Edit and View issue, file, msg, query, keyword
View priority, status
View user
Edit their own user record

And the "Anonymous" Role is defined as:

Web interface access
Create user (for registration)
View issue, file, msg, query, keyword, priority, status

Put together, these settings appear in the tracker's schema.py file:

#
# TRACKER SECURITY SETTINGS
#
# See the configuration and customisation document for information
# about security setup.

#
# REGULAR USERS
#
# Give the regular users access to the web and email interface
db.security.addPermissionToRole('User', 'Web Access')
db.security.addPermissionToRole('User', 'Email Access')

# Assign the access and edit Permissions for issue, file and message
# to regular users now
for cl in 'issue', 'file', 'msg', 'query', 'keyword':
    db.security.addPermissionToRole('User', 'View', cl)
    db.security.addPermissionToRole('User', 'Edit', cl)
    db.security.addPermissionToRole('User', 'Create', cl)
for cl in 'priority', 'status':
    db.security.addPermissionToRole('User', 'View', cl)

# May users view other user information? Comment these lines out
# if you don't want them to
db.security.addPermissionToRole('User', 'View', 'user')

# Users should be able to edit their own details -- this permission
# is limited to only the situation where the Viewed or Edited item
# is their own.
def own_record(db, userid, itemid):
    '''Determine whether the userid matches the item being accessed.'''
    return userid == itemid
p = db.security.addPermission(name='View', klass='user', check=own_record,
    description="User is allowed to view their own user details")
db.security.addPermissionToRole('User', p)
p = db.security.addPermission(name='Edit', klass='user', check=own_record,
    description="User is allowed to edit their own user details")
db.security.addPermissionToRole('User', p)

#
# ANONYMOUS USER PERMISSIONS
#
# Let anonymous users access the web interface. Note that almost all
# trackers will need this Permission. The only situation where it's not
# required is in a tracker that uses an HTTP Basic Authenticated front-end.
db.security.addPermissionToRole('Anonymous', 'Web Access')

# Let anonymous users access the email interface (note that this implies
# that they will be registered automatically, hence they will need the
# "Create" user Permission below)
# This is disabled by default to stop spam from auto-registering users on
# public trackers.
#db.security.addPermissionToRole('Anonymous', 'Email Access')

# Assign the appropriate permissions to the anonymous user's Anonymous
# Role. Choices here are:
# - Allow anonymous users to register
db.security.addPermissionToRole('Anonymous', 'Create', 'user')

# Allow anonymous users access to view issues (and the related, linked
# information)
for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status':
    db.security.addPermissionToRole('Anonymous', 'View', cl)

# [OPTIONAL]
# Allow anonymous users access to create or edit "issue" items (and the
# related file and message items)
#for cl in 'issue', 'file', 'msg':
#   db.security.addPermissionToRole('Anonymous', 'Create', cl)
#   db.security.addPermissionToRole('Anonymous', 'Edit', cl)

Automatic Permission Checks

Permissions are automatically checked when information is rendered through the web. This includes:

View checks for properties when being rendered via the plain() or similar methods. If the check fails, the text "[hidden]" will be displayed.
Edit checks for properties when the edit field is being rendered via the field() or similar methods. If the check fails, the property will be rendered via the plain() method (see point 1. for subsequent checking performed)
View checks are performed in index pages for each item being displayed such that if the user does not have permission, the row is not rendered.
View checks are performed at the top of item pages for the Item being displayed. If the user does not have permission, the text "You are not allowed to view this page." will be displayed.
View checks are performed at the top of index pages for the Class being displayed. If the user does not have permission, the text "You are not allowed to view this page." will be displayed.

New User Roles

New users are assigned the Roles defined in the config file as:

NEW_WEB_USER_ROLES
NEW_EMAIL_USER_ROLES

The users may only edit their issues example shows customisation of these parameters.

Changing Access Controls

You may alter the configuration variables to change the Role that new web or email users get, for example to not give them access to the web interface if they register through email.

You may use the roundup-admin "security" command to display the current Role and Permission configuration in your tracker.

Adding a new Permission

When adding a new Permission, you will need to:

add it to your tracker's schema.py so it is created, using security.addPermission, for example:
```
self.security.addPermission(name="View", klass='frozzle',
    description="User is allowed to access frozzles")
```
will set up a new "View" permission on the Class "frozzle".
enable it for the Roles that should have it (verify with "roundup-admin security")
add it to the relevant HTML interface templates
add it to the appropriate xxxPermission methods on in your tracker interfaces module

The addPermission method takes a couple of optional parameters:

properties: A sequence of property names that are the only properties to apply the new Permission to (eg. ... klass='user', properties=('name', 'email') ...)
check: A function to be execute which returns boolean determining whether the Permission is allowed. The function has the signature check(db, userid, itemid) where db is a handle on the open database, userid is the user attempting access and itemid is the specific item being accessed.

Example Scenarios

See the examples section for longer examples of customisation.

anonymous access through the e-mail gateway

Give the "anonymous" user the "Email Access", ("Edit", "issue") and ("Create", "msg") Permissions but do not not give them the ("Create", "user") Permission. This means that when an unknown user sends email into the tracker, they're automatically logged in as "anonymous". Since they don't have the ("Create", "user") Permission, they won't be automatically registered, but since "anonymous" has permission to use the gateway, they'll still be able to submit issues. Note that the Sender information - their email address - will not be available - they're anonymous.

automatic registration of users in the e-mail gateway

By giving the "anonymous" user the ("Create", "user" Permission, any unidentified user will automatically be registered with the tracker (with no password, so they won't be able to log in through the web until an admin sets their password). This is the default behaviour in the tracker templates that ship with Roundup. The new user is given the Roles list defined in the "new_email_user_roles" config variable.

only developers may be assigned issues

Create a new Permission called "Fixer" for the "issue" class. Create a new Role "Developer" which has that Permission, and assign that to the appropriate users. Filter the list of users available in the assignedto list to include only those users. Enforce the Permission with an auditor. See the example restricting the list of users that are assignable to a task.

only managers may sign off issues as complete

Create a new Permission called "Closer" for the "issue" class. Create a new Role "Manager" which has that Permission, and assign that to the appropriate users. In your web interface, only display the "resolved" issue state option when the user has the "Closer" Permissions. Enforce the Permission with an auditor. This is very similar to the previous example, except that the web interface check would look like:

<option tal:condition="python:request.user.hasPermission('Closer')"
        value="resolved">Resolved</option>

don't give web access to users who register through email

Create a new Role called "Email User" which has all the Permissions of the normal "User" Role minus the "Web Access" Permission. This will allow users to send in emails to the tracker, but not access the web interface.

let some users edit the details of all users

Create a new Role called "User Admin" which has the Permission for editing users:

db.security.addRole(name='User Admin', description='Managing users')
p = db.security.getPermission('Edit', 'user')
db.security.addPermissionToRole('User Admin', p)

and assign the Role to the users who need the permission.

Web Interface

Repercussions of changing the tracker schema
How requests are processed
Determining web context
The "home" Context
Serving static content
Performing actions in web requests
Special form variables
Default templates
How the templates work
Information available to templates
Displaying Properties
Index Views
- Index View Specifiers
Searching Views
Item Views
Defining new web actions
8-bit character set support in Web interface

The web interface is provided by the roundup.cgi.client module and is used by roundup.cgi, roundup-server and ZRoundup (ZRoundup is broken, until further notice). In all cases, we determine which tracker is being accessed (the first part of the URL path inside the scope of the CGI handler) and pass control on to the roundup.cgi.client.Client class - which handles the rest of the access through its main() method. This means that you can do pretty much anything you want as a web interface to your tracker.

Repercussions of changing the tracker schema

If you choose to change the tracker schema you will need to ensure the web interface knows about it:

Index, item and search pages for the relevant classes may need to have properties added or removed,
The "page" template may require links to be changed, as might the "home" page's content arguments.

How requests are processed

The basic processing of a web request proceeds as follows:

figure out who we are, defaulting to the "anonymous" user
figure out what the request is for - we call this the "context"
handle any requested action (item edit, search, ...)
render the template requested by the context, resulting in HTML output

In some situations, exceptions occur:

HTTP Redirect (generally raised by an action)
SendFile (generally raised by determine_context)

here we serve up a FileClass "content" property
SendStaticFile (generally raised by determine_context)

here we serve up a file from the tracker "html" directory
Unauthorised (generally raised by an action)

here the action is cancelled, the request is rendered and an error message is displayed indicating that permission was not granted for the action to take place
NotFound (raised wherever it needs to be)

this exception percolates up to the CGI interface that called the client

Determining web context

To determine the "context" of a request, we look at the URL and the special request variable @template. The URL path after the tracker identifier is examined. Typical URL paths look like:

/tracker/issue
/tracker/issue1
/tracker/@@file/style.css
/cgi-bin/roundup.cgi/tracker/file1
/cgi-bin/roundup.cgi/tracker/file1/kitten.png

where the "tracker identifier" is "tracker" in the above cases. That means we're looking at "issue", "issue1", "@@file/style.css", "file1" and "file1/kitten.png" in the cases above. The path is generally only one entry long - longer paths are handled differently.

if there is no path, then we are in the "home" context. See the "home" context below for more information about how it may be used.
if the path starts with "@@file" (as in example 3, "/tracker/@@file/style.css"), then the additional path entry, "style.css" specifies the filename of a static file we're to serve up from the tracker TEMPLATES (or STATIC_FILES, if configured) directory. This is usually the tracker's "html" directory. Raises a SendStaticFile exception.
if there is something in the path (as in example 1, "issue"), it identifies the tracker class we're to display.
if the path is an item designator (as in examples 2 and 4, "issue1" and "file1"), then we're to display a specific item.
if the path starts with an item designator and is longer than one entry (as in example 5, "file1/kitten.png"), then we're assumed to be handling an item of a FileClass, and the extra path information gives the filename that the client is going to label the download with (i.e. "file1/kitten.png" is nicer to download than "file1"). This raises a SendFile exception.

Both b. and e. stop before we bother to determine the template we're going to use. That's because they don't actually use templates.

The template used is specified by the @template CGI variable, which defaults to:

only classname suplied: "index"
full item designator supplied: "item"

The "home" Context

The "home" context is special because it allows you to add templated pages to your tracker that don't rely on a class or item (ie. an issues list or specific issue).

Let's say you wish to add frames to control the layout of your tracker's interface. You'd probably have:

A top-level frameset page. This page probably wouldn't be templated, so it could be served as a static file (see serving static content)
A sidebar frame that is templated. Let's call this page "home.navigation.html" in your tracker's "html" directory. To load that page up, you use the URL:

<tracker url>/home?@template=navigation

Serving static content

See the previous section determining web context where it describes @@file paths.

Performing actions in web requests

When a user requests a web page, they may optionally also request for an action to take place. As described in how requests are processed, the action is performed before the requested page is generated. Actions are triggered by using a @action CGI variable, where the value is one of:

login

Attempt to log a user in.

logout

Log the user out - make them "anonymous".

register

Attempt to create a new user based on the contents of the form and then log them in.

edit

Perform an edit of an item in the database. There are some special form variables you may use.

new

Add a new item to the database. You may use the same special form variables as in the "edit" action.

retire

Retire the item in the database.

editCSV

Performs an edit of all of a class' items in one go. See also the class.csv templating method which generates the CSV data to be edited, and the '_generic.index' template which uses both of these features.

search

Mangle some of the form variables:

Set the form ":filter" variable based on the values of the filter variables - if they're set to anything other than "dontcare" then add them to :filter.
Also handle the ":queryname" variable and save off the query to the user's query list.

Each of the actions is implemented by a corresponding *XxxAction* (where "Xxx" is the name of the action) class in the roundup.cgi.actions module. These classes are registered with roundup.cgi.client.Client. If you need to define new actions, you may add them there (see defining new web actions).

Each action class also has a *permission* method which determines whether the action is permissible given the current user. The base permission checks for each action are:

login: Determine whether the user has the "Web Access" Permission.
logout: No permission checks are made.
register: Determine whether the user has the ("Create", "user") Permission.
edit: Determine whether the user has permission to edit this item. If we're editing the "user" class, users are allowed to edit their own details - unless they try to edit the "roles" property, which requires the special Permission "Web Roles".
new: Determine whether the user has permission to create this item. No additional property checks are made. Additionally, new user items may be created if the user has the ("Create", "user") Permission.
editCSV: Determine whether the user has permission to edit this class.
search: Determine whether the user has permission to view this class.

Special form variables

Item properties and their values are edited with html FORM variables and their values. You can:

Change the value of some property of the current item.
Create a new item of any class, and edit the new item's properties,
Attach newly created items to a multilink property of the current item.
Remove items from a multilink property of the current item.
Specify that some properties are required for the edit operation to be successful.
Set up user interface locale.

These operations will only take place if the form action (the @action variable) is "edit" or "new".

In the following, <bracketed> values are variable, "@" may be either ":" or "@", and other text "required" is fixed.

Two special form variables are used to specify user language preferences:

@language: value may be locale name or none. If this variable is set to locale name, web interface language is changed to given value (provided that appropriate translation is available), the value is stored in the browser cookie and will be used for all following requests. If value is none the cookie is removed and the language is changed to the tracker default, set up in the tracker configuration or OS environment.
@charset: value may be character set name or none. Character set name is stored in the browser cookie and sets output encoding for all HTML pages generated by Roundup. If value is none the cookie is removed and HTML output is reset to Roundup internal encoding (UTF-8).

Most properties are specified as form variables:

<propname>: property on the current context item
<designator>"@"<propname>: property on the indicated item (for editing related information)

Designators name a specific item of a class.

<classname><N>: Name an existing item of class <classname>.
<classname>"-"<N>: Name the <N>th new item of class <classname>. If the form submission is successful, a new item of <classname> is created. Within the submitted form, a particular designator of this form always refers to the same new item.

Once we have determined the "propname", we look at it to see if it's special:

@required

The associated form value is a comma-separated list of property names that must be specified when the form is submitted for the edit operation to succeed.

When the <designator> is missing, the properties are for the current context item. When <designator> is present, they are for the item specified by <designator>.

The "@required" specifier must come before any of the properties it refers to are assigned in the form.

@remove@<propname>=id(s) or @add@<propname>=id(s)

The "@add@" and "@remove@" edit actions apply only to Multilink properties. The form value must be a comma-separate list of keys for the class specified by the simple form variable. The listed items are added to (respectively, removed from) the specified property.

@link@<propname>=<designator>

If the edit action is "@link@", the simple form variable must specify a Link or Multilink property. The form value is a comma-separated list of designators. The item corresponding to each designator is linked to the property given by simple form variable.

None of the above (ie. just a simple form value)

The value of the form variable is converted appropriately, depending on the type of the property.

For a Link('klass') property, the form value is a single key for 'klass', where the key field is specified in schema.py.

For a Multilink('klass') property, the form value is a comma-separated list of keys for 'klass', where the key field is specified in schema.py.

Note that for simple-form-variables specifiying Link and Multilink properties, the linked-to class must have a key field.

For a String() property specifying a filename, the file named by the form value is uploaded. This means we try to set additional properties "filename" and "type" (if they are valid for the class). Otherwise, the property is set to the form value.

For Date(), Interval(), Boolean(), and Number() properties, the form value is converted to the appropriate

Any of the form variables may be prefixed with a classname or designator.

Two special form values are supported for backwards compatibility:

@note

This is equivalent to:

@link@messages=msg-1
msg-1@content=value

except that in addition, the "author" and "date" properties of "msg-1" are set to the userid of the submitter, and the current time, respectively.

@file

This is equivalent to:

@link@files=file-1
file-1@content=value

The String content value is handled as described above for file uploads.

If both the "@note" and "@file" form variables are specified, the action:

@link@msg-1@files=file-1

is also performed.

We also check that FileClass items have a "content" property with actual content, otherwise we remove them from all_props before returning.

Default templates

The default templates are html4 compliant. If you wish to change them to be xhtml compliant, you'll need to change the html_version configuration variable in config.ini to 'xhtml' instead of 'html4'.

Most customisation of the web view can be done by modifying the templates in the tracker 'html' directory. There are several types of files in there. The minimal template includes:

page.html: This template usually defines the overall look of your tracker. When you view an issue, it appears inside this template. When you view an index, it also appears inside this template. This template defines a macro called "icing" which is used by almost all other templates as a coating for their content, using its "content" slot. It also defines the "head_title" and "body_title" slots to allow setting of the page title.
home.html: the default page displayed when no other page is indicated by the user
home.classlist.html: a special version of the default page that lists the classes in the tracker
classname.item.html: displays an item of the classname class
classname.index.html: displays a list of classname items
classname.search.html: displays a search page for classname items
_generic.index.html: used to display a list of items where there is no *classname*.index available
_generic.help.html: used to display a "class help" page where there is no *classname*.help
user.register.html: a special page just for the user class, that renders the registration page
style.css.html: a static file that is served up as-is

The classic template has a number of additional templates.

Remember that you can create any template extension you want to, so if you just want to play around with the templating for new issues, you can copy the current "issue.item" template to "issue.test", and then access the test template using the "@template" URL argument:

http://your.tracker.example/tracker/issue?@template=test

and it won't affect your users using the "issue.item" template.

How the templates work

Basic Templating Actions

Roundup's templates consist of special attributes on the HTML tags. These attributes form the Template Attribute Language, or TAL. The basic TAL commands are:

tal:define="variable expression; variable expression; ..."

Define a new variable that is local to this tag and its contents. For example:

<html tal:define="title request/description">
 <head><title tal:content="title"></title></head>
</html>

In this example, the variable "title" is defined as the result of the expression "request/description". The "tal:content" command inside the <html> tag may then use the "title" variable.

tal:condition="expression"

Only keep this tag and its contents if the expression is true. For example:

<p tal:condition="python:request.user.hasPermission('View', 'issue')">
 Display some issue information.
</p>

In the example, the tag and its contents are only displayed if the user has the "View" permission for issues. We consider the number zero, a blank string, an empty list, and the built-in variable nothing to be false values. Nearly every other value is true, including non-zero numbers, and strings with anything in them (even spaces!).

tal:repeat="variable expression"

Repeat this tag and its contents for each element of the sequence that the expression returns, defining a new local variable and a special "repeat" variable for each element. For example:

<tr tal:repeat="u user/list">
 <td tal:content="u/id"></td>
 <td tal:content="u/username"></td>
 <td tal:content="u/realname"></td>
</tr>

The example would iterate over the sequence of users returned by "user/list" and define the local variable "u" for each entry. Using the repeat command creates a new variable called "repeat" which you may access to gather information about the iteration. See the section below on the repeat variable.

tal:replace="expression"

Replace this tag with the result of the expression. For example:

<span tal:replace="request/user/realname" />

The example would replace the tag and its contents with the user's realname. If the user's realname was "Bruce", then the resultant output would be "Bruce".

tal:content="expression"

Replace the contents of this tag with the result of the expression. For example:

<span tal:content="request/user/realname">user's name appears here
</span>

The example would replace the contents of the tag with the user's realname. If the user's realname was "Bruce" then the resultant output would be "Bruce".

tal:attributes="attribute expression; attribute expression; ..."

Set attributes on this tag to the results of expressions. For example:

<a tal:attributes="href string:user${request/user/id}">My Details</a>

In the example, the "href" attribute of the <a> tag is set to the value of the "string:user${request/user/id}" expression, which will be something like "user123".

tal:omit-tag="expression"

Remove this tag (but not its contents) if the expression is true. For example:

<span tal:omit-tag="python:1">Hello, world!</span>

would result in output of:

Hello, world!

Note that the commands on a given tag are evaulated in the order above, so define comes before condition, and so on.

Additionally, you may include tags such as <tal:block>, which are removed from output. Its content is kept, but the tag itself is not (so don't go using any "tal:attributes" commands on it). This is useful for making arbitrary blocks of HTML conditional or repeatable (very handy for repeating multiple table rows, which would othewise require an illegal tag placement to effect the repeat).

Templating Expressions

Templating Expressions are covered by Template Attribute Language Expression Syntax, or TALES. The expressions you may use in the attribute values may be one of the following forms:

Path Expressions - eg. item/status/checklist

These are object attribute / item accesses. Roughly speaking, the path item/status/checklist is broken into parts item, status and checklist. The item part is the root of the expression. We then look for a status attribute on item, or failing that, a status item (as in item['status']). If that fails, the path expression fails. When we get to the end, the object we're left with is evaluated to get a string - if it is a method, it is called; if it is an object, it is stringified. Path expressions may have an optional path: prefix, but they are the default expression type, so it's not necessary.

If an expression evaluates to default, then the expression is "cancelled" - whatever HTML already exists in the template will remain (tag content in the case of tal:content, attributes in the case of tal:attributes).

If an expression evaluates to nothing then the target of the expression is removed (tag content in the case of tal:content, attributes in the case of tal:attributes and the tag itself in the case of tal:replace).

If an element in the path may not exist, then you can use the | operator in the expression to provide an alternative. So, the expression request/form/foo/value | default would simply leave the current HTML in place if the "foo" form variable doesn't exist.

You may use the python function path, as in path("item/status"), to embed path expressions in Python expressions.

String Expressions - eg. string:hello ${user/name}

These expressions are simple string interpolations - though they can be just plain strings with no interpolation if you want. The expression in the ${ ... } is just a path expression as above.

Python Expressions - eg. python: 1+1

These expressions give the full power of Python. All the "root level" variables are available, so python:item.status.checklist() would be equivalent to item/status/checklist, assuming that checklist is a method.

Modifiers:

structure - eg. structure python:msg.content.plain(hyperlink=1): The result of expressions are normally escaped to be safe for HTML display (all "<", ">" and "&" are turned into special entities). The structure expression modifier turns off this escaping - the result of the expression is now assumed to be HTML, which is passed to the web browser for rendering.
not: - eg. not:python:1=1: This simply inverts the logical true/false value of another expression.

Template Macros

Macros are used in Roundup to save us from repeating the same common page stuctures over and over. The most common (and probably only) macro you'll use is the "icing" macro defined in the "page" template.

Macros are generated and used inside your templates using special attributes similar to the basic templating actions. In this case, though, the attributes belong to the Macro Expansion Template Attribute Language, or METAL. The macro commands are:

metal:define-macro="macro name"

Define that the tag and its contents are now a macro that may be inserted into other templates using the use-macro command. For example:

<html metal:define-macro="page">
 ...
</html>

defines a macro called "page" using the <html> tag and its contents. Once defined, macros are stored on the template they're defined on in the macros attribute. You can access them later on through the templates variable, eg. the most common templates/page/macros/icing to access the "page" macro of the "page" template.

metal:use-macro="path expression"

Use a macro, which is identified by the path expression (see above). This will replace the current tag with the identified macro contents. For example:

<tal:block metal:use-macro="templates/page/macros/icing">
 ...
</tal:block>

will replace the tag and its contents with the "page" macro of the
"page" template.

metal:define-slot="slot name" and metal:fill-slot="slot name"

To define dynamic parts of the macro, you define "slots" which may be filled when the macro is used with a use-macro command. For example, the templates/page/macros/icing macro defines a slot like so:

<title metal:define-slot="head_title">title goes here</title>

In your use-macro command, you may now use a fill-slot command like this:

<title metal:fill-slot="head_title">My Title</title>

where the tag that fills the slot completely replaces the one defined as the slot in the macro.

Note that you may not mix METAL and TAL commands on the same tag, but TAL commands may be used freely inside METAL-using tags (so your fill-slots tags may have all manner of TAL inside them).

Information available to templates

This is implemented by roundup.cgi.templating.RoundupPageTemplate

The following variables are available to templates.

context

The current context. This is either None, a hyperdb class wrapper or a hyperdb item wrapper

request

Includes information about the current request, including:

the current index information (filterspec, filter args, properties, etc) parsed out of the form.
methods for easy filterspec link generation
user, the current user item as an HTMLItem instance
form The current CGI form information as a mapping of form argument name to value

config

This variable holds all the values defined in the tracker config.ini file (eg. TRACKER_NAME, etc.)

db

The current database, used to access arbitrary database items.

templates

Access to all the tracker templates by name. Used mainly in use-macro commands.

utils

This variable makes available some utility functions like batching.

nothing

This is a special variable - if an expression evaluates to this, then the tag (in the case of a tal:replace), its contents (in the case of tal:content) or some attributes (in the case of tal:attributes) will not appear in the the output. So, for example:

<span tal:attributes="class nothing">Hello, World!</span>

would result in:

<span>Hello, World!</span>

default

Also a special variable - if an expression evaluates to this, then the existing HTML in the template will not be replaced or removed, it will remain. So:

<span tal:replace="default">Hello, World!</span>

would result in:

<span>Hello, World!</span>

true, false

Boolean constants that may be used in templating expressions instead of python:1 and python:0.

i18n

Internationalization service, providing two string translation methods:

gettext (message)

Return the localized translation of message

ngettext (singular, plural, number)

Like gettext(), but consider plural forms. If a translation is found, apply the plural formula to number, and return the resulting message (some languages have more than two plural forms). If no translation is found, return singular if number is 1; return plural otherwise.

This function requires python2.3; in earlier python versions may not work as expected.

The context variable

The context variable is one of three things based on the current context (see determining web context for how we figure this out):

if we're looking at a "home" page, then it's None
if we're looking at a specific hyperdb class, it's a hyperdb class wrapper.
if we're looking at a specific hyperdb item, it's a hyperdb item wrapper.

If the context is not None, we can access the properties of the class or item. The only real difference between cases 2 and 3 above are:

the properties may have a real value behind them, and this will appear if the property is displayed through context/property or context/property/field.
the context's "id" property will be a false value in the second case, but a real, or true value in the third. Thus we can determine whether we're looking at a real item from the hyperdb by testing "context/id".

Hyperdb class wrapper

This is implemented by the roundup.cgi.templating.HTMLClass class.

This wrapper object provides access to a hyperb class. It is used primarily in both index view and new item views, but it's also usable anywhere else that you wish to access information about a class, or the items of a class, when you don't have a specific item of that class in mind.

We allow access to properties. There will be no "id" property. The value accessed through the property will be the current value of the same name from the CGI form.

There are several methods available on these wrapper objects:

Method	Description
properties	return a hyperdb property wrapper for all of this class's properties.
list	lists all of the active (not retired) items in the class.
csv	return the items of this class as a chunk of CSV text.
propnames	lists the names of the properties of this class.
filter	lists of items from this class, filtered and sorted. Two options are avaible for sorting: by the current request filterspec/filter/sort/group args by the "filterspec", "sort" and "group" keyword args. "filterspec" is `{propname: value(s)}`. "sort" and "group" are `(dir, prop)` where dir is '+', '-' or None and prop is a prop name or None. eg. `issue.filter(filterspec={"priority": "1"}, sort=('activity', '+'))`
classhelp	display a link to a javascript popup containing this class' "help" template. This generates a link to a popup window which displays the properties indicated by "properties" of the class named by "classname". The "properties" should be a comma-separated list (eg. 'id,name,description'). Properties defaults to all the properties of a class (excluding id, creator, created and activity). You may optionally override the "label" displayed, the "width", the "height", the number of items per page ("pagesize") and the field on which the list is sorted ("sort"). With the "filter" arg it is possible to specify a filter for which items are supposed to be displayed. It has to be of the format "<field>=<values>;<field>=<values>;...". The popup window will be resizable and scrollable. If the "property" arg is given, it's passed through to the javascript help_window function. This allows updating of a property in the calling HTML page. If the "form" arg is given, it's passed through to the javascript help_window function - it's the name of the form the "property" belongs to.
submit	generate a submit button (and action hidden element)
renderWith	render this class with the given template.
history	returns 'New node - no history' :)
is_edit_ok	is the user allowed to Edit the current class?
is_view_ok	is the user allowed to View the current class?

Note that if you have a property of the same name as one of the above methods, you'll need to access it using a python "item access" expression. For example:

python:context['list']

will access the "list" property, rather than the list method.

Hyperdb item wrapper

This is implemented by the roundup.cgi.templating.HTMLItem class.

This wrapper object provides access to a hyperb item.

We allow access to properties. There will be no "id" property. The value accessed through the property will be the current value of the same name from the CGI form.

There are several methods available on these wrapper objects:

Method	Description
submit	generate a submit button (and action hidden element)
journal	return the journal of the current item (not implemented)
history	render the journal of the current item as HTML
renderQueryForm	specific to the "query" class - render the search form for the query
hasPermission	specific to the "user" class - determine whether the user has a Permission. The signature is: hasPermission(self, permission, [classname=], [property=], [itemid=]) where the classname defaults to the current context.
is_edit_ok	is the user allowed to Edit the current item?
is_view_ok	is the user allowed to View the current item?
is_retired	is the item retired?
download_url	generate a url-quoted link for download of FileClass item contents (ie. file<id>/<name>)
copy_url	generate a url-quoted link for creating a copy of this item. By default, the copy will acquire all properties of the current item except for `messages` and `files`. This can be overridden by passing `exclude` argument which contains a list (or any iterable) of property names that shall not be copied. Database-driven properties like `id` or `activity` cannot be copied.

Note that if you have a property of the same name as one of the above methods, you'll need to access it using a python "item access" expression. For example:

python:context['journal']

will access the "journal" property, rather than the journal method.

Hyperdb property wrapper

This is implemented by subclasses of the roundup.cgi.templating.HTMLProperty class (HTMLStringProperty, HTMLNumberProperty, and so on).

This wrapper object provides access to a single property of a class. Its value may be either:

if accessed through a hyperdb item wrapper, then it's a value from the hyperdb
if access through a hyperdb class wrapper, then it's a value from the CGI form

The property wrapper has some useful attributes:

Attribute	Description
_name	the name of the property
_value	the value of the property if any - this is the actual value retrieved from the hyperdb for this property

There are several methods available on these wrapper objects:

Method	Description
plain	render a "plain" representation of the property. This method may take two arguments: escape If true, escape the text so it is HTML safe (default: no). The reason this defaults to off is that text is usually escaped at a later stage by the TAL commands, unless the "structure" option is used in the template. The following `tal:content` expressions are all equivalent: "structure python:msg.content.plain(escape=1)" "python:msg.content.plain()" "msg/content/plain" "msg/content" Usually you'll only want to use the escape option in a complex expression. hyperlink If true, turn URLs, email addresses and hyperdb item designators in the text into hyperlinks (default: no). Note that you'll need to use the "structure" TAL option if you want to use this `tal:content` expression: "structure python:msg.content.plain(hyperlink=1)" The text is automatically HTML-escaped before the hyperlinking transformation done in the plain() method.
hyperlinked	The same as msg.content.plain(hyperlink=1), but nicer: "structure msg/content/hyperlinked"
field	render an appropriate form edit field for the property - for most types this is a text entry box, but for Booleans it's a tri-state yes/no/neither selection. This method may take some arguments: size Sets the width in characters of the edit field format (Date properties only) Sets the format of the date in the field - uses the same format string argument as supplied to the `pretty` method below.
stext	only on String properties - render the value of the property as StructuredText (requires the StructureText module to be installed separately)
multiline	only on String properties - render a multiline form edit field for the property
email	only on String properties - render the value of the property as an obscured email address
confirm	only on Password properties - render a second form edit field for the property, used for confirmation that the user typed the password correctly. Generates a field with name "name:confirm".
now	only on Date properties - return the current date as a new property
reldate	only on Date properties - render the interval between the date and now
local	only on Date properties - return this date as a new property with some timezone offset, for example: python:context.creation.local(10) will render the date with a +10 hour offset.
pretty	Date properties - render the date as "dd Mon YYYY" (eg. "19 Mar 2004"). Takes an optional format argument, for example: python:context.activity.pretty('%Y-%m-%d') Will format as "2004-03-19" instead. Interval properties - render the interval in a pretty format (eg. "yesterday"). The format arguments are those used in the standard `strftime` call (see the Python Library Reference: time module)
popcal	Generate a link to a popup calendar which may be used to edit the date field, for example: <span tal:replace="structure context/due/popupCalendar" />
menu	only on Link and Multilink properties - render a form select list for this property. Takes a number of optional arguments size is used to limit the length of the list labels height is used to set the <select> tag's "size" attribute showid includes the item ids in the list labels additional lists properties which should be included in the label sort_on indicates the property to sort the list on as (direction, (direction, property) where direction is '+' or '-'. A single string with the direction prepended may be used. For example: ('-', 'order'), '+name'. value gives a default value to preselect in the menu The remaining keyword arguments are used as conditions for filtering the items in the list - they're passed as the "filterspec" argument to a Class.filter() call.
sorted	only on Multilink properties - produce a list of the linked items sorted by some property, for example: python:context.files.sorted('creation') Will list the files by upload date.
reverse	only on Multilink properties - produce a list of the linked items in reverse order
isset	returns True if the property has been set to a value

All of the above functions perform checks for permissions required to display or edit the data they are manipulating. The simplest case is editing an issue title. Including the expression:

context/title/field

Will present the user with an edit field, if they have edit permission. If not, then they will be presented with a static display if they have view permission. If they don't even have view permission, then an error message is raised, preventing the display of the page, indicating that they don't have permission to view the information.

The request variable

This is implemented by the roundup.cgi.templating.HTMLRequest class.

The request variable is packed with information about the current request.

Variable	Holds
form	the CGI form as a cgi.FieldStorage
env	the CGI environment variables
base	the base URL for this tracker
user	a HTMLUser instance for this user
classname	the current classname (possibly None)
template	the current template (suffix, also possibly None)
form	the current CGI form variables in a FieldStorage

Index page specific variables (indexing arguments)

Variable	Holds
columns	dictionary of the columns to display in an index page
show	a convenience access to columns - request/show/colname will be true if the columns should be displayed, false otherwise
sort	index sort column (direction, column name)
group	index grouping property (direction, column name)
filter	properties to filter the index on
filterspec	values to filter the index on
search_text	text to perform a full-text search on for an index

There are several methods available on the request variable:

Method	Description
description	render a description of the request - handle for the page title
indexargs_form	render the current index args as form elements
indexargs_url	render the current index args as a URL
base_javascript	render some javascript that is used by other components of the templating
batch	run the current index args through a filter and return a list of items (see hyperdb item wrapper, and batching)

The form variable

The form variable is a bit special because it's actually a python FieldStorage object. That means that you have two ways to access its contents. For example, to look up the CGI form value for the variable "name", use the path expression:

request/form/name/value

or the python expression:

python:request.form['name'].value

Note the "item" access used in the python case, and also note the explicit "value" attribute we have to access. That's because the form variables are stored as MiniFieldStorages. If there's more than one "name" value in the form, then the above will break since request/form/name is actually a list of MiniFieldStorages. So it's best to know beforehand what you're dealing with.

The db variable

This is implemented by the roundup.cgi.templating.HTMLDatabase class.

Allows access to all hyperdb classes as attributes of this variable. If you want access to the "user" class, for example, you would use:

db/user
python:db.user

Also, the current id of the current user is available as db.getuid(). This isn't so useful in templates (where you have request/user), but it can be useful in detectors or interfaces.

The access results in a hyperdb class wrapper.