Index: roundup/xmlrpc.py
===================================================================
RCS file: /cvsroot/roundup/roundup/roundup/xmlrpc.py,v
retrieving revision 1.5
diff -u -r1.5 xmlrpc.py
--- roundup/xmlrpc.py	3 Nov 2007 00:50:37 -0000	1.5
+++ roundup/xmlrpc.py	4 Mar 2008 18:13:49 -0000
@@ -63,13 +63,10 @@
     def close(self):
         """Close the database, after committing any changes, if needed."""
 
-        if getattr(self, 'db'):
-            try:
-                if self.db.transactions:
-                    self.db.commit()
-            finally:
-                self.db.close()
-
+        try:
+            self.db.commit()
+        finally:
+            self.db.close()
 
     def get_class(self, classname):
         """Return the class for the given classname."""
@@ -115,51 +112,52 @@
 
     def list(self, username, password, classname, propname=None):
         r = RoundupRequest(self.tracker, username, password)
-        cl = r.get_class(classname)
-        if not propname:
-            propname = cl.labelprop()
-        def has_perm(itemid):
-            return True
-            r.db.security.hasPermission('View', r.userid, classname,
-                itemid=itemid, property=propname)
-        result = [cl.get(id, propname) for id in cl.list()
-            if has_perm(id)]
-        r.close()
+        try:
+            cl = r.get_class(classname)
+            if not propname:
+                propname = cl.labelprop()
+            result = [  cl.get(itemid, propname) for itemid in cl.list()
+                     if r.db.security.hasPermission \
+                        ('View', r.userid, classname, propname, itemid)
+                     ]
+        finally:
+            r.close()
         return result
 
     def display(self, username, password, designator, *properties):
         r = RoundupRequest(self.tracker, username, password)
-        classname, itemid = hyperdb.splitDesignator(designator)
-
-        if not r.db.security.hasPermission('View', r.userid, classname,
-                itemid=itemid):
-            raise Unauthorised('Permission to view %s denied'%designator)
-
-        cl = r.get_class(classname)
-        props = properties and list(properties) or cl.properties.keys()
-        props.sort()
-        result = [(property, cl.get(itemid, property)) for property in props]
-        r.close()
+        try:
+            classname, itemid = hyperdb.splitDesignator(designator)
+            cl    = r.get_class(classname)
+            props = properties and list(properties) or cl.properties.keys()
+            props.sort()
+            for p in props:
+                if not r.db.security.hasPermission \
+                    ('View', r.userid, classname, p, itemid):
+                    raise Unauthorised \
+                        ('Permission to view %s of %s denied' % (p, designator))
+            result = [(prop, cl.get(itemid, prop)) for prop in props]
+        finally:
+            r.close()
         return dict(result)
 
     def create(self, username, password, classname, *args):
         r = RoundupRequest(self.tracker, username, password)
+        try:
+            if not r.db.security.hasPermission('Create', r.userid, classname):
+                raise Unauthorised('Permission to create %s denied'%classname)
 
-        if not r.db.security.hasPermission('Create', r.userid, classname):
-            raise Unauthorised('Permission to create %s denied'%classname)
-
-        cl = r.get_class(classname)
+            cl = r.get_class(classname)
 
-        # convert types
-        props = r.props_from_args(cl, args)
+            # convert types
+            props = r.props_from_args(cl, args)
 
-        # check for the key property
-        key = cl.getkey()
-        if key and not props.has_key(key):
-            raise UsageError, 'you must provide the "%s" property.'%key
+            # check for the key property
+            key = cl.getkey()
+            if key and not props.has_key(key):
+                raise UsageError, 'you must provide the "%s" property.'%key
 
-        # do the actual create
-        try:
+            # do the actual create
             try:
                 result = cl.create(**props)
             except (TypeError, IndexError, ValueError), message:
@@ -170,19 +168,17 @@
 
     def set(self, username, password, designator, *args):
         r = RoundupRequest(self.tracker, username, password)
-        classname, itemid = hyperdb.splitDesignator(designator)
-
-        if not r.db.security.hasPermission('Edit', r.userid, classname,
-                itemid=itemid):
-            raise Unauthorised('Permission to edit %s denied'%designator)
-
-        cl = r.get_class(classname)
-
-        # convert types
-        props = r.props_from_args(cl, args)
         try:
+            classname, itemid = hyperdb.splitDesignator(designator)
+            cl                = r.get_class(classname)
+            props             = r.props_from_args(cl, args) # convert types
+            for p in props.iterkeys ():
+                if not r.db.security.hasPermission \
+                    ('Edit', r.userid, classname, p, itemid):
+                    raise Unauthorised\
+                        ('Permission to edit %s of %s denied'%(p, designator))
             try:
-                cl.set(itemid, **props)
+                return cl.set(itemid, **props)
             except (TypeError, IndexError, ValueError), message:
                 raise UsageError, message
         finally:
Index: test/db_test_base.py
===================================================================
RCS file: /cvsroot/roundup/roundup/test/db_test_base.py,v
retrieving revision 1.96
diff -u -r1.96 db_test_base.py
--- test/db_test_base.py	7 Feb 2008 03:28:34 -0000	1.96
+++ test/db_test_base.py	4 Mar 2008 18:13:50 -0000
@@ -62,6 +62,7 @@
     tracker = instance.open(dirname)
     if tracker.exists():
         tracker.nuke()
+        init.write_select_db(dirname, backend)
     tracker.init(password.Password('sekrit'))
     return tracker
 
@@ -293,7 +294,7 @@
             l = [u1,u2]; l.sort()
             m = self.db.issue.get(nid, "nosy"); m.sort()
             self.assertEqual(l, m)
-       
+
 
 # XXX one day, maybe...
 #    def testMultilinkOrdering(self):
Index: test/test_xmlrpc.py
===================================================================
RCS file: /cvsroot/roundup/roundup/test/test_xmlrpc.py,v
retrieving revision 1.4
diff -u -r1.4 test_xmlrpc.py
--- test/test_xmlrpc.py	3 Nov 2007 00:50:38 -0000	1.4
+++ test/test_xmlrpc.py	4 Mar 2008 18:13:50 -0000
@@ -9,23 +9,26 @@
 from roundup.cgi.exceptions import *
 from roundup import init, instance, password, hyperdb, date
 from roundup.xmlrpc import RoundupServer
+from roundup.backends import list_backends
 
 import db_test_base
 
 NEEDS_INSTANCE = 1
 
 class TestCase(unittest.TestCase):
+
+    backend = None
+
     def setUp(self):
         self.dirname = '_test_xmlrpc'
         # set up and open a tracker
-        self.instance = db_test_base.setupTracker(self.dirname)
+        self.instance = db_test_base.setupTracker(self.dirname, self.backend)
 
         # open the database
         self.db = self.instance.open('admin')
         self.joeid = 'user' + self.db.user.create(username='joe',
             password=password.Password('random'), address='random@home.org',
             realname='Joe Random', roles='User')
-
         self.db.commit()
         self.db.close()
 
@@ -89,10 +92,12 @@
 
 def test_suite():
     suite = unittest.TestSuite()
-    suite.addTest(unittest.makeSuite(TestCase))
+    for l in list_backends() :
+        dct    = dict(backend = l)
+        subcls = type(TestCase)('TestCase_%s' % l, (TestCase,), dct)
+        suite.addTest(unittest.makeSuite(subcls))
     return suite
 
 if __name__ == '__main__':
     runner = unittest.TextTestRunner()
     unittest.main(testRunner=runner)
-