Fix issue2550553.

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4239 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py
index 7d875d0cdd25862820ec187dd79459686e2334a7..eaf4c28a5b57080a455702ecefc997e1d94b3fad 100755 (executable)
--- a/roundup/cgi/actions.py
+++ b/roundup/cgi/actions.py
@@ -820,7 +820,7 @@ class ConfRegoAction(RegoCommon):
 
 class RegisterAction(RegoCommon, EditCommon):
     name = 'register'
-    permissionType = 'Create'
+    permissionType = 'Register'
 
     def handle(self):
         """Attempt to create a new user based on the contents of the form

diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
index f536774b4215b0a7e0e04ff540bc2117310c8226..1cae36afca92049fdf2b29cbb79f87df2acb1e4d 100644 (file)
--- a/roundup/cgi/templating.py
+++ b/roundup/cgi/templating.py
@@ -1268,7 +1268,9 @@ class HTMLProperty(HTMLInputMixin, HTMLPermissions):
             return self._db.security.hasPermission('Edit', self._client.userid,
                 self._classname, self._name, self._nodeid)
         return self._db.security.hasPermission('Create', self._client.userid,
-            self._classname, self._name)
+            self._classname, self._name) or \
+            self._db.security.hasPermission('Register', self._client.userid,
+                                            self._classname, self._name)
 
     def is_view_ok(self):
         """ Is the user allowed to View the current class?

diff --git a/share/roundup/templates/classic/html/page.html b/share/roundup/templates/classic/html/page.html
index 8b6b601051617f108a950e9d1a176cdc1fb2cc4d..6ca4f4460fb6b09607503addf2744bea8ac263b1 100644 (file)
--- a/share/roundup/templates/classic/html/page.html
+++ b/share/roundup/templates/classic/html/page.html
@@ -136,7 +136,7 @@ status_notresolved string:-1,1,2,3,4,5,6,7;
     <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
     <span tal:replace="structure request/indexargs_form" />
     <a href="user?@template=register"
-       tal:condition="python:request.user.hasPermission('Create', 'user')"
+       tal:condition="python:request.user.hasPermission('Register', 'user')"
      i18n:translate="">Register</a><br>
     <a href="user?@template=forgotten" i18n:translate="">Lost&nbsp;your&nbsp;login?</a><br>
    </p>

diff --git a/share/roundup/templates/classic/schema.py b/share/roundup/templates/classic/schema.py
index f7560348aed052183f6248ec69c979460c9d9df4..09ff2551fccbdedecbe12e53970486d172e031dd 100644 (file)
--- a/share/roundup/templates/classic/schema.py
+++ b/share/roundup/templates/classic/schema.py
@@ -47,6 +47,8 @@ user = Class(db, "user",
                 roles=String(),     # comma-separated string of Role names
                 timezone=String())
 user.setkey("username")
+db.security.addPermission(name='Register', klass='user',
+                          description='User is allowed to register new user')
 
 # FileClass automatically gets this property in addition to the Class ones:
 #   content = String()    [saved to disk in <tracker home>/db/files/]
@@ -154,7 +156,7 @@ db.security.addPermissionToRole('Anonymous', 'Web Access')
 # Assign the appropriate permissions to the anonymous user's Anonymous
 # Role. Choices here are:
 # - Allow anonymous users to register
-db.security.addPermissionToRole('Anonymous', 'Create', 'user')
+db.security.addPermissionToRole('Anonymous', 'Register', 'user')
 
 # Allow anonymous users access to view issues (and the related, linked
 # information)

diff --git a/share/roundup/templates/minimal/html/page.html b/share/roundup/templates/minimal/html/page.html
index 54e4376870cf5c205e214e3dbf417815d9c83a50..3502d4d7d2389a95b50a4003a7d44c4189aec4aa 100644 (file)
--- a/share/roundup/templates/minimal/html/page.html
+++ b/share/roundup/templates/minimal/html/page.html
@@ -135,7 +135,7 @@ status_notresolved string:-1,1,2,3,4,5,6,7;
     <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
     <span tal:replace="structure request/indexargs_form" />
     <a href="user?@template=register"
-       tal:condition="python:request.user.hasPermission('Create', 'user')"
+       tal:condition="python:request.user.hasPermission('Register', 'user')"
      i18n:translate="">Register</a><br>
     <a href="user?@template=forgotten" i18n:translate="">Lost&nbsp;your&nbsp;login?</a><br>
    </p>

diff --git a/share/roundup/templates/minimal/schema.py b/share/roundup/templates/minimal/schema.py
index 909c9b1921950b0604d624691bc705223358180c..3333e55ca4aa7ba3e0fe4e2851a695102f982f4d 100644 (file)
--- a/share/roundup/templates/minimal/schema.py
+++ b/share/roundup/templates/minimal/schema.py
@@ -60,6 +60,6 @@ db.security.addPermissionToRole('Anonymous', 'Email Access')
 # Assign the appropriate permissions to the anonymous user's
 # Anonymous Role. Choices here are:
 # - Allow anonymous users to register
-db.security.addPermissionToRole('Anonymous', 'Create', 'user')
+db.security.addPermissionToRole('Anonymous', 'Register', 'user')
 
 # vim: set et sts=4 sw=4 :