![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b75b840)
raw | patch | inline | side by side (parent: b75b840)
| author | richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Fri, 6 Sep 2002 05:53:02 +0000 (05:53 +0000) | ||
| committer | richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Fri, 6 Sep 2002 05:53:02 +0000 (05:53 +0000) |
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1083 57a73879-2fb5-44c3-a270-3262357dd7e2
| roundup/cgi/client.py | patch | blob | history |
diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index bb41f2e20070820a7a1cd410fb3a045652a649bd..5a2ff2cd634eac578b5edd27a3a3f592d1ded281 100644 (file)
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
-# $Id: client.py,v 1.17 2002-09-06 03:21:30 richard Exp $
+# $Id: client.py,v 1.18 2002-09-06 05:53:02 richard Exp $
__doc__ = """
WWW request handler (also used in the stand-alone server).
'editCSV': 'editCSVAction',
'new': 'newItemAction',
'register': 'registerAction',
- 'login': 'login_action',
+ 'login': 'loginAction',
'logout': 'logout_action',
'search': 'searchAction',
}
"edit" -> self.editItemAction
"new" -> self.newItemAction
"register" -> self.registerAction
- "login" -> self.login_action
+ "login" -> self.loginAction
"logout" -> self.logout_action
"search" -> self.searchAction
getattr(self, self.actions[action])()
except Redirect:
raise
+ except Unauthorised:
+ raise
except:
self.db.rollback()
s = StringIO.StringIO()
#
# Actions
#
- def login_action(self):
- ''' Attempt to log a user in and set the cookie
+ def loginAction(self):
+ ''' Attempt to log a user in.
+
+ Sets up a session for the user which contains the login
+ credentials.
'''
# we need the username at a minimum
if not self.form.has_key('__login_name'):
self.error_message.append(_('Incorrect password'))
return
- # XXX check for web access permission!!!!
+ # make sure we're allowed to be here
+ if not self.loginPermission():
+ self.make_user_anonymous()
+ raise Unauthorised, _("You do not have permission to login")
# set the session cookie
self.set_cookie(self.user, password)
+ def loginPermission(self):
+ ''' Determine whether the user has permission to log in.
+
+ Base behaviour is to check the user has "Web Access".
+ '''
+ if not self.db.security.hasPermission('Web Access', self.userid):
+ return 0
+ return 1
+
def logout_action(self):
''' Make us really anonymous - nuke the cookie too
'''
# commit the query change to the database
self.db.commit()
-
def searchPermission(self):
''' Determine whether the user has permission to search this class.
must be supplied or a ValueError will be raised.
'''
required = []
+ print form.keys()
if form.has_key(':required'):
value = form[':required']
print 'required', value
elif isinstance(proptype, hyperdb.Number):
props[key] = value = int(value)
+ # register this as received if required
+ if key in required:
+ required.remove(key)
+
# get the old value
if nodeid:
try:
props[key] = value
# see if all the required properties have been supplied
- l = []
- for property in required:
- if not props.has_key(property):
- l.append(property)
- if l:
- raise ValueError, 'Required properties %s not supplied'%(', '.join(l))
+ if required:
+ raise ValueError, 'Required properties %s not supplied'%(
+ ', '.join(required))
return props