From: richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
Date: Fri, 29 Jan 2010 05:46:59 +0000 (+0000)
Subject: fixes to make registration work again
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;ds=sidebyside;h=6d2be114edcf3dbfa05cb94e92f97eabaf3eacb5;p=roundup.git

fixes to make registration work again

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4433 57a73879-2fb5-44c3-a270-3262357dd7e2
---

diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py
index 36dfee3..92e62d4 100755
--- a/roundup/cgi/actions.py
+++ b/roundup/cgi/actions.py
@@ -840,12 +840,6 @@ class RegisterAction(RegoCommon, EditCommon):
                 % str(message))
             return
 
-        # registration isn't allowed to supply roles
-        user_props = props[('user', None)]
-        if user_props.has_key('roles'):
-            raise exceptions.Unauthorised, self._(
-                "It is not permitted to supply roles at registration.")
-
         # skip the confirmation step?
         if self.db.config['INSTANT_REGISTRATION']:
             # handle the create now
@@ -923,6 +917,17 @@ reply's additional "Re:" is ok),
         # redirect to the "you're almost there" page
         raise exceptions.Redirect, '%suser?@template=rego_progress'%self.base
 
+    def newItemPermission(self, props, classname=None):
+        """Just check the "Register" permission.
+        """
+        # registration isn't allowed to supply roles
+        if props.has_key('roles'):
+            raise exceptions.Unauthorised, self._(
+                "It is not permitted to supply roles at registration.")
+
+        # technically already checked, but here for clarity
+        return self.hasPermission('Register', classname=classname)
+
 class LogoutAction(Action):
     def handle(self):
         """Make us really anonymous - nuke the session too."""
diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index 6c713ec..b66b39b 100644
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
@@ -738,6 +738,12 @@ class Client:
         if action in ('login', 'register'):
             return
 
+        # allow Anonymous to view the "user" "register" template if they're
+        # allowed to register
+        if (self.db.security.hasPermission('Register', self.userid, 'user')
+                and self.classname == 'user' and self.template == 'register'):
+            return
+
         # otherwise for everything else
         if self.user == 'anonymous':
             if not self.db.security.hasPermission('Web Access', self.userid):
diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
index 3916608..226851d 100644
--- a/roundup/cgi/templating.py
+++ b/roundup/cgi/templating.py
@@ -1304,9 +1304,9 @@ class HTMLProperty(HTMLInputMixin, HTMLPermissions):
         """
         perm = self._db.security.hasPermission
         userid = self._client.userid
-        if not perm('Web Access', userid):
-            return False
         if self._nodeid:
+            if not perm('Web Access', userid):
+                return False
             return perm('Edit', userid, self._classname, self._name,
                 self._nodeid)
         return perm('Create', userid, self._classname, self._name) or \