From 6d2be114edcf3dbfa05cb94e92f97eabaf3eacb5 Mon Sep 17 00:00:00 2001 From: richard Date: Fri, 29 Jan 2010 05:46:59 +0000 Subject: [PATCH] fixes to make registration work again git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4433 57a73879-2fb5-44c3-a270-3262357dd7e2 --- roundup/cgi/actions.py | 17 +++++++++++------ roundup/cgi/client.py | 6 ++++++ roundup/cgi/templating.py | 4 ++-- 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py index 36dfee3..92e62d4 100755 --- a/roundup/cgi/actions.py +++ b/roundup/cgi/actions.py @@ -840,12 +840,6 @@ class RegisterAction(RegoCommon, EditCommon): % str(message)) return - # registration isn't allowed to supply roles - user_props = props[('user', None)] - if user_props.has_key('roles'): - raise exceptions.Unauthorised, self._( - "It is not permitted to supply roles at registration.") - # skip the confirmation step? if self.db.config['INSTANT_REGISTRATION']: # handle the create now @@ -923,6 +917,17 @@ reply's additional "Re:" is ok), # redirect to the "you're almost there" page raise exceptions.Redirect, '%suser?@template=rego_progress'%self.base + def newItemPermission(self, props, classname=None): + """Just check the "Register" permission. + """ + # registration isn't allowed to supply roles + if props.has_key('roles'): + raise exceptions.Unauthorised, self._( + "It is not permitted to supply roles at registration.") + + # technically already checked, but here for clarity + return self.hasPermission('Register', classname=classname) + class LogoutAction(Action): def handle(self): """Make us really anonymous - nuke the session too.""" diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py index 6c713ec..b66b39b 100644 --- a/roundup/cgi/client.py +++ b/roundup/cgi/client.py @@ -738,6 +738,12 @@ class Client: if action in ('login', 'register'): return + # allow Anonymous to view the "user" "register" template if they're + # allowed to register + if (self.db.security.hasPermission('Register', self.userid, 'user') + and self.classname == 'user' and self.template == 'register'): + return + # otherwise for everything else if self.user == 'anonymous': if not self.db.security.hasPermission('Web Access', self.userid): diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py index 3916608..226851d 100644 --- a/roundup/cgi/templating.py +++ b/roundup/cgi/templating.py @@ -1304,9 +1304,9 @@ class HTMLProperty(HTMLInputMixin, HTMLPermissions): """ perm = self._db.security.hasPermission userid = self._client.userid - if not perm('Web Access', userid): - return False if self._nodeid: + if not perm('Web Access', userid): + return False return perm('Edit', userid, self._classname, self._name, self._nodeid) return perm('Create', userid, self._classname, self._name) or \ -- 2.30.2