fixes to make registration work again

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4433 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py
index 36dfee3707f96a02c0c12c0cd49c70f66c8f718c..92e62d42c31fd1664bbf5564c3457ed98ed58497 100755 (executable)
--- a/roundup/cgi/actions.py
+++ b/roundup/cgi/actions.py
@@ -840,12 +840,6 @@ class RegisterAction(RegoCommon, EditCommon):
                 % str(message))
             return
 
-        # registration isn't allowed to supply roles
-        user_props = props[('user', None)]
-        if user_props.has_key('roles'):
-            raise exceptions.Unauthorised, self._(
-                "It is not permitted to supply roles at registration.")
-
         # skip the confirmation step?
         if self.db.config['INSTANT_REGISTRATION']:
             # handle the create now
@@ -923,6 +917,17 @@ reply's additional "Re:" is ok),
         # redirect to the "you're almost there" page
         raise exceptions.Redirect, '%suser?@template=rego_progress'%self.base
 
+    def newItemPermission(self, props, classname=None):
+        """Just check the "Register" permission.
+        """
+        # registration isn't allowed to supply roles
+        if props.has_key('roles'):
+            raise exceptions.Unauthorised, self._(
+                "It is not permitted to supply roles at registration.")
+
+        # technically already checked, but here for clarity
+        return self.hasPermission('Register', classname=classname)
+
 class LogoutAction(Action):
     def handle(self):
         """Make us really anonymous - nuke the session too."""

diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index 6c713ecda4fd4f242778159b2e9ce2f575783352..b66b39b6e6208db1bfbd89c3813c0c8e3d80eea1 100644 (file)
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
@@ -738,6 +738,12 @@ class Client:
         if action in ('login', 'register'):
             return
 
+        # allow Anonymous to view the "user" "register" template if they're
+        # allowed to register
+        if (self.db.security.hasPermission('Register', self.userid, 'user')
+                and self.classname == 'user' and self.template == 'register'):
+            return
+
         # otherwise for everything else
         if self.user == 'anonymous':
             if not self.db.security.hasPermission('Web Access', self.userid):

diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
index 39166082308eac9e0fa2738583e90ca5c7ed8388..226851de94308db566d0413a7d2e2cbc7e5e56b4 100644 (file)
--- a/roundup/cgi/templating.py
+++ b/roundup/cgi/templating.py
@@ -1304,9 +1304,9 @@ class HTMLProperty(HTMLInputMixin, HTMLPermissions):
         """
         perm = self._db.security.hasPermission
         userid = self._client.userid
-        if not perm('Web Access', userid):
-            return False
         if self._nodeid:
+            if not perm('Web Access', userid):
+                return False
             return perm('Edit', userid, self._classname, self._name,
                 self._nodeid)
         return perm('Create', userid, self._classname, self._name) or \