# HG changeset patch # User Mads Kiilerich # Date 1438350247 -7200 # Node ID 0a0595b15c6c4d598f087248b5946e481046a866 # Parent 39bac9410169073232e1452e2655ae84b64716b2 auth: make sure that users only can manage their own primary data if self registration is enabled With the UI showing exactly which fields are used and which are ignored, there is no reason to show the 'External Source of Record' warning. diff -r 39bac9410169 -r 0a0595b15c6c kallithea/controllers/admin/my_account.py --- a/kallithea/controllers/admin/my_account.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/controllers/admin/my_account.py Fri Jul 31 15:44:07 2015 +0200 @@ -102,6 +102,10 @@ c.perm_user = AuthUser(user_id=self.authuser.user_id) c.ip_addr = self.ip_addr managed_fields = auth_modules.get_managed_fields(c.user) + def_user_perms = User.get_default_user().AuthUser.permissions['global'] + if 'hg.register.none' in def_user_perms: + managed_fields.extend(['username', 'firstname', 'lastname', 'email']) + c.readonly = lambda n: 'readonly' if n in managed_fields else None defaults = c.user.get_dict() diff -r 39bac9410169 -r 0a0595b15c6c kallithea/templates/admin/my_account/my_account_profile.html --- a/kallithea/templates/admin/my_account/my_account_profile.html Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/templates/admin/my_account/my_account_profile.html Fri Jul 31 15:44:07 2015 +0200 @@ -20,9 +20,6 @@
- %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL: - ${_('Your user is in an external Source of Record; some details cannot be managed here')}. - %endif
diff -r 39bac9410169 -r 0a0595b15c6c kallithea/templates/admin/users/user_edit_profile.html --- a/kallithea/templates/admin/users/user_edit_profile.html Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/templates/admin/users/user_edit_profile.html Fri Jul 31 15:44:07 2015 +0200 @@ -18,11 +18,6 @@
- %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL: -
- ${_('This user is in an external Source of Record (%s); some details cannot be managed here.' % c.user.extern_type)}. -
- %endif