Mercurial > kallithea
changeset 5344:0a0595b15c6c
auth: make sure that users only can manage their own primary data if self registration is enabled
With the UI showing exactly which fields are used and which are ignored, there
is no reason to show the 'External Source of Record' warning.
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Fri, 31 Jul 2015 15:44:07 +0200 |
parents | 39bac9410169 |
children | de9a3152c206 |
files | kallithea/controllers/admin/my_account.py kallithea/templates/admin/my_account/my_account_profile.html kallithea/templates/admin/users/user_edit_profile.html |
diffstat | 3 files changed, 4 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/admin/my_account.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/controllers/admin/my_account.py Fri Jul 31 15:44:07 2015 +0200 @@ -102,6 +102,10 @@ c.perm_user = AuthUser(user_id=self.authuser.user_id) c.ip_addr = self.ip_addr managed_fields = auth_modules.get_managed_fields(c.user) + def_user_perms = User.get_default_user().AuthUser.permissions['global'] + if 'hg.register.none' in def_user_perms: + managed_fields.extend(['username', 'firstname', 'lastname', 'email']) + c.readonly = lambda n: 'readonly' if n in managed_fields else None defaults = c.user.get_dict()
--- a/kallithea/templates/admin/my_account/my_account_profile.html Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/templates/admin/my_account/my_account_profile.html Fri Jul 31 15:44:07 2015 +0200 @@ -20,9 +20,6 @@ </div> <div class="fields"> - %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL: - <strong>${_('Your user is in an external Source of Record; some details cannot be managed here')}.</strong> - %endif <div class="field"> <div class="label"> <label for="username">${_('Username')}:</label>
--- a/kallithea/templates/admin/users/user_edit_profile.html Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/templates/admin/users/user_edit_profile.html Fri Jul 31 15:44:07 2015 +0200 @@ -18,11 +18,6 @@ </div> </div> <div class="fields"> - %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL: - <div class="field"> - <strong>${_('This user is in an external Source of Record (%s); some details cannot be managed here.' % c.user.extern_type)}.</strong> - </div> - %endif <div class="field"> <div class="label">