Mercurial > kallithea
changeset 5263:64eba8fcde2b
AuthSettingsController: don't validate options for disabled plugins
If the user disables a plugin, any submitted settings for that plugin
should be disregarded (neither validated nor stored in the database).
| author | Søren Løvborg <kwi@kwi.dk> |
|---|---|
| date | Tue, 14 Jul 2015 13:59:59 +0200 |
| parents | b41bdfdb3b16 |
| children | bf1fc4c84e5f |
| files | kallithea/controllers/admin/auth_settings.py |
| diffstat | 1 files changed, 17 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/admin/auth_settings.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/controllers/admin/auth_settings.py Tue Jul 14 13:59:59 2015 +0200 @@ -100,8 +100,24 @@ def auth_settings(self): """POST create and store auth settings""" self.__load_defaults() + log.debug("POST Result: %s", formatted_json(dict(request.POST))) + + # First, parse only the plugin list (not the plugin settings). + _auth_plugins_validator = AuthSettingsForm([]).fields['auth_plugins'] + try: + new_enabled_plugins = _auth_plugins_validator.to_python(request.POST.get('auth_plugins')) + except formencode.Invalid: + pass + else: + # Hide plugins that the user has asked to be disabled, but + # do not show plugins that the user has asked to be enabled + # (yet), since that'll cause validation errors and/or wrong + # settings being applied (e.g. checkboxes being cleared), + # since the plugin settings will not be in the POST data. + c.enabled_plugins = [ p for p in c.enabled_plugins if p in new_enabled_plugins ] + + # Next, parse everything including plugin settings. _form = AuthSettingsForm(c.enabled_plugins)() - log.debug("POST Result: %s" % formatted_json(dict(request.POST))) try: form_result = _form.to_python(dict(request.POST))