Mercurial > p > roundup > code
comparison roundup/cgi/client.py @ 2649:1df7d4a41da4
Buncha stuff (sorry about the large checkin):
- Permissions may now be defined on a per-property basis
- added "Create" Permission. Replaces the "Web"- and "Email Registration"
Permissions.
- added option to turn off registration confirmation via email
("instant_registration" in config)
Migrated the user edit/view permission to use check code.
Fixed a buncha stuff in the default templates. Needs a thorough review
though.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Wed, 28 Jul 2004 02:29:46 +0000 |
| parents | 18e86941c950 |
| children | edaa8ba86bd0 |
comparison
equal
deleted
inserted
replaced
| 2648:fe71e108d998 | 2649:1df7d4a41da4 |
|---|---|
| 1 # $Id: client.py,v 1.185 2004-07-27 02:30:31 richard Exp $ | 1 # $Id: client.py,v 1.186 2004-07-28 02:29:45 richard Exp $ |
| 2 | 2 |
| 3 """WWW request handler (also used in the stand-alone server). | 3 """WWW request handler (also used in the stand-alone server). |
| 4 """ | 4 """ |
| 5 __docformat__ = 'restructuredtext' | 5 __docformat__ = 'restructuredtext' |
| 6 | 6 |
| 20 '''Create some Permissions and Roles on the security object | 20 '''Create some Permissions and Roles on the security object |
| 21 | 21 |
| 22 This function is directly invoked by security.Security.__init__() | 22 This function is directly invoked by security.Security.__init__() |
| 23 as a part of the Security object instantiation. | 23 as a part of the Security object instantiation. |
| 24 ''' | 24 ''' |
| 25 security.addPermission(name="Web Registration", | |
| 26 description="User may register through the web") | |
| 27 p = security.addPermission(name="Web Access", | 25 p = security.addPermission(name="Web Access", |
| 28 description="User may access the web interface") | 26 description="User may access the web interface") |
| 29 security.addPermissionToRole('Admin', p) | 27 security.addPermissionToRole('Admin', p) |
| 30 | 28 |
| 31 # doing Role stuff through the web - make sure Admin can | 29 # doing Role stuff through the web - make sure Admin can |
| 396 user = 'anonymous' | 394 user = 'anonymous' |
| 397 | 395 |
| 398 # make sure the anonymous user is valid if we're using it | 396 # make sure the anonymous user is valid if we're using it |
| 399 if user == 'anonymous': | 397 if user == 'anonymous': |
| 400 self.make_user_anonymous() | 398 self.make_user_anonymous() |
| 399 if not self.db.security.hasPermission('Web Access', self.userid): | |
| 400 raise Unauthorised, self._("Anonymous users are not " | |
| 401 "allowed to use the web interface") | |
| 401 else: | 402 else: |
| 402 self.user = user | 403 self.user = user |
| 403 | 404 |
| 404 # reopen the database as the correct user | 405 # reopen the database as the correct user |
| 405 self.opendb(self.user) | 406 self.opendb(self.user) |