Mercurial > p > roundup > code
comparison roundup/cgi/templating.py @ 2207:a993c3dcac9b
better check for anonymous viewing of user items [SF#933510]
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Mon, 12 Apr 2004 06:55:41 +0000 |
| parents | 58b6d1747973 |
| children | ac4f295499a4 |
comparison
equal
deleted
inserted
replaced
| 2206:8822a99f7650 | 2207:a993c3dcac9b |
|---|---|
| 943 # users may view their own info | 943 # users may view their own info |
| 944 is_anonymous = self._db.user.get(userid, 'username') == 'anonymous' | 944 is_anonymous = self._db.user.get(userid, 'username') == 'anonymous' |
| 945 if getattr(self, '_nodeid', None) == userid and not is_anonymous: | 945 if getattr(self, '_nodeid', None) == userid and not is_anonymous: |
| 946 return 1 | 946 return 1 |
| 947 | 947 |
| 948 # may anonymous users register? | 948 # may anonymous users register? (so, they need to be anonymous, |
| 949 if (is_anonymous and s.hasPermission('Web Registration', userid, | 949 # need the Web Rego permission, and not trying to view an item) |
| 950 self._classname)): | 950 rego = s.hasPermission('Web Registration', userid, self._classname) |
| 951 if is_anonymous and rego and getattr(self, '_nodeid', None) is None: | |
| 951 return 1 | 952 return 1 |
| 952 | 953 |
| 953 # nope, no access here | 954 # nope, no access here |
| 954 return 0 | 955 return 0 |
| 955 | 956 |