Mercurial > p > roundup > code
diff roundup/cgi/client.py @ 4327:095d92109cc7
allow Anonymous users to log in, and register
(assuming they have the Register permission of course)
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 29 Jan 2010 05:12:46 +0000 |
| parents | d51a9c498dc4 |
| children | 58b7ba47af87 |
line wrap: on
line diff
--- a/roundup/cgi/client.py Fri Jan 29 05:03:48 2010 +0000 +++ b/roundup/cgi/client.py Fri Jan 29 05:12:46 2010 +0000 @@ -380,7 +380,7 @@ self.determine_language() # Open the database as the correct user. self.determine_user() - self.check_web_access() + self.check_anonymous_access() # Call the appropriate XML-RPC method. handler = xmlrpc.RoundupDispatcher(self.db, @@ -441,7 +441,7 @@ # if we've made it this far the context is to a bit of # Roundup's real web interface (not a file being served up) # so do the Anonymous Web Acess check now - self.check_web_access() + self.check_anonymous_access() # possibly handle a form submit action (may change self.classname # and self.template, and may also append error/ok_messages) @@ -723,10 +723,22 @@ # reopen the database as the correct user self.opendb(self.user) - def check_web_access(self): + def check_anonymous_access(self): """Check that the Anonymous user is actually allowed to use the web interface and short-circuit all further processing if they're not. """ + # allow Anonymous to use the "login" and "register" actions (noting + # that "register" has its own "Register" permission check) + if self.form.has_key(':action'): + action = self.form[':action'].value.lower() + elif self.form.has_key('@action'): + action = self.form['@action'].value.lower() + else: + action = None + if action in ('login', 'register'): + return + + # otherwise for everything else if self.user == 'anonymous': if not self.db.security.hasPermission('Web Access', self.userid): raise Unauthorised, self._("Anonymous users are not " @@ -878,7 +890,7 @@ raise NotFound, str(designator) # perform the Anonymous user access check - self.check_web_access() + self.check_anonymous_access() # make sure we have the appropriate properties props = klass.getprops()