Mercurial > p > roundup > code
diff roundup/cgi/client.py @ 2649:1df7d4a41da4
Buncha stuff (sorry about the large checkin):
- Permissions may now be defined on a per-property basis
- added "Create" Permission. Replaces the "Web"- and "Email Registration"
Permissions.
- added option to turn off registration confirmation via email
("instant_registration" in config)
Migrated the user edit/view permission to use check code.
Fixed a buncha stuff in the default templates. Needs a thorough review
though.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Wed, 28 Jul 2004 02:29:46 +0000 |
| parents | 18e86941c950 |
| children | edaa8ba86bd0 |
line wrap: on
line diff
--- a/roundup/cgi/client.py Tue Jul 27 11:36:01 2004 +0000 +++ b/roundup/cgi/client.py Wed Jul 28 02:29:46 2004 +0000 @@ -1,4 +1,4 @@ -# $Id: client.py,v 1.185 2004-07-27 02:30:31 richard Exp $ +# $Id: client.py,v 1.186 2004-07-28 02:29:45 richard Exp $ """WWW request handler (also used in the stand-alone server). """ @@ -22,8 +22,6 @@ This function is directly invoked by security.Security.__init__() as a part of the Security object instantiation. ''' - security.addPermission(name="Web Registration", - description="User may register through the web") p = security.addPermission(name="Web Access", description="User may access the web interface") security.addPermissionToRole('Admin', p) @@ -398,6 +396,9 @@ # make sure the anonymous user is valid if we're using it if user == 'anonymous': self.make_user_anonymous() + if not self.db.security.hasPermission('Web Access', self.userid): + raise Unauthorised, self._("Anonymous users are not " + "allowed to use the web interface") else: self.user = user