Mercurial > p > roundup > code

diff roundup/cgi/templating.py @ 2207:a993c3dcac9b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
better check for anonymous viewing of user items [SF#933510]
author Richard Jones <richard@users.sourceforge.net>
date Mon, 12 Apr 2004 06:55:41 +0000
parents 58b6d1747973
children ac4f295499a4
line wrap: on
line diff
--- a/roundup/cgi/templating.py	Sat Apr 10 22:13:47 2004 +0000
+++ b/roundup/cgi/templating.py	Mon Apr 12 06:55:41 2004 +0000
@@ -945,9 +945,10 @@
         if getattr(self, '_nodeid', None) == userid and not is_anonymous:
             return 1
 
-        # may anonymous users register?
-        if (is_anonymous and s.hasPermission('Web Registration', userid,
-                self._classname)):
+        # may anonymous users register? (so, they need to be anonymous,
+        # need the Web Rego permission, and not trying to view an item)
+        rego = s.hasPermission('Web Registration', userid, self._classname)
+        if is_anonymous and rego and getattr(self, '_nodeid', None) is None:
             return 1
 
         # nope, no access here
Roundup Issue Tracker: http://roundup-tracker.org/