Mercurial > p > roundup > code

changeset 2575:cc7885c427b0 maint-0.7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge from HEAD
author Richard Jones <richard@users.sourceforge.net>
date Wed, 14 Jul 2004 04:19:00 +0000
parents 2691c4e46780
children 762148a70014
files CHANGES.txt roundup/cgi/templating.py templates/classic/html/issue.search.html
diffstat 3 files changed, 10 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES.txt	Wed Jul 14 01:11:37 2004 +0000
+++ b/CHANGES.txt	Wed Jul 14 04:19:00 2004 +0000
@@ -9,6 +9,7 @@
 - handle postgresql bug in SQL generation (sf bug 984591)
 - fix dates-from-Dates (sf bug 984604)
 - fix messageid generated when msgid is None for send_message (sf bug 987933)
+- make user permissions check more sane (fix search page for anonymous)
 
 
 2004-06-24 0.7.5
--- a/roundup/cgi/templating.py	Wed Jul 14 01:11:37 2004 +0000
+++ b/roundup/cgi/templating.py	Wed Jul 14 04:19:00 2004 +0000
@@ -950,6 +950,7 @@
         # may anonymous users register? (so, they need to be anonymous,
         # need the Web Rego permission, and not trying to view an item)
         rego = s.hasPermission('Web Registration', userid, self._classname)
+        rego = rego and self._client.template == 'register'
         if is_anonymous and rego and getattr(self, '_nodeid', None) is None:
             return 1
 
--- a/templates/classic/html/issue.search.html	Wed Jul 14 01:11:37 2004 +0000
+++ b/templates/classic/html/issue.search.html	Wed Jul 14 04:19:00 2004 +0000
@@ -69,7 +69,8 @@
 
 <tr tal:define="name string:creator;
                 db_klass string:user;
-                db_content string:username;">
+                db_content string:username;"
+    tal:condition="db/user/is_view_ok">
   <th>Creator:</th>
   <td metal:use-macro="search_select">
     <option metal:fill-slot="extra_options"
@@ -88,7 +89,10 @@
   <td>&nbsp;</td>
 </tr>
 
-<tr tal:define="name string:actor">
+<tr tal:define="name string:actor;
+                db_klass string:user;
+                db_content string:username;"
+    tal:condition="db/user/is_view_ok">
   <th>Actor:</th>
   <td metal:use-macro="search_select">
     <option metal:fill-slot="extra_options"
@@ -131,7 +135,8 @@
 
 <tr tal:define="name string:assignedto;
                 db_klass string:user;
-                db_content string:username;">
+                db_content string:username;"
+    tal:condition="db/user/is_view_ok">
   <th>Assigned to:</th>
   <td metal:use-macro="search_select">
     <tal:block metal:fill-slot="extra_options">
Roundup Issue Tracker: http://roundup-tracker.org/