# HG changeset patch
# User Mads Kiilerich <madski@unity3d.com>
# Date 2015-07-31 15:44:07
# Node ID 0a0595b15c6c4d598f087248b5946e481046a866
# Parent  39bac9410169073232e1452e2655ae84b64716b2

auth: make sure that users only can manage their own primary data if self registration is enabled

With the UI showing exactly which fields are used and which are ignored, there
is no reason to show the 'External Source of Record' warning.

diff --git a/kallithea/controllers/admin/my_account.py b/kallithea/controllers/admin/my_account.py
--- a/kallithea/controllers/admin/my_account.py
+++ b/kallithea/controllers/admin/my_account.py
@@ -102,6 +102,10 @@ class MyAccountController(BaseController
         c.perm_user = AuthUser(user_id=self.authuser.user_id)
         c.ip_addr = self.ip_addr
         managed_fields = auth_modules.get_managed_fields(c.user)
+        def_user_perms = User.get_default_user().AuthUser.permissions['global']
+        if 'hg.register.none' in def_user_perms:
+            managed_fields.extend(['username', 'firstname', 'lastname', 'email'])
+
         c.readonly = lambda n: 'readonly' if n in managed_fields else None
 
         defaults = c.user.get_dict()
diff --git a/kallithea/templates/admin/my_account/my_account_profile.html b/kallithea/templates/admin/my_account/my_account_profile.html
--- a/kallithea/templates/admin/my_account/my_account_profile.html
+++ b/kallithea/templates/admin/my_account/my_account_profile.html
@@ -20,9 +20,6 @@ ${h.form(url('my_account'), method='post
          </div>
 
         <div class="fields">
-            %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL:
-                <strong>${_('Your user is in an external Source of Record; some details cannot be managed here')}.</strong>
-            %endif
              <div class="field">
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
diff --git a/kallithea/templates/admin/users/user_edit_profile.html b/kallithea/templates/admin/users/user_edit_profile.html
--- a/kallithea/templates/admin/users/user_edit_profile.html
+++ b/kallithea/templates/admin/users/user_edit_profile.html
@@ -18,11 +18,6 @@ ${h.form(url('update_user', id=c.user.us
            </div>
         </div>
         <div class="fields">
-            %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL:
-             <div class="field">
-               <strong>${_('This user is in an external Source of Record (%s); some details cannot be managed here.' % c.user.extern_type)}.</strong>
-             </div>
-            %endif
 
              <div class="field">
                 <div class="label">