Changeset - 0a0595b15c6c
Parent rev.
Child rev.
[Not reviewed]
default
0 3 0
Mads Kiilerich - 10 years ago 2015-07-31 15:44:07
madski@unity3d.com
auth: make sure that users only can manage their own primary data if self registration is enabled

With the UI showing exactly which fields are used and which are ignored, there
is no reason to show the 'External Source of Record' warning.
3 files changed with 4 insertions and 8 deletions:
kallithea/controllers/admin/my_account.py
4
kallithea/templates/admin/my_account/my_account_profile.html
3
kallithea/templates/admin/users/user_edit_profile.html
5
0 comments (0 inline, 0 general)
kallithea/controllers/admin/my_account.py
Show inline comments
 
@@ -93,24 +93,28 @@ class MyAccountController(BaseController
 
        return json.dumps(repos_data)
 

			




	
	
	
		
 
    def my_account(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        GET /_admin/my_account Displays info about my account

			




	
	
	
		
 
        """

			




	
	
	
		
 
        # url('my_account')

			




	
	
	
		
 
        c.active = 'profile'

			




	
	
	
		
 
        self.__load_data()

			




	
	
	
		
 
        c.perm_user = AuthUser(user_id=self.authuser.user_id)

			




	
	
	
		
 
        c.ip_addr = self.ip_addr

			




	
	
	
		
 
        managed_fields = auth_modules.get_managed_fields(c.user)

			




	
	
	
		
 
        def_user_perms = User.get_default_user().AuthUser.permissions['global']

			




	
	
	
		
 
        if 'hg.register.none' in def_user_perms:

			




	
	
	
		
 
            managed_fields.extend(['username', 'firstname', 'lastname', 'email'])

			




	
	
	
		
 

			




	
	
	
		
 
        c.readonly = lambda n: 'readonly' if n in managed_fields else None

			




	
	
	
		
 

			




	
	
	
		
 
        defaults = c.user.get_dict()

			




	
	
	
		
 
        update = False

			




	
	
	
		
 
        if request.POST:

			




	
	
	
		
 
            _form = UserForm(edit=True,

			




	
	
	
		
 
                             old_data={'user_id': self.authuser.user_id,

			




	
	
	
		
 
                                       'email': self.authuser.email})()

			




	
	
	
		
 
            form_result = {}

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                post_data = dict(request.POST)

			




	
	
	
		
 
                post_data['new_password'] = ''

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/my_account/my_account_profile.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -11,27 +11,24 @@ ${h.form(url('my_account'), method='post

			




	
	
	
		
 
                <strong>${_('Change your avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>

			




	
	
	
		
 
                <br/>${_('Using')} ${c.user.email}

			




	
	
	
		
 
                %else:

			




	
	
	
		
 
                <strong>${_('Avatars are disabled')}</strong>

			




	
	
	
		
 
                <br/>${c.user.email or _('Missing email, please update your user email address.')}

			




	
	
	
		
 
                    [${_('Current IP')}: ${c.ip_addr}]

			




	
	
	
		
 
                %endif

			




	
	
	
		
 
               </p>

			




	
	
	
		
 
           </div>

			




	
	
	
		
 
         </div>

			




	
	
	
		
 

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
            %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL:

			




	
	
	
		
 
                <strong>${_('Your user is in an external Source of Record; some details cannot be managed here')}.</strong>

			




	
	
	
		
 
            %endif

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="username">${_('Username')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                  ${h.text('username',class_='medium', readonly=c.readonly('username'))}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="name">${_('First Name')}:</label>

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/users/user_edit_profile.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -9,29 +9,24 @@ ${h.form(url('update_user', id=c.user.us

			




	
	
	
		
 
                <br/>${_('Using')} ${c.user.email}

			




	
	
	
		
 
                %else:

			




	
	
	
		
 
                <strong>${_('Avatars are disabled')}</strong>

			




	
	
	
		
 
                <br/>${c.user.email or _('Missing email, please update this user email address.')}

			




	
	
	
		
 
                        ##show current ip just if we show ourself

			




	
	
	
		
 
                        %if c.authuser.username == c.user.username:

			




	
	
	
		
 
                            [${_('Current IP')}: ${c.ip_addr}]

			




	
	
	
		
 
                        %endif

			




	
	
	
		
 
                %endif

			




	
	
	
		
 
           </div>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
            %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL:

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
               <strong>${_('This user is in an external Source of Record (%s); some details cannot be managed here.' % c.user.extern_type)}.</strong>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
            %endif

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="username">${_('Username')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                  ${h.text('username',class_='medium', readonly=c.readonly('username'))}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.