kallithea Changeset - 39bac9410169

Changeset - 39bac9410169

Parent rev.

Child rev.

[Not reviewed]

default

0 10 0

Mads Kiilerich - 10 years ago 2015-07-31 15:44:07
madski@unity3d.com

auth: make the auth module decide which fields are editable by admin and user

10 files changed with 51 insertions and 30 deletions:

kallithea/controllers/admin/my_account.py

kallithea/controllers/admin/users.py

kallithea/lib/auth_modules/__init__.py

kallithea/lib/auth_modules/auth_container.py

kallithea/lib/auth_modules/auth_crowd.py

kallithea/lib/auth_modules/auth_internal.py

kallithea/lib/auth_modules/auth_ldap.py

kallithea/lib/auth_modules/auth_pam.py

kallithea/templates/admin/my_account/my_account_profile.html

kallithea/templates/admin/users/user_edit_profile.html

0 comments (0 inline, 0 general)

kallithea/controllers/admin/my_account.py

➞

Show inline comments

@@ @@ -16,48 +16,49 @@ kallithea.controllers.admin.my_account @@
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 my account controller for Kallithea admin
 This file was forked by the Kallithea project in July 2014.
 Original author and date, and relevant copyright and licensing information is below:
 :created_on: August 20, 2013
 :author: marcink
 :copyright: (c) 2013 RhodeCode GmbH, and others.
 :license: GPLv3, see LICENSE.md for more details.
 """
 import logging
 import traceback
 import formencode
 from sqlalchemy import func
 from formencode import htmlfill
 from pylons import request, tmpl_context as c, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from kallithea import EXTERN_TYPE_INTERNAL
 from kallithea.lib import helpers as h
 from kallithea.lib import auth_modules
 from kallithea.lib.auth import LoginRequired, NotAnonymous, AuthUser
 from kallithea.lib.base import BaseController, render
 from kallithea.lib.utils2 import generate_api_key, safe_int
 from kallithea.lib.compat import json
 from kallithea.model.db import Repository, \
     UserEmailMap, UserApiKeys, User, UserFollowing
 from kallithea.model.forms import UserForm, PasswordChangeForm
 from kallithea.model.user import UserModel
 from kallithea.model.repo import RepoModel
 from kallithea.model.api_key import ApiKeyModel
 from kallithea.model.meta import Session
 log = logging.getLogger(__name__)
 class MyAccountController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('setting', 'settings', controller='admin/settings',
     #         path_prefix='/admin', name_prefix='admin_')
     @LoginRequired()
     @NotAnonymous()
@@ @@ -79,69 +80,67 @@ class MyAccountController(BaseController @@
                           Session().query(UserFollowing).filter(
                               UserFollowing.user_id ==
                               self.authuser.user_id).all()]
         else:
             admin = True
             repos_list = Session().query(Repository)\
                          .filter(Repository.user_id ==
                                  self.authuser.user_id)\
                          .order_by(func.lower(Repository.repo_name)).all()
         repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list,
                                                    admin=admin)
         #json used to render the grid
         return json.dumps(repos_data)
     def my_account(self):
         """
         GET /_admin/my_account Displays info about my account
         """
         # url('my_account')
         c.active = 'profile'
         self.__load_data()
         c.perm_user = AuthUser(user_id=self.authuser.user_id)
         c.ip_addr = self.ip_addr
         managed_fields = auth_modules.get_managed_fields(c.user)
         c.readonly = lambda n: 'readonly' if n in managed_fields else None
         defaults = c.user.get_dict()
         update = False
         if request.POST:
             _form = UserForm(edit=True,
                              old_data={'user_id': self.authuser.user_id,
                                        'email': self.authuser.email})()
             form_result = {}
             try:
                 post_data = dict(request.POST)
                 post_data['new_password'] = ''
                 post_data['password_confirmation'] = ''
                 form_result = _form.to_python(post_data)
                 # skip updating those attrs for my account
                 skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',
                               'new_password', 'password_confirmation']
                 #TODO: plugin should define if username can be updated
                 if c.user.extern_type != EXTERN_TYPE_INTERNAL:
                     # forbid updating username for external accounts
                     # TODO: also skip username (and email etc) if self registration not enabled
                     skip_attrs.append('username')
                               'new_password', 'password_confirmation',
                              ] + managed_fields
                 UserModel().update(self.authuser.user_id, form_result,
                                    skip_attrs=skip_attrs)
                 h.flash(_('Your account was updated successfully'),
                         category='success')
                 Session().commit()
                 update = True
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('admin/my_account/my_account.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8",
                     force_defaults=False)
             except Exception:
                 log.error(traceback.format_exc())
                 h.flash(_('Error occurred during update of user %s') \
                         % form_result.get('username'), category='error')
         if update:
             return redirect('my_account')
         return htmlfill.render(
             render('admin/my_account/my_account.html'),

kallithea/controllers/admin/users.py

➞

Show inline comments

@@ @@ -21,49 +21,48 @@ This file was forked by the Kallithea pr @@
 Original author and date, and relevant copyright and licensing information is below:
 :created_on: Apr 4, 2010
 :author: marcink
 :copyright: (c) 2013 RhodeCode GmbH, and others.
 :license: GPLv3, see LICENSE.md for more details.
 """
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from pylons import request, tmpl_context as c, url, config
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from sqlalchemy.sql.expression import func
 from webob.exc import HTTPNotFound
 import kallithea
 from kallithea.lib.exceptions import DefaultUserException, \
     UserOwnsReposException, UserCreationError
 from kallithea.lib import helpers as h
 from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     AuthUser
 import kallithea.lib.auth_modules.auth_internal
 from kallithea.lib import auth_modules
 from kallithea.lib.base import BaseController, render
 from kallithea.model.api_key import ApiKeyModel
 from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm
 from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm
 from kallithea.model.user import UserModel
 from kallithea.model.meta import Session
 from kallithea.lib.utils import action_logger
 from kallithea.lib.compat import json
 from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key
 log = logging.getLogger(__name__)
 class UsersController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         super(UsersController, self).__before__()
         c.available_permissions = config['available_permissions']
         c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL
@@ @@ -154,53 +153,50 @@ class UsersController(BaseController): @@
         """GET /users/new: Form to create a new item"""
         # url('new_user')
         c.default_extern_type = auth_modules.auth_internal.KallitheaAuthPlugin.name
         c.default_extern_name = auth_modules.auth_internal.KallitheaAuthPlugin.name
         return render('admin/users/user_add.html')
     def update(self, id):
         """PUT /users/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('update_user', id=ID),
         #           method='put')
         # url('user', id=ID)
         c.active = 'profile'
         user_model = UserModel()
         c.user = user_model.get(id)
         c.perm_user = AuthUser(user_id=id)
         c.ip_addr = self.ip_addr
         _form = UserForm(edit=True, old_data={'user_id': id,
                                               'email': c.user.email})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             skip_attrs = ['extern_type', 'extern_name']
             #TODO: plugin should define if username can be updated
             if c.user.extern_type != kallithea.EXTERN_TYPE_INTERNAL:
                 # forbid updating username for external accounts
                 skip_attrs.append('username')
             skip_attrs = ['extern_type', 'extern_name',
                          ] + auth_modules.get_managed_fields(c.user)
             user_model.update(id, form_result, skip_attrs=skip_attrs)
             usr = form_result['username']
             action_logger(self.authuser, 'admin_updated_user:%s' % usr,
                           None, self.ip_addr, self.sa)
             h.flash(_('User updated successfully'), category='success')
             Session().commit()
         except formencode.Invalid, errors:
             defaults = errors.value
             e = errors.error_dict or {}
             defaults.update({
                 'create_repo_perm': user_model.has_perm(id,
                                                         'hg.create.repository'),
                 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
                 '_method': 'put'
             })
             return htmlfill.render(
                 render('admin/users/user_edit.html'),
                 defaults=defaults,
                 errors=e,
                 prefix_error=False,
                 encoding="UTF-8",
                 force_defaults=False)
         except Exception:
@@ @@ -228,48 +224,50 @@ class UsersController(BaseController): @@
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of user'),
                     category='error')
         return redirect(url('users'))
     def show(self, id, format='html'):
         """GET /users/id: Show a specific item"""
         # url('user', id=ID)
         User.get_or_404(-1)
     def _get_user_or_raise_if_default(self, id):
         try:
             return User.get_or_404(id, allow_default=False)
         except DefaultUserException:
             h.flash(_("The default user cannot be edited"), category='warning')
             raise HTTPNotFound
     def edit(self, id, format='html'):
         """GET /users/id/edit: Form to edit an existing item"""
         # url('edit_user', id=ID)
         c.user = self._get_user_or_raise_if_default(id)
         c.active = 'profile'
         c.perm_user = AuthUser(user_id=id)
         c.ip_addr = self.ip_addr
         managed_fields = auth_modules.get_managed_fields(c.user)
         c.readonly = lambda n: 'readonly' if n in managed_fields else None
         defaults = c.user.get_dict()
         return htmlfill.render(
             render('admin/users/user_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False)
     def edit_advanced(self, id):
         c.user = self._get_user_or_raise_if_default(id)
         c.active = 'advanced'
         c.perm_user = AuthUser(user_id=id)
         c.ip_addr = self.ip_addr
         umodel = UserModel()
         defaults = c.user.get_dict()
         defaults.update({
             'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),
             'create_user_group_perm': umodel.has_perm(c.user,
                                                       'hg.usergroup.create.true'),
             'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),
         })
         return htmlfill.render(
             render('admin/users/user_edit.html'),

kallithea/lib/auth_modules/__init__.py

➞

Show inline comments

@@ @@ -395,24 +395,37 @@ def authenticate(username, password, env @@
         else:
             log.debug('Plugin %s accepted user `%s` for authentication'
                       % (module, user))
         log.info('Authenticating user using %s plugin' % plugin.__module__)
         # _authenticate is a wrapper for .auth() method of plugin.
         # it checks if .auth() sends proper data. For KallitheaExternalAuthPlugin
         # it also maps users to Database and maps the attributes returned
         # from .auth() to Kallithea database. If this function returns data
         # then auth is correct.
         user_data = plugin._authenticate(user, username, password,
                                            plugin_settings,
                                            environ=environ or {})
         log.debug('PLUGIN USER DATA: %s' % user_data)
         if user_data is not None:
             log.debug('Plugin returned proper authentication data')
             return user_data
         # we failed to Auth because .auth() method didn't return the user
         if username:
             log.warning("User `%s` failed to authenticate against %s"
                         % (username, plugin.__module__))
     return None
 def get_managed_fields(user):
     """return list of fields that are managed by the user's auth source, usually some of
     'username', 'firstname', 'lastname', 'email', 'active', 'password'
     """
     auth_plugins = Setting.get_auth_plugins()
     for module in auth_plugins:
         log.debug('testing %s (%s) with auth plugin %s', user, user.extern_type, module)
         plugin = loadplugin(module)
         if plugin.name == user.extern_type:
             return plugin.get_managed_fields()
     log.error('no auth plugin %s found for %s', user.extern_type, user)
     return [] # TODO: Fail badly instead of allowing everything to be edited?

kallithea/lib/auth_modules/auth_container.py

➞

Show inline comments

@@ @@ -169,24 +169,27 @@ class KallitheaAuthPlugin(auth_modules.K @@
         if not username:
             return None
         # old attrs fetched from Kallithea database
         admin = getattr(userobj, 'admin', False)
         active = getattr(userobj, 'active', True)
         email = getattr(userobj, 'email', '')
         firstname = getattr(userobj, 'firstname', '')
         lastname = getattr(userobj, 'lastname', '')
         user_data = {
             'username': username,
             'firstname': safe_unicode(firstname or username),
             'lastname': safe_unicode(lastname or ''),
             'groups': [],
             'email': email or '',
             'admin': admin or False,
             'active': active,
             'active_from_extern': True,
             'extern_name': username,
+        }
         log.info('user `%s` authenticated correctly' % user_data['username'])
         return user_data
     def get_managed_fields(self):
         return ['username', 'password']

kallithea/lib/auth_modules/auth_crowd.py

➞

Show inline comments

@@ @@ -208,35 +208,38 @@ class KallitheaAuthPlugin(auth_modules.K @@
         crowd_user = server.user_auth(username, password)
         log.debug("Crowd returned: \n%s" % (formatted_json(crowd_user)))
         if not crowd_user["status"]:
             return None
         res = server.user_groups(crowd_user["name"])
         log.debug("Crowd groups: \n%s" % (formatted_json(res)))
         crowd_user["groups"] = [x["name"] for x in res["groups"]]
         # old attrs fetched from Kallithea database
         admin = getattr(userobj, 'admin', False)
         active = getattr(userobj, 'active', True)
         email = getattr(userobj, 'email', '')
         firstname = getattr(userobj, 'firstname', '')
         lastname = getattr(userobj, 'lastname', '')
         user_data = {
             'username': username,
             'firstname': crowd_user["first-name"] or firstname,
             'lastname': crowd_user["last-name"] or lastname,
             'groups': crowd_user["groups"],
             'email': crowd_user["email"] or email,
             'admin': admin,
             'active': active,
             'active_from_extern': crowd_user.get('active'),
+            'active_from_extern': crowd_user.get('active'), # ???
             'extern_name': crowd_user["name"],
+        }
         # set an admin if we're in admin_groups of crowd
         for group in settings["admin_groups"].split(","):
             if group in user_data["groups"]:
                 user_data["admin"] = True
         log.debug("Final crowd user object: \n%s" % (formatted_json(user_data)))
         log.info('user %s authenticated correctly' % user_data['username'])
         return user_data
     def get_managed_fields(self):
         return ['username', 'firstname', 'lastname', 'email', 'password']

kallithea/lib/auth_modules/auth_internal.py

➞

Show inline comments

@@ @@ -76,24 +76,28 @@ class KallitheaAuthPlugin(auth_modules.K @@
             "email": userobj.email,
             "admin": userobj.admin,
             "active": userobj.active,
             "active_from_extern": userobj.active,
             "extern_name": userobj.user_id,
+        }
         log.debug(formatted_json(user_data))
         if userobj.active:
             from kallithea.lib import auth
             password_match = auth.KallitheaCrypto.hash_check(password, userobj.password)
             if userobj.username == User.DEFAULT_USER and userobj.active:
                 log.info('user %s authenticated correctly as anonymous user' %
                          username)
                 return user_data
             elif userobj.username == username and password_match:
                 log.info('user %s authenticated correctly' % user_data['username'])
                 return user_data
             log.error("user %s had a bad password" % username)
             return None
         else:
             log.warning('user %s tried auth but is disabled' % username)
             return None
     def get_managed_fields(self):
         # Note: 'username' should only be editable (at least for user) if self registration is enabled
         return []

kallithea/lib/auth_modules/auth_ldap.py

➞

Show inline comments

@@ @@ -338,24 +338,27 @@ class KallitheaAuthPlugin(auth_modules.K @@
             email = getattr(userobj, 'email', '')
             firstname = getattr(userobj, 'firstname', '')
             lastname = getattr(userobj, 'lastname', '')
             user_data = {
                 'username': username,
                 'firstname': safe_unicode(get_ldap_attr('attr_firstname') or firstname),
                 'lastname': safe_unicode(get_ldap_attr('attr_lastname') or lastname),
                 'groups': [],
                 'email': get_ldap_attr('attr_email') or email,
                 'admin': admin,
                 'active': active,
                 "active_from_extern": None,
                 'extern_name': user_dn,
+            }
             log.info('user %s authenticated correctly' % user_data['username'])
             return user_data
         except (LdapUsernameError, LdapPasswordError, LdapImportError):
             log.error(traceback.format_exc())
             return None
         except (Exception,):
             log.error(traceback.format_exc())
             return None
     def get_managed_fields(self):
         return ['username', 'firstname', 'lastname', 'email', 'password']

kallithea/lib/auth_modules/auth_pam.py

➞

Show inline comments

@@ @@ -115,24 +115,27 @@ class KallitheaAuthPlugin(auth_modules.K @@
             'firstname': firstname,
             'lastname': lastname,
             'groups': [g.gr_name for g in grp.getgrall() if username in g.gr_mem],
             'email': email,
             'admin': admin,
             'active': active,
             "active_from_extern": None,
             'extern_name': username,
+        }
         try:
             user_data = pwd.getpwnam(username)
             regex = settings["gecos"]
             match = re.search(regex, user_data.pw_gecos)
             if match:
                 user_data["firstname"] = match.group('first_name')
                 user_data["lastname"] = match.group('last_name')
         except Exception:
             log.warning("Cannot extract additional info for PAM user %s", username)
             pass
         log.debug("pamuser: \n%s" % formatted_json(user_data))
         log.info('user %s authenticated correctly' % user_data['username'])
         return user_data
     def get_managed_fields(self):
         return ['username', 'password']

kallithea/templates/admin/my_account/my_account_profile.html

➞

Show inline comments

 ${h.form(url('my_account'), method='post')}
     <div class="form">
          <div class="field">
            <div class="gravatar_box">
                <div class="gravatar">
                  ${h.gravatar(c.user.email)}
                </div>
                 <p>
                 %if c.visual.use_gravatar:
                 <strong>${_('Change your avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>
                 <br/>${_('Using')} ${c.user.email}
                 %else:
                 <strong>${_('Avatars are disabled')}</strong>
                 <br/>${c.user.email or _('Missing email, please update your user email address.')}
                     [${_('Current IP')}: ${c.ip_addr}]
                 %endif
                </p>
            </div>
          </div>
         <% readonly = None %>
         <div class="fields">
             %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL:
                 <% readonly = "readonly" %>
                 <strong>${_('Your user is in an external Source of Record; some details cannot be managed here')}.</strong>
             %endif
              <div class="field">
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
                 </div>
                 <div class="input">
                   ${h.text('username',class_='medium', readonly=readonly)}
+                  ${h.text('username',class_='medium', readonly=c.readonly('username'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="name">${_('First Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('firstname',class_="medium")}
+                    ${h.text('firstname',class_="medium", readonly=c.readonly('firstname'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="lastname">${_('Last Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('lastname',class_="medium")}
+                    ${h.text('lastname',class_="medium", readonly=c.readonly('lastname'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="email">${_('Email')}:</label>
                 </div>
                 <div class="input">
                     ## we should be able to edit email !
                     ${h.text('email',class_="medium")}
                     ${h.text('email',class_="medium", readonly=c.readonly('email'))}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="btn")}
               ${h.reset('reset',_('Reset'),class_="btn")}
             </div>
         </div>
     </div>
 ${h.end_form()}

kallithea/templates/admin/users/user_edit_profile.html

➞

Show inline comments

 ${h.form(url('update_user', id=c.user.user_id),method='put')}
 <div class="form">
         <div class="field">
            <div class="gravatar_box">
                 <div class="gravatar">${h.gravatar(c.user.email)}</div>
                 <p>
                 %if c.visual.use_gravatar:
                 <strong>${_('Change avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>
                 <br/>${_('Using')} ${c.user.email}
                 %else:
                 <strong>${_('Avatars are disabled')}</strong>
                 <br/>${c.user.email or _('Missing email, please update this user email address.')}
                         ##show current ip just if we show ourself
                         %if c.authuser.username == c.user.username:
                             [${_('Current IP')}: ${c.ip_addr}]
                         %endif
                 %endif
            </div>
         </div>
         <% readonly = None %>
         <div class="fields">
             %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL:
              <div class="field">
                <% readonly = "readonly" %>
                <strong>${_('This user is in an external Source of Record (%s); some details cannot be managed here.' % c.user.extern_type)}.</strong>
              </div>
             %endif
              <div class="field">
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
                 </div>
                 <div class="input">
                   ${h.text('username',class_='medium', readonly=readonly)}
+                  ${h.text('username',class_='medium', readonly=c.readonly('username'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="email">${_('Email')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('email',class_='medium')}
+                    ${h.text('email',class_='medium', readonly=c.readonly('email'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="extern_type">${_('Source of Record')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('extern_type',class_='medium',readonly="readonly")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="extern_name">${_('Name in Source of Record')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('extern_name',class_='medium',readonly="readonly")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="new_password">${_('New password')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('new_password',class_='medium',readonly=readonly)}
+                    ${h.password('new_password',class_='medium',readonly=c.readonly('password'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="password_confirmation">${_('New password confirmation')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('password_confirmation',class_="medium",readonly=readonly)}
+                    ${h.password('password_confirmation',class_="medium",readonly=c.readonly('password'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="firstname">${_('First Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('firstname',class_='medium')}
+                    ${h.text('firstname',class_='medium', readonly=c.readonly('firstname'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="lastname">${_('Last Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('lastname',class_='medium')}
+                    ${h.text('lastname',class_='medium', readonly=c.readonly('lastname'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="active">${_('Active')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('active',value=True)}
+                    ${h.checkbox('active',value=True, readonly=c.readonly('active'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="admin">${_('Admin')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('admin',value=True)}
+                    ${h.checkbox('admin',value=True, readonly=c.readonly('admin'))}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="btn")}
               ${h.reset('reset',_('Reset'),class_="btn")}
             </div>
         </div>
 </div>
 ${h.end_form()}

0 comments (0 inline, 0 general)