Changeset - 493ccf3e22e6
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 11 years ago 2014-07-14 21:12:23
madski@unity3d.com
user edit: always define c.EXTERN_TYPE_INTERNAL (issue 3)

It is needed by user_edit_profile.html when user_edit.html includes it because
.active='profile'. Some non-obvious code paths could lead to that - such as
editing other user's password.

Instead, set the value it in the controller initialization.
1 file changed with 1 insertions and 1 deletions:
kallithea/controllers/admin/users.py
1
1
0 comments (0 inline, 0 general)
kallithea/controllers/admin/users.py
Show inline comments
 
@@ -57,24 +57,25 @@ from kallithea.lib.utils2 import datetim
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UsersController(BaseController):

			




	
	
	
		
 
    """REST Controller styled on the Atom Publishing Protocol"""

			




	
	
	
		
 

			




	
	
	
		
 
    @LoginRequired()

			




	
	
	
		
 
    @HasPermissionAllDecorator('hg.admin')

			




	
	
	
		
 
    def __before__(self):

			




	
	
	
		
 
        super(UsersController, self).__before__()

			




	
	
	
		
 
        c.available_permissions = config['available_permissions']

			




	
	
	
		
 
        c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL

			




	
	
	
		
 

			




	
	
	
		
 
    def index(self, format='html'):

			




	
	
	
		
 
        """GET /users: All items in the collection"""

			




	
	
	
		
 
        # url('users')

			




	
	
	
		
 

			




	
	
	
		
 
        c.users_list = User.query().order_by(User.username)\

			




	
	
	
		
 
                        .filter(User.username != User.DEFAULT_USER)\

			




	
	
	
		
 
                        .order_by(func.lower(User.username))\

			




	
	
	
		
 
                        .all()

			




	
	
	
		
 

			




	
	
	
		
 
        users_data = []

			




	
	
	
		
 
        total_records = len(c.users_list)

			




	
	
		
 
@@ -236,25 +237,24 @@ class UsersController(BaseController):

			




	
	
	
		
 

			




	
	
	
		
 
    def edit(self, id, format='html'):

			




	
	
	
		
 
        """GET /users/id/edit: Form to edit an existing item"""

			




	
	
	
		
 
        # url('edit_user', id=ID)

			




	
	
	
		
 
        c.user = User.get_or_404(id)

			




	
	
	
		
 
        if c.user.username == User.DEFAULT_USER:

			




	
	
	
		
 
            h.flash(_("You can't edit this user"), category='warning')

			




	
	
	
		
 
            return redirect(url('users'))

			




	
	
	
		
 

			




	
	
	
		
 
        c.active = 'profile'

			




	
	
	
		
 
        c.extern_type = c.user.extern_type

			




	
	
	
		
 
        c.extern_name = c.user.extern_name

			




	
	
	
		
 
        c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL

			




	
	
	
		
 
        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

			




	
	
	
		
 

			




	
	
	
		
 
        defaults = c.user.get_dict()

			




	
	
	
		
 
        return htmlfill.render(

			




	
	
	
		
 
            render('admin/users/user_edit.html'),

			




	
	
	
		
 
            defaults=defaults,

			




	
	
	
		
 
            encoding="UTF-8",

			




	
	
	
		
 
            force_defaults=False)

			




	
	
	
		
 

			




	
	
	
		
 
    def edit_advanced(self, id):

			




	
	
	
		
 
        c.user = User.get_or_404(id)

			




	
	
	
		
 
        if c.user.username == User.DEFAULT_USER:

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.