kallithea Changeset - 4abce2c11c5f

Changeset - 4abce2c11c5f

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 13 years ago 2012-07-16 23:44:50
marcin@python-works.com

My account pages shouldn't be accessible by anonymous users

1 file changed with 4 insertions and 0 deletions:

rhodecode/controllers/admin/settings.py

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -341,24 +341,25 @@ class SettingsController(BaseController) @@
             return redirect(url('users'))
         defaults = c.user.get_dict()
         c.form = htmlfill.render(
             render('admin/users/user_edit_my_account_form.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
         return render('admin/users/user_edit_my_account.html')
     @NotAnonymous()
     def my_account_update(self):
         """PUT /_admin/my_account_update: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('admin_settings_my_account_update'),
         #           method='put')
         # url('admin_settings_my_account_update', id=ID)
         uid = self.rhodecode_user.user_id
         email = self.rhodecode_user.email
         _form = UserForm(edit=True,
                          old_data={'user_id': uid, 'email': email})()
@@ @@ -377,32 +378,34 @@ class SettingsController(BaseController) @@
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
             return render('admin/users/user_edit_my_account.html')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during update of user %s') \
                     % form_result.get('username'), category='error')
         return redirect(url('my_account'))
     @NotAnonymous()
     def my_account_my_repos(self):
         all_repos = self.sa.query(Repository)\
             .filter(Repository.user_id == self.rhodecode_user.user_id)\
             .order_by(func.lower(Repository.repo_name))\
             .all()
         c.user_repos = ScmModel().get_repos(all_repos)
         return render('admin/users/user_edit_my_account_repos.html')
     @NotAnonymous()
     def my_account_my_pullrequests(self):
         c.my_pull_requests = PullRequest.query()\
                                 .filter(PullRequest.user_id==
                                         self.rhodecode_user.user_id)\
                                 .all()
         c.participate_in_pull_requests = \
             [x.pull_request for x in PullRequestReviewers.query()\
                                     .filter(PullRequestReviewers.user_id==
                                             self.rhodecode_user.user_id)\
                                     .all()]
         return render('admin/users/user_edit_my_account_pullrequests.html')
@@ @@ -411,24 +414,25 @@ class SettingsController(BaseController) @@
     def create_repository(self):
         """GET /_admin/create_repository: Form to create a new item"""
         c.repo_groups = RepoGroup.groups_choices()
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         new_repo = request.GET.get('repo', '')
         c.new_repo = repo_name_slug(new_repo)
         return render('admin/repos/repo_add_create_repository.html')
     @NotAnonymous()
     def get_hg_ui_settings(self):
         ret = self.sa.query(RhodeCodeUi).all()
         if not ret:
             raise Exception('Could not get application ui settings !')
         settings = {}
         for each in ret:
             k = each.ui_key
             v = each.ui_value
             if k == '/':
                 k = 'root_path'

0 comments (0 inline, 0 general)