make user permissions check more sane (fix search page for anonymous)

Author: Richard Jones

CHANGES.txt

@@ -25,6 +25,7 @@ Fixed:
 - handle postgresql bug in SQL generation (sf bug 984591)
 - fix dates-from-Dates (sf bug 984604)
 - fix messageid generated when msgid is None for send_message (sf bug 987933)
+- make user permissions check more sane (fix search page for anonymous)
 
 
 2004-06-24 0.7.5

roundup/cgi/templating.py

@@ -1033,6 +1033,7 @@ def _user_perm_check(self, type):
         # may anonymous users register? (so, they need to be anonymous,
         # need the Web Rego permission, and not trying to view an item)
         rego = s.hasPermission('Web Registration', userid, self._classname)
+        rego = rego and self._client.template == 'register'
         if is_anonymous and rego and getattr(self, '_nodeid', None) is None:
             return 1
 

templates/classic/html/issue.search.html

@@ -71,7 +71,8 @@
 
 <tr tal:define="name string:creator;
                 db_klass string:user;
-                db_content string:username;">
+                db_content string:username;"
+    tal:condition="db/user/is_view_ok">
   <th i18n:translate="">Creator:</th>
   <td metal:use-macro="search_select">
     <option metal:fill-slot="extra_options" i18n:translate=""
@@ -90,7 +91,10 @@
   <td>&nbsp;</td>
 </tr>
 
-<tr tal:define="name string:actor">
+<tr tal:define="name string:actor;
+                db_klass string:user;
+                db_content string:username;"
+    tal:condition="db/user/is_view_ok">
   <th i18n:translate="">Actor:</th>
   <td metal:use-macro="search_select">
     <option metal:fill-slot="extra_options" i18n:translate=""
@@ -133,7 +137,8 @@
 
 <tr tal:define="name string:assignedto;
                 db_klass string:user;
-                db_content string:username;">
+                db_content string:username;"
+    tal:condition="db/user/is_view_ok">
   <th i18n:translate="">Assigned to:</th>
   <td metal:use-macro="search_select">
     <tal:block metal:fill-slot="extra_options">