reinstated registration, cleaned up PT compile error reporting

Author: Richard Jones

TODO.txt

@@ -47,9 +47,11 @@ New templating TODO:
 . generic class editing
 . classhelp
 . query saving
+  - add ":queryname" to search form submission, and handle it in search action
+  - ?add a drop-down on search page with all queries that fills form with
+     each query's values?
 . search "refinement" (pre-fill the search page with the current search
   parameters)
-. web registration of new users by anonymous
 
 ongoing: any bugs
 

roundup/cgi/client.py

@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.4 2002-09-01 22:09:20 richard Exp $
+# $Id: client.py,v 1.5 2002-09-01 23:57:53 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -289,7 +289,7 @@ def template(self, name, **kwargs):
             return pt.render(**kwargs)
         except PageTemplate.PTRuntimeError, message:
             return '<strong>%s</strong><ol>%s</ol>'%(message,
-                cgi.escape('<li>'.join(pt._v_errors)))
+                '<li>'.join(pt._v_errors))
         except:
             # everything else
             return cgitb.html()
@@ -306,9 +306,9 @@ def content(self):
     actions = {
         'edit':     'editItemAction',
         'new':      'newItemAction',
+        'register': 'registerAction',
         'login':    'login_action',
         'logout':   'logout_action',
-        'register': 'register_action',
         'search':   'searchAction',
     }
     def handle_action(self):
@@ -319,9 +319,9 @@ def handle_action(self):
             actions are defined in the "actions" dictionary on this class:
              "edit"      -> self.editItemAction
              "new"       -> self.newItemAction
+             "register"  -> self.registerAction
              "login"     -> self.login_action
              "logout"    -> self.logout_action
-             "register"  -> self.register_action
              "search"    -> self.searchAction
 
         '''
@@ -472,17 +472,25 @@ def logout_action(self):
         # Let the user know what's going on
         self.ok_message.append(_('You are logged out'))
 
-    def register_action(self):
+    def registerAction(self):
         '''Attempt to create a new user based on the contents of the form
         and then set the cookie.
 
         return 1 on successful login
         '''
+        # create the new user
+        cl = self.db.user
+
+        # parse the props from the form
+        try:
+            props = parsePropsFromForm(self.db, cl, self.form, self.nodeid)
+        except (ValueError, KeyError), message:
+            self.error_message.append(_('Error: ') + str(message))
+            return
+
         # make sure we're allowed to register
-        userid = self.db.user.lookup(self.user)
-        if not self.db.security.hasPermission('Web Registration', userid):
-            raise Unauthorised, _("You do not have permission to access"\
-                        " %(action)s.")%{'action': 'registration'}
+        if not self.registerPermission(props):
+            raise Unauthorised, _("You do not have permission to register")
 
         # re-open the database as "admin"
         if self.user != 'admin':
@@ -493,21 +501,33 @@ def register_action(self):
         try:
             props = parsePropsFromForm(self.db, cl, self.form)
             props['roles'] = self.instance.NEW_WEB_USER_ROLES
-            uid = cl.create(**props)
+            self.userid = cl.create(**props)
             self.db.commit()
         except ValueError, message:
             self.error_message.append(message)
 
         # log the new user in
-        self.user = cl.get(uid, 'username')
+        self.user = cl.get(self.userid, 'username')
         # re-open the database for real, using the user
         self.opendb(self.user)
-        password = cl.get(uid, 'password')
+        password = self.db.user.get(self.userid, 'password')
         self.set_cookie(self.user, password)
 
         # nice message
         self.ok_message.append(_('You are now registered, welcome!'))
 
+    def registerPermission(self, props):
+        ''' Determine whether the user has permission to register
+
+            Base behaviour is to check the user has "Web Registration".
+        '''
+        # registration isn't allowed to supply roles
+        if props.has_key('roles'):
+            return 0
+        if self.db.security.hasPermission('Web Registration', self.userid):
+            return 1
+        return 0
+
     def editItemAction(self):
         ''' Perform an edit of an item in the database.
 
@@ -589,10 +609,9 @@ def editItemPermission(self, props):
             # if the item being edited is the current user, we're ok
             if self.nodeid == self.userid:
                 return 1
-        if not self.db.security.hasPermission('Edit', self.userid,
-                self.classname):
-            return 0
-        return 1
+        if self.db.security.hasPermission('Edit', self.userid, self.classname):
+            return 1
+        return 0
 
     def newItemAction(self):
         ''' Add a new item to the database.
@@ -663,9 +682,9 @@ def newItemPermission(self, props):
         if self.classname == 'user' and has('Web Registration', self.userid,
                 'user'):
             return 1
-        if not has('Edit', self.userid, self.classname):
-            return 0
-        return 1
+        if has('Edit', self.userid, self.classname):
+            return 1
+        return 0
 
     def genericEditAction(self):
         ''' Performs an edit of all of a class' items in one go.

roundup/templates/classic/html/page

@@ -39,21 +39,22 @@
    <a href="user?:template=item">Add User</a>
   </p>
 
-  <p class="userblock">
-   <b>Hello,</b><br><b tal:content="request/user/username">username</b><br>
-   <form method="POST" action=''
-         tal:condition="python:request.user.username=='anonymous'">
+  <p class="userblock" tal:condition="python:request.user.username=='anonymous'">
+   <form method="POST" action="">
     <input size="10" name="__login_name"><br>
     <input size="10" type="password" name="__login_password"><br>
     <input type="submit" name=":action" value="login">
     <span tal:replace="structure request/indexargs_form" />
    </form>
-   <tal:block tal:condition="python:request.user.username != 'anonymous'">
-    <a tal:attributes="href string:issue?:sort=-activity&:group=priority&:filter=status,assignedto&:columns=id,activity,title,creator,priority&status=-1,1,2,3,4,5,6,7&assignedto=${request/user/id}">My Issues</a><br>
-    <a tal:attributes="href string:user${request/user/id}">My Details</a><br>
-    <a tal:attributes="href python:request.indexargs_href(request.url,
-        {':action':'logout'})">Logout</a>
-   </tal:block>
+   <a href="user?:template=register">Register</a>
+  </p>
+   
+  <p class="userblock" tal:condition="python:request.user.username != 'anonymous'">
+   <b>Hello,</b><br><b tal:content="request/user/username">username</b><br>
+   <a tal:attributes="href string:issue?:sort=-activity&:group=priority&:filter=status,assignedto&:columns=id,activity,title,creator,priority&status=-1,1,2,3,4,5,6,7&assignedto=${request/user/id}">My Issues</a><br>
+   <a tal:attributes="href string:user${request/user/id}">My Details</a><br>
+   <a tal:attributes="href python:request.indexargs_href(request.url,
+       {':action':'logout'})">Logout</a>
   </p>
  </td>
  <td>

roundup/templates/classic/html/user.item

@@ -1,7 +1,8 @@
 <!-- dollarId: user.item,v 1.7 2002/08/16 04:29:04 richard Exp dollar-->
-<tal:block tal:define="editok python:request.user.hasPermission('Edit') or
-                              user.id == request.user.id;
-                       viewok python:request.user.hasPermission('View')">
+<tal:block tal:define="
+    editok python:request.user.hasPermission('Edit') or
+           user.id == request.user.id;
+    viewok python:request.user.hasPermission('View')">
 
 <span tal:condition="python:not (viewok or editok)">
 You are not allowed to view this page.
@@ -50,7 +51,7 @@ You are not allowed to view this page.
 
  <tr>
   <td>&nbsp;</td>
-  <td colspan=3 tal:content="structure user/submit">submit button here</td>
+  <td tal:content="structure user/submit">submit button here</td>
  </tr>
 </table>
 </form>

roundup/templates/classic/html/user.register

@@ -0,0 +1,63 @@
+<!-- dollarId: user.item,v 1.7 2002/08/16 04:29:04 richard Exp dollar-->
+<tal:block tal:define=" editok python:request.user.username=='anonymous' and
+           request.user.hasPermission('Web Registration')">
+
+<span tal:condition="python:not editok">
+You are not allowed to view this page.
+</span>
+
+<tal:block tal:condition="editok">
+<form method="POST" onSubmit="return submit_once()" enctype="multipart/form-data">
+
+<table class="form">
+ <tr>
+  <th>Name</th>
+  <td tal:content="structure user/realname/field">realname</td>
+ </tr>
+ <tr>
+  <th>Login Name</th>
+  <td tal:content="structure user/username/field">username</td>
+ </tr>
+ <tr>
+  <th>Login Password</th>
+  <td tal:content="structure user/password/field">password</td>
+ </tr>
+ <tr tal:condition="python:request.user.hasPermission('Web Roles')">
+  <th>Roles</th>
+  <td tal:condition="exists:item"
+      tal:content="structure user/roles/field">roles</td>
+  <td tal:condition="not:exists:item">
+   <input name="roles" tal:attributes="value db/config/NEW_WEB_USER_ROLES">
+  </td>
+ </tr>
+ <tr>
+  <th>Phone</th>
+  <td tal:content="structure user/phone/field">phone</td>
+ </tr>
+ <tr>
+  <th>Organisation</th>
+  <td tal:content="structure user/organisation/field">organisation</td>
+ </tr>
+ <tr>
+  <th>E-mail address</th>
+  <td tal:content="structure user/address/field">address</td>
+ </tr>
+ <tr>
+  <th>Alternate E-mail addresses<br>One address per line</th>
+  <td tal:content="structure user/alternate_addresses/multiline">alternate_addresses</td>
+ </tr>
+
+ <tr>
+  <td>&nbsp;</td>
+  <td>
+   <input type="hidden" name=":action" value="register">
+   <input type="submit" name="submit" value="Register">
+  </td>
+ </tr>
+</table>
+</form>
+
+</tal:block>
+
+</tal:block>
+