diff --git a/tailbone/templates/roles/view.mako b/tailbone/templates/roles/view.mako index f7b43608..e1f77f3f 100644 --- a/tailbone/templates/roles/view.mako +++ b/tailbone/templates/roles/view.mako @@ -18,7 +18,9 @@ ${parent.body()}
The guest role is implied for all users.
+The guest role is implied for all anonymous users, i.e. when not logged in.
+% elif instance is authenticated_role: +The authenticated role is implied for all users, but only when logged in.
% elif users:The following users are assigned to this role:
${users.render_grid()|n} diff --git a/tailbone/views/roles.py b/tailbone/views/roles.py index 8e7454cc..78d78d38 100644 --- a/tailbone/views/roles.py +++ b/tailbone/views/roles.py @@ -2,7 +2,7 @@ ################################################################################ # # Rattail -- Retail Software Framework -# Copyright © 2010-2015 Lance Edgar +# Copyright © 2010-2016 Lance Edgar # # This file is part of Rattail. # @@ -24,10 +24,10 @@ Role Views """ -from __future__ import unicode_literals +from __future__ import unicode_literals, absolute_import from rattail.db import model -from rattail.db.auth import has_permission, administrator_role, guest_role +from rattail.db.auth import has_permission, administrator_role, guest_role, authenticated_role import formalchemy from webhelpers.html import HTML, tags @@ -75,7 +75,9 @@ def PermissionsFieldRenderer(permissions, *args, **kwargs): inner = HTML.tag('p', c=permissions[groupkey]['label']) perms = permissions[groupkey]['perms'] for key in sorted(perms, key=lambda p: perms[p]['label'].lower()): - checked = has_permission(Session(), role, key, include_guest=False) + checked = has_permission(Session(), role, key, + include_guest=False, + include_authenticated=False) label = perms[key]['label'] if readonly: span = HTML.tag('span', c="[X]" if checked else "[ ]") @@ -142,14 +144,16 @@ class RolesView(MasterView): else: kwargs['users'] = None kwargs['guest_role'] = guest_role(Session()) + kwargs['authenticated_role'] = authenticated_role(Session()) return kwargs def before_delete(self, role): admin = administrator_role(Session()) guest = guest_role(Session()) - if role in (admin, guest): - self.request.session.flash("You may not delete the {0} role.".format(role.name), 'error') - return self.redirect(self.request.get_referrer()) + authenticated = authenticated_role(Session()) + if role in (admin, guest, authenticated): + self.request.session.flash("You may not delete the {} role.".format(role.name), 'error') + return self.redirect(self.request.get_referrer(default=self.request.route_url('roles'))) class RoleVersionView(VersionView): diff --git a/tailbone/views/users.py b/tailbone/views/users.py index 8f249a1a..61e979a9 100644 --- a/tailbone/views/users.py +++ b/tailbone/views/users.py @@ -29,7 +29,7 @@ from __future__ import unicode_literals, absolute_import from sqlalchemy import orm from rattail.db import model -from rattail.db.auth import guest_role, set_user_password +from rattail.db.auth import guest_role, authenticated_role, set_user_password import formalchemy from formalchemy.fields import SelectFieldRenderer @@ -109,6 +109,7 @@ class RolesField(formalchemy.Field): def get_options(self): return Session.query(model.Role.name, model.Role.uuid)\ .filter(model.Role.uuid != guest_role(Session()).uuid)\ + .filter(model.Role.uuid != authenticated_role(Session()).uuid)\ .order_by(model.Role.name)\ .all()