Expose, honor the prevent_password_change
flag for Users
This commit is contained in:
parent
2863ff7a5c
commit
f913ed8332
|
@ -2,7 +2,7 @@
|
||||||
################################################################################
|
################################################################################
|
||||||
#
|
#
|
||||||
# Rattail -- Retail Software Framework
|
# Rattail -- Retail Software Framework
|
||||||
# Copyright © 2010-2022 Lance Edgar
|
# Copyright © 2010-2023 Lance Edgar
|
||||||
#
|
#
|
||||||
# This file is part of Rattail.
|
# This file is part of Rattail.
|
||||||
#
|
#
|
||||||
|
@ -24,8 +24,6 @@
|
||||||
Tailbone Web API - Auth Views
|
Tailbone Web API - Auth Views
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from __future__ import unicode_literals, absolute_import
|
|
||||||
|
|
||||||
from rattail.db.auth import set_user_password
|
from rattail.db.auth import set_user_password
|
||||||
|
|
||||||
from cornice import Service
|
from cornice import Service
|
||||||
|
@ -168,6 +166,9 @@ class AuthenticationView(APIView):
|
||||||
if not self.request.user:
|
if not self.request.user:
|
||||||
raise self.forbidden()
|
raise self.forbidden()
|
||||||
|
|
||||||
|
if self.request.user.prevent_password_change and not self.request.is_root:
|
||||||
|
raise self.forbidden()
|
||||||
|
|
||||||
data = self.request.json_body
|
data = self.request.json_body
|
||||||
|
|
||||||
# first make sure "current" password is accurate
|
# first make sure "current" password is accurate
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
################################################################################
|
################################################################################
|
||||||
#
|
#
|
||||||
# Rattail -- Retail Software Framework
|
# Rattail -- Retail Software Framework
|
||||||
# Copyright © 2010-2022 Lance Edgar
|
# Copyright © 2010-2023 Lance Edgar
|
||||||
#
|
#
|
||||||
# This file is part of Rattail.
|
# This file is part of Rattail.
|
||||||
#
|
#
|
||||||
|
@ -24,8 +24,6 @@
|
||||||
Tailbone Web API - User Views
|
Tailbone Web API - User Views
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from __future__ import unicode_literals, absolute_import
|
|
||||||
|
|
||||||
from rattail.db import model
|
from rattail.db import model
|
||||||
|
|
||||||
from tailbone.api import APIMasterView
|
from tailbone.api import APIMasterView
|
||||||
|
@ -57,6 +55,10 @@ class UserView(APIMasterView):
|
||||||
query = query.outerjoin(model.Person)
|
query = query.outerjoin(model.Person)
|
||||||
return query
|
return query
|
||||||
|
|
||||||
|
def update_object(self, user, data):
|
||||||
|
# TODO: should ensure prevent_password_change is respected
|
||||||
|
return super(UserView, self).update_object(user, data)
|
||||||
|
|
||||||
|
|
||||||
def defaults(config, **kwargs):
|
def defaults(config, **kwargs):
|
||||||
base = globals()
|
base = globals()
|
||||||
|
|
|
@ -607,7 +607,9 @@
|
||||||
% if messaging_enabled:
|
% if messaging_enabled:
|
||||||
${h.link_to("Messages{}".format(" ({})".format(inbox_count) if inbox_count else ''), url('messages.inbox'), class_='navbar-item')}
|
${h.link_to("Messages{}".format(" ({})".format(inbox_count) if inbox_count else ''), url('messages.inbox'), class_='navbar-item')}
|
||||||
% endif
|
% endif
|
||||||
|
% if request.is_root or not request.user.prevent_password_change:
|
||||||
${h.link_to("Change Password", url('change_password'), class_='navbar-item')}
|
${h.link_to("Change Password", url('change_password'), class_='navbar-item')}
|
||||||
|
% endif
|
||||||
${h.link_to("Edit Preferences", url('my.preferences'), class_='navbar-item')}
|
${h.link_to("Edit Preferences", url('my.preferences'), class_='navbar-item')}
|
||||||
${h.link_to("Logout", url('logout'), class_='navbar-item')}
|
${h.link_to("Logout", url('logout'), class_='navbar-item')}
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -175,8 +175,12 @@ class AuthenticationView(View):
|
||||||
if not self.request.user:
|
if not self.request.user:
|
||||||
return self.redirect(self.request.route_url('home'))
|
return self.redirect(self.request.route_url('home'))
|
||||||
|
|
||||||
if self.user_is_protected(self.request.user) and not self.request.is_root:
|
if ((self.request.user.prevent_password_change
|
||||||
self.request.session.flash("Cannot change password for user: {}".format(self.request.user))
|
or self.user_is_protected(self.request.user))
|
||||||
|
and not self.request.is_root):
|
||||||
|
|
||||||
|
self.request.session.flash("Cannot change password for user: {}".format(
|
||||||
|
self.request.user))
|
||||||
return self.redirect(self.request.get_referrer())
|
return self.redirect(self.request.get_referrer())
|
||||||
|
|
||||||
schema = ChangePassword().bind(user=self.request.user, request=self.request)
|
schema = ChangePassword().bind(user=self.request.user, request=self.request)
|
||||||
|
|
|
@ -67,6 +67,7 @@ class UserView(PrincipalMasterView):
|
||||||
'active',
|
'active',
|
||||||
'active_sticky',
|
'active_sticky',
|
||||||
'set_password',
|
'set_password',
|
||||||
|
'prevent_password_change',
|
||||||
'roles',
|
'roles',
|
||||||
'permissions',
|
'permissions',
|
||||||
]
|
]
|
||||||
|
@ -210,6 +211,9 @@ class UserView(PrincipalMasterView):
|
||||||
f.set_renderer('display_name_', self.render_person_name)
|
f.set_renderer('display_name_', self.render_person_name)
|
||||||
|
|
||||||
# set_password
|
# set_password
|
||||||
|
if self.editing and user.prevent_password_change and not self.request.is_root:
|
||||||
|
f.remove('set_password')
|
||||||
|
else:
|
||||||
f.set_widget('set_password', dfwidget.CheckedPasswordWidget())
|
f.set_widget('set_password', dfwidget.CheckedPasswordWidget())
|
||||||
# if self.creating:
|
# if self.creating:
|
||||||
# f.set_required('password')
|
# f.set_required('password')
|
||||||
|
@ -316,7 +320,7 @@ class UserView(PrincipalMasterView):
|
||||||
user.person.local_only = True
|
user.person.local_only = True
|
||||||
|
|
||||||
# maybe set user password
|
# maybe set user password
|
||||||
if data['set_password']:
|
if 'set_password' in form and data['set_password']:
|
||||||
set_user_password(user, data['set_password'])
|
set_user_password(user, data['set_password'])
|
||||||
|
|
||||||
# update roles for user
|
# update roles for user
|
||||||
|
|
Loading…
Reference in a new issue