add setting WIKI_ACCOUNT_SIGNUP_ALLOWED

0f3bf034 · benjaoming · ebe15039 · 0f3bf034 · 0f3bf034 · 0f3bf034
Commit 0f3bf034 authored Jul 23, 2013 by benjaoming
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 3 deletions

wiki/conf/settings.py
+6 -0

wiki/views/accounts.py
+13 -3

wiki/views/article.py
+1 -0

No files found.
--- a/wiki/conf/settings.py
+++ b/wiki/conf/settings.py
@@ -91,6 +91,12 @@ ANONYMOUS_UPLOAD = getattr( django_settings, 'WIKI_ANONYMOUS_UPLOAD', False )
 # Sign up, login and logout views should be accessible 
 ACCOUNT_HANDLING = getattr( django_settings, 'WIKI_ACCOUNT_HANDLING', True )
+# Signup allowed? If it's not allowed, logged in superusers can still access
+# the signup page to create new users.
+ACCOUNT_SIGNUP_ALLOWED = ACCOUNT_HANDLING and getattr(
+    django_settings, 'WIKI_ACCOUNT_SIGNUP_ALLOWED', True
+)
 if ACCOUNT_HANDLING:
    LOGIN_URL = reverse_lazy("wiki:login")
    LOGOUT_URL = reverse_lazy("wiki:logout")

--- a/wiki/views/accounts.py
+++ b/wiki/views/accounts.py
@@ -15,7 +15,8 @@ from django.contrib import messages
 from django.contrib.auth import logout as auth_logout, login as auth_login
 from django.contrib.auth.forms import AuthenticationForm
 from django.core.urlresolvers import reverse
-from django.shortcuts import redirect
+from django.shortcuts import redirect, render_to_response
+from django.template.context import RequestContext
 from django.utils.translation import ugettext as _
 from django.views.generic.base import View
 from django.views.generic.edit import CreateView, FormView
@@ -26,16 +27,25 @@ from wiki.conf import settings
 from wiki.core.compat import get_user_model
 User = get_user_model()
 class Signup(CreateView):
    model = User
    form_class = forms.UserCreationForm
    template_name = "wiki/accounts/signup.html"
    def dispatch(self, request, *args, **kwargs):
-        if not request.user.is_anonymous():
+        # Let logged in super users continue
-            return redirect('wiki:root')    
+        if not request.user.is_anonymous() and not request.user.is_superuser:
+            return redirect('wiki:root')
+        # If account handling is disabled, don't go here
        if not settings.ACCOUNT_HANDLING:
            return redirect(settings.SIGNUP_URL)
+        # Allow superusers to use signup page...
+        if not request.user.is_superuser and not settings.ACCOUNT_SIGNUP_ALLOWED:
+            c = RequestContext(request, {'error_msg': _(u'Account signup is only allowed for administrators.'),
+                                         })
+            return render_to_response("wiki/error.html", context_instance=c)
        return super(Signup, self).dispatch(request, *args, **kwargs)
    def get_context_data(self, **kwargs):

--- a/wiki/views/article.py
+++ b/wiki/views/article.py
@@ -37,6 +37,7 @@ class ArticleView(ArticleMixin, TemplateView):
        kwargs['selected_tab'] = 'view'
        return ArticleMixin.get_context_data(self, **kwargs)
 class Create(FormView, ArticleMixin):
    form_class = forms.CreateForm