From 047d60104388ceafdb4ea9dbd7d8d27847954254 Mon Sep 17 00:00:00 2001
From: Helmut Merz <helmutm@cy55.de>
Date: Thu, 5 Dec 2013 13:43:01 +0100
Subject: [PATCH 1/2] fix self registration form: respect content type, remove
 excess br tag

---
 browser/form_macros.pt     | 31 +++++++++++++++----------------
 organize/browser/member.py |  2 +-
 2 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/browser/form_macros.pt b/browser/form_macros.pt
index 96158c8..a8ed30e 100644
--- a/browser/form_macros.pt
+++ b/browser/form_macros.pt
@@ -25,30 +25,29 @@
       <tal:title condition="not:view/isInnerHtml">
         <h1 tal:content="request/view_title|view/title"
             i18n:translate="">Edit Information Object</h1>
-        <br />
       </tal:title>
 
       <table cellpadding="3" class="form">
-        <tbody>
-          <tr tal:condition="view/isInnerHtml">
+        <tbody tal:condition="view/isInnerHtml">
+          <tr>
             <th colspan="5" class="headline"
                 tal:attributes="colspan python: useI18N and 4 or 5">
               <span tal:content="request/view_title|view/title"
                     i18n:translate="">Edit Information Object</span>
             </th>
-          <th tal:condition="useI18N"
-              style="vertical-align: bottom; text-align: right;
-                     padding-right: 1em">
-            <select name="loops.language" id="loops.language"
-                    tal:attributes="onChange
-                            string:return replaceFieldsNodeForLanguage(
-                                    'form.fields', 'loops.language',
-                                    '${view/virtualTargetUrl}/$innerForm')">
-              <option tal:repeat="lang languages"
-                      tal:content="lang"
-                      tal:attributes="selected python: lang == language;">en</option>
-            </select>
-          </th>
+            <th tal:condition="useI18N"
+                style="vertical-align: bottom; text-align: right;
+                       padding-right: 1em">
+              <select name="loops.language" id="loops.language"
+                      tal:attributes="onChange
+                              string:return replaceFieldsNodeForLanguage(
+                                      'form.fields', 'loops.language',
+                                      '${view/virtualTargetUrl}/$innerForm')">
+                <option tal:repeat="lang languages"
+                        tal:content="lang"
+                        tal:attributes="selected python: lang == language;">en</option>
+              </select>
+            </th>
         </tr></tbody>
 
         <tbody metal:define-slot="custom_header" />
diff --git a/organize/browser/member.py b/organize/browser/member.py
index 738b521..7cd4948 100644
--- a/organize/browser/member.py
+++ b/organize/browser/member.py
@@ -138,7 +138,7 @@ class BaseMemberRegistration(NodeView):
         name = '.'.join((self.text_names_prefix, self.info_key))
         text = self.resourceManager.get(name)
         if text:
-            return self.renderText(text.data)
+            return self.renderText(text.data, text.contentType)
         return u''
 
     @Lazy

From e78a5f4fc32b065350609ca844c0b2ee36a40a9c Mon Sep 17 00:00:00 2001
From: Helmut Merz <helmutm@cy55.de>
Date: Mon, 9 Dec 2013 08:46:59 +0100
Subject: [PATCH 2/2] allow hiding of object actions: restrict via permissions

---
 browser/common.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/browser/common.py b/browser/common.py
index 4c77cf5..32dee01 100644
--- a/browser/common.py
+++ b/browser/common.py
@@ -68,6 +68,7 @@ from loops.config.base import DummyOptions
 from loops.i18n.browser import I18NView
 from loops.interfaces import IResource, IView, INode, ITypeConcept
 from loops.organize.tracking import access
+from loops.organize.util import getRolesForPrincipal
 from loops.resource import Resource
 from loops.security.common import checkPermission
 from loops.security.common import canAccessObject, canListObject, canWriteObject
@@ -772,7 +773,16 @@ class BaseView(GenericView, I18NView):
 
     @Lazy
     def showObjectActions(self):
-        return not IUnauthenticatedPrincipal.providedBy(self.request.principal)
+        principal = self.request.principal
+        if IUnauthenticatedPrincipal.providedBy(principal):
+            return False
+        perms = self.globalOptions('action.object.permissions')
+        if perms:
+            for p in perms:
+                if checkPermission(p, self.context):
+                    return True
+            return False
+        return True
 
     def checkAction(self, name, category, target):
         if name in ('create_resource',):