From a812c807175183fbe70d6e3067376d95e686743a Mon Sep 17 00:00:00 2001 From: helmutm Date: Mon, 8 Nov 2010 15:59:13 +0000 Subject: [PATCH] check permission for user registration to avoid uncontrolled self-registration on public sites git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@4062 fd906abe-77d9-0310-91a1-e0d9ade77398 --- organize/browser/member.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/organize/browser/member.py b/organize/browser/member.py index 38f6cad..3ce65a9 100644 --- a/organize/browser/member.py +++ b/organize/browser/member.py @@ -30,15 +30,18 @@ from zope.app.pagetemplate import ViewPageTemplateFile from zope.app.principalannotation import annotations from zope.cachedescriptors.property import Lazy from zope.i18nmessageid import MessageFactory +from zope.security import checkPermission from cybertools.composer.interfaces import IInstance from cybertools.composer.schema.browser.common import schema_macros from cybertools.composer.schema.browser.form import Form, CreateForm from cybertools.composer.schema.schema import FormState, FormError +from cybertools.meta.interfaces import IOptions from cybertools.typology.interfaces import IType from loops.browser.common import concept_macros from loops.browser.concept import ConceptView, ConceptRelationView from loops.browser.node import NodeView +from loops.common import adapted from loops.concept import Concept from loops.organize.interfaces import ANNOTATION_KEY, IMemberRegistrationManager from loops.organize.interfaces import IMemberRegistration, IPasswordChange @@ -94,6 +97,13 @@ class MemberRegistration(NodeView, CreateForm): def macro(self): return schema_macros.macros['form'] + def checkPermissions(self): + personType = adapted(self.conceptManager['person']) + perms = IOptions(personType)('registration.permission') + if perms: + return checkPermission(perms[0], self.context) + return checkPermission('loops.ManageSite', self.context) + @Lazy def item(self): return self