fix guest login

0498bafa · Gero Müller · c9d927d7 · 0498bafa · 0498bafa · 0498bafa
Commit 0498bafa authored Aug 31, 2016 by Gero Müller
--- a/conf/vispa.ini.sample
+++ b/conf/vispa.ini.sample
@@ -61,12 +61,6 @@ forgot.subject = Your VISPA password
 # absolute url
 password_url = http://localhost:4282/vispa/password

-# enable guets logins without providing any information
-enable_guest_login = False
-
-# add guest automatically to the following groups
-guest_groups = []
-
 # default workspace action, i.e. a vispa.callbacks channel
 workspace_action = openFileBrowser

@@ -130,28 +124,40 @@ ignore = [dummy]

 [usermanagement]
 # do auto setup?
-autosetup = True
+autosetup = False
+
 # the role/permission setup of the extensions can be accepted or not
 accept_extensions = True
+
 # name of the global project
 global_project = VISPA
+
 # default user and guest group
-user_group = default_user
-guest_group = default_guest
+user_group = user
+guest_group = guest
+
 # three roles, e.g. with ascending rank
 role_1 = Student
 role_2 = Tutor
 role_3 = Manager
+
 # list of permissions that must exist
 permissions = ["project.read_items", "project.create_items", "project.edit_items", "project.delete_items"]
+
 # assignment of permissions to default roles. permissions must exists (use line above)
 role_1_permissions = ["project.read_items"]
 role_2_permissions = ["project.read_items", "project.create_items"]
 role_3_permissions = ["project.read_items", "project.create_items", "project.edit_items", "project.delete_items"]
+
 # assignment of roles to user and guest group
 user_group_roles = [1]
 guest_group_roles = []

+# enable guets logins without providing any information
+enable_guest_login = False
+
+
+
 [ldap-export]
 enable = False


--- a/vispa/controller/ajax.py
+++ b/vispa/controller/ajax.py
@@ -47,10 +47,9 @@ class AjaxController(AbstractController):
        user = User.register(cherrypy.request.db, username, email)
        session = cherrypy.request.db

-        if vispa.config("usermanagement", "autosetup", False):
-            user_group = vispa.config("usermanagement", "user_group", None)
-            user_group = Group.get_by_name(session, user_group)
-            user_group.add_user(session, user, Group_User_Assoc.CONFIRMED)
+        user_group = vispa.config("usermanagement", "user_group", "user")
+        user_group = Group.get_by_name(session, user_group)
+        user_group.add_user(session, user, Group_User_Assoc.CONFIRMED)

        if vispa.config("web", "registration.autoactive", True):
            return { "hash": user.hash }

--- a/vispa/controller/root.py
+++ b/vispa/controller/root.py
@@ -229,20 +229,16 @@ class RootController(AbstractController):
            raise cherrypy.HTTPRedirect(path)

        # return an error when guest logins are disabled
-        if vispa.config("web", "enable_guest_login", False) is False:
+        if vispa.config("usermanagement", "enable_guest_login", False) is False:
            raise cherrypy.HTTPError(403, "Guest login not allowed!")

+        db= cherrypy.request.db
+        
        # actual guest login
-        user, password = User.guest_login(req.db)
-        for groupname in vispa.config("web", "guest_groups", []):
+        user, password = User.guest_login(db)
+        for groupname in vispa.config("usermanagement", "guest_group", "guest"):
            group = Group.get_or_create_by_name(db, groupname)
-            group.users.append(user)
-
-        # autosetup new guest
-        if vispa.config("usermanagement", "autosetup", False):
-            guest_group = vispa.config("usermanagement", "guest_group", None)
-            guest_group = Group.get_by_name(req.db, guest_group)
-            guest_group.add_user(req.db, user, Group_User_Assoc.CONFIRMED)
+            group.add_user(db, user, Group_User_Assoc.UNCONFIRMED)

        # update session
        cherrypy.session["user_id"] = unicode(user.id)