Commit 6c03ef3a authored by Jean Michel Rouly's avatar Jean Michel Rouly
Browse files

Merge branch 'restrict-signups' into 'dev'

Restrict signups further

Users can only sign themselves up and cannot access the signup page once they've submitted a signup request. Staff members may sign other users up. Added a signup link for admins to the navbar.

See merge request !4
parents 7ab8abb4 8202f670
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
{% if user.is_authenticated %} {% if user.is_authenticated %}
| [ <a href="{% url 'my_links' %}">My Links</a> ] | [ <a href="{% url 'my_links' %}">My Links</a> ]
{% if user.is_staff %} {% if user.is_staff %}
| [ <a href="{% url 'signup' %}">User Registration</a> ]
| [ <a href="{% url 'adminpanel' %}">Administration</a> ] | [ <a href="{% url 'adminpanel' %}">Administration</a> ]
{% endif %} {% endif %}
| [ <a href="{% url 'go_logout' %}">Log Out</a> ] | [ <a href="{% url 'go_logout' %}">Log Out</a> ]
......
...@@ -10,6 +10,7 @@ Go - Signup ...@@ -10,6 +10,7 @@ Go - Signup
<h3>~Signup~</h3> <h3>~Signup~</h3>
{% if not registered %}
<p> <p>
In order to succesfully provide this service, users must be manually In order to succesfully provide this service, users must be manually
approved. This prevents misuse of the URL shortener. Please indicate below approved. This prevents misuse of the URL shortener. Please indicate below
...@@ -69,5 +70,8 @@ if you are interested. ...@@ -69,5 +70,8 @@ if you are interested.
<br/><br/> <br/><br/>
</form> </form>
{% else %}
<p>You are already signed up for Go.</p>
<br/>
{% endif %}
{% endblock %} {% endblock %}
...@@ -19,7 +19,7 @@ Define useful helper methods here. ...@@ -19,7 +19,7 @@ Define useful helper methods here.
""" """
def is_registered( user ): def is_approved( user ):
""" """
This function checks if a user account has a corresponding RegisteredUser, This function checks if a user account has a corresponding RegisteredUser,
thus checking if the user is registered. thus checking if the user is registered.
...@@ -32,6 +32,19 @@ def is_registered( user ): ...@@ -32,6 +32,19 @@ def is_registered( user ):
return False return False
def is_registered(user):
"""
This function checks if a user account has a corresponding RegisteredUser,
thus checking if the user is registered.
"""
try:
registered = RegisteredUser.objects.get( username=user.username )
return True
except RegisteredUser.DoesNotExist:
return False
############################################################################## ##############################################################################
""" """
Define error page handling here. Define error page handling here.
...@@ -73,7 +86,7 @@ def index(request): ...@@ -73,7 +86,7 @@ def index(request):
""" """
# If the user isn't registered, don't give them any leeway. # If the user isn't registered, don't give them any leeway.
if not is_registered(request.user): if not is_approved(request.user):
return render(request, 'not_registered.html') return render(request, 'not_registered.html')
url_form = URLForm() # unbound form url_form = URLForm() # unbound form
...@@ -152,7 +165,7 @@ def my_links(request): ...@@ -152,7 +165,7 @@ def my_links(request):
obviously need to be logged in to view your URLs. obviously need to be logged in to view your URLs.
""" """
if not is_registered(request.user): if not is_approved(request.user):
return render(request, 'not_registered.html') return render(request, 'not_registered.html')
urls = URL.objects.filter( owner = request.user ) urls = URL.objects.filter( owner = request.user )
...@@ -169,7 +182,7 @@ def delete(request, short): ...@@ -169,7 +182,7 @@ def delete(request, short):
logged in and registered, and must also be the owner of the URL. logged in and registered, and must also be the owner of the URL.
""" """
if not is_registered(request.user): if not is_approved(request.user):
return render(request, 'not_registered.html') return render(request, 'not_registered.html')
url = get_object_or_404(URL, short__iexact = short ) url = get_object_or_404(URL, short__iexact = short )
...@@ -187,13 +200,30 @@ def signup(request): ...@@ -187,13 +200,30 @@ def signup(request):
yourself, or another person. yourself, or another person.
""" """
if is_registered(request.user) and not request.user.is_staff:
signup_form = SignupForm() return render(request, 'signup.html', {
'registered': True,
},
)
signup_form = SignupForm(initial={'username': request.user.username})
# Non-staff have the username field read-only and pre-filled
if request.user.is_staff:
signup_form = SignupForm()
else:
signup_form = SignupForm(initial={'username': request.user.username})
signup_form.fields['username'].widget.attrs['readonly'] = 'readonly'
if request.method == 'POST': if request.method == 'POST':
signup_form = SignupForm(request.POST, initial={'approved': False}) signup_form = SignupForm(request.POST, initial={'approved': False,
'username': request.user.username})
if signup_form.is_valid(): if signup_form.is_valid():
username = signup_form.cleaned_data.get('username') # Prevent hax: if not staff, force the username back to the request username.
if not request.user.is_staff:
username = request.user.username
else:
username = signup_form.cleaned_data.get('username')
full_name = signup_form.cleaned_data.get('full_name') full_name = signup_form.cleaned_data.get('full_name')
description = signup_form.cleaned_data.get('description') description = signup_form.cleaned_data.get('description')
...@@ -209,6 +239,7 @@ def signup(request): ...@@ -209,6 +239,7 @@ def signup(request):
return render(request, 'signup.html', { return render(request, 'signup.html', {
'form': signup_form, 'form': signup_form,
'registered': False,
}, },
) )
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment