Restrict signups: non-staff users can only sign themselves up.

Registered users may not sign up again.

Restrict signups: non-staff users can only sign themselves up.
Registered users may not sign up again.
8202f670 · Chris Reffett · 91ce88d8 · 8202f670 · 8202f670 · 8202f670
Commit 8202f670 authored Aug 30, 2014 by Chris Reffett
--- a/go/go/templates/navbar.html
+++ b/go/go/templates/navbar.html
@@ -3,6 +3,7 @@
  {% if user.is_authenticated %}
  | [ <a href="{% url 'my_links' %}">My Links</a> ]
  {% if user.is_staff %}
+  | [ <a href="{% url 'signup' %}">User Registration</a> ]
  | [ <a href="{% url 'adminpanel' %}">Administration</a> ]
  {% endif %}
  | [ <a href="{% url 'go_logout' %}">Log Out</a> ]

--- a/go/go/templates/signup.html
+++ b/go/go/templates/signup.html
@@ -10,6 +10,7 @@ Go - Signup

 <h3>~Signup~</h3>

+{% if not registered %}
 <p>
 In order to succesfully provide this service, users must be manually
 approved. This prevents misuse of the URL shortener. Please indicate below
@@ -69,5 +70,8 @@ if you are interested.
  <br/><br/>

 </form>
-
+{% else %}
+<p>You are already signed up for Go.</p>
+<br/>
+{% endif %}
 {% endblock %}
--- a/go/go/views.py
+++ b/go/go/views.py
@@ -32,6 +32,19 @@ def is_approved( user ):
        return False


+def is_registered(user):
+    """
+    This function checks if a user account has a corresponding RegisteredUser,
+    thus checking if the user is registered.
+    """
+
+    try:
+        registered = RegisteredUser.objects.get( username=user.username )
+        return True
+    except RegisteredUser.DoesNotExist:
+        return False
+
+
 ##############################################################################
 """
 Define error page handling here.
@@ -187,13 +200,30 @@ def signup(request):
    yourself, or another person.

    """
-
-    signup_form = SignupForm()
+    if is_registered(request.user) and not request.user.is_staff:
+        return render(request, 'signup.html', {
+            'registered': True,
+        },
+        )
+
+    signup_form = SignupForm(initial={'username': request.user.username})
+    # Non-staff have the username field read-only and pre-filled
+    if request.user.is_staff:
+        signup_form = SignupForm()
+    else:
+        signup_form = SignupForm(initial={'username': request.user.username})
+        signup_form.fields['username'].widget.attrs['readonly'] = 'readonly'

    if request.method == 'POST':
-        signup_form = SignupForm(request.POST, initial={'approved': False})
+        signup_form = SignupForm(request.POST, initial={'approved': False,
+            'username': request.user.username})
+
        if signup_form.is_valid():
-            username = signup_form.cleaned_data.get('username')
+            # Prevent hax: if not staff, force the username back to the request username.
+            if not request.user.is_staff:
+                username = request.user.username
+            else:
+                username = signup_form.cleaned_data.get('username')
            full_name = signup_form.cleaned_data.get('full_name')
            description = signup_form.cleaned_data.get('description')

@@ -209,6 +239,7 @@ def signup(request):

    return render(request, 'signup.html', {
        'form': signup_form,
+        'registered': False,
    },
    )