Commit 8202f670 authored by Chris Reffett's avatar Chris Reffett
Browse files

Restrict signups: non-staff users can only sign themselves up.

Registered users may not sign up again.
parent 91ce88d8
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
{% if user.is_authenticated %} {% if user.is_authenticated %}
| [ <a href="{% url 'my_links' %}">My Links</a> ] | [ <a href="{% url 'my_links' %}">My Links</a> ]
{% if user.is_staff %} {% if user.is_staff %}
| [ <a href="{% url 'signup' %}">User Registration</a> ]
| [ <a href="{% url 'adminpanel' %}">Administration</a> ] | [ <a href="{% url 'adminpanel' %}">Administration</a> ]
{% endif %} {% endif %}
| [ <a href="{% url 'go_logout' %}">Log Out</a> ] | [ <a href="{% url 'go_logout' %}">Log Out</a> ]
......
...@@ -10,6 +10,7 @@ Go - Signup ...@@ -10,6 +10,7 @@ Go - Signup
<h3>~Signup~</h3> <h3>~Signup~</h3>
{% if not registered %}
<p> <p>
In order to succesfully provide this service, users must be manually In order to succesfully provide this service, users must be manually
approved. This prevents misuse of the URL shortener. Please indicate below approved. This prevents misuse of the URL shortener. Please indicate below
...@@ -69,5 +70,8 @@ if you are interested. ...@@ -69,5 +70,8 @@ if you are interested.
<br/><br/> <br/><br/>
</form> </form>
{% else %}
<p>You are already signed up for Go.</p>
<br/>
{% endif %}
{% endblock %} {% endblock %}
...@@ -32,6 +32,19 @@ def is_approved( user ): ...@@ -32,6 +32,19 @@ def is_approved( user ):
return False return False
def is_registered(user):
"""
This function checks if a user account has a corresponding RegisteredUser,
thus checking if the user is registered.
"""
try:
registered = RegisteredUser.objects.get( username=user.username )
return True
except RegisteredUser.DoesNotExist:
return False
############################################################################## ##############################################################################
""" """
Define error page handling here. Define error page handling here.
...@@ -187,13 +200,30 @@ def signup(request): ...@@ -187,13 +200,30 @@ def signup(request):
yourself, or another person. yourself, or another person.
""" """
if is_registered(request.user) and not request.user.is_staff:
signup_form = SignupForm() return render(request, 'signup.html', {
'registered': True,
},
)
signup_form = SignupForm(initial={'username': request.user.username})
# Non-staff have the username field read-only and pre-filled
if request.user.is_staff:
signup_form = SignupForm()
else:
signup_form = SignupForm(initial={'username': request.user.username})
signup_form.fields['username'].widget.attrs['readonly'] = 'readonly'
if request.method == 'POST': if request.method == 'POST':
signup_form = SignupForm(request.POST, initial={'approved': False}) signup_form = SignupForm(request.POST, initial={'approved': False,
'username': request.user.username})
if signup_form.is_valid(): if signup_form.is_valid():
username = signup_form.cleaned_data.get('username') # Prevent hax: if not staff, force the username back to the request username.
if not request.user.is_staff:
username = request.user.username
else:
username = signup_form.cleaned_data.get('username')
full_name = signup_form.cleaned_data.get('full_name') full_name = signup_form.cleaned_data.get('full_name')
description = signup_form.cleaned_data.get('description') description = signup_form.cleaned_data.get('description')
...@@ -209,6 +239,7 @@ def signup(request): ...@@ -209,6 +239,7 @@ def signup(request):
return render(request, 'signup.html', { return render(request, 'signup.html', {
'form': signup_form, 'form': signup_form,
'registered': False,
}, },
) )
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment