Commit 8202f670 authored by Chris Reffett's avatar Chris Reffett
Browse files

Restrict signups: non-staff users can only sign themselves up.

Registered users may not sign up again.
parent 91ce88d8
......@@ -3,6 +3,7 @@
{% if user.is_authenticated %}
| [ <a href="{% url 'my_links' %}">My Links</a> ]
{% if user.is_staff %}
| [ <a href="{% url 'signup' %}">User Registration</a> ]
| [ <a href="{% url 'adminpanel' %}">Administration</a> ]
{% endif %}
| [ <a href="{% url 'go_logout' %}">Log Out</a> ]
......
......@@ -10,6 +10,7 @@ Go - Signup
<h3>~Signup~</h3>
{% if not registered %}
<p>
In order to succesfully provide this service, users must be manually
approved. This prevents misuse of the URL shortener. Please indicate below
......@@ -69,5 +70,8 @@ if you are interested.
<br/><br/>
</form>
{% else %}
<p>You are already signed up for Go.</p>
<br/>
{% endif %}
{% endblock %}
......@@ -32,6 +32,19 @@ def is_approved( user ):
return False
def is_registered(user):
"""
This function checks if a user account has a corresponding RegisteredUser,
thus checking if the user is registered.
"""
try:
registered = RegisteredUser.objects.get( username=user.username )
return True
except RegisteredUser.DoesNotExist:
return False
##############################################################################
"""
Define error page handling here.
......@@ -187,12 +200,29 @@ def signup(request):
yourself, or another person.
"""
if is_registered(request.user) and not request.user.is_staff:
return render(request, 'signup.html', {
'registered': True,
},
)
signup_form = SignupForm(initial={'username': request.user.username})
# Non-staff have the username field read-only and pre-filled
if request.user.is_staff:
signup_form = SignupForm()
else:
signup_form = SignupForm(initial={'username': request.user.username})
signup_form.fields['username'].widget.attrs['readonly'] = 'readonly'
if request.method == 'POST':
signup_form = SignupForm(request.POST, initial={'approved': False})
signup_form = SignupForm(request.POST, initial={'approved': False,
'username': request.user.username})
if signup_form.is_valid():
# Prevent hax: if not staff, force the username back to the request username.
if not request.user.is_staff:
username = request.user.username
else:
username = signup_form.cleaned_data.get('username')
full_name = signup_form.cleaned_data.get('full_name')
description = signup_form.cleaned_data.get('description')
......@@ -209,6 +239,7 @@ def signup(request):
return render(request, 'signup.html', {
'form': signup_form,
'registered': False,
},
)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment