diff -ur roundup-1.4.8.orig/roundup/cgi/actions.py roundup-1.4.8/roundup/cgi/actions.py
--- roundup-1.4.8.orig/roundup/cgi/actions.py 2009-03-17 22:49:57.000000000 +0000
+++ roundup-1.4.8/roundup/cgi/actions.py 2009-06-12 22:16:22.601449566 +0100
@@ -643,11 +643,6 @@
% str(message))
return
- # guard against new user creation that would bypass security checks
- for key in props:
- if 'user' in key:
- return
-
# handle the props - edit or create
try:
# when it hits the None element, it'll set self.nodeid
@@ -809,7 +804,7 @@
class RegisterAction(RegoCommon, EditCommon):
name = 'register'
- permissionType = 'Create'
+ permissionType = 'Register'
def handle(self):
"""Attempt to create a new user based on the contents of the form
diff -ur roundup-1.4.8.orig/roundup/cgi/templating.py roundup-1.4.8/roundup/cgi/templating.py
--- roundup-1.4.8.orig/roundup/cgi/templating.py 2009-03-17 22:58:23.000000000 +0000
+++ roundup-1.4.8/roundup/cgi/templating.py 2009-06-12 22:16:22.613452124 +0100
@@ -1268,7 +1268,9 @@
return self._db.security.hasPermission('Edit', self._client.userid,
self._classname, self._name, self._nodeid)
return self._db.security.hasPermission('Create', self._client.userid,
- self._classname, self._name)
+ self._classname, self._name) or \
+ self._db.security.hasPermission('Register', self._client.userid,
+ self._classname, self._name)
def is_view_ok(self):
""" Is the user allowed to View the current class?
diff -ur roundup-1.4.8.orig/share/roundup/templates/classic/html/page.html roundup-1.4.8/share/roundup/templates/classic/html/page.html
--- roundup-1.4.8.orig/share/roundup/templates/classic/html/page.html 2009-03-08 21:58:24.000000000 +0000
+++ roundup-1.4.8/share/roundup/templates/classic/html/page.html 2009-06-12 22:20:37.113454739 +0100
@@ -136,7 +136,7 @@
Register
Lost your login?