New option to disable user creation via web

ckan · Sep 5, 2013 · 910ca29 · 910ca29
1 parent b26147e
commit 910ca29
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 18 deletions.
diff --git a/ckan/config/deployment.ini_tmpl b/ckan/config/deployment.ini_tmpl
@@ -66,6 +66,7 @@ ckan.auth.user_create_organizations = true
 ckan.auth.user_delete_groups = true
 ckan.auth.user_delete_organizations = true
 ckan.auth.create_user_via_api = false
+ckan.auth.create_user_via_web = true
 
 
 ## Search Settings

diff --git a/ckan/logic/auth/create.py b/ckan/logic/auth/create.py
@@ -103,14 +103,22 @@ def rating_create(context, data_dict):
     # No authz check in the logic function
     return {'success': True}
 
-def user_create(context, data_dict=None):
-    user = context['user']
 
-    if ('api_version' in context
-            and not new_authz.check_config_permission('create_user_via_api')):
-        return {'success': False, 'msg': _('User %s not authorized to create users') % user}
-    else:
-        return {'success': True}
+def user_create(context, data_dict=None):
+    # create_user_via_api is deprecated
+    using_api = 'api_version' in context
+    create_user_via_api = new_authz.check_config_permission(
+            'create_user_via_api')
+    create_user_via_web = new_authz.check_config_permission(
+            'create_user_via_web')
+
+    if using_api and not create_user_via_api:
+        return {'success': False, 'msg': _('User {user} not authorized to '
+            'create users via the API').format(user=context.get('user'))}
+    if not using_api and not create_user_via_web:
+        return {'success': False, 'msg': _('Not authorized to '
+            'create users')}
+    return {'success': True}
 
 
 def _check_group_auth(context, data_dict):

diff --git a/ckan/new_authz.py b/ckan/new_authz.py
@@ -86,6 +86,7 @@ def _build(self):
 
 def clear_auth_functions_cache():
     _AuthFunctions.clear()
+    CONFIG_PERMISSIONS.clear()
 
 
 def auth_functions_list():
@@ -319,6 +320,7 @@ def get_user_id_for_username(user_name, allow_none=False):
     'user_delete_groups': True,
     'user_delete_organizations': True,
     'create_user_via_api': False,
+    'create_user_via_web': True,
 }
 
 CONFIG_PERMISSIONS = {}

diff --git a/ckan/templates/header.html b/ckan/templates/header.html
@@ -49,7 +49,9 @@
           <ul class="unstyled">
             {% block header_account_notlogged %}
             <li>{% link_for _('Log in'), controller='user', action='login' %}</li>
-            <li>{% link_for _('Register'), controller='user', action='register', class_='sub' %}</li>
+            {% if h.check_access('user_create') %}
+              <li>{% link_for _('Register'), controller='user', action='register', class_='sub' %}</li>
+            {% endif %}
             {% endblock %}
           </ul>
         </nav>

diff --git a/ckan/templates/user/login.html b/ckan/templates/user/login.html
@@ -18,15 +18,17 @@ <h1 class="page-heading">{% block page_heading %}{{ _('Login') }}{% endblock %}<
 {% endblock %}
 
 {% block secondary_content %}
-  <section class="module module-narrow module-shallow">
-    <h2 class="module-heading">{{ _('Need an Account?') }}</h2>
-    <div class="module-content">
-      <p>{% trans %}Then sign right up, it only takes a minute.{% endtrans %}</p>
-      <p class="action">
-        <a class="btn" href="{{ h.url_for(controller='user', action='register') }}">{{ _('Create an Account') }}</a>
-      </p>
-    </div>
-  </section>
+  {% if h.check_access('user_create') %}
+    <section class="module module-narrow module-shallow">
+      <h2 class="module-heading">{{ _('Need an Account?') }}</h2>
+      <div class="module-content">
+        <p>{% trans %}Then sign right up, it only takes a minute.{% endtrans %}</p>
+        <p class="action">
+          <a class="btn" href="{{ h.url_for(controller='user', action='register') }}">{{ _('Create an Account') }}</a>
+        </p>
+      </div>
+    </section>
+  {% endif %}
 
   <section class="module module-narrow module-shallow">
     <h2 class="module-heading">{{ _('Forgotten your details?') }}</h2>

diff --git a/test-core.ini b/test-core.ini
@@ -31,6 +31,7 @@ solr_url = http://127.0.0.1:8983/solr
 ckan.auth.user_create_organizations = true
 ckan.auth.user_create_groups = true
 ckan.auth.create_user_via_api = false
+ckan.auth.create_user_via_web = true
 ckan.auth.create_dataset_if_not_in_organization = true
 ckan.auth.anon_create_dataset = false
 ckan.auth.user_delete_groups=true
@@ -80,7 +81,7 @@ smtp.mail_from = info@test.ckan.net
 
 ckan.locale_default = en
 ckan.locale_order = en pt_BR ja it cs_CZ ca es fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv
-ckan.locales_filtered_out = 
+ckan.locales_filtered_out =
 
 ckan.datastore.enabled = 1