Hello again,
I see that even in the production CERN document server, a guest user
can click the submit tab and see all the available doctypes...
Personally, I'm very happy with that (I got some ideas about what can
be inserted in the system), but since the user needs to be logged in
to submit a document anyway, wouldn't it be better to prevent guest
users from clicking around?
For that, you just add the following in websubmit_engine's "home" func:
...
_ = gettext_set_language(ln)
if uid_email == "" or uid_email == "guest":
finaltext = websubmit_templates.tmpl_warning_message(
ln = ln,
msg = _("Sorry, you must log in to perform this action.")
)
else:
finaltext = websubmit_templates.tmpl_submit_home_page(
ln = ln,
catalogues = makeCataloguesTable(ln, uid)
)
...
Probably you're already aware of that and you haven't done it already
because of the complex authentication system you're using, but for
'normal' sites it would be useful... So, maybe you'll need to first
check "if not CFG_CERN_SITE" and only then disallow submit for guest
users.
