Hello everyone,
When a logged-in user has NO sumbit permissions (to any doctype) and
tries to click the submit button (on top), he gets:
"Account '[email protected]' is not yet activated. Try to login
<https://snoopy.lib.auth.gr/youraccount/login?referer=../submit> with
another account"
Which is misleading... He should get an error that says "You are not
authorized to perform this action."
Probably, for registered but not-yet-activated accounts an extra check
should be performed...
Can you verify it, or did i break something?
Best regards,
Theodoros
ps. Call is initiated in websubmit_webinterface.py
[...]
if not at_least_one_submission_authorized and
submission_exists:
if isGuestUser(uid):
return redirect_to_url(req,
"%s/youraccount/login%s" % (
CFG_SITE_SECURE_URL,
make_canonical_urlargd({'referer' :
CFG_SITE_SECURE_URL + req.unparsed_uri, 'ln' : args['ln']}, {}))
, norobot=True)
else:
return page_not_authorized(req, "../submit",
# this is executed
uid=uid,
navmenuid='submit')
return home(req,catalogues_text, c,ln)
and then page_not_authorized is called:
[...]
if res and res[0][0]:
if text:
body = text
else:
body = "%s %s" % (CFG_WEBACCESS_WARNING_MSGS[9] %
cgi.escape(res[0][0]), # this is executed
("%s %s" % (CFG_WEBACCESS_MSGS[0]
% urllib.quote(referer), CFG_WEBACCESS_MSGS[1])))
[...]
but from access_control_config: CFG_WEBACCESS_WARNING_MSGS[9] = Account
'%s' is not yet activated.
