Skip to content
  • Leigh B. Stoller's avatar
    A large set of authorization changes. · d2360b6d
    Leigh B. Stoller authored
    * Cleanup! A lot of the structure derived from the early frame days,
      which had a noticable (and bad) effect on how I wrote the stuff.  I
      cleaned up most of that yuckyness.
    * In process, optimize a little bit on the queries. The old code did
      about 9 queries just to write out the menu options, and then
      repeated most of those queries again in the page guts. I've
      consolidated the queries as much as possible (to 3) and cache all
      the results.
    * Fix up problem with users who forget their passwords before
      verification. Basically, I fixed the more general problem of not
      being able to update your user info before verification/approval;
      users now get that menu option no matter their status.
    * Fix up problem of users being able to access pages before
      verification (but after approval) by going around the menu options.
      The page level check (after the menu is drawn) now checks all
      conditions (password expired, unverified, unapproved, timedout, and
      also nologins()).
    * Minor change in approveuser; do not show the new account to the
      project leader until the new user has verified his account.
    * Change verification method, as reqwuested by Dave.  In addition to
      providing the key, also provide a web link to take the user straight
      to verification. I actually take them direct to the login page, and
      pass the key in as an argument. If the user is already logged in,
      bypass and go directly to the verify page (not the form page of
      course).  If the user is not logged in, let him log in, and then
      forward the key onward to the verify page. Basically, bypass the
      form all the time, and just do the verification.
    * Minor change in showuser; Do not show pid/groups not approved in,
      and if the count is zero, do not draw the table headings.