Hide unlinking link if the user has no password and can't set it (fixes #10775).
This commit is contained in:
parent
121e62a9e8
commit
ff30392ddc
|
@ -3,8 +3,11 @@ from django.template.loader import render_to_string
|
|||
from django.template import RequestContext
|
||||
from django.shortcuts import render
|
||||
|
||||
from authentic2 import app_settings as a2_app_settings
|
||||
|
||||
from . import app_settings
|
||||
|
||||
|
||||
class FcFrontend(object):
|
||||
def enabled(self):
|
||||
return app_settings.enable
|
||||
|
@ -27,7 +30,12 @@ class FcFrontend(object):
|
|||
|
||||
def profile(self, request, *args, **kwargs):
|
||||
unlink = False
|
||||
if not app_settings.create or app_settings.enable_unlink_when_create:
|
||||
# We prevent unlinking if the user has no usable password and can't change it
|
||||
# because we assume that the password is the unique other mean of authentication
|
||||
# and unlinking would make the account unreachable.
|
||||
if request.user.has_usable_password() or \
|
||||
a2_app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD:
|
||||
# Hide the link to the unlinking view.
|
||||
unlink = True
|
||||
context_instance = kwargs.pop('context_instance', None) or RequestContext(request)
|
||||
return render_to_string('authentic2_auth_fc/linking.html',
|
||||
|
|
Loading…
Reference in New Issue