ACP checks for Admin permissions.

misago/admin/acl.py

@@ -4,7 +4,7 @@ from misago.acl.builder import BaseACL
 from misago.forms import YesNoSwitch
 
 def make_form(request, role, form):
-    if role.token != 'admin' and request.user.is_god():
+    if not role.token and request.user.is_god():
         form.base_fields['can_use_acp'] = forms.BooleanField(widget=YesNoSwitch,initial=False,required=False)
         form.layout.append((
                             _("Admin Control Panel"),

misago/authn/methods.py

@@ -110,7 +110,7 @@ def auth_admin(request, email, password):
     Admin auth - check ACP permissions
     """
     user = get_user(email, password, True)
-    if not user.is_admin():
+    if not user.is_god() and not user.get_acl(request).admin.is_admin():
         raise AuthException(NOT_ADMIN, _("Your account does not have admin privileges."))
     return user;
 

misago/firewalls/firewalls.py

@@ -1,5 +1,7 @@
 from django.conf import settings
+from django.utils.translation import ugettext_lazy as _
 from misago.admin import ADMIN_PATH
+from misago.messages import Message
 from misago.views import error403, error404
 from misago.authn.views import signin
 
@@ -31,5 +33,7 @@ class FirewallAdmin(FirewallForum):
             # If we are not authenticated or not admin, force us to sign in right way
             if not request.user.is_authenticated():
                 return signin(request)
-            else:
-                return None
+            elif not request.user.is_god() and not request.acl.admin.is_admin():
+                request.messages.set_message(Message(_("Your account does not have admin privileges")), 'error', 'security')
+                return signin(request)
+            return None

misago/roles/fixtures.py

@@ -8,19 +8,33 @@ def load_fixtures():
                       token='admin',
                       protected=True,
                       )
+    role_admin.set_permissions({
+                                'can_use_acp': True,
+                                'can_use_signature': True,
+                                })
+    
     role_mod = Role(
                     name=_("Moderator").message,
                     token='mod',
                     protected=True,
                     )
+    role_admin.set_permissions({
+                                'can_use_signature': True,
+                                })
+    
     role_registered = Role(
                            name=_("Registered").message,
                            token='registered',
                            )
+    role_registered.set_permissions({
+                                     })
+    
     role_guest = Role(
                       name=_("Guest").message,
                       token='guest',
                       )
+    role_guest.set_permissions({
+                                })
     
     role_admin.save(force_insert=True)
     role_mod.save(force_insert=True)

misago/usercp/acl.py

@@ -4,11 +4,12 @@ from misago.acl.builder import BaseACL
 from misago.forms import YesNoSwitch
 
 def make_form(request, role, form):
-    form.base_fields['can_use_signature'] = forms.BooleanField(widget=YesNoSwitch,initial=False,required=False)
-    form.layout.append((
-                        _("Signature"),
-                        (('can_use_signature', {'label': _("Can have signature")}),),
-                        ))
+    if role.token != 'guest':
+        form.base_fields['can_use_signature'] = forms.BooleanField(widget=YesNoSwitch,initial=False,required=False)
+        form.layout.append((
+                            _("Signature"),
+                            (('can_use_signature', {'label': _("Can have signature")}),),
+                            ))
 
 
 class UserCPACL(BaseACL):

misago/users/models.py

@@ -173,12 +173,7 @@ class User(models.Model):
     ACTIVATION_CREDENTIALS = 3
     
     statistics_name = _('Users Registrations')
-    
-    def is_admin(self):
-        if self.is_god():
-            return True
-        return False #TODO!
-    
+        
     def is_god(self):
         try:
             return self.is_god_cache
@@ -437,10 +432,7 @@ class User(models.Model):
 class Guest(object):
     """
     Misago Guest dummy
-    """
-    def is_admin(self):
-        return False
-    
+    """    
     def is_anonymous(self):
         return True
     
@@ -451,10 +443,10 @@ class Guest(object):
         return False
         
     def get_roles(self):
-        return Role.objects.find(token='guest')
+        return Role.objects.filter(token='guest')
     
     def make_acl_key(self):
-        return 'acl_%s' % hashlib.md5(Role.objects.get(token='guest').pk).hexdigest()[0:8]
+        return 'acl_%s' % hashlib.md5(str(Role.objects.get(token='guest').pk)).hexdigest()[0:8]
 
         
 class Crawler(Guest): 
@@ -464,9 +456,6 @@ class Crawler(Guest):
     def __init__(self, username):
         self.username = username
     
-    def is_admin(self):
-        return False
-    
     def is_anonymous(self):
         return True