do not allow the user to manage his login methods if there is no possible alternative provider

In my case the only possibility to sigin is the LDAP method. So there is no need to manage the signin methods. It would be better to not display the option to the user in that case.

It will be not really important if the following behavior could be avoid : if the user deletes the only method available for him, the next time he will signin, the system will consider that this is his first connection. So he will have to refill the username and email. But in my case the email is unique, so the user cannot sigin anymore. The key to find a user is not the login name?

Comments

I think that the user should not have the possibility to remove the last login method in order to always be able to retrieve his account.

Samuel (13 years ago)

Samuel, I'll fix it this week, I am out of town for the long weekend.

Evgeny (13 years ago)

see more comments

Evgeny, here is the fix I have finally done on my side in the file skin/default/template/authopenid/signin.html I simply disable the delete button if the provider is the one defined for LDAP.

@@ -139,7 +139,7 @@
                 <tr>
                     <th>{% trans %}provider{% endtrans %}</th>
                     <th>{% trans %}last used{% endtrans %}</th>
-                    <th>{% trans %}delete, if you like{% endtrans %}</th>
+                    <th>{% trans %}delete, if you like and if permitted{% endtrans %}</th>
                 </tr>
                 {% for login_method in existing_login_methods %}
                 <tr class="ab-provider-row">
@@ -152,7 +152,11 @@
                         {% endif %}
                     </td>
                     <td>
-                        <button>{% trans %}delete{% endtrans %}</button>
+                        {% if login_method.provider_name == settings.LDAP_PROVIDER_NAME %}^M
+                            <button disabled="disabled">{% trans %}delete{% endtrans %}</button>
+                        {% else %}
+                            <button>{% trans %}delete{% endtrans %}</button>
+                        {% endif  %}
                     </td>
                 </tr>
                 {% endfor %}

425

Samuel

answered 13 years ago

link

Comments

Good, but maybe you don't need the "manage login methods" view at all in that case? We could add a setting disabling it, what do you think?

Evgeny (13 years ago)

Yes you are right. I do not need to manage login methods. Initially I had removed the link "manage login methods" in the file templates/user_profile/user_info.html. Then I thought that it was specific to LDAP so I have disabled the delete button for the ldap provider. Now I think that this feature should be automatically disabled if there is only one provider available. But if you add a parameter, I will use it. ;-)

Samuel (13 years ago)

Samuel, I finally added the setting that will allow you disable login method management - available on github and pypi, rev 0.6.89

Evgeny (13 years ago)

It works fine. Thanks.

Samuel (13 years ago)

see more comments

do not allow the user to manage his login methods if there is no possible alternative provider savecancel

Comments

1 Answer

Comments

do not allow the user to manage his login methods if there is no possible alternative provider