Ask Your Question
1

do not allow the user to manage his login methods if there is no possible alternative provider

asked 2011-05-26 06:58:39 -0600

Samuel gravatar image

updated 2011-06-01 19:35:11 -0600

Evgeny gravatar image

In my case the only possibility to sigin is the LDAP method. So there is no need to manage the signin methods. It would be better to not display the option to the user in that case.

It will be not really important if the following behavior could be avoid : if the user deletes the only method available for him, the next time he will signin, the system will consider that this is his first connection. So he will have to refill the username and email. But in my case the email is unique, so the user cannot sigin anymore. The key to find a user is not the login name?

edit retag flag offensive close merge delete

Comments

I think that the user should not have the possibility to remove the last login method in order to always be able to retrieve his account.
Samuel gravatar imageSamuel ( 2011-05-30 02:14:34 -0600 )edit
Samuel, I'll fix it this week, I am out of town for the long weekend.
Evgeny gravatar imageEvgeny ( 2011-05-30 06:19:57 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2011-05-31 07:00:44 -0600

Samuel gravatar image

Evgeny, here is the fix I have finally done on my side in the file skin/default/template/authopenid/signin.html I simply disable the delete button if the provider is the one defined for LDAP.

@@ -139,7 +139,7 @@
                 <tr>
                     <th>{% trans %}provider{% endtrans %}</th>
                     <th>{% trans %}last used{% endtrans %}</th>
-                    <th>{% trans %}delete, if you like{% endtrans %}</th>
+                    <th>{% trans %}delete, if you like and if permitted{% endtrans %}</th>
                 </tr>
                 {% for login_method in existing_login_methods %}
                 <tr class="ab-provider-row">
@@ -152,7 +152,11 @@
                         {% endif %}
                     </td>
                     <td>
-                        <button>{% trans %}delete{% endtrans %}</button>
+                        {% if login_method.provider_name == settings.LDAP_PROVIDER_NAME %}^M
+                            <button disabled="disabled">{% trans %}delete{% endtrans %}</button>
+                        {% else %}
+                            <button>{% trans %}delete{% endtrans %}</button>
+                        {% endif  %}
                     </td>
                 </tr>
                 {% endfor %}
edit flag offensive delete link more

Comments

Good, but maybe you don't need the "manage login methods" view at all in that case? We could add a setting disabling it, what do you think?
Evgeny gravatar imageEvgeny ( 2011-05-31 12:42:58 -0600 )edit
Yes you are right. I do not need to manage login methods. Initially I had removed the link "manage login methods" in the file templates/user_profile/user_info.html. Then I thought that it was specific to LDAP so I have disabled the delete button for the ldap provider. Now I think that this feature should be automatically disabled if there is only one provider available. But if you add a parameter, I will use it. ;-)
Samuel gravatar imageSamuel ( 2011-06-01 09:44:52 -0600 )edit
Samuel, I finally added the setting that will allow you disable login method management - available on github and pypi, rev 0.6.89
Evgeny gravatar imageEvgeny ( 2011-06-01 19:34:46 -0600 )edit
It works fine. Thanks.
Samuel gravatar imageSamuel ( 2011-06-03 09:23:36 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2011-05-26 06:58:39 -0600

Seen: 482 times

Last updated: May 31 '11