diff --git a/client/js/controllers/top_navigation_controller.js b/client/js/controllers/top_navigation_controller.js index b1de03ec..550400cf 100644 --- a/client/js/controllers/top_navigation_controller.js +++ b/client/js/controllers/top_navigation_controller.js @@ -47,10 +47,12 @@ class TopNavigationController { topNavigation.hide('users'); } if (api.isLoggedIn()) { - topNavigation.hide('register'); + if (!api.hasPrivilege('users:create:any')) { + topNavigation.hide('register'); + } topNavigation.hide('login'); } else { - if (!api.hasPrivilege('users:create')) { + if (!api.hasPrivilege('users:create:self')) { topNavigation.hide('register'); } topNavigation.hide('account'); diff --git a/client/js/controllers/user_registration_controller.js b/client/js/controllers/user_registration_controller.js index 7d822380..78b94024 100644 --- a/client/js/controllers/user_registration_controller.js +++ b/client/js/controllers/user_registration_controller.js @@ -10,7 +10,7 @@ const EmptyView = require('../views/empty_view.js'); class UserRegistrationController { constructor() { - if (!api.hasPrivilege('users:create')) { + if (!api.hasPrivilege('users:create:self')) { this._view = new EmptyView(); this._view.showError('Registration is closed.'); return; @@ -29,12 +29,22 @@ class UserRegistrationController { user.name = e.detail.name; user.email = e.detail.email; user.password = e.detail.password; + const isLoggedIn = api.isLoggedIn(); user.save().then(() => { - api.forget(); - return api.login(e.detail.name, e.detail.password, false); + if (isLoggedIn) { + return Promise.resolve(); + } else { + api.forget(); + return api.login(e.detail.name, e.detail.password, false); + } }).then(() => { - const ctx = router.show(uri.formatClientLink()); - ctx.controller.showSuccess('Welcome aboard!'); + if (isLoggedIn) { + const ctx = router.show(uri.formatClientLink('users')); + ctx.controller.showSuccess('User added!'); + } else { + const ctx = router.show(uri.formatClientLink()); + ctx.controller.showSuccess('Welcome aboard!'); + } }, error => { this._view.showError(error.message); this._view.enableForm(); diff --git a/config.yaml.dist b/config.yaml.dist index 42267452..7273ea7b 100644 --- a/config.yaml.dist +++ b/config.yaml.dist @@ -62,7 +62,8 @@ default_rank: regular privileges: - 'users:create': anonymous + 'users:create:self': anonymous # Registration permission + 'users:create:any': administrator 'users:list': regular 'users:view': regular 'users:edit:any:name': moderator diff --git a/server/szurubooru/api/user_api.py b/server/szurubooru/api/user_api.py index e456f22e..5e14fabe 100644 --- a/server/szurubooru/api/user_api.py +++ b/server/szurubooru/api/user_api.py @@ -26,7 +26,11 @@ def get_users( @rest.routes.post('/users/?') def create_user( ctx: rest.Context, _params: Dict[str, str] = {}) -> rest.Response: - auth.verify_privilege(ctx.user, 'users:create') + if ctx.user.user_id is None: + auth.verify_privilege(ctx.user, 'users:create:self') + else: + auth.verify_privilege(ctx.user, 'users:create:any') + name = ctx.get_param_as_string('name') password = ctx.get_param_as_string('password') email = ctx.get_param_as_string('email', default='') @@ -40,6 +44,7 @@ def create_user( ctx.get_file('avatar', default=b'')) ctx.session.add(user) ctx.session.commit() + return _serialize(ctx, user, force_show_email=True) diff --git a/server/szurubooru/tests/api/test_user_creating.py b/server/szurubooru/tests/api/test_user_creating.py index b5f36e39..699bfefb 100644 --- a/server/szurubooru/tests/api/test_user_creating.py +++ b/server/szurubooru/tests/api/test_user_creating.py @@ -6,7 +6,7 @@ from szurubooru.func import users @pytest.fixture(autouse=True) def inject_config(config_injector): - config_injector({'privileges': {'users:create': 'regular'}}) + config_injector({'privileges': {'users:create:self': 'regular'}}) def test_creating_user(user_factory, context_factory, fake_datetime):