add an option to disable login by default (nologin.patch)

add option - enabled by default unregister components and controllers when enabled

download
# HG changeset patch
# User Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
# Date 1365097967 -7200
# Node ID 26567837ffc881fc902ca71eb041097af3680fb6
# Parent  208aa483385c42eae137cd1919fca9ad57a8c5ff
Add an option to disable login by default

Avoid login by default since this might be seen as an inconsiderate
on a read-only Web site open to the public.

diff -r 208aa483385c -r 26567837ffc8 site_cubicweb.py
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/site_cubicweb.py	Thu Apr 04 19:52:47 2013 +0200
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+# copyright 2013 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+# contact http://www.logilab.fr -- mailto:contact@logilab.fr
+#
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Lesser General Public License as published by the Free
+# Software Foundation, either version 2.1 of the License, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+
+options = (
+    ('login-allowed',
+     {'type': 'yn',
+      'default': False,
+      'help': 'allow users to log in',
+      'group': 'brainomics',
+      'level': 2,
+      }),
+)
diff -r 208aa483385c -r 26567837ffc8 views/components.py
--- a/views/components.py	Fri Jan 25 09:01:55 2013 +0100
+++ b/views/components.py	Thu Apr 04 19:52:47 2013 +0200
@@ -1,4 +1,3 @@
-
 from logilab.mtconverter import xml_escape
 
 from cubicweb import tags
@@ -63,3 +62,10 @@
 
     def render(self, w, **kwargs):
         super(BrainomicsRelatedMeasures, self).render(w, measures=ALL_MEASURES)
+
+
+from cubes.orbui.views.orbui_components import CookieLoginComponentOrbui
+
+def registration_callback(vreg):
+    if not vreg.config['login-allowed']:
+        vreg.unregister(CookieLoginComponentOrbui)
diff -r 208aa483385c -r 26567837ffc8 views/controllers.py
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/views/controllers.py	Thu Apr 04 19:52:47 2013 +0200
@@ -0,0 +1,31 @@
+from cubicweb.web.views.basecontrollers import LoginController
+from cubicweb.web import NotFound
+
+class DisengageableLoginController(LoginController):
+    """replace default login controller to allow /login only
+    if session variable 'login-allowed' is set to 'yes'.
+
+    A better solution would have been to simply unregister the
+    `LoginController` if login is not allowed but as of CW 3.13,
+    CubicwebPublisher would raise a UnauthorizedError exception
+    instead of NotFound (due to bad error handling + registry keeping
+    empty oid keys even if there is no related appobject anymore)
+    """
+    def publish(self, rset=None):
+        """log in the instance"""
+        if self._cw.vreg.config['login-allowed']:
+            return super(DisengageableLoginController, self).publish(rset)
+        else:
+            raise NotFound()
+
+from cubicweb.web.views.authentication import LoginPasswordRetreiver
+from cubicweb.web.views.basecontrollers import JSonController
+from cubicweb.web.views.ajaxcontroller import AjaxController
+
+def registration_callback(vreg):
+    if not vreg.config['login-allowed']:
+        vreg.unregister(LoginPasswordRetreiver)
+        vreg.unregister(JSonController)
+        vreg.unregister(AjaxController)
+        vreg.unregister(LoginController)
+        vreg.register(DisengageableLoginController)