# HG changeset patch # User verrierj # Date 1321885997 -3600 # Node ID 953228fcbb5617e706d51b07adba26210cc42c92 # Parent bc1dd5fea0b6e5236dc5e733d3933019fd71bf26 Permissions are checked in search results diff -r bc1dd5fea0b6 -r 953228fcbb56 src/ldt/ldt/ldt_utils/views.py --- a/src/ldt/ldt/ldt_utils/views.py Thu Nov 17 11:48:23 2011 +0100 +++ b/src/ldt/ldt/ldt_utils/views.py Mon Nov 21 15:33:17 2011 +0100 @@ -21,10 +21,9 @@ ContentForm, MediaForm, GroupAddForm, PermissionForm) from guardian.core import ObjectPermissionChecker from guardian.shortcuts import assign, remove_perm, get_perms, get_objects_for_group -from guardian.core import ObjectPermissionChecker from ldt.ldt_utils.models import Content from ldt.ldt_utils.utils import boolean_convert, LdtUtils, LdtSearch -from ldt.security.utils import assign_project_to_groups +from ldt.security.utils import assign_project_to_groups, set_forbidden_stream from lxml.html import fragment_fromstring from models import Media, Project from projectserializer import ProjectSerializer @@ -46,7 +45,7 @@ @login_required -def workspace(request): #Checked +def workspace(request): # list of contents content_list = Content.safe_objects.all() #@UndefinedVariable @@ -63,7 +62,7 @@ context_instance=RequestContext(request)) @login_required -def groups(request): #Checked +def groups(request): # get list of all published projects group_list = request.user.groups #@UndefinedVariable @@ -84,7 +83,7 @@ @login_required -def published_project(request): #checked +def published_project(request): # get list of all published projects project_list = Project.objects.filter(state=2) #@UndefinedVariable @@ -100,13 +99,12 @@ context_instance=RequestContext(request)) -def popup_embed(request): #checked +def popup_embed(request): json_url = request.GET.get("json_url") player_id = request.GET.get("player_id") ldt_id = request.GET.get("ldt_id") - project = Project.safe_objects.get(ldt_id=ldt_id); #@UndefinedVariable stream_mode = project.stream_mode @@ -139,7 +137,7 @@ @login_required -def projects_filter(request, filter, is_owner=False, status=0, id_group=None): #checked +def projects_filter(request, filter, is_owner=False, status=0, id_group=None): is_owner = boolean_convert(is_owner) status = int(status) @@ -185,7 +183,7 @@ context_instance=RequestContext(request)) @login_required -def contents_filter(request, filter): #checked +def contents_filter(request, filter): if filter and len(filter) > 0 and filter[0] == '_': filter = filter[1:] @@ -199,7 +197,7 @@ context_instance=RequestContext(request)) -def search_form(request): # checked +def search_form(request): form = SearchForm() return render_to_response('ldt/ldt_utils/search_form.html', {'form': form} , context_instance=RequestContext(request)) @@ -220,17 +218,26 @@ else: results = get_results_with_context(field, search) complete_results = [] + checker = ObjectPermissionChecker(request.user) results.sort(key=lambda k: k['iri_id']) - for iri_id, item in groupby(results, itemgetter('iri_id')): - try: - content = Content.safe_objects.get(iri_id=iri_id) + for iri_id, item in groupby(results, itemgetter('iri_id')): + try: + content = Content.objects.get(iri_id=iri_id) except Content.DoesNotExist: continue segments = list(item) + i = 0 for s in segments: if not s['project_id']: s['project_id'] = '_' + else: + project = Project.objects.get(ldt_id=s['project_id']) + if not checker.has_perm('view_project', project): + segments.pop(i) + i += 1 + if not segments: + continue score = sum([seg['score'] for seg in segments]) if content.description == None: @@ -238,8 +245,8 @@ else: desc = content.description complete_results.append({'list' : segments, 'score' : score, 'content_title' : content.title, 'content_id' : content.iri_id, 'content_description' : desc }) - complete_results.sort(key=lambda k: k['score']) - + complete_results.sort(key=lambda k: k['score']) + request.session['complete_results'] = complete_results request.session['search'] = search request.session['field'] = field @@ -285,7 +292,7 @@ return render_to_response('ldt/ldt_utils/search_results.html', {'results': results, 'nb_results' : paginator.count, 'search' : search, 'LDT_MEDIA_PREFIX': settings.LDT_MEDIA_PREFIX, 'colorurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/color.xml', 'i18nurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/i18n', 'language': language_code, 'baseurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/'}, context_instance=RequestContext(request)) -def search_index_get(request, field, query): # checked +def search_index_get(request, field, query): language_code = request.LANGUAGE_CODE[:2] @@ -302,7 +309,7 @@ resp.write(lxml.etree.tostring(doc, pretty_print=True, encoding="utf-8")) return resp -def search_ldt(request, field, query, edition=None): #checked +def search_ldt(request, field, query, edition=None): contentList = [] resp = HttpResponse(mimetype="text/xml") @@ -325,15 +332,16 @@ # ids_editions = map(lambda t:t[0], filter(lambda id: id[0] is not None, Speak.objects.filter(session__day__edition=edition).order_by("session__start_ts", "order").values_list("content__iri_id"))) # id_list = filter(lambda id: id in id_list, ids_editions) - contentList = Content.safe_objects.filter(iri_id__in=id_list) #@UndefinedVariable + contentList = Content.objects.filter(iri_id__in=id_list) #@UndefinedVariable projectList = Project.safe_objects.filter(ldt_id__in=projId_list); - + ldtgen = LdtUtils() # generate_ldt(contentList, title=u"", author=u"IRI Web", web_url=u"", startSegment=None, projects=None): doc = ldtgen.generate_ldt(contentList, title=u"Recherche : " + queryStr, projects=projectList) + doc = set_forbidden_stream(doc, request.user) + doc.write(resp, pretty_print=True) - return resp @@ -344,7 +352,7 @@ searcher = LdtSearch() queryStr = base64.urlsafe_b64decode(query.encode("ascii")).decode("utf8") - res = searcher.query(field, queryStr) + res = searcher.query(field, queryStr) else: res = [] @@ -372,7 +380,7 @@ @login_required -def list_ldt(request): #checked +def list_ldt(request): contents = Content.safe_objects.all() #@UndefinedVariable try: owner = request.user #@UndefinedVariable @@ -386,7 +394,7 @@ return render_to_response('ldt/ldt_utils/ldt_list.html', context, context_instance=RequestContext(request)) @login_required -def list_content(request): #checked +def list_content(request): contents = Content.safe_objects.all() #@UndefinedVariable context = { 'contents': contents, @@ -394,7 +402,7 @@ return render_to_response('ldt/ldt_utils/content_list.html', context, context_instance=RequestContext(request)) @login_required -def create_ldt_view(request): #checked +def create_ldt_view(request): permission_formset = formset_factory(PermissionForm, extra=0) if request.method == "POST" : @@ -432,11 +440,11 @@ return render_to_response('ldt/ldt_utils/create_ldt.html', {'contents': contents, 'form': form, 'group_form': group_form, 'management_form': management_form, 'form_status':form_status, 'create_project_action':reverse(create_ldt_view), 'language_code' : settings.LANGUAGE_CODE[2:]}, context_instance=RequestContext(request)) -def created_ldt(request): #checked +def created_ldt(request): return render_to_response('ldt/ldt_utils/save_done.html', context_instance=RequestContext(request)) -def index_segment(request, project_id, content_id, cutting_id, ensemble_id, segment_id): #checked +def index_segment(request, project_id, content_id, cutting_id, ensemble_id, segment_id): url_str = settings.WEB_URL + reverse("ldt.ldt_utils.views.init_segment", args=[project_id, content_id, ensemble_id, cutting_id, segment_id]) post_url = "" language_code = request.LANGUAGE_CODE[:2] @@ -444,23 +452,20 @@ template_path = 'ldt/ldt_utils/init_ldt.html' return render_to_response(template_path, {'LDT_MEDIA_PREFIX': settings.LDT_MEDIA_PREFIX, 'colorurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/color.xml', 'i18nurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/i18n', 'language': language_code, 'baseurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/', 'url': url_str, 'posturl': post_url, 'id': id, 'readonly': readonly}, context_instance=RequestContext(request)) + +def init_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): -def init_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): #checked - if project_id != u"_": get_object_or_404(Project.safe_objects, ldt_id=project_id) - get_object_or_404(Content.safe_objects, iri_id=content_id) ldtgen = LdtUtils() doc = ldtgen.generate_init([project_id, content_id, ensemble_id, cutting_id, segment_id], 'ldt.ldt_utils.views.ldt_segment', 'ldt.ldt_utils.views.highlight_segment') return HttpResponse(lxml.etree.tostring(lxml.etree.ElementTree(doc), pretty_print=True), mimetype="text/xml;charset=utf-8") -def highlight_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): #checked - +def highlight_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): if project_id != u"_": get_object_or_404(Project.safe_objects, ldt_id=project_id) - get_object_or_404(Content.safe_objects, iri_id=content_id) iri = lxml.etree.Element('iri') doc = lxml.etree.ElementTree(iri) @@ -476,7 +481,7 @@ return HttpResponse(lxml.etree.tostring(doc, pretty_print=True), mimetype="text/xml;charset=utf-8") -def ldt_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): #checked +def ldt_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): resp = HttpResponse(mimetype="text/xml") resp['Cache-Control'] = 'no-cache, must-revalidate' @@ -485,6 +490,8 @@ if project_id and project_id != "_" : project = Project.safe_objects.get(ldt_id=project_id) #@UndefinedVariable ldtdoc = lxml.etree.fromstring(project.ldt.encode("utf-8")) + + ldtdoc = set_forbidden_stream(ldtdoc, request.user) displays_node = ldtdoc.find("displays") if not displays_node: displays_node = lxml.etree.SubElement(ldtdoc, u"displays") @@ -515,7 +522,7 @@ else: # generate ldt from ldtgen = LdtUtils() - content_list = Content.safe_objects.filter(iri_id=content_id) + content_list = Content.objects.filter(iri_id=content_id) if request.user and request.user.username: username = request.user.username else: @@ -526,17 +533,18 @@ 'idgroup' : ensemble_id, 'idcutting' : cutting_id, 'idsegment' : segment_id - } + } doc = ldtgen.generate_ldt(content_list, "segment : ", author=username, startSegment=start_segment) - + doc = set_forbidden_stream(doc, request.user) + doc.write(resp, pretty_print=('DEBUG' in dir(settings) and settings.DEBUG)) return resp # ldtgen. -def index_project(request, id, full=False): # checked +def index_project(request, id, full=False): urlStr = settings.WEB_URL + reverse("space_ldt_init", args=['ldt_project', id]) posturl = settings.WEB_URL + reverse("ldt.ldt_utils.views.save_ldt_project") @@ -565,14 +573,10 @@ resp['Cache-Control'] = 'no-cache, must-revalidate' resp['Pragma'] = 'no-cache' - f = open('D:/verrierj/platform_group/test', 'w') - f.write(method) - f.close() - resp.write(lxml.etree.tostring(doc, pretty_print=True, xml_declaration=True, encoding="utf-8")) return resp -def ldt_project(request, id): #checked +def ldt_project(request, id): resp = HttpResponse(mimetype="text/xml") resp['Cache-Control'] = 'no-cache, must-revalidate' resp['Pragma'] = 'no-cache' @@ -580,25 +584,20 @@ project = Project.safe_objects.get(ldt_id=id) #@UndefinedVariable doc = lxml.etree.fromstring(project.ldt) - checker = ObjectPermissionChecker(request.user) - - for elem in doc.xpath('/iri/medias/media'): - content = Content.objects.get(iri_id=elem.get('id')) - if not checker.has_perm('view_content', content): - elem.set('video', settings.FORBIDDEN_STREAM_URL) + doc = set_forbidden_stream(doc, request.user) resp.write(lxml.etree.tostring(doc, pretty_print=True, xml_declaration=True, encoding="utf-8")) return resp -def project_json_id(request, id): # checked +def project_json_id(request, id): project = get_object_or_404(Project.safe_objects, ldt_id=id) return project_json(request, project, False) -def project_json_externalid(request, id): #checked +def project_json_externalid(request, id): res_proj = get_list_or_404(Project.safe_objects.order_by('-modification_date'), contents__external_id=id) #@UndefinedVariable @@ -606,7 +605,7 @@ -def project_json(request, project, serialize_contents=True): +def project_json(request, project, serialize_contents=True): # Not checked if not ldt_auth.check_access(request.user, project): return HttpResponseForbidden(_("You can not access this project")) @@ -650,7 +649,7 @@ return resp -def project_annotations_rdf(request, ldt_id): #checked +def project_annotations_rdf(request, ldt_id): project = Project.safe_objects.get(ldt_id=ldt_id); #@UndefinedVariable @@ -738,7 +737,7 @@ return render_to_response('ldt/ldt_utils/save_done.html', {'ldt': ldt, 'id':id, 'title':ldtproject.title, 'contents': new_contents}, context_instance=RequestContext(request)) @login_required -def publish(request, id, redirect=True): #checked +def publish(request, id, redirect=True): ldt = get_object_or_404(Project.safe_objects, ldt_id=id) ldt.state = 2 ldt.save() @@ -749,7 +748,7 @@ return HttpResponse(simplejson.dumps({'res':True, 'ldt': {'id': ldt.id, 'state':ldt.state, 'ldt_id': ldt.ldt_id}}, ensure_ascii=False), mimetype='application/json') @login_required -def unpublish(request, id, redirect=True): #checked +def unpublish(request, id, redirect=True): ldt = get_object_or_404(Project.safe_objects, ldt_id=id) ldt.state = 1 ldt.save() @@ -760,7 +759,7 @@ return HttpResponse(simplejson.dumps({'res':True, 'ldt': {'id': ldt.id, 'state':ldt.state, 'ldt_id': ldt.ldt_id}}, ensure_ascii=False), mimetype='application/json') -def index(request, url): #checked +def index(request, url): urlStr = settings.WEB_URL + reverse("ldt_init", args=['ldt', url]) language_code = request.LANGUAGE_CODE[:2] @@ -768,7 +767,7 @@ return render_to_response('ldt/ldt_utils/init_ldt.html', {'LDT_MEDIA_PREFIX': settings.LDT_MEDIA_PREFIX, 'colorurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/color.xml', 'i18nurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/i18n', 'language': language_code, 'baseurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/', 'url': urlStr, 'weburl':settings.WEB_URL + settings.BASE_URL}, context_instance=RequestContext(request)) -def ldt(request, url, startSegment=None): #checked +def ldt(request, url, startSegment=None): resp = HttpResponse(mimetype="text/xml; charset=utf-8") resp['Cache-Control'] = 'no-cache' @@ -777,17 +776,18 @@ ldtgen = LdtUtils() doc = ldtgen.generate_ldt(contentList, title=contentList[0].title, startSegment=startSegment) + doc = set_forbidden_stream(doc, request.user) doc.write(resp, pretty_print=True) return resp -def loading(request): #checked +def loading(request): return render_to_response('ldt/ldt_utils/loading.html', context_instance=RequestContext(request)) @login_required -def create_project(request, iri_id): #checked +def create_project(request, iri_id): content = get_object_or_404(Content.safe_objects, iri_id=iri_id) contents = [ content, ] @@ -810,7 +810,7 @@ return render_to_response('ldt/ldt_utils/create_ldt.html', {'form':form, 'contents':contents, 'groups' : groups, 'create_project_action':reverse("ldt.ldt_utils.views.create_project", args=[iri_id]), 'target_parent':target_parent}, context_instance=RequestContext(request)) @login_required -def update_project(request, ldt_id): #checked +def update_project(request, ldt_id): permission_formset = formset_factory(PermissionForm, extra=0) project = get_object_or_404(Project.safe_objects, ldt_id=ldt_id) contents = project.contents.all() @@ -880,7 +880,7 @@ 'create_project_action':reverse("ldt.ldt_utils.views.update_project", args=[ldt_id])}, context_instance=RequestContext(request)) @login_required -def copy_project(request, ldt_id): # checked +def copy_project(request, ldt_id): project = get_object_or_404(Project.safe_objects, ldt_id=ldt_id) if request.method == "POST" : @@ -900,7 +900,7 @@ return render_to_response('ldt/ldt_utils/copy_ldt.html', {'form':form, 'project':project, 'target_parent':target_parent}, context_instance=RequestContext(request)) -def write_content_base(request, iri_id=None): #checked +def write_content_base(request, iri_id=None): if iri_id: instance_content = Content.safe_objects.get(iri_id=iri_id) #@UndefinedVariable @@ -1095,7 +1095,7 @@ return content_form, media_form, form_status @login_required -def write_content(request, iri_id=None): #checked +def write_content(request, iri_id=None): submit_action = request.REQUEST.get("submit_button", False) @@ -1127,7 +1127,7 @@ return render_to_response('ldt/ldt_utils/create_content.html', {'content_form': content_form, 'media_form': media_form, 'form_status': form_status, 'create_content_action': create_content_action, 'iri_id': iri_id, 'session_key':session_key, 'cookie_name':cookie_name}, context_instance=RequestContext(request)) @login_required -def prepare_delete_content(request, iri_id=None): #checked +def prepare_delete_content(request, iri_id=None): errors = [] titles = [] if not iri_id: @@ -1147,7 +1147,7 @@ @login_required -def delete_content(request, iri_id=None): #checked +def delete_content(request, iri_id=None): if not iri_id: iri_id = request.REQUEST.get("iri_id", None) @@ -1155,7 +1155,7 @@ Content.objects_safe.filter(iri_id=iri_id).delete() #@UndefinedVariable -def upload(request): #checked +def upload(request): if request.method == 'POST': for field_name in request.FILES: # We get the file name @@ -1182,14 +1182,14 @@ else: return HttpResponse("notok", mimetype="text/plain") -def remove_temp_file(request): #checked +def remove_temp_file(request): # The filename arrives with a GET var. file_path = os.path.join(settings.STREAM_PATH, "tmp/" + request.COOKIES[settings.SESSION_COOKIE_NAME] + "/", ldt_utils_path.sanitize_filename(request.GET["filename"])) if os.path.exists(file_path): os.remove(file_path) return HttpResponse("remove ok", mimetype="text/plain") -def get_duration(request): #checked +def get_duration(request): try: # The filename arrives with a GET var. file_path = os.path.join(settings.STREAM_PATH, "tmp/" + request.COOKIES[settings.SESSION_COOKIE_NAME] + "/", ldt_utils_path.sanitize_filename(request.GET["filename"])) @@ -1207,7 +1207,7 @@ @login_required -def get_group_projects(request): #checked +def get_group_projects(request): # Get group, user and project_list grp = Group.objects.get(id=request.POST["id_group"]) #@UndefinedVariable @@ -1222,7 +1222,7 @@ context_instance=RequestContext(request)) @login_required -def create_group(request): #checked +def create_group(request): user_list = User.objects.exclude(id=settings.ANONYMOUS_USER_ID).exclude(id=request.user.id) form_status = '' @@ -1252,7 +1252,7 @@ return render_to_response("ldt/ldt_utils/create_group.html", {'form' : form, 'form_status' : form_status, 'user_list' : user_list, 'admin_list': user_list}, context_instance=RequestContext(request)) @login_required -def update_group(request, group_id): #checked +def update_group(request, group_id): group = get_object_or_404(Group, id=group_id) user_list = User.objects.exclude(id=settings.ANONYMOUS_USER_ID).exclude(id=request.user.id) @@ -1306,7 +1306,7 @@ return render_to_response("ldt/ldt_utils/create_group.html", {'group_id' : group_id, 'form' : form, 'form_status' : form_status, 'user_list' : user_list}, context_instance=RequestContext(request)) @login_required -def leave_group(request, group_id, redirect=True): #checked +def leave_group(request, group_id, redirect=True): group = get_object_or_404(Group, id=group_id) redirect = boolean_convert(redirect) diff -r bc1dd5fea0b6 -r 953228fcbb56 src/ldt/ldt/security/manager.py --- a/src/ldt/ldt/security/manager.py Thu Nov 17 11:48:23 2011 +0100 +++ b/src/ldt/ldt/security/manager.py Mon Nov 21 15:33:17 2011 +0100 @@ -3,23 +3,25 @@ from utils import get_current_user class SafeManager(Manager): + use_for_related_fields = True - def __init__(self, user=None, check_perm=True): + def __init__(self, user=None, check_perm=False): super(SafeManager, self).__init__() self.user = user self.check_perm = check_perm - + def get_query_set(self): if not self.check_perm: - return super(SafeManager, self).get_query_set() - + return super(SafeManager, self).get_query_set() + if not self.user: self.user = get_current_user() - #raise AttributeError("A user has to be chosen to check permissions.") + + if not self.user: + raise AttributeError("No user is attached to the current thread.") perm_name = '%s.view_%s' % (self.model._meta.app_label, self.model.__name__.lower()) user_objects = get_objects_for_user(self.user, perm_name, klass=self.model.objects) - return user_objects - \ No newline at end of file + return user_objects \ No newline at end of file diff -r bc1dd5fea0b6 -r 953228fcbb56 src/ldt/ldt/security/middleware.py --- a/src/ldt/ldt/security/middleware.py Thu Nov 17 11:48:23 2011 +0100 +++ b/src/ldt/ldt/security/middleware.py Mon Nov 21 15:33:17 2011 +0100 @@ -9,11 +9,15 @@ raise MiddlewareNotUsed() def process_request(self, request): - _thread_locals.user = request.user - protect_models() + if not hasattr(_thread_locals, 'user'): + _thread_locals.user = request.user + protect_models() def process_response(self, request, response): unprotect_models() - del _thread_locals.user + + if hasattr(_thread_locals, 'user'): + del _thread_locals.user - return response \ No newline at end of file + return response + \ No newline at end of file diff -r bc1dd5fea0b6 -r 953228fcbb56 src/ldt/ldt/security/models.py --- a/src/ldt/ldt/security/models.py Thu Nov 17 11:48:23 2011 +0100 +++ b/src/ldt/ldt/security/models.py Mon Nov 21 15:33:17 2011 +0100 @@ -2,8 +2,8 @@ from manager import SafeManager class SafeModel(models.Model): - objects = SafeManager(check_perm=False) - safe_objects = SafeManager() + objects = SafeManager() + safe_objects = SafeManager(check_perm=True) class Meta: abstract = True \ No newline at end of file diff -r bc1dd5fea0b6 -r 953228fcbb56 src/ldt/ldt/security/utils.py --- a/src/ldt/ldt/security/utils.py Thu Nov 17 11:48:23 2011 +0100 +++ b/src/ldt/ldt/security/utils.py Mon Nov 21 15:33:17 2011 +0100 @@ -46,12 +46,13 @@ cls.save = change_security(user, class_name)(cls.save) cls.delete = change_security(user, class_name)(cls.delete) -def unprotect_model(cls): +def unprotect_model(cls): if hasattr(cls, 'old_save'): cls.save = cls.old_save cls.delete = cls.old_delete del cls.old_save - del cls.old_delete + del cls.old_delete + cls.safe_objects.user = None def change_security(user, cls_name): def wrapper(func): @@ -64,6 +65,21 @@ return wrapped return wrapper +def set_forbidden_stream(xml, user): + cls = ContentType.objects.get(model='content') + cls = cls.model_class() + + old_user = cls.safe_objects.user + obj_list = cls.safe_objects.all() + + for elem in xml.xpath('/iri/medias/media'): + if not obj_list.filter(iri_id=elem.get('id')): + elem.set('video', settings.FORBIDDEN_STREAM_URL) + + cls.safe_objects.user = old_user + + return xml + def assign_project_to_groups(project, permissions): for elem in permissions: group = Group.objects.get(id=elem['group']) diff -r bc1dd5fea0b6 -r 953228fcbb56 src/ldt/ldt/user/models.py --- a/src/ldt/ldt/user/models.py Thu Nov 17 11:48:23 2011 +0100 +++ b/src/ldt/ldt/user/models.py Mon Nov 21 15:33:17 2011 +0100 @@ -27,8 +27,6 @@ else: new_user.set_unusable_password() new_user.save() - public_group = Group.objects.get(name=settings.PUBLIC_GROUP_NAME) - new_user.groups.add(public_group) return new_user