changeset 5478:b29b47f681dd

make userprefs suid code more similar to other userprefs code
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 02 Feb 2010 14:01:55 +0100
parents 35df310578d7
children 39cae9b6c0c8
files MoinMoin/userprefs/suid.py
diffstat 1 files changed, 23 insertions(+), 20 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/userprefs/suid.py	Tue Feb 02 13:53:36 2010 +0100
+++ b/MoinMoin/userprefs/suid.py	Tue Feb 02 14:01:55 2010 +0100
@@ -33,29 +33,32 @@
 
     def handle_form(self):
         _ = self._
-        form = self.request.form
+        request = self.request
+        form = request.form
 
-        if 'cancel' in form:
+        if form.has_key('cancel'):
             return
 
-        if (wikiutil.checkTicket(self.request, self.request.form['ticket'][0])
-            and self.request.request_method == 'POST'):
-            uid = form.get('selected_user', [''])[0]
-            if not uid:
-                return 'error', _("No user selected")
-            theuser = user.User(self.request, uid, auth_method='setuid')
-            if not theuser or not theuser.exists():
-                return 'error', _("No user selected")
-            # set valid to True so superusers can even switch
-            # to disable accounts
-            theuser.valid = True
-            self.request.session['setuid'] = uid
-            self.request._setuid_real_user = self.request.user
-            # now continue as the other user
-            self.request.user = theuser
-            return  _("You can now change the settings of the selected user account; log out to get back to your account.")
-        else:
-            return None
+        if request.request_method != 'POST':
+            return
+
+        if not wikiutil.checkTicket(request, form.get('ticket', [''])[0]):
+            return
+
+        uid = form.get('selected_user', [''])[0]
+        if not uid:
+            return 'error', _("No user selected")
+        theuser = user.User(request, uid, auth_method='setuid')
+        if not theuser or not theuser.exists():
+            return 'error', _("No user selected")
+        # set valid to True so superusers can even switch
+        # to disable accounts
+        theuser.valid = True
+        request.session['setuid'] = uid
+        request._setuid_real_user = request.user
+        # now continue as the other user
+        request.user = theuser
+        return  _("You can now change the settings of the selected user account; log out to get back to your account.")
 
     def _user_select(self):
         options = []