Added user preferences access control in configuration (Admin interface)

server/src/uds/templates/uds/html5/snippets/navbar.html

@@ -1,4 +1,5 @@
 {% load i18n html5 static %}
+    {% preferences_allowed as show_prefs %}
  		<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
 			<!-- Brand and toggle get grouped for better mobile display -->
 			<div class="navbar-header">
@@ -36,7 +37,9 @@
                   <li class="dropdown">
                     <a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="fa fa-user"></i> {{ user.real_name }} <b class="caret"></b></a>
                     <ul class="dropdown-menu">
+                        {% if show_prefs %}
                         <li><a href="{% url "uds.web.views.prefs" %}"><span class="fa fa-edit"></span> {% trans 'Preferences' %}</a></li>
+                        {% endif %}
                     {% if user.staff_member or user.is_admin %}
                         <li><a href="{% url "uds.web.views.download" idDownload='' %}"><span class="fa fa-download"></span> {% trans "Downloads" %}</a></li>
                         {% ifbrowser ie<8 %} 

server/src/uds/templatetags/html5.py

@@ -85,6 +85,9 @@ def enhaced_visual(parser, token):
 
     return EnhacedVisual(states['enhaced_visual'], states.get('else', None))
 
+@register.assignment_tag
+def preferences_allowed():
+    return GlobalConfig.PREFERENCES_ALLOWED.getBool(True)
 
 # Browser related
 class IfBrowser(template.Node):

server/src/uds/web/views.py

@@ -35,6 +35,7 @@ from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidde
 from django.views.decorators.csrf import csrf_exempt
 from django.shortcuts import render_to_response
 from django.shortcuts import render
+from django.shortcuts import redirect
 from django.template import RequestContext
 from django.utils.translation import ugettext as _
 from django.core.urlresolvers import reverse
@@ -215,9 +216,7 @@ def index(request):
     if len(services) == 1 and GlobalConfig.AUTORUN_SERVICE.get(True) == '1' and len(services[0]['transports']) > 0:
         if request.session.get('autorunDone', '0') == '0':
             request.session['autorunDone'] = '1'
-            return HttpResponseRedirect(
-                reverse('uds.web.views.service', kwargs={'idService': services[0]['id'], 'idTransport': services[0]['transports'][0]['id']})
-            )
+            return redirect('uds.web.views.service', idService=services[0]['id'], idTransport=services[0]['transports'][0]['id'])
 
     response = render_to_response(theme.template('index.html'),
         {'services': services, 'java': java, 'ip': request.ip, 'nets': nets, 'transports': validTrans},
@@ -228,9 +227,12 @@ def index(request):
 
 @webLoginRequired
 def prefs(request):
+    # Redirects to index if no preferences change allowed
+    if GlobalConfig.PREFERENCES_ALLOWED.getBool(True) is False:
+        return redirect('uds.web.views.index')
     if request.method == 'POST':
         UserPrefsManager.manager().processRequestForUserPreferences(request.user, request.POST)
-        return HttpResponseRedirect(reverse('uds.web.views.index'))
+        return redirect('uds.web.views.index')
     prefs_form = UserPrefsManager().manager().getHtmlForUserPreferences(request.user)
     return render_to_response(theme.template('prefs.html'), {'prefs_form': prefs_form}, context_instance=RequestContext(request))
 
@@ -429,7 +431,7 @@ def authJava(request, idAuth, hasJava):
         authenticator = Authenticator.objects.get(pk=idAuth)
         os = request.session['OS']
         authLogLogin(request, authenticator, request.user.name, request.session['java'], os)
-        return HttpResponseRedirect(reverse('uds.web.views.index'))
+        return redirect('uds.web.views.index')
 
     except Exception as e:
         return errors.exceptionView(request, e)