Added a fake guest user class; stubbed out permissions.

diff --git a/splinext/users/__init__.py b/splinext/users/__init__.py
index 73f2029..a6a6ca7 100644 (file)
--- a/splinext/users/__init__.py
+++ b/splinext/users/__init__.py
@@ -31,9 +31,8 @@ def check_userid_hook(action, **params):
     c.
     """
 
-    c.user = None
-
     if not 'user_id' in session:
+        c.user = users_model.AnonymousUser()
         return
 
     user = meta.Session.query(users_model.User).get(session['user_id'])
@@ -41,6 +40,8 @@ def check_userid_hook(action, **params):
         # Bogus id in the session somehow.  Clear it
         del session['user_id']
         session.save()
+
+        c.user = users_model.AnonymousUser()
         return
 
     c.user = user

diff --git a/splinext/users/model/__init__.py b/splinext/users/model/__init__.py
index 2fd444b..d6c0cb5 100644 (file)
--- a/splinext/users/model/__init__.py
+++ b/splinext/users/model/__init__.py
@@ -9,6 +9,22 @@ from sqlalchemy.types import Integer, Unicode
 
 from spline.model.meta import TableBase
 
+class AnonymousUser(object):
+    """Fake user object, for when the user isn't actually logged in.
+
+    Tests as false and tries to respond to method calls the expected way.
+    """
+
+    def __nonzero__(self):
+        return False
+    def __bool__(self):
+        return False
+
+    def can(self, action):
+        # XXX if viewing is ever a permission, this should probably change.
+        return False
+
+
 class User(TableBase):
     __tablename__ = 'users'
     id = Column(Integer, primary_key=True)
@@ -24,6 +40,10 @@ class User(TableBase):
 
         super(User, self).__init__(*args, **kwargs)
 
+    def can(self, action):
+        # XXX this is probably not desired.
+        return True
+
     @property
     def unique_colors(self):
         """Returns a list of (width, '#rrggbb') tuples that semi-uniquely