aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2008-04-14 10:45:27 -0700
committerMark Sapiro <mark@msapiro.net>2008-04-14 10:45:27 -0700
commitbb4873af815ee6fa4b544162ad8e52c6395b79d0 (patch)
tree2414f362a6d97ad93fc53a8a16e2ba26a7733bf1
parentbd24691c148b28080a56a9e6556b214d4adbe77d (diff)
downloadmailman2-bb4873af815ee6fa4b544162ad8e52c6395b79d0.tar.gz
mailman2-bb4873af815ee6fa4b544162ad8e52c6395b79d0.tar.xz
mailman2-bb4873af815ee6fa4b544162ad8e52c6395b79d0.zip
options.py - Made the ability for a list admin to change a members password
conditional on mm_cfg.OWNERS_CAN_CHANGE_MEMBER_PASSWORDS. Defaults.py.in - Added OWNERS_CAN_CHANGE_MEMBER_PASSWORDS = No.
Diffstat (limited to '')
-rw-r--r--Mailman/Cgi/options.py8
-rw-r--r--Mailman/Defaults.py.in8
2 files changed, 15 insertions, 1 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 67700028..3c736483 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -421,6 +421,14 @@ address. Upon confirmation, any other mailing list containing the address
return
if cgidata.has_key('changepw'):
+ # Is this list admin and is list admin allowed to change passwords.
+ if not (is_user_or_siteadmin
+ or mm_cfg.OWNERS_CAN_CHANGE_MEMBER_PASSWORDS):
+ doc.addError(_("""The list administrator may not change the
+ password for a user."""))
+ options_page(mlist, doc, user, cpuser, userlang)
+ print doc.Format()
+ return
newpw = cgidata.getvalue('newpw')
confirmpw = cgidata.getvalue('confpw')
if not newpw or not confirmpw:
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index 0bedbc6e..8f8c64f0 100644
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -1,6 +1,6 @@
# -*- python -*-
-# Copyright (C) 1998-2007 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -785,6 +785,12 @@ OWNERS_CAN_DELETE_THEIR_OWN_LISTS = No
# but can have a heavy impact on the performance of your system.
OWNERS_CAN_ENABLE_PERSONALIZATION = No
+# Set this variable to Yes to allow list owners to change a member's password
+# from the member's options page. Do not do this if list owners aren't all
+# trustworthy as it allows a list owner to change a member's password and then
+# log in as the member and make global changes.
+OWNERS_CAN_CHANGE_MEMBER_PASSWORDS = No
+
# Should held messages be saved on disk as Python pickles or as plain text?
# The former is more efficient since we don't need to go through the
# parse/generate roundtrip each time, but the latter might be preferred if you