reistration of previously attending expoer working again.

core/views/user_registration.py

@@ -15,6 +15,8 @@ from troggle.core.utils import (
     add_commit,
     is_identified_user
     )
+from troggle.core.views.auth import expologout
+
 """
 This is the new individual user login registration, instead of everyone signing
 in as "expo". This will be useful for the kanban expo organisation tool.
@@ -133,14 +135,35 @@ def register(request, url_username=None):
     similar to the "expo" user
     (with cavey:beery password) but specific to an individual.
     
+    We only allow this to be done ONCE for each user-id.
+    
     """
     warning = ""
     initial_values={"visible-passwords": "True"}
  
     logged_in = (identified_login := is_identified_user(request.user))
     if logged_in:
-        return re_register_email(request)
-         
+        # logged in as a known real person with a USer logon
+        return re_register_email(request) # discarding url_username 
+    
+    if not request.user.is_anonymous:    
+        # logged in as expo or expoadmin, so logout invisibly before we do anything
+        expologout(request) # returns a response, which we discard
+        
+    if url_username: # if provided in URL
+        if Person.objects.filter(slug=url_username).count() != 1:
+            # not an old expoer, so redirect to the other form
+            print(Person.objects.filter(slug=url_username).count())
+            return HttpResponseRedirect("/accounts/newregister/")
+
+        initial_values.update({"username": url_username})
+        form = register_form(initial=initial_values)
+        form.fields["username"].widget.attrs["readonly"]="readonly"
+    else:
+        form = register_form(initial=initial_values)
+    
+ 
+
     if request.method == "POST":
         form = register_form(request.POST)
         if form.is_valid():
@@ -152,7 +175,7 @@ def register(request, url_username=None):
             if len(expoers) != 0:            
                 # this is a password re-set, not a new registration. So we need to check it is the same person.
                 form_user = expoers[0]
-                if current_user != form_user:
+                if request.user != form_user:
                     print(f"## UNAUTHORIZED Password reset ## {request.user} {form_user}")
                     # return render(request, "login/register.html", {"form": form, "unauthorized": True}) 
             # create User in the system and refresh stored encrypted user list and git commit it:   
@@ -161,15 +184,7 @@ def register(request, url_username=None):
             # to do, login automatically, and redirect to control panel ?
             return HttpResponseRedirect("/accounts/login/")
     else: # GET
-        if url_username: # if provided in URL
-            if not request.user.is_anonymous:
-                warning = f"WARNING - you are logged-in as someone else '{request.user}'. You must logout and login again as '{url_username}' "
-            print(f"REGISTER: {warning}")
-            initial_values.update({"username": url_username})        
-        elif request.user:
-            initial_values.update({"username": request.user.username})
-            
-    form = register_form(initial=initial_values)
+        pass
     return render(request, "login/register.html", {"form": form, "warning": warning, "logged_in": logged_in})