From 6effc94349b0947c0f0638dcaab23a33a56eb869 Mon Sep 17 00:00:00 2001
From: Petter Reinholdtsen <pere@hungry.com>
Date: Wed, 11 Sep 2013 20:11:45 +0200
Subject: [PATCH 1/2] Fix expert user access checks. Several places in the
 code, cfg.users.expert() is used as a boolean test to see if the current user
 is an expert user.  But this do not work. Change the implementation of
 expert() to assume the current user if no argument is given, to get the code
 working.

---
 modules/installed/lib/user_store.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/installed/lib/user_store.py b/modules/installed/lib/user_store.py
index 236b73a8f..1512472be 100644
--- a/modules/installed/lib/user_store.py
+++ b/modules/installed/lib/user_store.py
@@ -16,7 +16,12 @@ class UserStore(UserStoreModule, sqlite_db):
     def close(self):
         self.__exit__(None,None,None)
 
+    def currentuser(self):
+        return cherrypy.session.get(cfg.session_key)
+
     def expert(self, username=None):
+        if username is None:
+            username = self.currentuser()
         groups = self.attr(username,"groups")
         if not groups:
             return False

From 7ff6ea14e2f3ec8607c5c3556c9385927bb2cb06 Mon Sep 17 00:00:00 2001
From: Petter Reinholdtsen <pere@hungry.com>
Date: Wed, 11 Sep 2013 20:31:12 +0200
Subject: [PATCH 2/2] Rewrite fix for UserStore.expert() to be more like
 UserStoreOld.expert().

---
 modules/installed/lib/user_store.py | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/modules/installed/lib/user_store.py b/modules/installed/lib/user_store.py
index 1512472be..0e7c5ecab 100644
--- a/modules/installed/lib/user_store.py
+++ b/modules/installed/lib/user_store.py
@@ -16,12 +16,21 @@ class UserStore(UserStoreModule, sqlite_db):
     def close(self):
         self.__exit__(None,None,None)
 
-    def currentuser(self):
-        return cherrypy.session.get(cfg.session_key)
-
+    def current(self, name=False):
+        """Return current user, if there is one, else None.
+        If name = True, return the username instead of the user."""
+        try:
+            username = cherrypy.session.get(cfg.session_key)
+            if name:
+                return username
+            else:
+                return self.get(username)
+        except AttributeError:
+            return None
+        
     def expert(self, username=None):
-        if username is None:
-            username = self.currentuser()
+        if not username:
+            username = self.current(name=True)
         groups = self.attr(username,"groups")
         if not groups:
             return False