misc: hide disabled attributes and values (#42963)

src/authentic2/custom_user/models.py

@@ -47,7 +47,7 @@ from .managers import UserManager, UserQuerySet
 @RequestCache
 def get_attributes_map():
     mapping = {}
-    for at in Attribute.all_objects.all():
+    for at in Attribute.objects.all():
         mapping[at.id] = at
         mapping[at.name] = at
     return mapping
@@ -60,7 +60,7 @@ class Attributes(object):
         if not hasattr(self.owner, '_a2_attributes_cache'):
             values = {}
             setattr(self.owner, '_a2_attributes_cache', values)
-            for atv in self.owner.attribute_values.all():
+            for atv in self.owner.attribute_values.filter(attribute__disabled=False):
                 attribute = get_attributes_map()[atv.attribute_id]
                 atv.attribute = attribute
                 if attribute.multiple:
@@ -332,10 +332,20 @@ class User(AbstractBaseUser, PermissionMixin):
         update_fields = kwargs.get('update_fields')
         rc = super(User, self).save(*args, **kwargs)
         if not update_fields or not set(update_fields).isdisjoint(set(['first_name', 'last_name'])):
-            if self.attributes.first_name != self.first_name:
-                self.attributes.first_name = self.first_name
-            if self.attributes.last_name != self.last_name:
-                self.attributes.last_name = self.last_name
+            try:
+                self.attributes.first_name
+            except AttributeError:
+                pass
+            else:
+                if self.attributes and self.attributes.first_name != self.first_name:
+                    self.attributes.first_name = self.first_name
+            try:
+                self.attributes.last_name
+            except AttributeError:
+                pass
+            else:
+                if self.attributes.last_name != self.last_name:
+                    self.attributes.last_name = self.last_name
         return rc
 
     def can_change_password(self):

src/authentic2/managers.py

@@ -111,4 +111,4 @@ class AttributeManager(managers.QueryManager.from_queryset(GetByNameQuerySet)):
 
 
 ServiceManager = BaseServiceManager.from_queryset(ServiceQuerySet)
-AttributeValueManager = models.Manager.from_queryset(AttributeValueQuerySet)
+AttributeValueManager = managers.QueryManager.from_queryset(AttributeValueQuerySet)

src/authentic2/migrations/0021_attribute_order.py

@@ -24,7 +24,12 @@ class Migration(migrations.Migration):
         migrations.AlterModelManagers(
             name='attribute',
             managers=[
-                ('objects', django.db.models.manager.Manager()),
+                ('all_objects', django.db.models.manager.Manager()),
+            ],
+        ),
+        migrations.AlterModelManagers(
+            name='attributevalue',
+            managers=[
                 ('all_objects', django.db.models.manager.Manager()),
             ],
         ),

src/authentic2/models.py

@@ -160,8 +160,8 @@ class Attribute(models.Model):
         verbose_name=_('order'),
         default=0)
 
-    objects = managers.AttributeManager(disabled=False)
     all_objects = managers.AttributeManager()
+    objects = managers.AttributeManager(disabled=False)
 
     registration_attributes = QueryManager(asked_on_registration=True)
     user_attributes = QueryManager(user_editable=True)
@@ -218,7 +218,7 @@ class Attribute(models.Model):
     def get_value(self, owner, verified=None):
         kind = self.get_kind()
         deserialize = kind['deserialize']
-        atvs = AttributeValue.objects.with_owner(owner)
+        atvs = AttributeValue.all_objects.with_owner(owner)
         if verified is True or verified is False:
             atvs = atvs.filter(verified=verified)
         if self.multiple:
@@ -324,7 +324,8 @@ class AttributeValue(models.Model):
     content = models.TextField(verbose_name=_('content'), db_index=True)
     verified = models.BooleanField(default=False)
 
-    objects = managers.AttributeValueManager()
+    all_objects = managers.AttributeValueManager()
+    objects = managers.AttributeValueManager(attribute__disabled=False)
 
     def to_python(self):
         deserialize = self.attribute.get_kind()['deserialize']

tests/test_models.py

@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+# authentic2 - versatile identity manager
+# Copyright (C) 2010-2019 Entr'ouvert
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import unicode_literals
+
+import pytest
+
+from authentic2.models import Attribute
+from authentic2.custom_user.models import User
+
+
+def test_attribute_disabled(db):
+    attribute = Attribute.all_objects.create(name='test', label='test', kind='string')
+    user = User.objects.create()
+    user.attributes.test = 'abcd'
+
+    assert user.to_json()['test'] == 'abcd'
+    attribute.disabled = True
+    attribute.save()
+    assert 'test' not in user.to_json()
+
+    with pytest.raises(AttributeError):
+        assert user.attributes.test == 'abcd'
+
+    with pytest.raises(AttributeError):
+        user.attributes.test = '1234'