misc: drop anonymous attribute from users (#77162)
This commit is contained in:
parent
96b9503832
commit
45bee7910b
|
@ -300,9 +300,9 @@ class ApiCardPage(ApiFormPageMixin, BackofficeCardPage):
|
|||
if is_url_signed() and get_user_from_api_query_string(api_name=api_name) is None:
|
||||
# signed but no user specified, grant access.
|
||||
class ApiAdminUser:
|
||||
id = Ellipsis # make sure it fails all over the place if used
|
||||
is_admin = True
|
||||
anonymous = True
|
||||
is_api_user = False
|
||||
is_api_user = True
|
||||
get_roles = lambda x: []
|
||||
|
||||
get_request()._user = ApiAdminUser()
|
||||
|
|
|
@ -75,7 +75,6 @@ class ApiAccess(XmlStorableObject):
|
|||
id = Ellipsis # make sure it fails all over the place if used
|
||||
is_admin = False
|
||||
is_api_user = True
|
||||
anonymous = False
|
||||
|
||||
def __init__(self, api_access):
|
||||
self.api_access = api_access
|
||||
|
|
|
@ -184,8 +184,6 @@ class FormStatusPage(Directory, FormTemplateMixin):
|
|||
setattr(self, name, directory)
|
||||
|
||||
def check_auth(self, api_call=False):
|
||||
session = get_session()
|
||||
mine = False
|
||||
if api_call:
|
||||
user = get_user_from_api_query_string() or get_request().user
|
||||
if get_request().has_anonymised_data_api_restriction() and (not user or not user.is_api_user):
|
||||
|
@ -195,12 +193,8 @@ class FormStatusPage(Directory, FormTemplateMixin):
|
|||
raise errors.AccessUnauthorizedError()
|
||||
else:
|
||||
user = get_request().user
|
||||
if user and not user.anonymous:
|
||||
if self.filled.is_submitter(user):
|
||||
mine = True
|
||||
else:
|
||||
if session and session.is_anonymous_submitter(self.filled):
|
||||
mine = True
|
||||
|
||||
mine = self.filled.is_submitter(user)
|
||||
|
||||
self.check_receiver()
|
||||
return mine
|
||||
|
@ -364,12 +358,7 @@ class FormStatusPage(Directory, FormTemplateMixin):
|
|||
session = get_session()
|
||||
filled = self.filled
|
||||
if not (get_request().is_in_backoffice() and filled.backoffice_submission):
|
||||
if session.is_anonymous_submitter(filled):
|
||||
pass
|
||||
elif session.user:
|
||||
if str(session.user) != str(filled.user_id):
|
||||
raise errors.AccessUnauthorizedError()
|
||||
else:
|
||||
if not self.filled.is_submitter(get_request().user):
|
||||
raise errors.AccessUnauthorizedError()
|
||||
|
||||
magictoken = randbytes(8)
|
||||
|
|
|
@ -2101,10 +2101,6 @@ class RootDirectory(AccessControlled, Directory):
|
|||
r += htmltext('<p id="logout">')
|
||||
if user.can_go_in_backoffice():
|
||||
r += htmltext('<a href="%sbackoffice/">%s</a> - ') % (root_url, _('Back Office'))
|
||||
if user.anonymous:
|
||||
if get_cfg('saml_identities', {}).get('creation', 'admin') != 'admin':
|
||||
r += htmltext('<a href="%sregister">%s</a> - ') % (root_url, _('Register'))
|
||||
|
||||
r += htmltext('<a href="%slogout">%s</a></p>') % (root_url, _('Logout'))
|
||||
|
||||
elif get_cfg('sp') or get_cfg('identification', {}).get('methods'):
|
||||
|
|
|
@ -230,7 +230,7 @@ class HTTPRequest(quixote.http_request.HTTPRequest):
|
|||
if api_access:
|
||||
return api_access.restrict_to_anonymised_data
|
||||
|
||||
if self.user and self.user.is_api_user:
|
||||
if self.user and self.user.is_api_user and not self.user.is_admin:
|
||||
return self.user.api_access.restrict_to_anonymised_data
|
||||
|
||||
return False
|
||||
|
|
10
wcs/sql.py
10
wcs/sql.py
|
@ -1068,7 +1068,6 @@ def do_user_table():
|
|||
roles text[],
|
||||
is_active bool,
|
||||
is_admin bool,
|
||||
anonymous bool,
|
||||
verified_fields text[],
|
||||
name_identifiers text[],
|
||||
lasso_dump text,
|
||||
|
@ -1091,7 +1090,6 @@ def do_user_table():
|
|||
'email',
|
||||
'roles',
|
||||
'is_admin',
|
||||
'anonymous',
|
||||
'name_identifiers',
|
||||
'verified_fields',
|
||||
'lasso_dump',
|
||||
|
@ -3100,7 +3098,6 @@ class SqlUser(SqlMixin, wcs.users.User):
|
|||
('email', 'varchar'),
|
||||
('roles', 'varchar[]'),
|
||||
('is_admin', 'bool'),
|
||||
('anonymous', 'bool'),
|
||||
('name_identifiers', 'varchar[]'),
|
||||
('verified_fields', 'varchar[]'),
|
||||
('lasso_dump', 'text'),
|
||||
|
@ -3127,7 +3124,6 @@ class SqlUser(SqlMixin, wcs.users.User):
|
|||
'email': self.email,
|
||||
'roles': self.roles,
|
||||
'is_admin': self.is_admin,
|
||||
'anonymous': self.anonymous,
|
||||
'name_identifiers': self.name_identifiers,
|
||||
'verified_fields': self.verified_fields,
|
||||
'lasso_dump': self.lasso_dump,
|
||||
|
@ -3223,7 +3219,6 @@ class SqlUser(SqlMixin, wcs.users.User):
|
|||
o.email,
|
||||
o.roles,
|
||||
o.is_admin,
|
||||
o.anonymous,
|
||||
o.name_identifiers,
|
||||
o.verified_fields,
|
||||
o.lasso_dump,
|
||||
|
@ -3231,7 +3226,7 @@ class SqlUser(SqlMixin, wcs.users.User):
|
|||
ascii_name, # XXX what's this ? pylint: disable=unused-variable
|
||||
o.deleted_timestamp,
|
||||
o.is_active,
|
||||
) = (str_encode(x) for x in tuple(row[:13]))
|
||||
) = (str_encode(x) for x in tuple(row[: len(cls._table_static_fields)]))
|
||||
if o.last_seen:
|
||||
o.last_seen = time.mktime(o.last_seen.timetuple())
|
||||
if o.roles:
|
||||
|
@ -5282,7 +5277,7 @@ def get_period_total(
|
|||
# latest migration, number + description (description is not used
|
||||
# programmaticaly but will make sure git conflicts if two migrations are
|
||||
# separately added with the same number)
|
||||
SQL_LEVEL = (84, 'add application tables')
|
||||
SQL_LEVEL = (85, 'remove anonymous column from users table')
|
||||
|
||||
|
||||
def migrate_global_views(conn, cur):
|
||||
|
@ -5433,6 +5428,7 @@ def migrate():
|
|||
# 39: add deleted_timestamp
|
||||
# 40: add is_active to users
|
||||
# 65: index users(name_identifiers)
|
||||
# 85: remove anonymous column
|
||||
do_user_table()
|
||||
if sql_level < 32:
|
||||
# 25: create session_table
|
||||
|
|
|
@ -39,7 +39,6 @@ class User(StorableObject):
|
|||
roles = None
|
||||
is_active = True
|
||||
is_admin = False
|
||||
anonymous = False
|
||||
form_data = None # dumping ground for custom fields
|
||||
|
||||
verified_fields = None
|
||||
|
@ -144,8 +143,6 @@ class User(StorableObject):
|
|||
def can_go_in_backoffice(self):
|
||||
if self.is_admin:
|
||||
return True
|
||||
if self.anonymous:
|
||||
return False
|
||||
|
||||
for role_id in self.roles or []:
|
||||
try:
|
||||
|
@ -307,11 +304,11 @@ class User(StorableObject):
|
|||
# django-compatibility properties and methods, useful in shared code/templates
|
||||
@property
|
||||
def is_anonymous(self):
|
||||
return self.anonymous
|
||||
return False
|
||||
|
||||
@property
|
||||
def is_authenticated(self):
|
||||
return not (self.anonymous)
|
||||
return True
|
||||
|
||||
@property
|
||||
def is_superuser(self):
|
||||
|
|
Loading…
Reference in New Issue