entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 39 Releases Activity

misc: drop anonymous attribute from users (#77162)

This commit is contained in:
Frédéric Péters 2023-05-01 10:49:50 +02:00
parent 96b9503832
commit 45bee7910b
7 changed files with 11 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wcs/api.py
View File

@ -300,9 +300,9 @@ class ApiCardPage(ApiFormPageMixin, BackofficeCardPage):
if is_url_signed() and get_user_from_api_query_string(api_name=api_name) is None:
# signed but no user specified, grant access.
class ApiAdminUser:
id = Ellipsis # make sure it fails all over the place if used
is_admin = True
anonymous = True
is_api_user = False
is_api_user = True
get_roles = lambda x: []
get_request()._user = ApiAdminUser()

1
wcs/api_access.py
View File

@ -75,7 +75,6 @@ class ApiAccess(XmlStorableObject):
id = Ellipsis # make sure it fails all over the place if used
is_admin = False
is_api_user = True
anonymous = False
def __init__(self, api_access):
self.api_access = api_access

17
wcs/forms/common.py
View File

@ -184,8 +184,6 @@ class FormStatusPage(Directory, FormTemplateMixin):
setattr(self, name, directory)
def check_auth(self, api_call=False):
session = get_session()
mine = False
if api_call:
user = get_user_from_api_query_string() or get_request().user
if get_request().has_anonymised_data_api_restriction() and (not user or not user.is_api_user):
@ -195,12 +193,8 @@ class FormStatusPage(Directory, FormTemplateMixin):
raise errors.AccessUnauthorizedError()
else:
user = get_request().user
if user and not user.anonymous:
if self.filled.is_submitter(user):
mine = True
else:
if session and session.is_anonymous_submitter(self.filled):
mine = True
mine = self.filled.is_submitter(user)
self.check_receiver()
return mine
@ -364,12 +358,7 @@ class FormStatusPage(Directory, FormTemplateMixin):
session = get_session()
filled = self.filled
if not (get_request().is_in_backoffice() and filled.backoffice_submission):
if session.is_anonymous_submitter(filled):
pass
elif session.user:
if str(session.user) != str(filled.user_id):
raise errors.AccessUnauthorizedError()
else:
if not self.filled.is_submitter(get_request().user):
raise errors.AccessUnauthorizedError()
magictoken = randbytes(8)

4
wcs/forms/root.py
View File

@ -2101,10 +2101,6 @@ class RootDirectory(AccessControlled, Directory):
r += htmltext('<p id="logout">')
if user.can_go_in_backoffice():
r += htmltext('<a href="%sbackoffice/">%s</a> - ') % (root_url, _('Back Office'))
if user.anonymous:
if get_cfg('saml_identities', {}).get('creation', 'admin') != 'admin':
r += htmltext('<a href="%sregister">%s</a> - ') % (root_url, _('Register'))
r += htmltext('<a href="%slogout">%s</a></p>') % (root_url, _('Logout'))
elif get_cfg('sp') or get_cfg('identification', {}).get('methods'):

2
wcs/qommon/http_request.py
View File

@ -230,7 +230,7 @@ class HTTPRequest(quixote.http_request.HTTPRequest):
if api_access:
return api_access.restrict_to_anonymised_data
if self.user and self.user.is_api_user:
if self.user and self.user.is_api_user and not self.user.is_admin:
return self.user.api_access.restrict_to_anonymised_data
return False

10
wcs/sql.py
View File

@ -1068,7 +1068,6 @@ def do_user_table():
roles text[],
is_active bool,
is_admin bool,
anonymous bool,
verified_fields text[],
name_identifiers text[],
lasso_dump text,
@ -1091,7 +1090,6 @@ def do_user_table():
'email',
'roles',
'is_admin',
'anonymous',
'name_identifiers',
'verified_fields',
'lasso_dump',
@ -3100,7 +3098,6 @@ class SqlUser(SqlMixin, wcs.users.User):
('email', 'varchar'),
('roles', 'varchar[]'),
('is_admin', 'bool'),
('anonymous', 'bool'),
('name_identifiers', 'varchar[]'),
('verified_fields', 'varchar[]'),
('lasso_dump', 'text'),
@ -3127,7 +3124,6 @@ class SqlUser(SqlMixin, wcs.users.User):
'email': self.email,
'roles': self.roles,
'is_admin': self.is_admin,
'anonymous': self.anonymous,
'name_identifiers': self.name_identifiers,
'verified_fields': self.verified_fields,
'lasso_dump': self.lasso_dump,
@ -3223,7 +3219,6 @@ class SqlUser(SqlMixin, wcs.users.User):
o.email,
o.roles,
o.is_admin,
o.anonymous,
o.name_identifiers,
o.verified_fields,
o.lasso_dump,
@ -3231,7 +3226,7 @@ class SqlUser(SqlMixin, wcs.users.User):
ascii_name, # XXX what's this ? pylint: disable=unused-variable
o.deleted_timestamp,
o.is_active,
) = (str_encode(x) for x in tuple(row[:13]))
) = (str_encode(x) for x in tuple(row[: len(cls._table_static_fields)]))
if o.last_seen:
o.last_seen = time.mktime(o.last_seen.timetuple())
if o.roles:
@ -5282,7 +5277,7 @@ def get_period_total(
# latest migration, number + description (description is not used
# programmaticaly but will make sure git conflicts if two migrations are
# separately added with the same number)
SQL_LEVEL = (84, 'add application tables')
SQL_LEVEL = (85, 'remove anonymous column from users table')
def migrate_global_views(conn, cur):
@ -5433,6 +5428,7 @@ def migrate():
# 39: add deleted_timestamp
# 40: add is_active to users
# 65: index users(name_identifiers)
# 85: remove anonymous column
do_user_table()
if sql_level < 32:
# 25: create session_table

7
wcs/users.py
View File

@ -39,7 +39,6 @@ class User(StorableObject):
roles = None
is_active = True
is_admin = False
anonymous = False
form_data = None # dumping ground for custom fields
verified_fields = None
@ -144,8 +143,6 @@ class User(StorableObject):
def can_go_in_backoffice(self):
if self.is_admin:
return True
if self.anonymous:
return False
for role_id in self.roles or []:
try:
@ -307,11 +304,11 @@ class User(StorableObject):
# django-compatibility properties and methods, useful in shared code/templates
@property
def is_anonymous(self):
return self.anonymous
return False
@property
def is_authenticated(self):
return not (self.anonymous)
return True
@property
def is_superuser(self):