From 45bee7910b4590a538df444411ea4185beca9a13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Mon, 1 May 2023 10:49:50 +0200
Subject: [PATCH] misc: drop anonymous attribute from users (#77162)

---
 wcs/api.py                 |  4 ++--
 wcs/api_access.py          |  1 -
 wcs/forms/common.py        | 17 +++--------------
 wcs/forms/root.py          |  4 ----
 wcs/qommon/http_request.py |  2 +-
 wcs/sql.py                 | 10 +++-------
 wcs/users.py               |  7 ++-----
 7 files changed, 11 insertions(+), 34 deletions(-)

diff --git a/wcs/api.py b/wcs/api.py
index 816472d62..f1bd43b5a 100644
--- a/wcs/api.py
+++ b/wcs/api.py
@@ -300,9 +300,9 @@ class ApiCardPage(ApiFormPageMixin, BackofficeCardPage):
         if is_url_signed() and get_user_from_api_query_string(api_name=api_name) is None:
             # signed but no user specified, grant access.
             class ApiAdminUser:
+                id = Ellipsis  # make sure it fails all over the place if used
                 is_admin = True
-                anonymous = True
-                is_api_user = False
+                is_api_user = True
                 get_roles = lambda x: []
 
             get_request()._user = ApiAdminUser()
diff --git a/wcs/api_access.py b/wcs/api_access.py
index 9d2f35927..7f7d4ff46 100644
--- a/wcs/api_access.py
+++ b/wcs/api_access.py
@@ -75,7 +75,6 @@ class ApiAccess(XmlStorableObject):
             id = Ellipsis  # make sure it fails all over the place if used
             is_admin = False
             is_api_user = True
-            anonymous = False
 
             def __init__(self, api_access):
                 self.api_access = api_access
diff --git a/wcs/forms/common.py b/wcs/forms/common.py
index ecb29c96f..c8f2c5d4b 100644
--- a/wcs/forms/common.py
+++ b/wcs/forms/common.py
@@ -184,8 +184,6 @@ class FormStatusPage(Directory, FormTemplateMixin):
                 setattr(self, name, directory)
 
     def check_auth(self, api_call=False):
-        session = get_session()
-        mine = False
         if api_call:
             user = get_user_from_api_query_string() or get_request().user
             if get_request().has_anonymised_data_api_restriction() and (not user or not user.is_api_user):
@@ -195,12 +193,8 @@ class FormStatusPage(Directory, FormTemplateMixin):
                     raise errors.AccessUnauthorizedError()
         else:
             user = get_request().user
-        if user and not user.anonymous:
-            if self.filled.is_submitter(user):
-                mine = True
-        else:
-            if session and session.is_anonymous_submitter(self.filled):
-                mine = True
+
+        mine = self.filled.is_submitter(user)
 
         self.check_receiver()
         return mine
@@ -364,12 +358,7 @@ class FormStatusPage(Directory, FormTemplateMixin):
         session = get_session()
         filled = self.filled
         if not (get_request().is_in_backoffice() and filled.backoffice_submission):
-            if session.is_anonymous_submitter(filled):
-                pass
-            elif session.user:
-                if str(session.user) != str(filled.user_id):
-                    raise errors.AccessUnauthorizedError()
-            else:
+            if not self.filled.is_submitter(get_request().user):
                 raise errors.AccessUnauthorizedError()
 
         magictoken = randbytes(8)
diff --git a/wcs/forms/root.py b/wcs/forms/root.py
index 64b734593..8366c1960 100644
--- a/wcs/forms/root.py
+++ b/wcs/forms/root.py
@@ -2101,10 +2101,6 @@ class RootDirectory(AccessControlled, Directory):
             r += htmltext('<p id="logout">')
             if user.can_go_in_backoffice():
                 r += htmltext('<a href="%sbackoffice/">%s</a> - ') % (root_url, _('Back Office'))
-            if user.anonymous:
-                if get_cfg('saml_identities', {}).get('creation', 'admin') != 'admin':
-                    r += htmltext('<a href="%sregister">%s</a> - ') % (root_url, _('Register'))
-
             r += htmltext('<a href="%slogout">%s</a></p>') % (root_url, _('Logout'))
 
         elif get_cfg('sp') or get_cfg('identification', {}).get('methods'):
diff --git a/wcs/qommon/http_request.py b/wcs/qommon/http_request.py
index 0d71a2867..115eac0f2 100644
--- a/wcs/qommon/http_request.py
+++ b/wcs/qommon/http_request.py
@@ -230,7 +230,7 @@ class HTTPRequest(quixote.http_request.HTTPRequest):
             if api_access:
                 return api_access.restrict_to_anonymised_data
 
-        if self.user and self.user.is_api_user:
+        if self.user and self.user.is_api_user and not self.user.is_admin:
             return self.user.api_access.restrict_to_anonymised_data
 
         return False
diff --git a/wcs/sql.py b/wcs/sql.py
index c84dbfa6e..c12f2d3f8 100644
--- a/wcs/sql.py
+++ b/wcs/sql.py
@@ -1068,7 +1068,6 @@ def do_user_table():
                                     roles text[],
                                     is_active bool,
                                     is_admin bool,
-                                    anonymous bool,
                                     verified_fields text[],
                                     name_identifiers text[],
                                     lasso_dump text,
@@ -1091,7 +1090,6 @@ def do_user_table():
         'email',
         'roles',
         'is_admin',
-        'anonymous',
         'name_identifiers',
         'verified_fields',
         'lasso_dump',
@@ -3100,7 +3098,6 @@ class SqlUser(SqlMixin, wcs.users.User):
         ('email', 'varchar'),
         ('roles', 'varchar[]'),
         ('is_admin', 'bool'),
-        ('anonymous', 'bool'),
         ('name_identifiers', 'varchar[]'),
         ('verified_fields', 'varchar[]'),
         ('lasso_dump', 'text'),
@@ -3127,7 +3124,6 @@ class SqlUser(SqlMixin, wcs.users.User):
             'email': self.email,
             'roles': self.roles,
             'is_admin': self.is_admin,
-            'anonymous': self.anonymous,
             'name_identifiers': self.name_identifiers,
             'verified_fields': self.verified_fields,
             'lasso_dump': self.lasso_dump,
@@ -3223,7 +3219,6 @@ class SqlUser(SqlMixin, wcs.users.User):
             o.email,
             o.roles,
             o.is_admin,
-            o.anonymous,
             o.name_identifiers,
             o.verified_fields,
             o.lasso_dump,
@@ -3231,7 +3226,7 @@ class SqlUser(SqlMixin, wcs.users.User):
             ascii_name,  # XXX what's this ? pylint: disable=unused-variable
             o.deleted_timestamp,
             o.is_active,
-        ) = (str_encode(x) for x in tuple(row[:13]))
+        ) = (str_encode(x) for x in tuple(row[: len(cls._table_static_fields)]))
         if o.last_seen:
             o.last_seen = time.mktime(o.last_seen.timetuple())
         if o.roles:
@@ -5282,7 +5277,7 @@ def get_period_total(
 # latest migration, number + description (description is not used
 # programmaticaly but will make sure git conflicts if two migrations are
 # separately added with the same number)
-SQL_LEVEL = (84, 'add application tables')
+SQL_LEVEL = (85, 'remove anonymous column from users table')
 
 
 def migrate_global_views(conn, cur):
@@ -5433,6 +5428,7 @@ def migrate():
         # 39: add deleted_timestamp
         # 40: add is_active to users
         # 65: index users(name_identifiers)
+        # 85: remove anonymous column
         do_user_table()
     if sql_level < 32:
         # 25: create session_table
diff --git a/wcs/users.py b/wcs/users.py
index a4e0b61a3..52b47d1c8 100644
--- a/wcs/users.py
+++ b/wcs/users.py
@@ -39,7 +39,6 @@ class User(StorableObject):
     roles = None
     is_active = True
     is_admin = False
-    anonymous = False
     form_data = None  # dumping ground for custom fields
 
     verified_fields = None
@@ -144,8 +143,6 @@ class User(StorableObject):
     def can_go_in_backoffice(self):
         if self.is_admin:
             return True
-        if self.anonymous:
-            return False
 
         for role_id in self.roles or []:
             try:
@@ -307,11 +304,11 @@ class User(StorableObject):
     # django-compatibility properties and methods, useful in shared code/templates
     @property
     def is_anonymous(self):
-        return self.anonymous
+        return False
 
     @property
     def is_authenticated(self):
-        return not (self.anonymous)
+        return True
 
     @property
     def is_superuser(self):