misc: drop anonymous attribute from users (#77162)
This commit is contained in:
parent
96b9503832
commit
45bee7910b
|
@ -300,9 +300,9 @@ class ApiCardPage(ApiFormPageMixin, BackofficeCardPage):
|
||||||
if is_url_signed() and get_user_from_api_query_string(api_name=api_name) is None:
|
if is_url_signed() and get_user_from_api_query_string(api_name=api_name) is None:
|
||||||
# signed but no user specified, grant access.
|
# signed but no user specified, grant access.
|
||||||
class ApiAdminUser:
|
class ApiAdminUser:
|
||||||
|
id = Ellipsis # make sure it fails all over the place if used
|
||||||
is_admin = True
|
is_admin = True
|
||||||
anonymous = True
|
is_api_user = True
|
||||||
is_api_user = False
|
|
||||||
get_roles = lambda x: []
|
get_roles = lambda x: []
|
||||||
|
|
||||||
get_request()._user = ApiAdminUser()
|
get_request()._user = ApiAdminUser()
|
||||||
|
|
|
@ -75,7 +75,6 @@ class ApiAccess(XmlStorableObject):
|
||||||
id = Ellipsis # make sure it fails all over the place if used
|
id = Ellipsis # make sure it fails all over the place if used
|
||||||
is_admin = False
|
is_admin = False
|
||||||
is_api_user = True
|
is_api_user = True
|
||||||
anonymous = False
|
|
||||||
|
|
||||||
def __init__(self, api_access):
|
def __init__(self, api_access):
|
||||||
self.api_access = api_access
|
self.api_access = api_access
|
||||||
|
|
|
@ -184,8 +184,6 @@ class FormStatusPage(Directory, FormTemplateMixin):
|
||||||
setattr(self, name, directory)
|
setattr(self, name, directory)
|
||||||
|
|
||||||
def check_auth(self, api_call=False):
|
def check_auth(self, api_call=False):
|
||||||
session = get_session()
|
|
||||||
mine = False
|
|
||||||
if api_call:
|
if api_call:
|
||||||
user = get_user_from_api_query_string() or get_request().user
|
user = get_user_from_api_query_string() or get_request().user
|
||||||
if get_request().has_anonymised_data_api_restriction() and (not user or not user.is_api_user):
|
if get_request().has_anonymised_data_api_restriction() and (not user or not user.is_api_user):
|
||||||
|
@ -195,12 +193,8 @@ class FormStatusPage(Directory, FormTemplateMixin):
|
||||||
raise errors.AccessUnauthorizedError()
|
raise errors.AccessUnauthorizedError()
|
||||||
else:
|
else:
|
||||||
user = get_request().user
|
user = get_request().user
|
||||||
if user and not user.anonymous:
|
|
||||||
if self.filled.is_submitter(user):
|
mine = self.filled.is_submitter(user)
|
||||||
mine = True
|
|
||||||
else:
|
|
||||||
if session and session.is_anonymous_submitter(self.filled):
|
|
||||||
mine = True
|
|
||||||
|
|
||||||
self.check_receiver()
|
self.check_receiver()
|
||||||
return mine
|
return mine
|
||||||
|
@ -364,12 +358,7 @@ class FormStatusPage(Directory, FormTemplateMixin):
|
||||||
session = get_session()
|
session = get_session()
|
||||||
filled = self.filled
|
filled = self.filled
|
||||||
if not (get_request().is_in_backoffice() and filled.backoffice_submission):
|
if not (get_request().is_in_backoffice() and filled.backoffice_submission):
|
||||||
if session.is_anonymous_submitter(filled):
|
if not self.filled.is_submitter(get_request().user):
|
||||||
pass
|
|
||||||
elif session.user:
|
|
||||||
if str(session.user) != str(filled.user_id):
|
|
||||||
raise errors.AccessUnauthorizedError()
|
|
||||||
else:
|
|
||||||
raise errors.AccessUnauthorizedError()
|
raise errors.AccessUnauthorizedError()
|
||||||
|
|
||||||
magictoken = randbytes(8)
|
magictoken = randbytes(8)
|
||||||
|
|
|
@ -2101,10 +2101,6 @@ class RootDirectory(AccessControlled, Directory):
|
||||||
r += htmltext('<p id="logout">')
|
r += htmltext('<p id="logout">')
|
||||||
if user.can_go_in_backoffice():
|
if user.can_go_in_backoffice():
|
||||||
r += htmltext('<a href="%sbackoffice/">%s</a> - ') % (root_url, _('Back Office'))
|
r += htmltext('<a href="%sbackoffice/">%s</a> - ') % (root_url, _('Back Office'))
|
||||||
if user.anonymous:
|
|
||||||
if get_cfg('saml_identities', {}).get('creation', 'admin') != 'admin':
|
|
||||||
r += htmltext('<a href="%sregister">%s</a> - ') % (root_url, _('Register'))
|
|
||||||
|
|
||||||
r += htmltext('<a href="%slogout">%s</a></p>') % (root_url, _('Logout'))
|
r += htmltext('<a href="%slogout">%s</a></p>') % (root_url, _('Logout'))
|
||||||
|
|
||||||
elif get_cfg('sp') or get_cfg('identification', {}).get('methods'):
|
elif get_cfg('sp') or get_cfg('identification', {}).get('methods'):
|
||||||
|
|
|
@ -230,7 +230,7 @@ class HTTPRequest(quixote.http_request.HTTPRequest):
|
||||||
if api_access:
|
if api_access:
|
||||||
return api_access.restrict_to_anonymised_data
|
return api_access.restrict_to_anonymised_data
|
||||||
|
|
||||||
if self.user and self.user.is_api_user:
|
if self.user and self.user.is_api_user and not self.user.is_admin:
|
||||||
return self.user.api_access.restrict_to_anonymised_data
|
return self.user.api_access.restrict_to_anonymised_data
|
||||||
|
|
||||||
return False
|
return False
|
||||||
|
|
10
wcs/sql.py
10
wcs/sql.py
|
@ -1068,7 +1068,6 @@ def do_user_table():
|
||||||
roles text[],
|
roles text[],
|
||||||
is_active bool,
|
is_active bool,
|
||||||
is_admin bool,
|
is_admin bool,
|
||||||
anonymous bool,
|
|
||||||
verified_fields text[],
|
verified_fields text[],
|
||||||
name_identifiers text[],
|
name_identifiers text[],
|
||||||
lasso_dump text,
|
lasso_dump text,
|
||||||
|
@ -1091,7 +1090,6 @@ def do_user_table():
|
||||||
'email',
|
'email',
|
||||||
'roles',
|
'roles',
|
||||||
'is_admin',
|
'is_admin',
|
||||||
'anonymous',
|
|
||||||
'name_identifiers',
|
'name_identifiers',
|
||||||
'verified_fields',
|
'verified_fields',
|
||||||
'lasso_dump',
|
'lasso_dump',
|
||||||
|
@ -3100,7 +3098,6 @@ class SqlUser(SqlMixin, wcs.users.User):
|
||||||
('email', 'varchar'),
|
('email', 'varchar'),
|
||||||
('roles', 'varchar[]'),
|
('roles', 'varchar[]'),
|
||||||
('is_admin', 'bool'),
|
('is_admin', 'bool'),
|
||||||
('anonymous', 'bool'),
|
|
||||||
('name_identifiers', 'varchar[]'),
|
('name_identifiers', 'varchar[]'),
|
||||||
('verified_fields', 'varchar[]'),
|
('verified_fields', 'varchar[]'),
|
||||||
('lasso_dump', 'text'),
|
('lasso_dump', 'text'),
|
||||||
|
@ -3127,7 +3124,6 @@ class SqlUser(SqlMixin, wcs.users.User):
|
||||||
'email': self.email,
|
'email': self.email,
|
||||||
'roles': self.roles,
|
'roles': self.roles,
|
||||||
'is_admin': self.is_admin,
|
'is_admin': self.is_admin,
|
||||||
'anonymous': self.anonymous,
|
|
||||||
'name_identifiers': self.name_identifiers,
|
'name_identifiers': self.name_identifiers,
|
||||||
'verified_fields': self.verified_fields,
|
'verified_fields': self.verified_fields,
|
||||||
'lasso_dump': self.lasso_dump,
|
'lasso_dump': self.lasso_dump,
|
||||||
|
@ -3223,7 +3219,6 @@ class SqlUser(SqlMixin, wcs.users.User):
|
||||||
o.email,
|
o.email,
|
||||||
o.roles,
|
o.roles,
|
||||||
o.is_admin,
|
o.is_admin,
|
||||||
o.anonymous,
|
|
||||||
o.name_identifiers,
|
o.name_identifiers,
|
||||||
o.verified_fields,
|
o.verified_fields,
|
||||||
o.lasso_dump,
|
o.lasso_dump,
|
||||||
|
@ -3231,7 +3226,7 @@ class SqlUser(SqlMixin, wcs.users.User):
|
||||||
ascii_name, # XXX what's this ? pylint: disable=unused-variable
|
ascii_name, # XXX what's this ? pylint: disable=unused-variable
|
||||||
o.deleted_timestamp,
|
o.deleted_timestamp,
|
||||||
o.is_active,
|
o.is_active,
|
||||||
) = (str_encode(x) for x in tuple(row[:13]))
|
) = (str_encode(x) for x in tuple(row[: len(cls._table_static_fields)]))
|
||||||
if o.last_seen:
|
if o.last_seen:
|
||||||
o.last_seen = time.mktime(o.last_seen.timetuple())
|
o.last_seen = time.mktime(o.last_seen.timetuple())
|
||||||
if o.roles:
|
if o.roles:
|
||||||
|
@ -5282,7 +5277,7 @@ def get_period_total(
|
||||||
# latest migration, number + description (description is not used
|
# latest migration, number + description (description is not used
|
||||||
# programmaticaly but will make sure git conflicts if two migrations are
|
# programmaticaly but will make sure git conflicts if two migrations are
|
||||||
# separately added with the same number)
|
# separately added with the same number)
|
||||||
SQL_LEVEL = (84, 'add application tables')
|
SQL_LEVEL = (85, 'remove anonymous column from users table')
|
||||||
|
|
||||||
|
|
||||||
def migrate_global_views(conn, cur):
|
def migrate_global_views(conn, cur):
|
||||||
|
@ -5433,6 +5428,7 @@ def migrate():
|
||||||
# 39: add deleted_timestamp
|
# 39: add deleted_timestamp
|
||||||
# 40: add is_active to users
|
# 40: add is_active to users
|
||||||
# 65: index users(name_identifiers)
|
# 65: index users(name_identifiers)
|
||||||
|
# 85: remove anonymous column
|
||||||
do_user_table()
|
do_user_table()
|
||||||
if sql_level < 32:
|
if sql_level < 32:
|
||||||
# 25: create session_table
|
# 25: create session_table
|
||||||
|
|
|
@ -39,7 +39,6 @@ class User(StorableObject):
|
||||||
roles = None
|
roles = None
|
||||||
is_active = True
|
is_active = True
|
||||||
is_admin = False
|
is_admin = False
|
||||||
anonymous = False
|
|
||||||
form_data = None # dumping ground for custom fields
|
form_data = None # dumping ground for custom fields
|
||||||
|
|
||||||
verified_fields = None
|
verified_fields = None
|
||||||
|
@ -144,8 +143,6 @@ class User(StorableObject):
|
||||||
def can_go_in_backoffice(self):
|
def can_go_in_backoffice(self):
|
||||||
if self.is_admin:
|
if self.is_admin:
|
||||||
return True
|
return True
|
||||||
if self.anonymous:
|
|
||||||
return False
|
|
||||||
|
|
||||||
for role_id in self.roles or []:
|
for role_id in self.roles or []:
|
||||||
try:
|
try:
|
||||||
|
@ -307,11 +304,11 @@ class User(StorableObject):
|
||||||
# django-compatibility properties and methods, useful in shared code/templates
|
# django-compatibility properties and methods, useful in shared code/templates
|
||||||
@property
|
@property
|
||||||
def is_anonymous(self):
|
def is_anonymous(self):
|
||||||
return self.anonymous
|
return False
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def is_authenticated(self):
|
def is_authenticated(self):
|
||||||
return not (self.anonymous)
|
return True
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def is_superuser(self):
|
def is_superuser(self):
|
||||||
|
|
Loading…
Reference in New Issue