misc: drop anonymous attribute from users (#77162)

wcs/api.py

@@ -300,9 +300,9 @@ class ApiCardPage(ApiFormPageMixin, BackofficeCardPage):
         if is_url_signed() and get_user_from_api_query_string(api_name=api_name) is None:
             # signed but no user specified, grant access.
             class ApiAdminUser:
+                id = Ellipsis  # make sure it fails all over the place if used
                 is_admin = True
-                anonymous = True
+                is_api_user = True
-                is_api_user = False
                 get_roles = lambda x: []
 
             get_request()._user = ApiAdminUser()

wcs/api_access.py

@@ -75,7 +75,6 @@ class ApiAccess(XmlStorableObject):
             id = Ellipsis  # make sure it fails all over the place if used
             is_admin = False
             is_api_user = True
-            anonymous = False
 
             def __init__(self, api_access):
                 self.api_access = api_access

wcs/forms/common.py

@@ -184,8 +184,6 @@ class FormStatusPage(Directory, FormTemplateMixin):
                 setattr(self, name, directory)
 
     def check_auth(self, api_call=False):
-        session = get_session()
-        mine = False
         if api_call:
             user = get_user_from_api_query_string() or get_request().user
             if get_request().has_anonymised_data_api_restriction() and (not user or not user.is_api_user):
@@ -195,12 +193,8 @@ class FormStatusPage(Directory, FormTemplateMixin):
                     raise errors.AccessUnauthorizedError()
         else:
             user = get_request().user
-        if user and not user.anonymous:
+
-            if self.filled.is_submitter(user):
+        mine = self.filled.is_submitter(user)
-                mine = True
-        else:
-            if session and session.is_anonymous_submitter(self.filled):
-                mine = True
 
         self.check_receiver()
         return mine
@@ -364,12 +358,7 @@ class FormStatusPage(Directory, FormTemplateMixin):
         session = get_session()
         filled = self.filled
         if not (get_request().is_in_backoffice() and filled.backoffice_submission):
-            if session.is_anonymous_submitter(filled):
+            if not self.filled.is_submitter(get_request().user):
-                pass
-            elif session.user:
-                if str(session.user) != str(filled.user_id):
-                    raise errors.AccessUnauthorizedError()
-            else:
                 raise errors.AccessUnauthorizedError()
 
         magictoken = randbytes(8)

wcs/forms/root.py

@@ -2101,10 +2101,6 @@ class RootDirectory(AccessControlled, Directory):
             r += htmltext('<p id="logout">')
             if user.can_go_in_backoffice():
                 r += htmltext('<a href="%sbackoffice/">%s</a> - ') % (root_url, _('Back Office'))
-            if user.anonymous:
-                if get_cfg('saml_identities', {}).get('creation', 'admin') != 'admin':
-                    r += htmltext('<a href="%sregister">%s</a> - ') % (root_url, _('Register'))
-
             r += htmltext('<a href="%slogout">%s</a></p>') % (root_url, _('Logout'))
 
         elif get_cfg('sp') or get_cfg('identification', {}).get('methods'):

wcs/qommon/http_request.py

@@ -230,7 +230,7 @@ class HTTPRequest(quixote.http_request.HTTPRequest):
             if api_access:
                 return api_access.restrict_to_anonymised_data
 
-        if self.user and self.user.is_api_user:
+        if self.user and self.user.is_api_user and not self.user.is_admin:
             return self.user.api_access.restrict_to_anonymised_data
 
         return False

wcs/sql.py

@@ -1068,7 +1068,6 @@ def do_user_table():
                                     roles text[],
                                     is_active bool,
                                     is_admin bool,
-                                    anonymous bool,
                                     verified_fields text[],
                                     name_identifiers text[],
                                     lasso_dump text,
@@ -1091,7 +1090,6 @@ def do_user_table():
         'email',
         'roles',
         'is_admin',
-        'anonymous',
         'name_identifiers',
         'verified_fields',
         'lasso_dump',
@@ -3100,7 +3098,6 @@ class SqlUser(SqlMixin, wcs.users.User):
         ('email', 'varchar'),
         ('roles', 'varchar[]'),
         ('is_admin', 'bool'),
-        ('anonymous', 'bool'),
         ('name_identifiers', 'varchar[]'),
         ('verified_fields', 'varchar[]'),
         ('lasso_dump', 'text'),
@@ -3127,7 +3124,6 @@ class SqlUser(SqlMixin, wcs.users.User):
             'email': self.email,
             'roles': self.roles,
             'is_admin': self.is_admin,
-            'anonymous': self.anonymous,
             'name_identifiers': self.name_identifiers,
             'verified_fields': self.verified_fields,
             'lasso_dump': self.lasso_dump,
@@ -3223,7 +3219,6 @@ class SqlUser(SqlMixin, wcs.users.User):
             o.email,
             o.roles,
             o.is_admin,
-            o.anonymous,
             o.name_identifiers,
             o.verified_fields,
             o.lasso_dump,
@@ -3231,7 +3226,7 @@ class SqlUser(SqlMixin, wcs.users.User):
             ascii_name,  # XXX what's this ? pylint: disable=unused-variable
             o.deleted_timestamp,
             o.is_active,
-        ) = (str_encode(x) for x in tuple(row[:13]))
+        ) = (str_encode(x) for x in tuple(row[: len(cls._table_static_fields)]))
         if o.last_seen:
             o.last_seen = time.mktime(o.last_seen.timetuple())
         if o.roles:
@@ -5282,7 +5277,7 @@ def get_period_total(
 # latest migration, number + description (description is not used
 # programmaticaly but will make sure git conflicts if two migrations are
 # separately added with the same number)
-SQL_LEVEL = (84, 'add application tables')
+SQL_LEVEL = (85, 'remove anonymous column from users table')
 
 
 def migrate_global_views(conn, cur):
@@ -5433,6 +5428,7 @@ def migrate():
         # 39: add deleted_timestamp
         # 40: add is_active to users
         # 65: index users(name_identifiers)
+        # 85: remove anonymous column
         do_user_table()
     if sql_level < 32:
         # 25: create session_table

wcs/users.py

@@ -39,7 +39,6 @@ class User(StorableObject):
     roles = None
     is_active = True
     is_admin = False
-    anonymous = False
     form_data = None  # dumping ground for custom fields
 
     verified_fields = None
@@ -144,8 +143,6 @@ class User(StorableObject):
     def can_go_in_backoffice(self):
         if self.is_admin:
             return True
-        if self.anonymous:
-            return False
 
         for role_id in self.roles or []:
             try:
@@ -307,11 +304,11 @@ class User(StorableObject):
     # django-compatibility properties and methods, useful in shared code/templates
     @property
     def is_anonymous(self):
-        return self.anonymous
+        return False
 
     @property
     def is_authenticated(self):
-        return not (self.anonymous)
+        return True
 
     @property
     def is_superuser(self):