From f96b8c62cd35c83b12465ecf56de140cc748c761 Mon Sep 17 00:00:00 2001 From: AlexandreJunod Date: Wed, 27 Mar 2024 15:42:54 +0100 Subject: [PATCH 1/4] refactor --- geocity/apps/accounts/users.py | 97 ++++++++++++++-------------------- 1 file changed, 40 insertions(+), 57 deletions(-) diff --git a/geocity/apps/accounts/users.py b/geocity/apps/accounts/users.py index 3a8968a3d..caf156f47 100644 --- a/geocity/apps/accounts/users.py +++ b/geocity/apps/accounts/users.py @@ -52,67 +52,50 @@ def get_integrator_permissions(): def get_users_list_for_integrator_admin(user, remove_anonymous=False): - # Integrators can only view users for restricted email domains. - if user.is_superuser: - qs = User.objects.select_related("userprofile") - - # Used to remove anonymous users from the list - anonymous_users = [] - if remove_anonymous: - for user in qs: - if user.userprofile.is_anonymous: - anonymous_users.append(user.pk) - qs = qs.exclude(pk__in=anonymous_users) - - return qs + qs = User.objects.select_related("userprofile") - user_integrator_group = user.groups.get(permit_department__is_integrator_admin=True) + # Remove anonymous users + anonymous_users = [] + if remove_anonymous: + for qs_user in qs: + if qs_user.userprofile.is_anonymous: + anonymous_users.append(qs_user.pk) + qs = qs.exclude(pk__in=anonymous_users) - email_domains = [ - domain.strip() - for domain in user_integrator_group.permit_department.integrator_email_domains.split( - "," - ) - ] - emails = [ - email.strip() - for email in user_integrator_group.permit_department.integrator_emails_exceptions.split( - "," + # Integrators can only view users for restricted email domains. + if not user.is_superuser: + user_integrator_group = user.groups.get( + permit_department__is_integrator_admin=True ) - ] - qs = ( - User.objects.annotate( - email_domain=Substr("email", StrIndex("email", Value("@")) + 1), + email_domains = [ + domain.strip() + for domain in user_integrator_group.permit_department.integrator_email_domains.split( + "," + ) + ] + + emails = [ + email.strip() + for email in user_integrator_group.permit_department.integrator_emails_exceptions.split( + "," + ) + ] + + qs = ( + qs.annotate( + email_domain=Substr("email", StrIndex("email", Value("@")) + 1), + ) + # hide anynomous user not belonging to the actual integrator + .filter( + Q(is_superuser=False), + Q(email_domain__in=email_domains) | Q(email__in=emails), + Q(groups__permit_department__integrator=user_integrator_group.pk) + | Q(groups__isnull=True) + | Q(groups__permit_department__is_integrator_admin=True), + ) + .exclude() + .distinct() ) - # hide anynomous user not belonging to the actual integrator - .filter( - Q(is_superuser=False), - Q(email_domain__in=email_domains) | Q(email__in=emails), - Q(groups__permit_department__integrator=user_integrator_group.pk) - | Q(groups__isnull=True) - | Q(groups__permit_department__is_integrator_admin=True), - ) - .exclude() - .distinct() - ) - integrator_administrative_entities_list = ( - models.AdministrativeEntity.objects.associated_to_user(user).values_list( - "pk", flat=True - ) - ) - - # Used to remove anonymous users from the list - anonymous_users = [] - for user in qs: - if remove_anonymous and user.userprofile.is_anonymous: - anonymous_users.append(user.pk) - elif ( - user.userprofile.is_anonymous - and user.userprofile.administrative_entity.pk - not in integrator_administrative_entities_list - ): - anonymous_users.append(user.pk) - qs = qs.exclude(pk__in=anonymous_users) return qs From 48715f642c0dbeba72504e26536a24ae083a11d5 Mon Sep 17 00:00:00 2001 From: AlexandreJunod Date: Wed, 27 Mar 2024 15:55:42 +0100 Subject: [PATCH 2/4] remove anonymous users while user is pilot --- geocity/apps/accounts/users.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/geocity/apps/accounts/users.py b/geocity/apps/accounts/users.py index caf156f47..cb76bcfd1 100644 --- a/geocity/apps/accounts/users.py +++ b/geocity/apps/accounts/users.py @@ -54,9 +54,9 @@ def get_integrator_permissions(): def get_users_list_for_integrator_admin(user, remove_anonymous=False): qs = User.objects.select_related("userprofile") - # Remove anonymous users + # Remove anonymous users if flag at true or user is not a superuser anonymous_users = [] - if remove_anonymous: + if remove_anonymous or not user.is_superuser: for qs_user in qs: if qs_user.userprofile.is_anonymous: anonymous_users.append(qs_user.pk) @@ -86,16 +86,14 @@ def get_users_list_for_integrator_admin(user, remove_anonymous=False): qs.annotate( email_domain=Substr("email", StrIndex("email", Value("@")) + 1), ) - # hide anynomous user not belonging to the actual integrator + # hide users not belonging to the actual integrator .filter( Q(is_superuser=False), Q(email_domain__in=email_domains) | Q(email__in=emails), Q(groups__permit_department__integrator=user_integrator_group.pk) | Q(groups__isnull=True) | Q(groups__permit_department__is_integrator_admin=True), - ) - .exclude() - .distinct() + ).distinct() ) return qs From c2a448dc5e4ce6f2fdc4aa5c99ecf9467a76d98a Mon Sep 17 00:00:00 2001 From: AlexandreJunod Date: Wed, 3 Apr 2024 10:54:30 +0200 Subject: [PATCH 3/4] fix tests --- geocity/apps/accounts/users.py | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/geocity/apps/accounts/users.py b/geocity/apps/accounts/users.py index cb76bcfd1..0e6fc520e 100644 --- a/geocity/apps/accounts/users.py +++ b/geocity/apps/accounts/users.py @@ -52,18 +52,9 @@ def get_integrator_permissions(): def get_users_list_for_integrator_admin(user, remove_anonymous=False): - qs = User.objects.select_related("userprofile") - - # Remove anonymous users if flag at true or user is not a superuser - anonymous_users = [] - if remove_anonymous or not user.is_superuser: - for qs_user in qs: - if qs_user.userprofile.is_anonymous: - anonymous_users.append(qs_user.pk) - qs = qs.exclude(pk__in=anonymous_users) - - # Integrators can only view users for restricted email domains. - if not user.is_superuser: + if user.is_superuser: + qs = User.objects.select_related("userprofile") + else: user_integrator_group = user.groups.get( permit_department__is_integrator_admin=True ) @@ -83,7 +74,7 @@ def get_users_list_for_integrator_admin(user, remove_anonymous=False): ] qs = ( - qs.annotate( + User.objects.annotate( email_domain=Substr("email", StrIndex("email", Value("@")) + 1), ) # hide users not belonging to the actual integrator @@ -96,4 +87,12 @@ def get_users_list_for_integrator_admin(user, remove_anonymous=False): ).distinct() ) + # Remove anonymous users if flag at true or user is not a superuser + anonymous_users = [] + if remove_anonymous or not user.is_superuser: + for qs_user in qs: + if qs_user.userprofile.is_anonymous: + anonymous_users.append(qs_user.pk) + qs = qs.exclude(pk__in=anonymous_users) + return qs From e5159ab998c36ca5ba0cd1b8a53a4e1eaca50959 Mon Sep 17 00:00:00 2001 From: AlexandreJunod Date: Wed, 3 Apr 2024 12:04:36 +0200 Subject: [PATCH 4/4] make inline readonly --- geocity/apps/accounts/admin.py | 3 ++- geocity/apps/submissions/management/commands/fixturize.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/geocity/apps/accounts/admin.py b/geocity/apps/accounts/admin.py index 1eb9eabb6..0f3563731 100644 --- a/geocity/apps/accounts/admin.py +++ b/geocity/apps/accounts/admin.py @@ -502,7 +502,8 @@ def clean_permissions(self): class UserInline(admin.TabularInline): model = Group.user_set.through - can_delete = True + readonly_fields = ("user",) + can_delete = False extra = 0 verbose_name = _("Utilisateur membre du groupe") verbose_name_plural = _("Utilisateurs membres du groupe") diff --git a/geocity/apps/submissions/management/commands/fixturize.py b/geocity/apps/submissions/management/commands/fixturize.py index 8f12d452e..7a9cebffd 100644 --- a/geocity/apps/submissions/management/commands/fixturize.py +++ b/geocity/apps/submissions/management/commands/fixturize.py @@ -725,7 +725,7 @@ def setup_homepage(self, entities, iterations): application_description_css = """