def consent(request):
if not request.user.is_authenticated():
return redirect('/')
if request.method == 'POST':
user = request.user
user.profile.has_seen_consent = True
user.profile.save()
if is_worker(request.user):
return redirect('/')
if request.POST.get('consent') == 'yes':
consent_to_policy(user, AUTOMATIC_LIU_DETAILS)
if 'automatic_fullname' in request.POST:
consent_to_policy(user, AUTOMATIC_FULLNAME)
# Force re-login as this will update the username
logout(request)
return redirect(reverse('social:begin', args=['liu']))
else:
# Make sure that personal information is erased before continuing
revoke_automatic_liu_details(user)
revoke_automatic_fullname(user)
return redirect('/')
if is_worker(request.user):
return render(request, 'baljan/consent_worker.html')
else:
return render(request, 'baljan/consent.html')
def consent(request):
if not request.user.is_authenticated:
return redirect('/')
if request.method == 'POST':
user = request.user
user.profile.has_seen_consent = True
user.profile.save()
if is_worker(request.user):
return redirect('/')
if request.POST.get('consent') == 'yes':
consent_to_policy(user, AUTOMATIC_LIU_DETAILS)
if 'automatic_fullname' in request.POST:
consent_to_policy(user, AUTOMATIC_FULLNAME)
# Force re-login as this will update the username
logout(request)
return redirect(reverse('social:begin', args=['liu']))
else:
# Make sure that personal information is erased before continuing
revoke_automatic_liu_details(user)
revoke_automatic_fullname(user)
return redirect('/')
if is_worker(request.user):
return render(request, 'baljan/consent_worker.html')
else:
return render(request, 'baljan/consent.html')
def legal_social_details(backend, strategy, details, response, user, *args,
**kwargs):
# We censor the field fullname immediately because it's not certain if it will
# be used at all, and it will most definetely be replaceable by first_name and
# last_name. See it as a measure of precaution.
details = dict(backend.get_user_details(response), **details)
details['fullname'] = None
if user is not None and is_worker(user):
# Workers are not affected by the consent as they are bound by an agreement which
# regulates our processing of their personal details.
# We must ensure that we keep an up-to-date username though.
username = details['username']
# Only update the username if it has changed!
if user.username != username:
user.username = username
strategy.storage.user.changed(user)
return {'details': details}
if not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS):
# Note that we must NOT remove the e-mail address here! This is needed for the step
# social_core.pipeline.social_auth.associate_by_email
#
# Users that have never logged in using OAUTH before will not have an anonymous
# identifier connected to their account, which is what python-social-auth uses for
# connecting a login response to an actual user by default. If this identifier is
# missing they must instead be associated using their e-mail address so we need to
# keep the email-value in the details dictionary for this. We will later reset
# this value in the step
# cafesys.baljan.gdpr.clean_social_details
#
# Note: users that have never logged in using OAUTH could either be very old, and
# previously logged in using the ADFS solution. Another alternative is that they
# have been created as part of the "jobbsläpp" and thus have never logged in at all.
#
pass
else:
# The user has given their consent to storing their username and e-mail
# given from LiU ADFS. If this is their first time logging in after
# giving their consent we must explicitly change the username here,
# as python-social-auth will not change this "protected" field themselves.
username = details['username']
# Only update the username if it has changed!
if user.username != username:
user.username = username
strategy.storage.user.changed(user)
if not LegalConsent.is_present(user, AUTOMATIC_FULLNAME):
# The user has not consented to the automatic retrieval of their fullname
# from the LiU database, so we clear these fields from the details dict.
details['first_name'] = ''
details['last_name'] = ''
return {'details': details}
def legal_social_details(backend, strategy, details, response, user, *args, **kwargs):
# We censor the field fullname immediately because it's not certain if it will
# be used at all, and it will most definetely be replaceable by first_name and
# last_name. See it as a measure of precaution.
details = dict(backend.get_user_details(response), **details)
details['fullname'] = None
if user is not None and is_worker(user):
# Workers are not affected by the consent as they are bound by an agreement which
# regulates our processing of their personal details.
# We must ensure that we keep an up-to-date username though.
username = details['username']
# Only update the username if it has changed!
if user.username != username:
user.username = username
strategy.storage.user.changed(user)
return {'details': details}
if not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS):
# Note that we must NOT remove the e-mail address here! This is needed for the step
# social_core.pipeline.social_auth.associate_by_email
#
# Users that have never logged in using OAUTH before will not have an anonymous
# identifier connected to their account, which is what python-social-auth uses for
# connecting a login response to an actual user by default. If this identifier is
# missing they must instead be associated using their e-mail address so we need to
# keep the email-value in the details dictionary for this. We will later reset
# this value in the step
# cafesys.baljan.gdpr.clean_social_details
#
# Note: users that have never logged in using OAUTH could either be very old, and
# previously logged in using the ADFS solution. Another alternative is that they
# have been created as part of the "jobbsläpp" and thus have never logged in at all.
#
pass
else:
# The user has given their consent to storing their username and e-mail
# given from LiU ADFS. If this is their first time logging in after
# giving their consent we must explicitly change the username here,
# as python-social-auth will not change this "protected" field themselves.
username = details['username']
# Only update the username if it has changed!
if user.username != username:
user.username = username
strategy.storage.user.changed(user)
if not LegalConsent.is_present(user, AUTOMATIC_FULLNAME):
# The user has not consented to the automatic retrieval of their fullname
# from the LiU database, so we clear these fields from the details dict.
details['first_name'] = ''
details['last_name'] = ''
return {'details': details}
def set_anonymous_username(user, strategy, *args, **kwargs):
if not is_worker(user) and not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS):
# This is the first time the user has logged in, or the user has not
# approved any automatic storage of LiU details: generate a unique name.
username = generate_anonymous_username(user)
if user.username != username:
user.username = username
strategy.storage.user.changed(user)
return {}
def set_anonymous_username(user, strategy, *args, **kwargs):
if not is_worker(user) and not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS):
# This is the first time the user has logged in, or the user has not
# approved any automatic storage of LiU details: generate a unique name.
username = generate_anonymous_username(user)
if user.username != username:
user.username = username
strategy.storage.user.changed(user)
return {}
def clean_social_details(details, user, *args, **kwargs):
if user is not None and is_worker(user):
# This step is not needed for workers, see comment in
# cafesys.baljan.gdpr.legal_social_details
return {}
if not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS):
# We have temporarily set an e-mail address that we aren't allowed
# to persistently store, so we clear it and continue.
details['email'] = ''
return {'details': details}
return {}
def clean_social_details(details, user, *args, **kwargs):
if user is not None and is_worker(user):
# This step is not needed for workers, see comment in
# cafesys.baljan.gdpr.legal_social_details
return {}
if not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS):
# We have temporarily set an e-mail address that we aren't allowed
# to persistently store, so we clear it and continue.
details['email'] = ''
return {'details': details}
return {}
def see_user(request, who):
u = request.user
tpl = {}
watched = User.objects.get(id=who)
watching_self = u == watched
if u.is_authenticated():
profile_form_cls_inst = (
(forms.UserForm, u),
(forms.ProfileForm, u.profile),
)
if watching_self and request.method == 'POST':
# Handle policy consent and revocation actions
if request.POST.get('policy') is not None:
if not is_worker(u):
policy_name, policy_version, action = request.POST.get('policy').split('/')
if action == 'revoke':
revoke_policy(u, policy_name)
return redirect(request.path)
elif action == 'consent':
consent_to_policy(u, policy_name, int(policy_version))
if policy_name == AUTOMATIC_LIU_DETAILS or policy_name == AUTOMATIC_FULLNAME:
logout(request)
return redirect(reverse('social:begin', args=['liu']) + '?next=' + request.path)
else:
profile_forms = [c(request.POST, request.FILES, instance=i)
for c, i in profile_form_cls_inst]
# Make sure all forms are valid before saving.
all_valid = True
for f in profile_forms:
if not f.is_valid():
all_valid = False
if all_valid:
for f in profile_forms:
f.save()
MutedConsent.log(u, ACTION_PROFILE_SAVED)
else:
messages.add_message(request, messages.WARNING, 'Kunde inte spara din profil. Ditt LiU-kortnummer kanske finns sparat hos någon annan användare.')
return redirect(reverse('profile'))
tpl['watched'] = watched
tpl['watching_self'] = watching_self
tpl['watched_groups'] = pseudogroups.real_only().filter(user=watched).order_by('name')
if watching_self:
tpl['sent_trade_requests'] = tr_sent = trades.requests_sent_by(u)
tpl['received_trade_requests'] = tr_recd = trades.requests_sent_to(u)
tpl['trade_requests'] = tr_sent or tr_recd
profile_forms = [c(instance=i) for c, i in profile_form_cls_inst]
tpl['profile_forms'] = profile_forms
policies = get_policies(u)
tpl['policies'] = policies
tpl['is_worker'] = is_worker(u)
# Call duties come after work shifts because they are more frequent.
tpl['signup_types'] = (
(_("work shifts"), ['work'], signups_for(watched)),
(_("call duties"), ['call-duty'], callduties_for(watched)),
)
return render(request, 'baljan/user.html', tpl)
def see_user(request, who):
u = request.user
tpl = {}
watched = get_object_or_404(User, id=who)
watching_self = u == watched
if u.is_authenticated:
profile_form_cls_inst = (
(forms.UserForm, u),
(forms.ProfileForm, u.profile),
)
if watching_self and request.method == 'POST':
# Handle policy consent and revocation actions
if request.POST.get('policy') is not None:
if not is_worker(u):
policy_name, policy_version, action = request.POST.get(
'policy').split('/')
if action == 'revoke':
revoke_policy(u, policy_name)
return redirect(request.path)
elif action == 'consent':
consent_to_policy(u, policy_name, int(policy_version))
if policy_name == AUTOMATIC_LIU_DETAILS or policy_name == AUTOMATIC_FULLNAME:
logout(request)
return redirect(
reverse('social:begin', args=['liu']) + '?next=' +
request.path)
else:
profile_forms = [
c(request.POST, request.FILES, instance=i)
for c, i in profile_form_cls_inst
]
# Make sure all forms are valid before saving.
all_valid = True
for f in profile_forms:
if not f.is_valid():
all_valid = False
if all_valid:
for f in profile_forms:
f.save()
MutedConsent.log(u, ACTION_PROFILE_SAVED)
else:
messages.add_message(
request, messages.WARNING,
'Kunde inte spara din profil. Ditt LiU-kortnummer kanske finns sparat hos någon annan användare.'
)
return redirect(reverse('profile'))
tpl['watched'] = watched
tpl['watching_self'] = watching_self
tpl['watched_groups'] = pseudogroups.real_only().filter(
user=watched).order_by('name')
if watching_self:
tpl['sent_trade_requests'] = tr_sent = trades.requests_sent_by(u)
tpl['received_trade_requests'] = tr_recd = trades.requests_sent_to(u)
tpl['trade_requests'] = tr_sent or tr_recd
profile_forms = [c(instance=i) for c, i in profile_form_cls_inst]
tpl['profile_forms'] = profile_forms
policies = get_policies(u)
tpl['policies'] = policies
tpl['is_worker'] = is_worker(u)
# Call duties come after work shifts because they are more frequent.
tpl['signup_types'] = (
(_("work shifts"), ['work'], signups_for(watched)),
(_("call duties"), ['call-duty'], callduties_for(watched)),
)
return render(request, 'baljan/user.html', tpl)
