Merge branch 'GREG-116-non-oidc-sessions' into 'master'

Greg 116 non oidc sessions See merge request !172

Merge branch 'GREG-116-non-oidc-sessions' into 'master'
Greg 116 non oidc sessions See merge request !172
15cd8ee6 · Andreas Ellewsen · 3806f2ca · 0a8dfb13 · 15cd8ee6
Commit 15cd8ee6 authored 3 years ago by Andreas Ellewsen
--- a/gregui/api/views/userinfo.py
+++ b/gregui/api/views/userinfo.py
@@ -3,13 +3,12 @@ from typing import (
    Type,
 )
-from rest_framework import permissions
 from rest_framework.authentication import BaseAuthentication, SessionAuthentication
 from rest_framework.permissions import AllowAny, BasePermission
 from rest_framework.status import HTTP_403_FORBIDDEN
 from rest_framework.views import APIView
 from rest_framework.response import Response
-from greg.models import Identity, InvitationLink
+from greg.models import InvitationLink
 from gregui.models import GregUserProfile
@@ -27,112 +26,77 @@ class UserInfoView(APIView):
    def get(self, request, format=None):
        """
-        Get info about the visiting user
+        Get info about the visiting user.
        Works for users logged in using Feide, and those relying solely on an
-        invitation id.
+        invitation id. Pure django users, and anonymous users are denied access.
-        TODO: Can this be modified into a permission class to reduce clutter?
        """
        user = request.user
        invite_id = request.session.get("invite_id")
-        # Authenticated user, allow access
+        person = None
-        if user.is_authenticated:
+        sponsor = None
-            user_profile = GregUserProfile.objects.get(user=user)
+        content = {
-            sponsor_id = None
+            "feide_id": None,
-            person_id = None
+            "sponsor_id": None,
-            if user_profile.sponsor:
+            "person_id": None,
-                sponsor_id = user_profile.sponsor.id
+            "roles": [],
-            if user_profile.person:
+        }
-                person_id = user_profile.person.id
-            content = {
-                "feide_id": user_profile.userid_feide,
-                "sponsor_id": sponsor_id,
-                "person_id": person_id,
-                "roles": [],
-            }
-            person = user_profile.person
-            if person:
-                passports = person.identities.filter(
-                    type=Identity.IdentityType.PASSPORT_NUMBER
-                ).first()
+        # Fetch sponsor and/or person object from profile of authenticated user
+        if user.is_authenticated:
+            try:
+                user_profile = GregUserProfile.objects.get(user=user)
+                sponsor = user_profile.sponsor
+                person = user_profile.person
                content.update(
                    {
-                        "first_name": person.first_name,
+                        "feide_id": user_profile.userid_feide,
-                        "last_name": person.last_name,
-                        "email": person.private_email and person.private_email.value,
-                        "mobile_phone": person.private_mobile
-                        and person.private_mobile.value,
-                        "fnr": person.fnr and "".join((person.fnr.value[:-5], "*****")),
-                        "passport": passports and passports.value,
-                        "roles": [],
                    }
                )
-                roles = person.roles
+            except GregUserProfile.DoesNotExist:
-                if roles:
+                return Response(status=HTTP_403_FORBIDDEN)
-                    content.update(
-                        {
-                            "roles": [
-                                {
-                                    "id": role.id,
-                                    "ou_nb": role.orgunit.name_nb,
-                                    "ou_en": role.orgunit.name_en,
-                                    "name_nb": role.type.name_nb,
-                                    "name_en": role.type.name_en,
-                                    "start_date": role.start_date,
-                                    "end_date": role.end_date,
-                                    "sponsor": {
-                                        "first_name": role.sponsor.first_name,
-                                        "last_name": role.sponsor.last_name,
-                                    },
-                                }
-                                for role in roles.all()
-                            ],
-                        }
-                    )
-            return Response(content)
-        # Invitation cookie, allow access
+        # Or fetch person info for invited guest
        elif invite_id:
            link = InvitationLink.objects.get(uuid=invite_id)
-            invitation = link.invitation
+            person = link.invitation.role.person
-            person = invitation.role.person
-            passports = person.identities.filter(
-                type=Identity.IdentityType.PASSPORT_NUMBER
-            ).first()
-            content = {
-                "feide_id": None,
-                "sponsor_id": None,
-                "person_id": person.id,
-                "first_name": person.first_name,
-                "last_name": person.last_name,
-                "email": person.private_email and person.private_email.value,
-                "mobile_phone": person.private_mobile and person.private_mobile.value,
-                "fnr": person.fnr and "".join((person.fnr.value[:-5], "*****")),
-                "passport": passports and passports.value,
-                "roles": [
-                    {
-                        "id": role.id,
-                        "ou_nb": role.orgunit.name_nb,
-                        "ou_en": role.orgunit.name_en,
-                        "name_nb": role.type.name_nb,
-                        "name_en": role.type.name_en,
-                        "start_date": role.start_date,
-                        "end_date": role.end_date,
-                        "sponsor": {
-                            "first_name": role.sponsor.first_name,
-                            "last_name": role.sponsor.last_name,
-                        },
-                    }
-                    for role in person.roles.all()
-                ],
-            }
-            return Response(content)
-        # Neither, deny access
+        # Otherwise, deny access
        else:
            return Response(status=HTTP_403_FORBIDDEN)
+        # Add sponsor fields if sponsor object present
+        if sponsor:
+            content.update({"sponsor_id": user_profile.sponsor.id})
+        # Add person fields if person object present
+        if person:
+            content.update(
+                {
+                    "person_id": person.id,
+                    "first_name": person.first_name,
+                    "last_name": person.last_name,
+                    "email": person.private_email and person.private_email.value,
+                    "mobile_phone": person.private_mobile
+                    and person.private_mobile.value,
+                    "fnr": person.fnr and "".join((person.fnr.value[:-5], "*****")),
+                    "passport": person.passport and person.passport.value,
+                    "roles": [
+                        {
+                            "id": role.id,
+                            "ou_nb": role.orgunit.name_nb,
+                            "ou_en": role.orgunit.name_en,
+                            "name_nb": role.type.name_nb,
+                            "name_en": role.type.name_en,
+                            "start_date": role.start_date,
+                            "end_date": role.end_date,
+                            "sponsor": {
+                                "first_name": role.sponsor.first_name,
+                                "last_name": role.sponsor.last_name,
+                            },
+                        }
+                        for role in person.roles.all()
+                    ],
+                }
+            )
+        return Response(content)