Merge pull request #1998 from rtibbles/superuser_or_superluser

Remove DeviceOwner and implement superuser flags for FacilityUsers

Author: rtibbles

CHANGELOG.rst

@@ -10,6 +10,7 @@ Changes are ordered reverse-chronologically.
 
  - Add support for RTL languages
  - Add support for frontend translation outside of Vue components
+ - Delete DeviceOwner model, and replace with a superuser flag on FacilityUsers
 
 
 0.5
@@ -39,16 +40,16 @@ Changes are ordered reverse-chronologically.
 
 
 0.4.2
------  
+-----
 
- - Fixes for morango database migrations 
+ - Fixes for morango database migrations
 
 
 0.4.1
 -----
 
- - Makes usernames for login case insensitive #1733 
- - Fixes various issues with exercise rendering #1757 
+ - Makes usernames for login case insensitive #1733
+ - Fixes various issues with exercise rendering #1757
  - Removes wrong CLI usage instructions #1742
 
 

kolibri/auth/api.py

@@ -9,10 +9,10 @@
 
 from .constants import collection_kinds
 from .filters import HierarchyRelationsFilter
-from .models import Classroom, DeviceOwner, Facility, FacilityDataset, FacilityUser, LearnerGroup, Membership, Role
+from .models import Classroom, Facility, FacilityDataset, FacilityUser, LearnerGroup, Membership, Role
 from .serializers import (
-    ClassroomSerializer, DeviceOwnerSerializer, FacilityDatasetSerializer, FacilitySerializer, FacilityUsernameSerializer, FacilityUserSerializer,
-    LearnerGroupSerializer, MembershipSerializer, RoleSerializer
+    ClassroomSerializer, FacilityDatasetSerializer, FacilitySerializer, FacilityUsernameSerializer, FacilityUserSerializer, LearnerGroupSerializer,
+    MembershipSerializer, RoleSerializer
 )
 
 
@@ -111,13 +111,6 @@ class FacilityUsernameViewSet(viewsets.ReadOnlyModelViewSet):
     search_fields = ('^username', )
 
 
-class DeviceOwnerViewSet(viewsets.ModelViewSet):
-    permission_classes = (KolibriAuthPermissions,)
-    filter_backends = (KolibriAuthPermissionsFilter,)
-    queryset = DeviceOwner.objects.all()
-    serializer_class = DeviceOwnerSerializer
-
-
 class MembershipViewSet(viewsets.ModelViewSet):
     permission_classes = (KolibriAuthPermissions,)
     filter_backends = (KolibriAuthPermissionsFilter, filters.DjangoFilterBackend)
@@ -143,9 +136,7 @@ class FacilityViewSet(viewsets.ModelViewSet):
 class CurrentFacilityViewSet(viewsets.ViewSet):
     def list(self, request):
         logged_in_user = get_user(request)
-        if type(logged_in_user) is DeviceOwner:
-            return Response(Facility.objects.all().values_list('id', flat=True))
-        elif type(logged_in_user) is AnonymousUser:
+        if type(logged_in_user) is AnonymousUser:
             return Response(Facility.objects.all().values_list('id', flat=True))
         else:
             return Response([logged_in_user.facility_id])
@@ -206,8 +197,7 @@ def create(self, request):
             login(request, user)
             # Success!
             return Response(self.get_session(request))
-        elif not password and (FacilityUser.objects.filter(username=username, facility=facility_id).exists() or
-                               DeviceOwner.objects.filter(username=username).exists()):
+        elif not password and FacilityUser.objects.filter(username=username, facility=facility_id).exists():
             # Password was missing, but username is valid, prompt to give password
             return Response({
                 "message": "Please provide password for user",
@@ -238,28 +228,25 @@ def get_session(self, request):
         session = {'id': 'current',
                    'username': user.username,
                    'full_name': user.full_name,
-                   'user_id': user.id}
-        if isinstance(user, DeviceOwner):
-            session.update({'facility_id': getattr(Facility.get_default_facility(), 'id', None),
-                            'kind': ['superuser'],
+                   'user_id': user.id,
+                   'can_manage_content': user.can_manage_content}
+        roles = Role.objects.filter(user_id=user.id)
+        if len(roles) is not 0 or user.is_superuser:
+            session.update({'facility_id': user.facility_id,
+                            'kind': [],
                             'error': '200'})
-            return session
+            if user.is_superuser:
+                session['kind'].append('superuser')
+            for role in roles:
+                if role.kind == 'admin':
+                    session['kind'].append('admin')
+                else:
+                    session['kind'].append('coach')
         else:
-            roles = Role.objects.filter(user_id=user.id)
-            if len(roles) is not 0:
-                session.update({'facility_id': user.facility_id,
-                                'kind': [],
-                                'error': '200'})
-                for role in roles:
-                    if role.kind == 'admin':
-                        session['kind'].append('admin')
-                    else:
-                        session['kind'].append('coach')
-            else:
-                session.update({'facility_id': user.facility_id,
-                                'kind': ['learner'],
-                                'error': '200'})
-
-            UserSessionLog.update_log(user)
-
-            return session
+            session.update({'facility_id': user.facility_id,
+                            'kind': ['learner'],
+                            'error': '200'})
+
+        UserSessionLog.update_log(user)
+
+        return session

kolibri/auth/api_urls.py

@@ -1,16 +1,15 @@
 from rest_framework import routers
 
 from .api import (
-    ClassroomViewSet, CurrentFacilityViewSet, DeviceOwnerViewSet, FacilityDatasetViewSet, FacilityUsernameViewSet, FacilityUserViewSet, FacilityViewSet,
-    LearnerGroupViewSet, MembershipViewSet, RoleViewSet, SessionViewSet, SignUpViewSet
+    ClassroomViewSet, CurrentFacilityViewSet, FacilityDatasetViewSet, FacilityUsernameViewSet, FacilityUserViewSet, FacilityViewSet, LearnerGroupViewSet,
+    MembershipViewSet, RoleViewSet, SessionViewSet, SignUpViewSet
 )
 
 router = routers.SimpleRouter()
 
 router.register(r'facilitydataset', FacilityDatasetViewSet, base_name='facilitydataset')
 router.register(r'facilityuser', FacilityUserViewSet, base_name='facilityuser')
 router.register(r'facilityusername', FacilityUsernameViewSet, base_name='facilityusername')
-router.register(r'deviceowner', DeviceOwnerViewSet, base_name='deviceowner')
 router.register(r'membership', MembershipViewSet, base_name='membership')
 router.register(r'role', RoleViewSet, base_name='role')
 router.register(r'facility', FacilityViewSet, base_name='facility')

kolibri/auth/backends.py

@@ -1,10 +1,10 @@
 """
-Implements custom auth backends as described in the Django docs, for our custom user classes -- FacilityUser and
-DeviceOwner. The appropriate classes should be listed in the AUTHENTICATION_BACKENDS. Note that authentication
+Implements custom auth backends as described in the Django docs, for our custom user class -- FacilityUser.
+The appropriate classes should be listed in the AUTHENTICATION_BACKENDS. Note that authentication
 backends are checked in the order they're listed.
 """
 
-from kolibri.auth.models import DeviceOwner, FacilityUser
+from kolibri.auth.models import FacilityUser
 
 
 class FacilityUserBackend(object):
@@ -44,38 +44,3 @@ def get_user(self, user_id):
             return FacilityUser.objects.get(pk=user_id)
         except FacilityUser.DoesNotExist:
             return None
-
-
-class DeviceOwnerBackend(object):
-    """
-    A class that implements authentication for DeviceOwners.
-    """
-
-    def authenticate(self, username=None, password=None, **kwargs):
-        """
-        Authenticates the user if the credentials correspond to a DeviceOwner.
-
-        :param username: a string
-        :param password: a string
-        :return: A DeviceOwner instance if successful, or None if authentication failed.
-        """
-        try:
-            user = DeviceOwner.objects.get(username=username)
-            if user.check_password(password):
-                return user
-            else:
-                return None
-        except DeviceOwner.DoesNotExist:
-            return None
-
-    def get_user(self, user_id):
-        """
-        Gets a user. Auth backends are required to implement this.
-
-        :param user_id: A BaseUser pk
-        :return: A DeviceOwner instance if a BaseUser with that pk is found, else None.
-        """
-        try:
-            return DeviceOwner.objects.get(pk=user_id)
-        except DeviceOwner.DoesNotExist:
-            return None

kolibri/auth/migrations/0004_auto_20170816_1607.py

@@ -0,0 +1,43 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.9.7 on 2017-08-16 23:07
+from __future__ import unicode_literals
+
+import django.core.validators
+from django.db import migrations, models
+
+
+def device_owner_to_super_user(apps, schema_editor):
+    DeviceOwner = apps.get_model('kolibriauth', 'DeviceOwner')
+    FacilityUser = apps.get_model('kolibriauth', 'FacilityUser')
+    Facility = apps.get_model('kolibriauth', 'Facility')
+    default_facility = Facility.objects.all().first()
+    DevicePermissions = apps.get_model('device', 'DevicePermissions')
+    DeviceSettings = apps.get_model('device', 'DeviceSettings')
+    # Can't do much if no facilities exist, as no facility to FK the users onto
+    if default_facility:
+        for device_owner in DeviceOwner.objects.all():
+            superuser = FacilityUser.objects.create(
+                username=device_owner.username,
+                password=device_owner.password,
+                facility=default_facility,
+                full_name=device_owner.full_name,
+                date_joined=device_owner.date_joined,
+            )
+            DevicePermissions.objects.create(user=superuser, is_superuser=True)
+        # Finally, set the is_provisioned flag
+        settings, created = DeviceSettings.get_or_create(is_provisioned=True)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('kolibriauth', '0003_auto_20170621_0958'),
+        ('device', '0001_initial')
+    ]
+
+    operations = [
+        migrations.RunPython(device_owner_to_super_user, migrations.RunPython.noop),
+        migrations.DeleteModel(
+            name='DeviceOwner',
+        ),
+    ]