Remove staff/volunteer login

The staffing area now relies on an ID being passed between pages rather than having a separate login. This will allow those with attendee accounts to view shifts for any badge under their account.

This does lock access to shifts to the account owner, which means we might want to add some way to grant access so people can bypass the account check to see their shifts. But most people likely won't run into that, so that's a Later Problem.

Author: kitsuta

uber/config.py

@@ -1007,8 +1007,6 @@ def INDEXABLE_PAGE_PATHS(self):
         via the meta tag for everything except these pages.
         """
         index_pages = ['/landing/', '/landing/index', '/pregistration/form', '/accounts/login']
-        if c.SHIFTS_CREATED:
-            index_pages.append('/staffing/login')
         if c.TRANSFERABLE_BADGE_TYPES:
             index_pages.append('/preregistration/start_badge_transfer')
         if not c.ATTENDEE_ACCOUNTS_ENABLED:
@@ -1042,18 +1040,6 @@ def CURRENT_ADMIN(self):
         except Exception:
             return {}
 
-    @request_cached_property
-    @dynamic
-    def CURRENT_VOLUNTEER(self):
-        try:
-            from uber.models import Session, Attendee
-            with Session() as session:
-                attrs = Attendee.to_dict_default_attrs + ['logged_in_name']
-                attendee = session.logged_in_volunteer()
-                return attendee.to_dict(attrs)
-        except Exception:
-            return {}
-        
     @request_cached_property
     @dynamic
     def CURRENT_KIOSK_SUPERVISOR(self):
@@ -1075,6 +1061,10 @@ def CURRENT_KIOSK_OPERATOR(self):
                 return attendee.to_dict()
         except Exception:
             return {}
+        
+    @property
+    def LOCAL_ACCOUNTS_DISABLED(self):
+        return c.OIDC_ENABLED and not c.SSO_EMAIL_DOMAINS
 
     @request_cached_property
     @dynamic

uber/decorators.py

@@ -170,17 +170,18 @@ def protected(*args, **kwargs):
                 admin_account_id = cherrypy.session.get('account_id', getattr(cherrypy.request, 'admin_account', None))
                 attendee_account_id = cherrypy.session.get('attendee_account_id', getattr(cherrypy.request, 'attendee_account', None))
                 message = ''
-                if not models and not attendee_account_id and c.PAGE_PATH != '/preregistration/homepage':
-                    # These should all be pages like the prereg form
+                if c.LOCAL_ACCOUNTS_DISABLED and admin_account_id is None and attendee_account_id is None:
+                    ajax_or_redirect(func, '../accounts/login?message=', message, True)
+                elif attendee_account_id is None and admin_account_id is None:
+                    message = 'You must log in to view this page.'
+                    message_add = ''
                     if c.PAGE_PATH in ['/preregistration/form', '/preregistration/post_form']:
                         message_add = 'register'
-                    else:
+                    elif c.PAGE_PATH != '/preregistration/homepage' and not models and 'staffing' not in c.PAGE_PATH:
                         message_add = 'fill out this application'
-                    message = 'Please log in or create an account to {}!'.format(message_add)
+                    if message_add:
+                        message = f'Please log in or create an account to {message_add}!'
                     ajax_or_redirect(func, '../landing/index?message=', message, True)
-                elif attendee_account_id is None and admin_account_id is None or \
-                        attendee_account_id is None and c.PAGE_PATH == '/preregistration/homepage':
-                    message = 'You must log in to view this page.'
                 elif kwargs.get('id') and models:
                     model_list = [models] if not isinstance(models, list) else models
                     attendee, error, model_id = None, None, None
@@ -759,11 +760,7 @@ def with_restrictions(*args, **kwargs):
         if not getattr(cherrypy.request, 'admin_account', getattr(cherrypy.request, 'attendee_account', None)):
             cherrypy.tools.oidc.redirect_to_keycloak()
 
-        if '/staffing/' in c.PAGE_PATH:
-            if not cherrypy.session.get('staffer_id'):
-                ajax_or_redirect(func, '../staffing/login?message=', "You are not logged in.", True)
-
-        elif cherrypy.session.get('account_id', getattr(cherrypy.request, 'admin_account', None)) is None:
+        if cherrypy.session.get('account_id', getattr(cherrypy.request, 'admin_account', None)) is None:
             if getattr(func, 'kiosk_login', None):
                 if not cherrypy.session.get('kiosk_supervisor_id'):
                     cherrypy.session.pop('kiosk_operator_id', None)

uber/models/__init__.py

@@ -915,12 +915,12 @@ def get_attendee_account_by_attendee(self, attendee):
                 return logged_in_account
             elif len(attendee.managers) == 1:
                 return attendee.managers[0]
-
-        def logged_in_volunteer(self):
-            return self.query(Attendee).filter(Attendee.id == cherrypy.session.get('staffer_id')).options(
+            
+        def volunteer_from_id(self, id):
+            return self.query(Attendee).filter(Attendee.id == id).options(
                 selectinload(Attendee.hotel_requests), selectinload(Attendee.food_restrictions),
                 selectinload(Attendee.shifts)
-            ).one()
+            ).first()
 
         def admin_has_staffer_access(self, staffer, access="view"):
             admin = self.current_admin_account()
@@ -1118,8 +1118,8 @@ def checklist_status(self, slug, department_id):
                     'completed': attendee.checklist_item_for_slug(conf.slug)
                 }
 
-        def jobs_for_signups(self, all=False):
-            jobs = self.logged_in_volunteer().possible
+        def jobs_for_signups(self, id, all=False):
+            jobs = self.volunteer_from_id(id).possible
             restricted_minutes = set()
             for job in jobs:
                 if job.required_roles:
@@ -1319,6 +1319,8 @@ def get_assigned_terminal_id(self):
             return "", c.TERMINAL_ID_TABLE[lookup_key]
 
         def get_receipt_by_model(self, model, include_closed=False, who='', create_if_none="", options=[]):
+            if not model:
+                return
             receipt_select = self.query(ModelReceipt).filter_by(owner_id=model.id, owner_model=model.__class__.__name__)
             if not include_closed:
                 receipt_select = receipt_select.filter(ModelReceipt.closed == None)  # noqa: E711

uber/models/attendee.py

@@ -608,7 +608,7 @@ def _misc_adjustments(self):
         if self.promo_code and self.promo_code_groups:
             self.promo_code = None
 
-        if self.group and not self.is_group_save:
+        if self.group and not getattr(self, 'is_group_save', False):
             self.group.presave_adjustments()
 
     @presave_adjustment
@@ -2693,6 +2693,11 @@ def at_door_pending_attendees(self):
                        attendee.badge_status == c.NEW_STATUS and attendee.paid == c.PENDING],
                        key=lambda a: a.first_name)
 
+    @property
+    def volunteering_attendees(self):
+        return [attendee for attendee in self.attendees if attendee.has_badge
+                and attendee.staffing and attendee.badge_type != c.CONTRACTOR_BADGE]
+
     @property
     def invalid_attendees(self):
         return [attendee for attendee in self.attendees if not attendee.is_valid and

uber/site_sections/preregistration.py

@@ -2222,7 +2222,10 @@ def confirm(self, session, message='', return_to='confirm', undoing_extra='', **
             else:
                 message = 'Your information has been updated'
 
-            page = ('badge_updated?id=' + attendee.id + '&') if return_to == 'confirm' else (return_to + '?')
+            if return_to == 'confirm':
+                page = ('badge_updated?id=' + attendee.id + '&')
+            else:
+                page = (return_to + '?') if '?' not in return_to else (return_to + '&')
             if attendee.is_valid:
                 if not receipt:
                     receipt = session.get_receipt_by_model(attendee, create_if_none="DEFAULT")
@@ -2237,7 +2240,7 @@ def confirm(self, session, message='', return_to='confirm', undoing_extra='', **
 
         attendee.placeholder = placeholder
         if not message and attendee.placeholder:
-            message = 'You are not yet registered!  You must fill out this form to complete your registration.'
+            message = 'You are not yet registered! Please fill out this form to complete your registration.'
         elif not message and not c.ATTENDEE_ACCOUNTS_ENABLED and attendee.badge_status == c.COMPLETED_STATUS:
             message = 'You are already registered but you may update your information with this form.'
 
@@ -2500,6 +2503,9 @@ def new_badge_payment(self, session, id, return_to, message=''):
         if not c.ONLINE_PAYMENT_AVAILABLE:
             raise HTTPRedirect('confirm?id={}&message={}', id, "Please go to Registration to pay for this badge.")
         attendee = session.attendee(id)
+        receipt = session.get_receipt_by_model(attendee, who='non-admin', create_if_none="DEFAULT")
+        if not receipt.current_amount_owed:
+            raise HTTPRedirect('confirm?id={}', attendee.id)
         return {
             'attendee': attendee,
             'receipt': session.get_receipt_by_model(attendee, who='non-admin', create_if_none="DEFAULT"),
@@ -2684,8 +2690,7 @@ def new_password_setup(self, session, account_email, token, message='', **params
     def guest_food(self, session, id):
         attendee = session.attendee(id)
         assert attendee.badge_type == c.GUEST_BADGE, 'This form is for guests only'
-        cherrypy.session['staffer_id'] = attendee.id
-        raise HTTPRedirect('../staffing/food_restrictions')
+        raise HTTPRedirect('../staffing/food_restrictions?id={}', id)
 
     def credit_card_retry(self):
         return {}

uber/site_sections/shifts_admin.py

@@ -285,8 +285,7 @@ def staffers(self, session, department_id=None, message=''):
         }
 
     def goto_volunteer_checklist(self, id):
-        cherrypy.session['staffer_id'] = id
-        raise HTTPRedirect('../staffing/index')
+        raise HTTPRedirect('../staffing/index?id={}', id)
 
     @ajax
     def update_shifts_info(self, session, id, nonshift_hours, admin_notes, for_review=None):