-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Show pseudonymized names #1211
Show pseudonymized names #1211
Conversation
def get(self, request: HttpRequest) -> HttpResponse: | ||
pseudonymize = request.session.get("pseudonymize", False) | ||
request.session["pseudonymize"] = not pseudonymize | ||
return HttpResponseRedirect(request.META.get("HTTP_REFERER", "/")) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
user-provided value
efe9dc9
to
000f732
Compare
- Added studentID to be pseudonymizized - Fixed hashing issues
000f732
to
ff648fc
Compare
exercise/staff_views.py
Outdated
@@ -66,6 +75,9 @@ def get_common_objects(self) -> None: | |||
Prefetch('submitters', UserProfile.objects.prefetch_tags(self.instance)), | |||
) | |||
) | |||
for submission in qs: | |||
format_submission(submission, self.pseudonymize) | |||
print(submission.submitters) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should remove debug print
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed this print
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just wrote up comments earlier and didn't actually submit them, sorry! New to this review business. Anyway, comments up now.
8ea5f35
to
bc9d2de
Compare
Thanks for the comments! Just went through them, do you think the seed system there is ok for keeping the pseudonymizations consistent? |
bc9d2de
to
75571b8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Looks fine now.
This turned out to be very difficult. The only way I came up with is to modify the user instance's fields without storing the changes to the database. I don't know if this is the cleanest way to do it but the upside is that is doesn't require changing the API of user of userprofile. I couldn't figure out a way to pseudonymize the 'All results' page since it doesn't fetch the user data in the view but through a JavaScript script so I can't access the request.session object which contains a boolean value 'pseudonymize' that determines whether personal data should be pseudonymized. Also, the forms are difficult to pseudonymize without changing the form field values which sounds dangerous.
#533