Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update backward migration message when going from project-level to account-level anonymous submission permissions #918

Merged
merged 2 commits into from
Jan 30, 2024
Merged

Update backward migration message when going from project-level to account-level anonymous submission permissions #918

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
24921ac
Remove trailing whitespace
jnm Jan 30, 2024
3eadcad
Update backward migration message…
jnm Jan 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
43 changes: 26 additions & 17 deletions onadata/apps/logger/migrations/0034_set_require_auth_at_project_level.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ def restore_open_rosa_server_in_redis(apps, schema_editor):
lua_script = f"""
local keys = {{"{lua_keys}"}}
for _, key in ipairs(keys) do
local redis_real_key = string.sub(key, 1, string.find(key, '|') - 1)
local redis_real_key = string.sub(key, 1, string.find(key, '|') - 1)
local username = string.sub(key, string.find(key, '|') + 1, string.len(key))
local ee_id = redis.call('get', redis_real_key)
if ee_id then
Expand All @@ -67,25 +67,34 @@ def restore_require_auth_at_profile_level(apps, schema_editor):

print(
"""
Restoring authentication at the profile level cannot be done
automatically.

This is an example of what can be done:
⚠️ WARNING ⚠️ The example below makes all projects publicly
accessible when profile level is restored even if, at least, one project
was publicly accessible at project level.

```python
UserProfile.objects.filter(
user_id__in=XForm.objects.filter(require_auth=False).values_list(
'user_id'
)
).update(require_auth=False)
XForm.objects.filter(require_auth=True).update(require_auth=False)
```
You are migrating backwards from project-level control of anonymous
submissions to account-level control.

If you want to allow anonymous submissions again for existing accounts,
you must enable that manually, either in the user profile settings UI
of the KPI application, or by running commands in the KoboCAT Django
shell to set `require_auth=False` on the `UserProfile` instances
belonging to the desired accounts.
"""
)

# For those savvy enough to read the code here, offer an example of how to
# set `require_auth=False` for all accounts having at least one *project*
# that allowed anonymous submissions.
# ⚠️ This is DANGEROUS because it potentially allows anonymous submissions
# (and anonymous viewing of the form) for projects where it was *not*
# previously allowed, e.g. an owner having 1 anonymous-allowed project and
# 99 private ones would have all 100 projects exposed.
#
# UserProfile.objects.filter(
# user_id__in=XForm.objects.filter(require_auth=False).values_list(
# 'user_id'
# )
# ).update(require_auth=False)
# # Since `require_auth` at project level no longer does anything,
# # remove misleading values
# XForm.objects.filter(require_auth=True).update(require_auth=False)


def set_require_auth_at_project_level(apps, schema_editor):

Expand Down