Open gannebamm opened 1 year ago
gannebamm
commented
1 year ago After doing some more digging into the abstract user from Django, maybe this is also ok: https://docs.djangoproject.com/en/4.1/ref/contrib/auth/#django.contrib.auth.models.User.is_active
Defining a Profile as non-active should prevent it from logging in, I think?
t-book
commented
1 year ago @gannebamm yes if you remove the active check the user should not be able to login. Does this solve your issue?
t-book
commented
1 year ago (and maybe craete a group for those profiles to quickly identify them)
giohappy
commented
1 year ago @gannebamm moreover, those users could be removed from the contributors (and registered-members if configured) Django Group.
t-book
commented
1 year ago Good point @giohappy Maybe even after every registration with some signal if the email does not end with the company domain...
from django.contrib.auth.models import User, Group
from django.dispatch import receiver
from django.db.models.signals import post_save
from django.contrib.auth import get_user_model
@receiver(post_save, sender=get_user_model())
def remove_user_from_all_groups(sender, instance, created, **kwargs):
if created and not instance.email.endswith("example.com"):
groups = Group.objects.filter(user=instance)
for group in groups:
group.user_set.remove(instance)I have tested the ideas above. Those will not cover our use-case since you can not set a non active user as a contact. We will discuss options to resolve those requirements also with respect to #11511 and #12124.
Is your feature request related to a problem? Please describe.
As a research institute, we need to manage data given by third parties. Since we do not initially create the data, we want to set the originator/author contact to the third party. An example is data from the Federal Agency for Cartography and Geodesy (BKG) (https://gdz.bkg.bund.de/index.php/default/digitale-geodaten.html).
Describe the solution you'd like As an admin, I want to create a
Profileobject which is not allowed to log in.Describe alternatives you've considered
Profilemodel for third parties: https://github.com/GeoNode/geonode/blob/99b0557da5c7db23c72ad39e466b88fe43edf82d/geonode/people/models.py#L64-L65 These users, in theory, could log in/request a password reset by the email contact info given.contacts. This new model would need to keep in sync withProfileand needs new UI elements to give information about the contact. This feels like overhead, seeing that we already have a properProfileimplementation which provides these features.Additional context See this #10290 as a reference for our implementation idea to set multiple contacts to one dataset. After that PR is finished, we will have the following ISO contact roles at hand:
author: party who authored the resource << THIRD PARTY ?? publisher: party who published the resource << THIRD PARTY ?? resource provider: party that supplies the resource << THIRD PARTY ?? originator: party who created the resource << THIRD PARTY ?? owner: party that owns the resource << IN THEORY THIRD PARTY, but this will mix up the user permissions! So keeping it on the resources owner in GeoNode (likely the admin) shall be used as a good enough workaround. See also https://github.com/GeoNode/geonode/issues/10290#issuecomment-1313425520