Handle sudo connection in the account view

sbesson commented 7 months ago

Fixes #445

Summary of changes

expand webadmin.views.my_account to also detect whether the current context was created via sudo
If the current session was created with sudo, disable the ability to update experimenter properties and password in the UI

To test this PR, follow the authentication workflow described in https://github.com/ome/omero-web/issues/445#issuecomment-1525079385 i.e.

create a session using --sudo via the CLI
use the session key as the username/password to authenticate using OMERO.web
got to the My Account view i.e. click on the user profile then User settings

Without this PR, the Save and Change my password button should be active. Clicking on Save should launch the 500 error page with a server SecurityViolation of type Current user is not admin for the given user(s). Clicking on Change my password will ask for the current user password which is not known in this workflow since the session was created using the principal password.

With this PR, both buttons should be hidden.

sbesson commented 7 months ago

Thanks @knabar, the approach of the last commit makes sense to me. Passing back to @will-moore and @pwalczysko for another round of review.

will-moore commented 7 months ago

Looks good - form is "inert":

Screenshot 2023-12-12 at 14 45 56

pwalczysko commented 7 months ago

confirming, lgtm

ome / omero-web

Handle sudo connection in the account view #516