Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disallow users from making requests until first/last name are filled in #605

Open
matthew-li opened this issue May 23, 2024 · 2 comments
Open

Disallow users from making requests until first/last name are filled in #605

matthew-li opened this issue May 23, 2024 · 2 comments
Assignees
@helbashandy
Labels
enhancement New feature or request

Comments

@matthew-li
Copy link
Collaborator

CILogon is given first/last name information by the identity provider chosen by the user. In rare cases, the provider doesn't give one or the other of the names, so we have incomplete information.

In cases like these, users should be prevented from making most (all?) requests (especially requests to join/be added to a project and, by extension, gain access to the cluster) until they fill in both first/last names from the user profile page.

We already have checks for whether the user agreement is signed. Consider including checks like these in some kind of utility function/mixin to avoid code duplication.

It might also be useful to include a banner upon initial authentication alerting the user to do this.
@matthew-li matthew-li added the enhancement New feature or request label May 23, 2024
@matthew-li
Copy link
Collaborator Author

@helbashandy I think this would make a simple first issue to let you see/touch much of the codebase.

Most views in coldfront.core inherit a mixin UserPassesTestMixin which requires a function test_func that determines whether the authenticated user can access the view (else 403).

It's probably worth considering placing checks like these (agreement being signed, names being filled, etc.) into a new mixin to avoid duplicate code.

I also want to document which views require what. Whether that belongs only in the code or has a place in our separate docs repo is a conversation for us to have.

@helbashandy helbashandy self-assigned this Jul 1, 2024
helbashandy added a commit that referenced this issue Aug 19, 2024
@helbashandy
Require first & last name on project requests
743ad96 
* Adds a permissions.py file as an initial step to centeralize
  permissions across the app.

* Adds first and last name check to the test_func on ProjectRequestView.

* Creates a generic wrapper decorator to be used around test_func to
  allow gradual progressive refactor of test_func towards a  more
  centeralized and modular permissions management solution.

closes #605
@helbashandy helbashandy mentioned this issue Aug 19, 2024
Open
5 tasks
@matthew-li
Copy link
Collaborator Author

@helbashandy Some additional relevant views:

  • Project PIs/managers can add users to their project directly (as opposed to users requesting to join): coldfront.core.project.views.ProjectAddUsersView.
  • A user could navigate directly to the URLs linked to from the "Create a Project" view (e.g., if a user support consultant provides them with one of the those links). See coldfront.core.project.templates.project.project_request.project_request.html. Those landing pages themselves then link to the forms where the requests are actually made.
  • PIs/managers of FCAs (on MyBRC) and PCAs (on MyLRC) can request to renew their allowances:
    • From the project detail page: "Renew Allowance" button
    • At /project: These users see an additional "Renew a PI's Allowance" button. You'd need to log in as a relevant user to see that.

helbashandy added a commit that referenced this issue Oct 8, 2024
@helbashandy
Require first & last name on project requests
ea63ec3 
 * Adds a permissions.py file as an initial step to centeralize
 permissions across the app.

 * Adds first and last name check to the test_func on requests to create or join a project.

 * Creates a generic wrapper decorator to be used around test_func to
 allow gradual progressive refactor of test_func towards a more
 centralized and modular permissions management solution.

 * Adds test for request creation

 Fixes #605
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@helbashandy helbashandy

Labels
enhancement New feature or request
Projects
MyBRC/MyLRC Development Tasks
Status: Review in progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matthew-li @helbashandy