♻️(models) remove multiple identities

Multiple identities were complicating this project's code. We moved the management of multiple identities to our OIDC provider.
2024-06-09 22:43:42 +02:00
parent 79330015e0
commit 2ec292bb91
37 changed files with 509 additions and 1149 deletions
--- a/src/backend/core/admin.py
+++ b/src/backend/core/admin.py
@@ -1,6 +1,5 @@
 """Admin classes and registrations for People's core app."""

-from django import forms
 from django.contrib import admin
 from django.contrib.auth import admin as auth_admin
 from django.utils.translation import gettext_lazy as _
@@ -8,42 +7,6 @@ from django.utils.translation import gettext_lazy as _
 from . import models


-class IdentityFormSet(forms.BaseInlineFormSet):
-    """
-    Make the "is_main" field readonly when it is True so that declaring another identity
-    works in the admin.
-    """
-
-    def add_fields(self, form, index):
-        """Disable the "is_main" field when it is set to True"""
-        super().add_fields(form, index)
-        is_main_value = form.instance.is_main if form.instance else False
-        form.fields["is_main"].disabled = is_main_value
-
-
-class IdentityInline(admin.TabularInline):
-    """Inline admin class for user identities."""
-
-    fields = (
-        "sub",
-        "email",
-        "is_main",
-        "created_at",
-        "updated_at",
-    )
-    formset = IdentityFormSet
-    model = models.Identity
-    extra = 0
-    readonly_fields = ("email", "created_at", "sub", "updated_at")
-
-    def has_add_permission(self, request, obj):
-        """
-        Identities are automatically created on successful OIDC logins.
-        Disable creating identities via the admin.
-        """
-        return False
-
-
 class TeamAccessInline(admin.TabularInline):
    """Inline admin class for team accesses."""

@@ -72,11 +35,12 @@ class UserAdmin(auth_admin.UserAdmin):
            {
                "fields": (
                    "id",
+                    "sub",
                    "password",
                )
            },
        ),
-        (_("Personal info"), {"fields": ("admin_email", "language", "timezone")}),
+        (_("Personal info"), {"fields": ("email", "language", "timezone")}),
        (
            _("Permissions"),
            {
@@ -97,13 +61,14 @@ class UserAdmin(auth_admin.UserAdmin):
            None,
            {
                "classes": ("wide",),
-                "fields": ("admin_email", "password1", "password2"),
+                "fields": ("sub", "email", "password1", "password2"),
            },
        ),
    )
-    inlines = (IdentityInline, TeamAccessInline)
+    inlines = (TeamAccessInline,)
    list_display = (
-        "admin_email",
+        "sub",
+        "email",
        "created_at",
        "updated_at",
        "is_active",
@@ -113,8 +78,14 @@ class UserAdmin(auth_admin.UserAdmin):
    )
    list_filter = ("is_staff", "is_superuser", "is_device", "is_active")
    ordering = ("is_active", "-is_superuser", "-is_staff", "-is_device", "-updated_at")
-    readonly_fields = ("id", "created_at", "updated_at")
-    search_fields = ("id", "admin_email", "identities__sub", "identities__email")
+    readonly_fields = ["id", "created_at", "updated_at"]
+    search_fields = ("id", "email", "sub")
+
+    def get_readonly_fields(self, request, obj=None):
+        """The sub should only be editable for a create, not for updates."""
+        if obj:
+            return self.readonly_fields + ["sub"]
+        return self.readonly_fields


@admin.register(models.Team)