Merge pull request #876 from EvanBldy/master

[person] allow a person in PROTECTED_ACCOUNTS to update her informations
cgwire · Oct 18, 2024 · 362c19c · 362c19c
2 parents f1d32ee + 4322ddb
commit 362c19c
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 6 deletions.
diff --git a/zou/app/blueprints/auth/resources.py b/zou/app/blueprints/auth/resources.py
@@ -1369,7 +1369,9 @@ def post(self):
             user = persons_service.get_person_by_email(email)
             for k, v in person_info.items():
                 if user.get(k) != v:
-                    persons_service.update_person(user["id"], person_info)
+                    persons_service.update_person(
+                        user["id"], person_info, bypass_protected_accounts=True
+                    )
                     break
         except PersonNotFoundException:
             user = persons_service.create_person(

diff --git a/zou/app/blueprints/crud/person.py b/zou/app/blueprints/crud/person.py
@@ -203,7 +203,10 @@ def pre_update(self, instance_dict, data):
             and persons_service.is_user_limit_reached()
         ):
             raise WrongParameterException("User limit reached.")
-        if instance_dict["email"] in config.PROTECTED_ACCOUNTS:
+        if (
+            instance_dict["email"] in config.PROTECTED_ACCOUNTS
+            and instance_dict["id"] != persons_service.get_current_user()["id"]
+        ):
             message = None
             if data.get("active") is False:
                 message = "Can't set this person as inactive it's a protected account."

diff --git a/zou/app/blueprints/persons/resources.py b/zou/app/blueprints/persons/resources.py
@@ -1255,7 +1255,10 @@ def post(self, person_id):
         permissions.check_admin_permissions()
         try:
             person = persons_service.get_person(person_id)
-            if person["email"] in config.PROTECTED_ACCOUNTS:
+            if (
+                person["email"] in config.PROTECTED_ACCOUNTS
+                and person["id"] != persons_service.get_current_user()["id"]
+            ):
                 raise PersonInProtectedAccounts()
             current_user = persons_service.get_current_user()
             auth.validate_password(password, password_2)

diff --git a/zou/app/blueprints/previews/resources.py b/zou/app/blueprints/previews/resources.py
@@ -1023,6 +1023,11 @@ def check_allowed_to_post(self, instance_id):
         if not is_current_user and not permissions.has_admin_permissions():
             raise permissions.PermissionDenied
 
+    def prepare_creation(self, instance_id):
+        self.model = self.update_model_func(
+            instance_id, {"has_avatar": True}, bypass_protected_accounts=True
+        )
+
 
 class CreatePersonThumbnailResource(PersonThumbnailResource):
     pass

diff --git a/zou/app/services/persons_service.py b/zou/app/services/persons_service.py
@@ -381,7 +381,9 @@ def update_person_last_presence(person_id):
         date = log.date
     elif time_spent is not None:
         date = time_spent.date
-    return update_person(person_id, {"last_presence": date})
+    return update_person(
+        person_id, {"last_presence": date}, bypass_protected_accounts=True
+    )
 
 
 def get_presence_logs(year, month):

diff --git a/zou/app/utils/commands.py b/zou/app/utils/commands.py
@@ -394,7 +394,9 @@ def update_person_list_with_ldap_users(users):
             )
             .all()
         ):
-            persons_service.update_person(person.id, {"active": False})
+            persons_service.update_person(
+                person.id, {"active": False}, bypass_protected_accounts=True
+            )
             print(
                 "User %s disabled (not found in LDAP)." % person.desktop_login
             )
@@ -418,6 +420,7 @@ def update_person_list_with_ldap_users(users):
                         "desktop_login": user["desktop_login"],
                         "ldap_uid": user["ldap_uid"],
                     },
+                    bypass_protected_accounts=True,
                 )
                 print(f"User {user['desktop_login']} updated.")
             except IsUserLimitReachedException:
@@ -470,7 +473,9 @@ def save_thumbnail(person, thumbnail):
         )
         file_store.add_picture("thumbnails", person["id"], thumbnail_png_path)
         os.remove(thumbnail_png_path)
-        persons_service.update_person(person["id"], {"has_avatar": True})
+        persons_service.update_person(
+            person["id"], {"has_avatar": True}, bypass_protected_accounts=True
+        )
 
     ldap_users = get_ldap_users()
     update_person_list_with_ldap_users(ldap_users)