System account #6559
System account #6559
Conversation
b942fc2 to
0d18164
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR introduces system account support across the codebase by adding an AccountType to the Profile model and replacing direct lookups for the SUMO Bot with a unified Profile.get_system_account() method. Key changes include:
- Adding AccountType choices and system account helper to kitsune/users/models.py.
- Replacing multiple direct lookups of SUMO Bot in handlers, tests, and views with Profile.get_system_account().
- Updating managers, migrations, and app configuration for system account support.
Reviewed Changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| kitsune/users/managers.py | Defines RegularUserManager and other managers with system account filtering. |
| kitsune/users/migrations/0032_profile_account_type_alter_profile_user.py | Creates the account_type field in the Profile model. |
| kitsune/users/apps.py | Configures the User model to use RegularUserManager for non-system accounts. |
| kitsune/flagit/views.py | Prevents flagging of system account users. |
| kitsune/users/models.py | Adds AccountType and system account helper for Profile model. |
| kitsune/users/views.py | Blocks deactivation of system account users. |
| kitsune/users/init.py | Updates initialization with SUMO_BOT_BIO and default_app_config. |
| kitsune/wiki/handlers.py, kitsune/gallery/handlers.py, kitsune/forums/handlers.py, kitsune/kbforums/handlers.py, kitsune/questions/handlers.py, kitsune/messages/handlers.py, kitsune/search/signals/users.py, kitsune/search/documents.py | Updates various handlers and tests to use Profile.get_system_account(). |
| kitsune//tests/ | Updates tests to assert against the system account returned by Profile.get_system_account(). |
Comments suppressed due to low confidence (2)
kitsune/users/managers.py:16
- [nitpick] Consider calling super() with the current class (e.g., super(RegularUserManager, self).get_queryset() or simply super().get_queryset()) to ensure the correct method resolution.
qs = super(UserManager, self).get_queryset()
kitsune/users/init.py:16
- [nitpick] Verify that the AppConfig class name specified in default_app_config matches the actual class name defined in kitsune/users/apps.py (currently defined as 'UserConfig').
default_app_config = "kitsune.users.apps.UsersConfig"
0d18164 to
2424c09
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new system account mechanism that classifies user profiles by account type and enforces restrictions for system accounts throughout the codebase. Key changes include:
- Adding an "account_type" field with choices (regular, system, admin) and related methods/properties in the Profile model.
- Updating various handlers, tests, views, and the user manager to reassign or restrict operations on system accounts.
- Replacing direct retrieval of the Sumo Bot user with Profile.get_system_account() across multiple modules.
Reviewed Changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| kitsune/users/migrations/0032_profile_account_type_alter_profile_user.py | Adds migration to introduce account_type field and adjusts profile relation. |
| kitsune/users/managers.py | Introduces managers to exclude system accounts for regular operations. |
| kitsune/flagit/views.py | Blocks flagging of system account content by checking profile.is_system_account. |
| kitsune/users/models.py | Defines AccountType choices, adds system account getter method, and property is_system_account. |
| kitsune/users/apps.py | Replaces the default user manager with RegularUserManager. |
| kitsune/users/views.py | Prevents deactivation of system accounts by raising Http404 for such users. |
| kitsune/users/init.py | Introduces the SUMO_BOT_BIO constant and sets the default_app_config. |
| kitsune/wiki/handlers.py, kitsune/kbforums/handlers.py, etc. | Updates multiple deletion/reassignment handlers to use Profile.get_system_account. |
| kitsune/search/documents.py | Modifies document indexing to exclude system account profiles. |
| kitsune//tests/ | Updates tests to expect reassignment to system account using Profile.get_system_account. |
Comments suppressed due to low confidence (1)
kitsune/users/views.py:161
- [nitpick] Consider returning HttpResponseForbidden instead of raising Http404 for system accounts in the deactivate view to ensure a consistent authorization error response.
if user.profile.is_system_account:
2424c09 to
f2d570e
Compare
There was a problem hiding this comment.
This is beautifully done! ❤️ 🎉
I have a few comments sprinkled in with the code, but I'll also add some here as well.
-
My understanding is that the profile of a system account should be viewable. So the
kitsune.users.views.profileview needs to be modified such the user and profile queries use theall_usersandall_profilesmanagers instead of the default ones. -
The users form field (
MultiUsernameField) of thekitsune.wiki.forms.RevisionFilterFormneeds to filter based on theall_usersandall_profilesmanagers, since the system account user will show up on the recent revisions page, and we should be able to filter it like any other user or user profile. Can we add an option/setting tokitsune.sumo.form_fields.MultiUsernameFieldthat determines whether it'll use theall_usersandall_profilesmanagers instead of the default ones? -
I think we can roll out this PR with its DB migration in one go? At least it seems that way to me. The DB migration will be completed prior to the code deployment, and I don't think the DB migration will cause any prior code running in the soon-to-be-terminated pods to fail?
f2d570e to
cb7f32b
Compare
cb7f32b to
911681c
Compare
|
@escattone can you have another pass? I haven't updated the manger for |
No description provided.