From 80e14e3d12066bcdeab97c9edb77f5bdf8ab6fd2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Besson?= <sbesson@glencoesoftware.com>
Date: Wed, 29 Nov 2023 14:03:51 +0000
Subject: [PATCH 1/2] Handle sudo connection in the account view

Expand webadmin.views.my_account to also detect whether the current
context was created via sudo
If the current session was created with sudo, disable the ability to
update experimenter properties and password in the UI
---
 omeroweb/webadmin/templates/webadmin/myaccount.html | 5 +++--
 omeroweb/webadmin/views.py                          | 2 ++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/omeroweb/webadmin/templates/webadmin/myaccount.html b/omeroweb/webadmin/templates/webadmin/myaccount.html
index e225a5945f..9857564c43 100644
--- a/omeroweb/webadmin/templates/webadmin/myaccount.html
+++ b/omeroweb/webadmin/templates/webadmin/myaccount.html
@@ -293,7 +293,7 @@
 
                {% if ldapAuth %}
                <div id="password"><label>LDAP: </label>{{ ldapAuth }}</div>
-               {% else %}
+               {% elif not isSudo %}
 
                <div id="password">
 
@@ -308,8 +308,9 @@
                </div>
                {% endif %}
 
-
+               {% if not isSudo %}
                <input type="submit" value="{% trans 'Save' %}" />
+               {% endif %}
              </div>
             <div style="clear:both"></div>
        </form>
diff --git a/omeroweb/webadmin/views.py b/omeroweb/webadmin/views.py
index 1795680bce..23f03fd1e5 100644
--- a/omeroweb/webadmin/views.py
+++ b/omeroweb/webadmin/views.py
@@ -1037,6 +1037,7 @@ def my_account(request, action=None, conn=None, **kwargs):
         isLdapUser,
         hasAvatar,
     ) = prepare_experimenter(conn)
+    isSudo = conn.getEventContext().sudoerId is not None
     try:
         defaultGroupId = defaultGroup.id
     except Exception:
@@ -1092,6 +1093,7 @@ def my_account(request, action=None, conn=None, **kwargs):
     context = {
         "form": form,
         "ldapAuth": isLdapUser,
+        "isSudo": isSudo,
         "experimenter": experimenter,
         "ownedGroups": ownedGroups,
         "password_form": password_form,

From c31314592160c92097cfad7d9eb686d8d3faf7a6 Mon Sep 17 00:00:00 2001
From: Andreas Knab <andreas@glencoesoftware.com>
Date: Tue, 12 Dec 2023 14:17:09 +0100
Subject: [PATCH 2/2] Make form inert in sudo mode

---
 omeroweb/webadmin/templates/webadmin/myaccount.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/omeroweb/webadmin/templates/webadmin/myaccount.html b/omeroweb/webadmin/templates/webadmin/myaccount.html
index 9857564c43..f78381f69e 100644
--- a/omeroweb/webadmin/templates/webadmin/myaccount.html
+++ b/omeroweb/webadmin/templates/webadmin/myaccount.html
@@ -280,9 +280,11 @@
             </div>
 
 
-        <form class="standard_form settings_form" action="{% url 'wamyaccount' "save" %}" method="POST">{% csrf_token %}
+        <form class="standard_form settings_form" action="{% url 'wamyaccount' "save" %}" method="POST"
+          {% if isSudo %} inert {% endif %}
+        >{% csrf_token %}
 
-           <div id="personal_details">
+           <div id="personal_details" {% if isSudo %} style="opacity: 50%;" {% endif %}>
 
                {% for field in form %}
                    {% if field.errors %}<div style="clear:both">{{ field.errors }}</div>{% endif %}
@@ -293,7 +295,7 @@
 
                {% if ldapAuth %}
                <div id="password"><label>LDAP: </label>{{ ldapAuth }}</div>
-               {% elif not isSudo %}
+               {% else %}
 
                <div id="password">
 
@@ -308,9 +310,7 @@
                </div>
                {% endif %}
 
-               {% if not isSudo %}
                <input type="submit" value="{% trans 'Save' %}" />
-               {% endif %}
              </div>
             <div style="clear:both"></div>
        </form>