4 files changed, 77 insertions, 46 deletions

diff --git a/ishtar_common/admin.py b/ishtar_common/admin.py
index 31cf87699..cba10ea0d 100644
--- a/ishtar_common/admin.py
+++ b/ishtar_common/admin.py
@@ -300,19 +300,13 @@ class SpatialReferenceSystemAdmin(GeneralTypeAdmin):
 admin.site.register(models.SpatialReferenceSystem, SpatialReferenceSystemAdmin)
 
 
-class IshtarUserAdmin(admin.ModelAdmin):
-    readonly_fields = ('password',)
-
-admin.site.register(models.IshtarUser, IshtarUserAdmin)
-
-
 class ItemKeyAdmin(admin.ModelAdmin):
     list_display = ('content_type', 'key', 'content_object', 'importer')
     search_fields = ('key', )
 admin.site.register(models.ItemKey, ItemKeyAdmin)
 
 
-basic_models = [models.DocumentTemplate]
+basic_models = [models.DocumentTemplate, models.IshtarUser]
 if settings.COUNTRY == 'fr':
     basic_models += [models.Arrondissement, models.Canton]
 
diff --git a/ishtar_common/migrations/0002_change_ishtaruser_management.py b/ishtar_common/migrations/0002_change_ishtaruser_management.py
new file mode 100644
index 000000000..3dda6d7cb
--- /dev/null
+++ b/ishtar_common/migrations/0002_change_ishtaruser_management.py
@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+from django.conf import settings
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('ishtar_common', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterModelManagers(
+            name='ishtaruser',
+            managers=[
+            ],
+        ),
+        migrations.AlterField(
+            model_name='ishtaruser',
+            name='user_ptr',
+            field=models.OneToOneField(primary_key=True, serialize=False, to=settings.AUTH_USER_MODEL),
+        ),
+    ]
diff --git a/ishtar_common/models.py b/ishtar_common/models.py
index 357140ea4..a0ae1ce44 100644
--- a/ishtar_common/models.py
+++ b/ishtar_common/models.py
@@ -74,19 +74,12 @@ logger = logging.getLogger(__name__)
 def post_save_user(sender, **kwargs):
     user = kwargs['instance']
 
-    try:
-        q = IshtarUser.objects.filter(username=user.username)
-        if not q.count():
-            ishtaruser = IshtarUser.create_from_user(user)
-        else:
-            ishtaruser = q.all()[0]
-        administrator, created = PersonType.objects.get_or_create(
-            txt_idx='administrator')
-        if ishtaruser.is_superuser \
-           and not ishtaruser.has_right('administrator'):
-            ishtaruser.person.person_types.add(administrator)
-    except DatabaseError:  # manage when db is not synced
-        pass
+    if kwargs["created"]:
+        try:
+            IshtarUser.create_from_user(user)
+        except DatabaseError:  # manage when db is not synced
+            pass
+    IshtarUser.set_superuser(user)
 post_save.connect(post_save_user, sender=User)
 
 
@@ -314,13 +307,13 @@ class OwnPerms(object):
         """
         Get Own items
         """
-        if isinstance(user, User):
-            user = IshtarUser.objects.get(user_ptr=user)
-        if user.is_anonymous():
+        if hasattr(user, 'is_authenticated') and not user.is_authenticated():
             returned = cls.objects.filter(pk__isnull=True)
             if values:
                 returned = []
             return returned
+        if isinstance(user, User):
+            user = IshtarUser.objects.get(user_ptr=user)
         items = []
         if hasattr(cls, 'BASKET_MODEL'):
             items = list(cls.BASKET_MODEL.objects.filter(user=user).all())
@@ -2769,20 +2762,20 @@ class Person(Address, Merge, OwnPerms, ValueGetter):
                 txt_idx__in=right_name).count()) or \
                 bool(self.person_types.filter(
                      groups__permissions__codename__in=right_name).count()) or\
-                bool(self.ishtaruser.groups.filter(
+                bool(self.ishtaruser.user_ptr.groups.filter(
                      permissions__codename__in=right_name
                      ).count()) or\
-                bool(self.ishtaruser.user_permissions.filter(
+                bool(self.ishtaruser.user_ptr.user_permissions.filter(
                      codename__in=right_name).count())
         # or self.person_types.filter(wizard__url_name__in=right_name).count())
         else:
             res = bool(self.person_types.filter(txt_idx=right_name).count()) or \
                 bool(self.person_types.filter(
                      groups__permissions__codename=right_name).count()) or \
-                bool(self.ishtaruser.groups.filter(
+                bool(self.ishtaruser.user_ptr.groups.filter(
                      permissions__codename__in=[right_name]
-                     ).count()) or\
-                bool(self.ishtaruser.user_permissions.filter(
+                     ).count()) or \
+                bool(self.ishtaruser.user_ptr.user_permissions.filter(
                      codename__in=[right_name]).count())
         # or self.person_types.filter(wizard__url_name=right_name).count())
         if session:
@@ -2850,7 +2843,7 @@ class Person(Address, Merge, OwnPerms, ValueGetter):
               =user.ishtaruser)
 
 
-class IshtarUser(User):
+class IshtarUser(models.Model):
     TABLE_COLS = ('username', 'person__name', 'person__surname',
                   'person__email', 'person__person_types_list',
                   'person__attached_to')
@@ -2867,6 +2860,8 @@ class IshtarUser(User):
     }
 
     # fields
+    user_ptr = models.OneToOneField(User, primary_key=True,
+                                    related_name='ishtaruser')
     person = models.OneToOneField(Person, verbose_name=_(u"Person"),
                                   related_name='ishtaruser')
     advanced_shortcut_menu = models.BooleanField(
@@ -2877,6 +2872,20 @@ class IshtarUser(User):
         verbose_name_plural = _(u"Ishtar users")
 
     @classmethod
+    def set_superuser(cls, user):
+        q = cls.objects.filter(user_ptr=user)
+        if not q.count():
+            return
+        ishtaruser = q.all()[0]
+        admin, created = PersonType.objects.get_or_create(
+            txt_idx='administrator')
+        person = ishtaruser.person
+        if user.is_superuser:
+            person.person_types.add(admin)
+        elif admin in person.person_types.all():
+            person.person_types.remove(admin)
+
+    @classmethod
     def create_from_user(cls, user):
         default = user.username
         surname = user.first_name or default
@@ -2885,13 +2894,7 @@ class IshtarUser(User):
         person = Person.objects.create(surname=surname,
                                        name=name, email=email,
                                        history_modifier=user)
-        if user.is_superuser:
-            person_type, created = PersonType.objects.get_or_create(
-                txt_idx='administrator')
-            person.person_types.add(person_type)
-        password = user.password
-        isht_user = IshtarUser.objects.create(
-            user_ptr=user, username=default, person=person, password=password)
+        isht_user = cls.objects.create(user_ptr=user, person=person)
         return isht_user
 
     def has_right(self, right_name, session=None):
@@ -2902,20 +2905,17 @@ class IshtarUser(User):
 
     def has_perm(self, perm, model=None, session=None, obj=None):
         if not session:
-            return super(IshtarUser, self).has_perm(perm, model)
+            return self.user_ptr.has_perm(perm, model)
         cache_key = 'usersession-{}-{}-{}-{}'.format(
             session.session_key, perm, model.__name__ if model else 'no',
             obj.pk if obj else 'no')
         res = cache.get(cache_key)
         if res in (True, False):
             return res
-        res = super(IshtarUser, self).has_perm(perm, model)
+        res = self.user_ptr.has_perm(perm, model)
         cache.set(cache_key, res, settings.CACHE_SMALLTIMEOUT)
         return res
 
-IshtarUser._meta.get_field('password').help_text = _(
-    u"To modify the password use the form in Auth > User")
-
 
 class AuthorType(GeneralType):
     order = models.IntegerField(_(u"Order"), default=1)
diff --git a/ishtar_common/tests.py b/ishtar_common/tests.py
index 01ff26c5e..d3ac4a4bd 100644
--- a/ishtar_common/tests.py
+++ b/ishtar_common/tests.py
@@ -74,6 +74,8 @@ def create_superuser():
     password = 'dcbqj756456!@%'
     user = User.objects.create_superuser(username, "nomail@nomail.com",
                                          password)
+    user.set_password(password)
+    user.save()
     return username, password, user
 
 
@@ -294,8 +296,15 @@ class AccessControlTest(TestCase):
         user, created = User.objects.get_or_create(username='myusername')
         user.is_superuser = True
         user.save()
-        ishtar_user = models.IshtarUser.objects.get(username=user.username)
+        ishtar_user = models.IshtarUser.objects.get(
+            user_ptr__username='myusername')
         self.assertIn(admin, ishtar_user.person.person_types.all())
+        user = ishtar_user.user_ptr
+        user.is_superuser = False
+        user.save()
+        ishtar_user = models.IshtarUser.objects.get(
+            user_ptr__username='myusername')
+        self.assertNotIn(admin, ishtar_user.person.person_types.all())
 
 
 class AdminGenTypeTest(TestCase):
@@ -318,11 +327,14 @@ class AdminGenTypeTest(TestCase):
     module_name = 'ishtar_common'
 
     def setUp(self):
-        password = 'mypassword'
-        my_admin = User.objects.create_superuser(
-            'myuser', 'myemail@test.com', password)
+        self.password = 'mypassword'
+        self.username = "myuser"
+        user = User.objects.create_superuser(
+            self.username, 'myemail@test.com', self.password)
+        user.set_password(self.password)
+        user.save()
         self.client = Client()
-        self.client.login(username=my_admin.username, password=password)
+        self.client.login(username=self.username, password=self.password)
 
     def test_listing_and_detail(self):
         for model in self.models: