puzzle
Access control: Every person can edit themselves
Before doing this ticket, #946 will need to be done. This story consists of two parts:
1. First off, find a good way to get and store the LDAP-username. This username is unique and fits the purpose of matching every logged in person to themselves perfectly. The username can either be read from the huge user-hash that Keycloak provides or it could be fetched from the PuzzleTime alongside all the other data. This would mean that the PuzzleTime API would need to be extended (again).
Currently the AuthUser looks like this, seems like we already get a lot of info from keycloak:
#<AuthUser id: 1, uid: "1234", email: "[email protected]", name: "Robin Steiner", last_login: "2025-07-02 11:46:33.434648000 +0000", is_admin: true, created_at: "2024-07-18 07:59:49.571357000 +0000", updated_at: "2025-07-02 11:46:33.435552000 +0000", is_conf_admin: true>
2. As the second step, you will need to use the username you just got to match the person correctly. Then make sure that the logged in person has rights to edit their profile.
TODO
- [x] Implement as explaind above
- [x] Smoke test
- [x] Tests
Progress 29.07.2025 / why on hold
The functionality of this story has been implemented and simple tests are written as well. The only thing that is keeping it from being completed is the pipeline. Currently there are 70+ tests failing due to the logged in test user not being able to edit various profile accessed in the specs. The solution im proposing here is that we give the tests users that are used in most tests (like the admin) the editor role. This role will be implemented in #948. This still gives us the possibility to keep using Ursula User for our access control tests.
This means that this story can not be merged until 948 is merged into this.