fix(filestore): correct staff scope for new user login

Author: mwfarb

users/filestore.py

@@ -75,11 +75,8 @@ def add_filestore_auth(user: User):
     fs_user["data"]["password"] = user.password
     fs_user["data"]["lockPassword"] = True
     fs_user["data"]["perm"]["admin"] = user.is_superuser
-    if user.is_staff:  # admin and staff get root scope
-        fs_user["data"]["scope"] = "."
-    else:
-        # setting scope in users POST will generate user dir
-        fs_user["data"]["scope"] = get_user_scope(user)
+    # setting scope in users POST will generate user dir
+    fs_user["data"]["scope"] = get_user_scope(user)
 
     # add new user to filestore db
     try:
@@ -90,6 +87,9 @@ def add_filestore_auth(user: User):
         print("{0}: ".format(err))
         return None
 
+    if user.is_staff:  # admin and staff get root scope
+        set_filestore_scope(user)
+
     return use_filestore_auth(user)
 
 

users/views.py

@@ -326,8 +326,8 @@ def profile_update_staff(request):
             status=status.HTTP_500_INTERNAL_SERVER_ERROR,
         )
     staff_username = form.cleaned_data["staff_username"]
-    is_staff = form.cleaned_data["is_staff"]
     if (request.user.is_superuser and User.objects.filter(username=staff_username).exists()):
+        is_staff = bool(form.cleaned_data["is_staff"])
         print(f"Setting Django user {staff_username}, staff={is_staff}")
         user = User.objects.get(username=staff_username)
         user.is_staff = is_staff
@@ -623,9 +623,6 @@ def storelogin(request):
             # otherwise user needs to be added
             fs_user_token = add_filestore_auth(user)
 
-        # second, for staff, override automatic user-only scope, so staff users have root scope
-        set_filestore_scope(user)
-
     response = HttpResponse()
     if fs_user_token:
         response.set_cookie("auth", fs_user_token)