diff --git a/README.md b/README.md index 1d0721bd..507bdb9b 100644 --- a/README.md +++ b/README.md @@ -210,10 +210,11 @@ It returns a JSON dictonary like this: `{"0":15,"1":4,"2":3}` -The key is a user ID and the value is the amount of currently open connections. User ID -`0` is the anonymous user. It the example above, the anonymous user has 15 open -connections, the user with the ID 1 has 4 open connections and the user with the -ID 2 has 3 open connection. +The key is a user ID and the value is the amount of currently open connections. +User ID `0` is for connections, that are not logged in (public access). It the +example above, there are 15 open connections from public access, the user with +the ID 1 has 4 open connections and the user with the ID 2 has 3 open +connection. Users can only access this page if they have the organization management level or higher. @@ -228,7 +229,7 @@ The logged metric is a json dictonary like: ```json { - "connections_longpolling_connected_users_anonymous_connections": 0, + "connections_longpolling_connected_connections_public_access": 0, "connections_longpolling_connected_users_average_connections": 3, "connections_longpolling_connected_users_current": 1, "connections_longpolling_connected_users_current_local": 1, @@ -236,7 +237,7 @@ The logged metric is a json dictonary like: "connections_longpolling_connected_users_total_local": 1, "connections_longpolling_current_connections": 3, "connections_longpolling_current_connections_local": 3, - "connections_stream_connected_users_anonymous_connections": 0, + "connections_stream_connected_connections_public_access": 0, "connections_stream_connected_users_average_connections": 6, "connections_stream_connected_users_current": 2, "connections_stream_connected_users_current_local": 2, @@ -255,11 +256,10 @@ The prefix `connections_stream` are for "normal" connections. fallback. - -* `connections_stream_connected_users_anonymous_connections`: Number of - connections from the anonymous users from all autoupdate instances. +* `connections_stream_connected_connections_public_access`: Number of + connections from non logged in users (public access) from all autoupdate instances. * `connections_stream_connected_users_average_connections`: Average connection - count for each user except for anonymous user. + count for each logged in user (no public access). * `connections_stream_connected_users_current`: Amount of connected users that have at least one open connection. * `connections_stream_connected_users_current_local`: Amount of connected users diff --git a/environment.md b/environment.md index 75873ac3..8fab8b9c 100644 --- a/environment.md +++ b/environment.md @@ -8,7 +8,7 @@ The Service uses the following environment variables: * `AUTOUPDATE_PORT`: Port on which the service listen on. The default is `9012`. * `MESSAGE_BUS_HOST`: Host of the redis server. The default is `localhost`. * `MESSAGE_BUS_PORT`: Port of the redis server. The default is `6379`. -* `ANONYMOUS_ONLY`: Start for only anonymous users. Does not write to redis or connect to the vote-service. The default is `false`. +* `OPENSLIDES_PUBLIC_ACCESS_ONLY`: Start for only public access. Does not write to redis or connect to the vote-service. The default is `false`. * `OPENSLIDES_DEVELOPMENT`: If set, the service uses the default secrets. The default is `false`. * `DATABASE_PASSWORD_FILE`: Postgres Password. The default is `/run/secrets/postgres_password`. * `DATABASE_USER`: Postgres Database. The default is `openslides`. diff --git a/internal/http/connection_count.go b/internal/http/connection_count.go index b72b6641..b9061438 100644 --- a/internal/http/connection_count.go +++ b/internal/http/connection_count.go @@ -163,7 +163,7 @@ func (c *ConnectionCount) Metric(con metric.Container) { con.Add(c.name+"_connected_users_current", currentConnectedUsers) con.Add(c.name+"_connected_users_total", len(data)) con.Add(c.name+"_connected_users_average_connections", average) - con.Add(c.name+"_connected_users_anonymous_connections", data[0]) + con.Add(c.name+"_connections_public_access", data[0]) con.Add(c.name+"_current_connections", currentConnections) } diff --git a/internal/http/interfaces.go b/internal/http/interfaces.go index 1ec98635..63da95e3 100644 --- a/internal/http/interfaces.go +++ b/internal/http/interfaces.go @@ -5,7 +5,7 @@ import ( "net/http" ) -// Authenticater gives an user id for an request. Returns 0 for anonymous. +// Authenticater gives an user id for an request. Returns 0 for public access. type Authenticater interface { Authenticate(http.ResponseWriter, *http.Request) (context.Context, error) FromContext(context.Context) int diff --git a/internal/restrict/collection/group_test.go b/internal/restrict/collection/group_test.go index 5bf47a29..bc7c7ca6 100644 --- a/internal/restrict/collection/group_test.go +++ b/internal/restrict/collection/group_test.go @@ -22,7 +22,7 @@ func TestGroupModeA(t *testing.T) { ) testCase( - "anonymous enabled", + "public access enabled", t, g.Modes("A"), true, diff --git a/internal/restrict/collection/mediafile_test.go b/internal/restrict/collection/mediafile_test.go index 4c28ea26..95cfb372 100644 --- a/internal/restrict/collection/mediafile_test.go +++ b/internal/restrict/collection/mediafile_test.go @@ -41,7 +41,7 @@ func TestMediafileModeA(t *testing.T) { ) testCase( - "Anonymous organization", + "Public access organization", t, m.Modes("A"), false, @@ -53,7 +53,7 @@ func TestMediafileModeA(t *testing.T) { ) testCase( - "Anonymous published organization", + "Public access published organization", t, m.Modes("A"), true, @@ -78,7 +78,7 @@ func TestMediafileModeA(t *testing.T) { ) testCase( - "Anonymous access published organization not public with token", + "Public access published organization not public with token", t, m.Modes("A"), true, diff --git a/internal/restrict/collection/meeting.go b/internal/restrict/collection/meeting.go index d61ec80a..0861ed6a 100644 --- a/internal/restrict/collection/meeting.go +++ b/internal/restrict/collection/meeting.go @@ -76,12 +76,12 @@ func (m Meeting) see(ctx context.Context, ds *dsfetch.Fetch, meetingIDs ...int) } lockedMeetings := make([]bool, len(meetingIDs)) - enabledMeetingAnonymous := make([]bool, len(meetingIDs)) - var enabledOrgaAnonymous bool - ds.Organization_EnableAnonymous(1).Lazy(&enabledOrgaAnonymous) + enabledMeetingPublicAccess := make([]bool, len(meetingIDs)) + var enabledOrgaPublicAccess bool + ds.Organization_EnableAnonymous(1).Lazy(&enabledOrgaPublicAccess) for i, id := range meetingIDs { ds.Meeting_LockedFromInside(id).Lazy(&lockedMeetings[i]) - ds.Meeting_EnableAnonymous(id).Lazy(&enabledMeetingAnonymous[i]) + ds.Meeting_EnableAnonymous(id).Lazy(&enabledMeetingPublicAccess[i]) } if err := ds.Execute(ctx); err != nil { @@ -138,7 +138,7 @@ LOOP_MEETINGS: continue } - if (enabledOrgaAnonymous && enabledMeetingAnonymous[i]) || oml { + if (enabledOrgaPublicAccess && enabledMeetingPublicAccess[i]) || oml { allowed = append(allowed, meetingID) continue } diff --git a/internal/restrict/collection/meeting_mediafile_test.go b/internal/restrict/collection/meeting_mediafile_test.go index 63db442c..b371033d 100644 --- a/internal/restrict/collection/meeting_mediafile_test.go +++ b/internal/restrict/collection/meeting_mediafile_test.go @@ -26,7 +26,7 @@ func TestMeetingMediafileModeA(t *testing.T) { ) testCase( - "Anonymous", + "Public Access", t, m.Modes("A"), true, diff --git a/internal/restrict/collection/meeting_test.go b/internal/restrict/collection/meeting_test.go index 5ad56f77..d5573ad0 100644 --- a/internal/restrict/collection/meeting_test.go +++ b/internal/restrict/collection/meeting_test.go @@ -36,7 +36,7 @@ func TestMeetingModeB(t *testing.T) { ) testCase( - "anonymous enabled", + "Public Access enabled", t, m.Modes("B"), true, @@ -48,7 +48,7 @@ func TestMeetingModeB(t *testing.T) { ) testCase( - "anonymous enabled only in organization", + "Public access enabled only in organization", t, m.Modes("B"), false, @@ -61,7 +61,7 @@ func TestMeetingModeB(t *testing.T) { ) testCase( - "anonymous enabled only in meeting", + "Public Access enabled only in meeting", t, m.Modes("B"), false, @@ -74,7 +74,7 @@ func TestMeetingModeB(t *testing.T) { ) testCase( - "anonymous enabled, as locked in user that was locked out", + "Public access enabled, as locked in user that was locked out", t, m.Modes("B"), false, @@ -246,7 +246,7 @@ func TestMeetingModeB(t *testing.T) { ) testCase( - "Request with anonymous", + "Request from public access", t, m.Modes("B"), false, diff --git a/internal/restrict/collection/meeting_user_test.go b/internal/restrict/collection/meeting_user_test.go index d29d5d02..01a8bd8a 100644 --- a/internal/restrict/collection/meeting_user_test.go +++ b/internal/restrict/collection/meeting_user_test.go @@ -24,7 +24,7 @@ func TestMeetingUserModeA(t *testing.T) { ) testCase( - "With anonymous", + "With public access enabled", t, f, false, diff --git a/internal/restrict/collection/organization.go b/internal/restrict/collection/organization.go index e50d7128..8bf96490 100644 --- a/internal/restrict/collection/organization.go +++ b/internal/restrict/collection/organization.go @@ -14,7 +14,7 @@ import ( // // Mode A: The user can see the organization (always). // -// Mode B: The user must be logged in (no anonymous). +// Mode B: The user must be logged in (no public access). // // Mode C: The user has the OML can_manage_users or higher. // diff --git a/internal/restrict/collection/organization_tag_test.go b/internal/restrict/collection/organization_tag_test.go index 9abb40c0..92bb67eb 100644 --- a/internal/restrict/collection/organization_tag_test.go +++ b/internal/restrict/collection/organization_tag_test.go @@ -10,7 +10,7 @@ func TestOrganizationTagModeA(t *testing.T) { f := collection.OrganizationTag{}.Modes("A") testCase( - "anonymous", + "Public access", t, f, false, diff --git a/internal/restrict/collection/organization_test.go b/internal/restrict/collection/organization_test.go index fdaf1b7e..0113775a 100644 --- a/internal/restrict/collection/organization_test.go +++ b/internal/restrict/collection/organization_test.go @@ -22,7 +22,7 @@ func TestOrganizationModeB(t *testing.T) { f := collection.Organization{}.Modes("B") testCase( - "anonymous", + "Public access", t, f, false, @@ -44,7 +44,7 @@ func TestOrganizationModeC(t *testing.T) { f := collection.Organization{}.Modes("C") testCase( - "anonymous", + "Public access", t, f, false, @@ -77,7 +77,7 @@ func TestOrganizationModeE(t *testing.T) { f := collection.Organization{}.Modes("E") testCase( - "anonymous", + "Public access", t, f, false, diff --git a/internal/restrict/collection/personal_note_test.go b/internal/restrict/collection/personal_note_test.go index e2dc4e4d..bb1368e5 100644 --- a/internal/restrict/collection/personal_note_test.go +++ b/internal/restrict/collection/personal_note_test.go @@ -10,7 +10,7 @@ func TestPersonalNoteModeA(t *testing.T) { var p collection.PersonalNote testCase( - "as anonymous", + "From public access", t, p.Modes("A"), false, diff --git a/internal/restrict/collection/user_test.go b/internal/restrict/collection/user_test.go index c445b182..2a6596f3 100644 --- a/internal/restrict/collection/user_test.go +++ b/internal/restrict/collection/user_test.go @@ -21,7 +21,7 @@ func TestUserModeA(t *testing.T) { ) testCase( - "With anonymous", + "From public access", t, f, false, @@ -370,7 +370,7 @@ func TestUserModeB(t *testing.T) { ) testCase( - "With anonymous", + "From public access", t, f, false, @@ -782,7 +782,7 @@ func TestUserModeE(t *testing.T) { ) testCase( - "With anonymous", + "From public access", t, u.Modes("E"), false, @@ -1065,7 +1065,7 @@ func TestUserModeH(t *testing.T) { ) testCase( - "As anonymous", + "From public access", t, f, false, diff --git a/internal/restrict/perm/perm.go b/internal/restrict/perm/perm.go index 3e7e8cf7..4ba7b8ee 100644 --- a/internal/restrict/perm/perm.go +++ b/internal/restrict/perm/perm.go @@ -21,7 +21,7 @@ type Permission struct { // If the user is not a member of the meeting, nil is returned. func New(ctx context.Context, ds *dsfetch.Fetch, userID, meetingID int) (*Permission, error) { if userID == 0 { - return newAnonymous(ctx, ds, meetingID) + return newPublicAccess(ctx, ds, meetingID) } isSuperAdmin, err := HasOrganizationManagementLevel(ctx, ds, userID, OMLSuperadmin) @@ -84,35 +84,35 @@ func New(ctx context.Context, ds *dsfetch.Fetch, userID, meetingID int) (*Permis return &Permission{groupIDs: groupIDs, permissions: perms}, nil } -func newAnonymous(ctx context.Context, ds *dsfetch.Fetch, meetingID int) (*Permission, error) { - enabledOrgaAnonymous, err := ds.Organization_EnableAnonymous(1).Value(ctx) +func newPublicAccess(ctx context.Context, ds *dsfetch.Fetch, meetingID int) (*Permission, error) { + enabledOrgaPublicAccess, err := ds.Organization_EnableAnonymous(1).Value(ctx) if err != nil { - return nil, fmt.Errorf("checking orga meeting enabled: %w", err) + return nil, fmt.Errorf("checking orga public access enabled: %w", err) } - enableMeetingAnonymous, err := ds.Meeting_EnableAnonymous(meetingID).Value(ctx) + enableMeetingPublicAccess, err := ds.Meeting_EnableAnonymous(meetingID).Value(ctx) if err != nil { - return nil, fmt.Errorf("checking anonymous meeting enabled: %w", err) + return nil, fmt.Errorf("checking meeting public access enabled: %w", err) } - if !(enableMeetingAnonymous && enabledOrgaAnonymous) { + if !(enableMeetingPublicAccess && enabledOrgaPublicAccess) { return nil, nil } - maybeAnonymousGroupID, err := ds.Meeting_AnonymousGroupID(meetingID).Value(ctx) + maybePublicAccessGroupID, err := ds.Meeting_AnonymousGroupID(meetingID).Value(ctx) if err != nil { - return nil, fmt.Errorf("getting anonymous group: %w", err) + return nil, fmt.Errorf("getting public access group: %w", err) } - anonymousGroupID, hasAnonymousGroup := maybeAnonymousGroupID.Value() - if !hasAnonymousGroup { - return nil, fmt.Errorf("anonymous group id not set") + publicAccessGroupID, hasPublicAccessGroup := maybePublicAccessGroupID.Value() + if !hasPublicAccessGroup { + return nil, fmt.Errorf("public access group id not set") } - perms, err := permissionsFromGroups(ctx, ds, anonymousGroupID) + perms, err := permissionsFromGroups(ctx, ds, publicAccessGroupID) if err != nil { - return nil, fmt.Errorf("getting permissions for anonymous group: %w", err) + return nil, fmt.Errorf("getting permissions for public access group: %w", err) } - return &Permission{groupIDs: []int{anonymousGroupID}, permissions: perms}, nil + return &Permission{groupIDs: []int{publicAccessGroupID}, permissions: perms}, nil } func isAdmin(ctx context.Context, ds *dsfetch.Fetch, meetingID int, groupIDs []int) (bool, error) { diff --git a/main.go b/main.go index 8593844e..738389e9 100644 --- a/main.go +++ b/main.go @@ -28,7 +28,7 @@ var ( envMetricInterval = environment.NewVariable("METRIC_INTERVAL", "5m", "Time in how often the metrics are gathered. Zero disables the metrics.") envMetricSaveInterval = environment.NewVariable("METRIC_SAVE_INTERVAL", "5m", "Interval, how often the metric should be saved to redis. Redis will ignore entries, that are twice at old then the save interval.") envDisableConnectionCount = environment.NewVariable("DISABLE_CONNECTION_COUNT", "false", "Do not count connections.") - envAnonymousOnly = environment.NewVariable("ANONYMOUS_ONLY", "false", "Start for only anonymous users. Does not write to redis or connect to the vote-service.") + envPublicAccessOnly = environment.NewVariable("OPENSLIDES_PUBLIC_ACCESS_ONLY", "false", "Start for only public access. Does not write to redis or connect to the vote-service.") ) var cli struct { @@ -134,10 +134,10 @@ func initService(lookup environment.Environmenter) (func(context.Context) error, // Redis as message bus for datastore and logout events. messageBus := redis.New(lookup) - anonymousOnly, _ := strconv.ParseBool(envAnonymousOnly.Value(lookup)) + publicAccessOnly, _ := strconv.ParseBool(envPublicAccessOnly.Value(lookup)) // Autoupdate data flow. - flow, flowBackground, err := autoupdate.NewFlow(lookup, messageBus, anonymousOnly) + flow, flowBackground, err := autoupdate.NewFlow(lookup, messageBus, publicAccessOnly) if err != nil { return nil, fmt.Errorf("init autoupdate data flow: %w", err) } @@ -177,7 +177,7 @@ func initService(lookup environment.Environmenter) (func(context.Context) error, } metricStorage := messageBus - if disable, _ := strconv.ParseBool(envDisableConnectionCount.Value(lookup)); disable || anonymousOnly { + if disable, _ := strconv.ParseBool(envDisableConnectionCount.Value(lookup)); disable || publicAccessOnly { metricStorage = nil } diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 1af4877f..0d8442a1 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -175,7 +175,7 @@ func (a *Auth) AuthenticatedContext(ctx context.Context, userID int) context.Con // FromContext returnes the user id from a context returned by Authenticate(). // -// If the user is an anonymous user 0 is returned. +// If the user is not logged in (public access) user 0 is returned. // // Panics, if the context was not returned from Authenticate func (a *Auth) FromContext(ctx context.Context) int { @@ -240,7 +240,7 @@ func (a *Auth) loadToken(w http.ResponseWriter, r *http.Request, payload jwt.Cla encodedToken := strings.TrimPrefix(header, "bearer ") if cookie == nil && header == encodedToken { - // No token and no auth cookie. Handle the request as anonymous requst. + // No token and no auth cookie. Handle the request as public access requst. return nil }