non login user for contact

[gannebamm]

Is your feature request related to a problem? Please describe.

As a research institute, we need to manage data given by third parties. Since we do not initially create the data, we want to set the originator/author contact to the third party. An example is data from the Federal Agency for Cartography and Geodesy (BKG) (https://gdz.bkg.bund.de/index.php/default/digitale-geodaten.html).

Describe the solution you'd like
As an admin, I want to create a Profile object which is not allowed to log in.

Describe alternatives you've considered

• Use the current implemented Profile model for third parties:
  

  geonode/geonode/people/models.py

  Lines 64 to 65 in 99b0557

  	class Profile(AbstractUser):
  	"""Fully featured Geonode user"""

  
  These users, in theory, could log in/request a password reset by the email contact info given.
• Create a completely new model for contacts. This new model would need to keep in sync with Profile and needs new UI elements to give information about the contact. This feels like overhead, seeing that we already have a proper Profile implementation which provides these features.

Additional context
See this #10290 as a reference for our implementation idea to set multiple contacts to one dataset. After that PR is finished, we will have the following ISO contact roles at hand:

author: party who authored the resource << THIRD PARTY ??
publisher: party who published the resource << THIRD PARTY ??
resource provider: party that supplies the resource << THIRD PARTY ??
originator: party who created the resource << THIRD PARTY ??
owner: party that owns the resource << IN THEORY THIRD PARTY, but this will mix up the user permissions! So keeping it on the resources owner in GeoNode (likely the admin) shall be used as a good enough workaround. See also #10290 (comment)

[gannebamm]

After doing some more digging into the abstract user from Django, maybe this is also ok:
https://docs.djangoproject.com/en/4.1/ref/contrib/auth/#django.contrib.auth.models.User.is_active

Defining a Profile as non-active should prevent it from logging in, I think?

[t-book]

@gannebamm yes if you remove the active check the user should not be able to login. Does this solve your issue?

[t-book]

(and maybe craete a group for those profiles to quickly identify them)

[giohappy]

@gannebamm moreover, those users could be removed from the contributors (and registered-members if configured) Django Group.

[t-book]

Good point @giohappy Maybe even after every registration with some signal if the email does not end with the company domain...

from django.contrib.auth.models import User, Group
from django.dispatch import receiver
from django.db.models.signals import post_save
from django.contrib.auth import get_user_model

@receiver(post_save, sender=get_user_model())
def remove_user_from_all_groups(sender, instance, created, **kwargs):
    if created and not instance.email.endswith("example.com"):
        groups = Group.objects.filter(user=instance)
        for group in groups:
            group.user_set.remove(instance)

[gannebamm]

I have tested the ideas above. Those will not cover our use-case since you can not set a non active user as a contact. We will discuss options to resolve those requirements also with respect to #11511 and #12124.