✨ [#4199] Optional anonymous option for Submission viewset

to allow the SDK to explicitly indicate that the submission is without authentication
open-formulieren · May 23, 2024 · 7401610 · 7401610
1 parent addaf9f
commit 7401610
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 2 deletions.
diff --git a/src/openapi.yaml b/src/openapi.yaml
@@ -9600,6 +9600,10 @@ components:
           format: uri
           description: URL where the user initialized the submission.
           maxLength: 1000
+        anonymous:
+          type: boolean
+          writeOnly: true
+          description: Whether the submission was started anonymously or not.
       required:
       - form
       - formUrl

diff --git a/src/openforms/authentication/signals.py b/src/openforms/authentication/signals.py
@@ -57,8 +57,11 @@
     [submission_start, submission_resumed], dispatch_uid="auth.set_submission_form_auth"
 )
 def set_auth_attribute_on_session(
-    sender, instance: Submission, request: Request, **kwargs
+    sender, instance: Submission, request: Request, anonymous=False, **kwargs
 ):
+    if anonymous:
+        return
+
     # form_auth has information from an authentication backend, so could be a client or employee
     form_auth = request.session.get(FORM_AUTH_SESSION_KEY)
 

diff --git a/src/openforms/submissions/api/serializers.py b/src/openforms/submissions/api/serializers.py
@@ -148,6 +148,13 @@ class SubmissionSerializer(serializers.HyperlinkedModelSerializer):
         read_only=True,
     )
 
+    anonymous = serializers.BooleanField(
+        label=_("Anonymous"),
+        help_text=_("Whether the submission was started anonymously or not."),
+        required=False,
+        write_only=True,
+    )
+
     class Meta:
         model = Submission
         fields = (
@@ -159,6 +166,7 @@ class Meta:
             "is_authenticated",
             "payment",
             "form_url",
+            "anonymous",
         )
         extra_kwargs = {
             "id": {
@@ -183,6 +191,10 @@ class Meta:
             },
         }
 
+    def create(self, validated_data):
+        validated_data.pop("anonymous", None)
+        return super().create(validated_data)
+
     def to_representation(self, instance):
         check_submission_logic(instance, unsaved_data=self.context.get("unsaved_data"))
         return super().to_representation(instance)

diff --git a/src/openforms/submissions/api/viewsets.py b/src/openforms/submissions/api/viewsets.py
@@ -166,7 +166,10 @@ def perform_create(self, serializer):
 
         # dispatch signal for modules to tap into
         submission_start.send(
-            sender=self.__class__, instance=serializer.instance, request=self.request
+            sender=self.__class__,
+            instance=serializer.instance,
+            request=self.request,
+            anonymous=serializer.validated_data.get("anonymous", False),
         )
 
         # store the submission ID in the session, so that only the session owner can