Prevent altering user states on admin site

authentication/admin.py

@@ -5,12 +5,9 @@ from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
 from django.contrib.auth.models import User
 from django.utils.text import slugify
 from django import forms
-from django.db.models.signals import post_save
 from authentication.models import State, get_guest_state, CharacterOwnership, UserProfile
-from authentication.signals import reassess_on_profile_save
 from alliance_auth.hooks import get_hooks
 from services.hooks import ServicesHook
-from services.tasks import validate_services
 
 
 def make_service_hooks_update_groups_action(service):
@@ -107,8 +104,7 @@ class StateAdmin(admin.ModelAdmin):
 
     filter_horizontal = ['member_characters', 'member_corporations', 'member_alliances', 'permissions']
 
-    @staticmethod
+    def has_delete_permission(self, request, obj=None):
-    def has_delete_permission(request, obj=None):
         if obj == get_guest_state():
             return False
 
@@ -117,15 +113,29 @@ admin.site.register(CharacterOwnership)
 
 
 class UserProfileAdminForm(forms.ModelForm):
-    def save(self, *args, **kwargs):
+    def __init__(self, *args, **kwargs):
-        # prevent state reassessment to allow manually overriding states
+        super(UserProfileAdminForm, self).__init__(*args, **kwargs)
-        post_save.disconnect(reassess_on_profile_save, sender=UserProfile)
+        self.fields['state'].widget.attrs['disabled'] = True
-        model = super(UserProfileAdminForm, self).save(*args, **kwargs)
+        instance = getattr(self, 'instance', None)
-        post_save.connect(reassess_on_profile_save, sender=UserProfile)
+        if instance and instance.pk:
-        validate_services(model.user)
+            self.fields['state'].queryset = State.objects.filter(pk=instance.state.pk)
-        return model
+        else:
+            self.fields['state'].queryset = State.objects.filter(pk=get_guest_state().pk)
+
+    def clean_state(self):
+        instance = getattr(self, 'instance', None)
+        if instance and instance.pk:
+            return UserProfile.objects.get(pk=instance.pk).state
+        else:
+            return get_guest_state()
 
 
 @admin.register(UserProfile)
 class UserProfileAdmin(admin.ModelAdmin):
     form = UserProfileAdminForm
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False

authentication/migrations/0015_user_profiles.py

@@ -132,7 +132,7 @@ def create_profiles(apps, schema_editor):
         # carry states and mains forward
         state = State.objects.get(name=auth.state if auth.state else 'Guest')
         char = EveCharacter.objects.get(character_id=auth.main_char_id)
-        profile = UserProfile.objects.create(user=auth.user, state=state, main_character=char)
+        UserProfile.objects.create(user=auth.user, state=state, main_character=char)
     for auth in AuthServicesInfo.objects.exclude(main_char_id__in=unique_mains).select_related('user'):
         # prepare empty profiles
         state = State.objects.get(name='Guest')

authentication/models.py

@@ -30,6 +30,7 @@ class State(models.Model):
 
     class Meta:
         ordering = ['-priority']
+        default_permissions = ('change',)
 
     def __str__(self):
         return self.name