manager: hide authorizations page if no oidc service defined (#47305)
This commit is contained in:
parent
6c231ae2b9
commit
bb428414e8
|
@ -16,7 +16,9 @@
|
|||
<a class="disabled" title="{% trans "You do not have the rights to edit this user." %}" href="#">{% trans "Edit" %}</a>
|
||||
{% endif %}
|
||||
|
||||
{% if view.is_oidc_services %}
|
||||
<a href="{% url "a2-manager-user-authorizations" pk=object.pk %}">{% trans "Authorizations" %}</a>
|
||||
{% endif %}
|
||||
</span>
|
||||
{% endblock %}
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ from authentic2.models import Attribute, AttributeValue, PasswordReset
|
|||
from authentic2.utils import send_password_reset_mail, redirect, select_next_url, make_url, switch_user
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2 import hooks
|
||||
from authentic2_idp_oidc.models import OIDCAuthorization
|
||||
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
|
||||
from django_rbac.utils import get_role_model, get_role_parenting_model, get_ou_model
|
||||
|
||||
|
||||
|
@ -235,6 +235,10 @@ class UserDetailView(OtherActionsMixin, BaseDetailView):
|
|||
def title(self):
|
||||
return self.object.get_full_name()
|
||||
|
||||
@property
|
||||
def is_oidc_services(self):
|
||||
return OIDCClient.objects.exists()
|
||||
|
||||
def get_other_actions(self):
|
||||
for action in super(UserDetailView, self).get_other_actions():
|
||||
yield action
|
||||
|
|
|
@ -846,6 +846,13 @@ def test_manager_user_authorizations(app, superuser, simple_user):
|
|||
from authentic2.a2_rbac.models import MANAGE_AUTHORIZATIONS_OP
|
||||
from tests.conftest import create_user
|
||||
Role = get_role_model()
|
||||
user_detail_url = reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id})
|
||||
user_authorizations_url = reverse(
|
||||
'a2-manager-user-authorizations', kwargs={'pk': simple_user.id})
|
||||
|
||||
resp = login(app, superuser)
|
||||
resp = app.get(user_detail_url, status=200)
|
||||
assert not resp.html.find('div', {'id': 'appbar'}).find_all('a', {'href': user_authorizations_url})
|
||||
|
||||
# add a service consent to simple_user
|
||||
oidc_client = OIDCClient.objects.create(
|
||||
|
@ -853,6 +860,10 @@ def test_manager_user_authorizations(app, superuser, simple_user):
|
|||
slug='client',
|
||||
ou=simple_user.ou,
|
||||
redirect_uris='https://example.com/')
|
||||
|
||||
resp = app.get(user_detail_url, status=200)
|
||||
assert resp.html.find('div', {'id': 'appbar'}).find_all('a', {'href': user_authorizations_url})
|
||||
|
||||
auth = OIDCAuthorization.objects.create(
|
||||
client=oidc_client, user=simple_user, scopes='openid',
|
||||
expired='2020-01-01T12:01:01Z')
|
||||
|
@ -878,10 +889,6 @@ def test_manager_user_authorizations(app, superuser, simple_user):
|
|||
user3 = create_user(username='agent3', ou=simple_user.ou)
|
||||
user3.roles.add(manage_auth_role)
|
||||
|
||||
user_detail_url = reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id})
|
||||
user_authorizations_url = reverse(
|
||||
'a2-manager-user-authorizations', kwargs={'pk': simple_user.id})
|
||||
|
||||
# user1 without permission
|
||||
resp = login(app, user1)
|
||||
resp = app.get(user_detail_url, status=403)
|
||||
|
|
Loading…
Reference in New Issue