manager: simplify user's authorizations view (#47203)

This commit is contained in:
Benjamin Dauvergne 2020-10-01 07:50:51 +02:00
parent 65cc6b3ade
commit 1b9b01e3ec
4 changed files with 8 additions and 10 deletions

View File

@ -151,8 +151,7 @@ class ChooseUserRoleForm(LimitQuerysetFormMixin, CssClass, forms.Form):
class ChooseUserAuthorizationsForm(CssClass, forms.Form):
auth_id = fields.ChooseUserAuthorizationsField(label=_('Add a service consent'))
action = forms.CharField(initial='add', widget=forms.HiddenInput)
authorization = fields.ChooseUserAuthorizationsField()
class ChoosePermissionForm(CssClass, forms.Form):

View File

@ -10,7 +10,7 @@
<td class="remove-icon-column">
<a class="{% if not table.context.view.can_manage_authorizations %} disabled {% else %} js-remove-object {% endif %}"
data-confirm="{% blocktrans with client=row.record.client username=table.context.object.get_full_name %}Do you really want to remove &quot;{{ client }}&quot; service granted access to &quot;{{ username }}&quot; profile data &nbsp;?{% endblocktrans %}"
href="#" data-pk-arg="auth_id">
href="#" data-pk-arg="authorization">
<span class="icon-remove-sign"></span>
</a>
</td>

View File

@ -851,7 +851,7 @@ su = UserSuView.as_view()
class UserAuthorizationsView(FormNeedsRequest, BaseFormView, SingleObjectMixin,
BaseTableView, PermissionMixin):
BaseTableView, PermissionMixin):
permissions = ['custom_user.view_user']
template_name = 'authentic2/manager/user_authorizations.html'
title = _('Consent Management')
@ -872,9 +872,8 @@ class UserAuthorizationsView(FormNeedsRequest, BaseFormView, SingleObjectMixin,
def form_valid(self, form):
response = super(UserAuthorizationsView, self).form_valid(form)
auth_id = form.cleaned_data['auth_id']
action = form.cleaned_data['action']
if action == 'remove' and self.can_manage_authorizations:
auth_id = form.cleaned_data['authorization']
if self.can_manage_authorizations:
qs = OIDCAuthorization.objects.filter(user=self.get_object())
qs = qs.filter(id=auth_id.pk)
qs.delete()

View File

@ -888,7 +888,7 @@ def test_manager_user_authorizations(app, superuser, simple_user):
assert 'You are not authorized to see this page' in resp.text
resp = app.get(user_authorizations_url, status=403)
assert 'You are not authorized to see this page' in resp.text
params = {'action': 'remove', 'auth_id': auth.pk, 'csrfmiddlewaretoken': '???'}
params = {'authorization': auth.pk, 'csrfmiddlewaretoken': '???'}
resp = app.post(user_authorizations_url, params=params, status=302)
assert OIDCAuthorization.objects.count() == 1
@ -901,7 +901,7 @@ def test_manager_user_authorizations(app, superuser, simple_user):
assert resp.html.find('td', {'class': 'remove-icon-column'}).a['class'] == ['disabled']
# cannot click it's JS :/
token = str(resp.context['csrf_token'])
params = {'action': 'remove', 'auth_id': auth.pk, 'csrfmiddlewaretoken': token}
params = {'authorization': auth.pk, 'csrfmiddlewaretoken': token}
resp = app.post(user_authorizations_url, params=params, status=302)
assert OIDCAuthorization.objects.count() == 1
@ -914,7 +914,7 @@ def test_manager_user_authorizations(app, superuser, simple_user):
assert resp.html.find('td', {'class': 'remove-icon-column'}).a['class'] == ['js-remove-object']
# cannot click it's JS :/
token = str(resp.context['csrf_token'])
params = {'action': 'remove', 'auth_id': auth.pk, 'csrfmiddlewaretoken': token}
params = {'authorization': auth.pk, 'csrfmiddlewaretoken': token}
resp = app.post(user_authorizations_url, params=params, status=302)
assert OIDCAuthorization.objects.count() == 0
resp = resp.follow()