manager: hide authorizations page if no oidc service defined (#47305)

This commit is contained in:
Nicolas Roche 2020-10-06 09:35:24 +02:00
parent 6c231ae2b9
commit bb428414e8
3 changed files with 18 additions and 5 deletions

View File

@ -16,7 +16,9 @@
<a class="disabled" title="{% trans "You do not have the rights to edit this user." %}" href="#">{% trans "Edit" %}</a>
{% endif %}
{% if view.is_oidc_services %}
<a href="{% url "a2-manager-user-authorizations" pk=object.pk %}">{% trans "Authorizations" %}</a>
{% endif %}
</span>
{% endblock %}

View File

@ -40,7 +40,7 @@ from authentic2.models import Attribute, AttributeValue, PasswordReset
from authentic2.utils import send_password_reset_mail, redirect, select_next_url, make_url, switch_user
from authentic2.a2_rbac.utils import get_default_ou
from authentic2 import hooks
from authentic2_idp_oidc.models import OIDCAuthorization
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
from django_rbac.utils import get_role_model, get_role_parenting_model, get_ou_model
@ -235,6 +235,10 @@ class UserDetailView(OtherActionsMixin, BaseDetailView):
def title(self):
return self.object.get_full_name()
@property
def is_oidc_services(self):
return OIDCClient.objects.exists()
def get_other_actions(self):
for action in super(UserDetailView, self).get_other_actions():
yield action

View File

@ -846,6 +846,13 @@ def test_manager_user_authorizations(app, superuser, simple_user):
from authentic2.a2_rbac.models import MANAGE_AUTHORIZATIONS_OP
from tests.conftest import create_user
Role = get_role_model()
user_detail_url = reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id})
user_authorizations_url = reverse(
'a2-manager-user-authorizations', kwargs={'pk': simple_user.id})
resp = login(app, superuser)
resp = app.get(user_detail_url, status=200)
assert not resp.html.find('div', {'id': 'appbar'}).find_all('a', {'href': user_authorizations_url})
# add a service consent to simple_user
oidc_client = OIDCClient.objects.create(
@ -853,6 +860,10 @@ def test_manager_user_authorizations(app, superuser, simple_user):
slug='client',
ou=simple_user.ou,
redirect_uris='https://example.com/')
resp = app.get(user_detail_url, status=200)
assert resp.html.find('div', {'id': 'appbar'}).find_all('a', {'href': user_authorizations_url})
auth = OIDCAuthorization.objects.create(
client=oidc_client, user=simple_user, scopes='openid',
expired='2020-01-01T12:01:01Z')
@ -878,10 +889,6 @@ def test_manager_user_authorizations(app, superuser, simple_user):
user3 = create_user(username='agent3', ou=simple_user.ou)
user3.roles.add(manage_auth_role)
user_detail_url = reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id})
user_authorizations_url = reverse(
'a2-manager-user-authorizations', kwargs={'pk': simple_user.id})
# user1 without permission
resp = login(app, user1)
resp = app.get(user_detail_url, status=403)