manager: add permissions based access to global journal (#52765)
This commit is contained in:
parent
cfb8a0619f
commit
40e5bc9f0d
|
@ -129,13 +129,10 @@ class BaseJournalView(views.TitleMixin, views.MediaMixin, views.MultipleOUMixin,
|
|||
return ctx
|
||||
|
||||
|
||||
class GlobalJournalView(BaseJournalView):
|
||||
class GlobalJournalView(views.PermissionMixin, BaseJournalView):
|
||||
template_name = 'authentic2/manager/journal.html'
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.user.is_superuser:
|
||||
raise PermissionDenied
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
permissions_global = True
|
||||
permissions = ['custom_user.view_user', 'a2_rbac.view_role']
|
||||
|
||||
|
||||
journal = GlobalJournalView.as_view()
|
||||
|
|
|
@ -6,13 +6,17 @@
|
|||
|
||||
{% block appbar %}
|
||||
<h2>{% blocktrans %}Here you can manage objects related to organizational units, users, roles and applications.{% endblocktrans %}</h2>
|
||||
{% if user.is_superuser %}
|
||||
{% if user.is_superuser or can_view_journal %}
|
||||
<span class="actions">
|
||||
<a class="extra-actions-menu-opener"></a>
|
||||
<ul class="extra-actions-menu">
|
||||
{% if user.is_superuser %}
|
||||
<li><a download href="{% url 'a2-manager-site-export' %}">{% trans 'Export Site' %}</a></li>
|
||||
<li><a href="{% url 'a2-manager-site-import' %}" rel="popup">{% trans 'Import Site' %}</a></li>
|
||||
{% endif %}
|
||||
{% if user.is_superuser or can_view_journal %}
|
||||
<li><a href="{% url 'a2-manager-journal' %}">{% trans 'Journal' %}</a></li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
</span>
|
||||
{% endif %}
|
||||
|
|
|
@ -658,6 +658,9 @@ class HomepageView(TitleMixin, PermissionMixin, MediaMixin, TemplateView):
|
|||
|
||||
def get_context_data(self, **kwargs):
|
||||
kwargs['entries'] = self.get_homepage_entries()
|
||||
kwargs['can_view_journal'] = self.request.user.has_perms(
|
||||
['custom_user.view_user', 'a2_rbac.view_role']
|
||||
)
|
||||
return super(HomepageView, self).get_context_data(**kwargs)
|
||||
|
||||
|
||||
|
|
|
@ -28,14 +28,18 @@ from authentic2.custom_user.models import User
|
|||
from authentic2.journal import journal
|
||||
from authentic2.models import Service
|
||||
|
||||
from .utils import login, text_content
|
||||
from .utils import login, logout, text_content
|
||||
|
||||
|
||||
def test_journal_authorization(app, db, admin):
|
||||
response = login(app, admin, path='/manage/')
|
||||
assert 'Journal' not in response
|
||||
def test_journal_authorization(app, db, simple_user, admin):
|
||||
response = login(app, simple_user)
|
||||
app.get('/manage/journal/', status=403)
|
||||
|
||||
logout(app)
|
||||
response = login(app, admin, path='/manage/')
|
||||
assert 'Journal' in response
|
||||
app.get('/manage/journal/', status=200)
|
||||
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def events(db, freezer):
|
||||
|
|
Loading…
Reference in New Issue