always allow superuser SSO (fixes #7687)

2015-08-04 12:25:21 +02:00 · 2015-08-04 12:25:21 +02:00 · 4f5d9beb96
parent d084ab08ce
commit 4f5d9beb96
1 changed files with 5 additions and 4 deletions
--- a/src/authentic2_pratic/models.py
+++ b/src/authentic2_pratic/models.py
@ -436,6 +436,11 @@ def authz(value, message=None):
 def authorize_service_cb(request, user, audience, attributes, **kwargs):
    logger = logging.getLogger(__name__)

+    if user.is_superuser:
+        logger.info('%r is authorized to connect on %r because he is a '
+                    'superuser', unicode(user), audience)
+        return authz(True)
+
    if not hasattr(user, 'collectivity'):
        return authz(False, 'not a pr@tic user')
    collectivity = user.collectivity
@ -462,10 +467,6 @@ def authorize_service_cb(request, user, audience, attributes, **kwargs):
        logger.info('%r is authorized to connect on %r because he is a '
                    'local admin', unicode(user), audience)
        return authz(True)
-    elif user.is_superuser:
-        logger.info('%r is authorized to connect on %r because he is a '
-                    'superuser', unicode(user), audience)
-        return authz(True)
    else:
        logger.warn('%r of collectivity %r is forbidden to connect on %r', unicode(user),
                unicode(collectivity), audience)