manager: check permissions before showing add user button (#49893)
This commit is contained in:
parent
081a4e5798
commit
09c68bddc3
|
@ -599,6 +599,10 @@ class UserSearchForm(OUSearchForm, CssClass, PrefixFormMixin, FormWithRequest):
|
|||
return qs
|
||||
|
||||
|
||||
class UserAddChooseOUForm(OUSearchForm):
|
||||
ou_permission = 'custom_user.add_user'
|
||||
|
||||
|
||||
class NameSearchForm(CssClass, PrefixFormMixin, FormWithRequest):
|
||||
prefix = 'search'
|
||||
|
||||
|
|
|
@ -7,12 +7,16 @@
|
|||
{{ block.super }}
|
||||
<span class="actions">
|
||||
<a class="extra-actions-menu-opener"></a>
|
||||
{% if view.can_add %}
|
||||
<a
|
||||
{% if add_ou %}href="{% url "a2-manager-user-add" ou_pk=add_ou.pk %}"{% else %}
|
||||
href="{% url "a2-manager-user-add-choose-ou" %}" rel="popup"{% endif %}
|
||||
id="add-user-btn">
|
||||
{% trans "Add user" %}
|
||||
</a>
|
||||
{% else %}
|
||||
<a href="#" class="disabled" id="add-user-btn">{% trans "Add user" %}</a>
|
||||
{% endif %}
|
||||
{% if extra_actions %}
|
||||
<ul class="extra-actions-menu">
|
||||
{% for extra_action in extra_actions %}
|
||||
|
|
|
@ -55,7 +55,7 @@ from .tables import UserTable, UserRolesTable, OuUserRolesTable, UserAuthorizati
|
|||
from .forms import (UserSearchForm, UserAddForm, UserEditForm,
|
||||
UserChangePasswordForm, ChooseUserRoleForm,
|
||||
UserRoleSearchForm, UserChangeEmailForm, UserNewImportForm,
|
||||
UserEditImportForm, ChooseUserAuthorizationsForm, OUSearchForm)
|
||||
UserEditImportForm, ChooseUserAuthorizationsForm, UserAddChooseOUForm)
|
||||
from .resources import UserResource
|
||||
from .utils import get_ou_count, has_show_username
|
||||
from .journal_views import BaseJournalView
|
||||
|
@ -121,8 +121,11 @@ class UsersView(HideOUColumnMixin, BaseTableView):
|
|||
ou = get_default_ou()
|
||||
else:
|
||||
ou = self.search_form.cleaned_data.get('ou')
|
||||
if ou and self.request.user.has_ou_perm('custom_user.add_user', ou):
|
||||
ctx['add_ou'] = ou
|
||||
if ou:
|
||||
if self.request.user.has_ou_perm('custom_user.add_user', ou):
|
||||
ctx['add_ou'] = ou
|
||||
else:
|
||||
self.can_add = False
|
||||
extra_actions = ctx['extra_actions'] = []
|
||||
if self.request.user.has_perm('custom_user.admin_user'):
|
||||
extra_actions.append({
|
||||
|
@ -243,7 +246,7 @@ def user_add_default_ou(request):
|
|||
class UserAddChooseOU(TitleMixin, FormNeedsRequest, FormView):
|
||||
template_name = 'authentic2/manager/form.html'
|
||||
title = _('Choose organizational unit in which to create user')
|
||||
form_class = OUSearchForm
|
||||
form_class = UserAddChooseOUForm
|
||||
|
||||
def get_success_url(self):
|
||||
return reverse('a2-manager-user-add', kwargs={'ou_pk': self.ou_pk})
|
||||
|
|
|
@ -47,7 +47,7 @@ from authentic2.manager import user_import
|
|||
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
|
||||
|
||||
|
||||
from .utils import login, get_link_from_mail
|
||||
from .utils import login, get_link_from_mail, logout
|
||||
|
||||
OU = get_ou_model()
|
||||
|
||||
|
@ -204,7 +204,7 @@ def test_create_user_no_password(app, superuser):
|
|||
assert user.has_usable_password()
|
||||
|
||||
|
||||
def test_create_user_choose_ou(app, superuser, ou1, ou2):
|
||||
def test_create_user_choose_ou(app, superuser, simple_user, ou1, ou2):
|
||||
response = login(app, superuser, '/manage/users/')
|
||||
response = response.click('Add user')
|
||||
assert 'Choose organizational unit' in response.text
|
||||
|
@ -218,6 +218,13 @@ def test_create_user_choose_ou(app, superuser, ou1, ou2):
|
|||
response = response.form.submit()
|
||||
assert str(ou1.pk) in response.url
|
||||
|
||||
logout(app)
|
||||
view_user_role = get_role_model().objects.create(name='view_user', ou=simple_user.ou)
|
||||
view_user_role.permissions.add(get_view_user_perm())
|
||||
simple_user.roles.add(view_user_role)
|
||||
response = login(app, simple_user, '/manage/users/')
|
||||
assert response.pyquery.find('a#add-user-btn.disabled')
|
||||
|
||||
|
||||
def test_manager_user_change_email(app, superuser_or_admin, simple_user, mailoutbox):
|
||||
ou = get_default_ou()
|
||||
|
|
Loading…
Reference in New Issue