entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 35 Releases Activity

manager: check permissions before showing add user button (#49893)

This commit is contained in:
Valentin Deniaud 2021-01-06 09:40:35 +01:00
parent 081a4e5798
commit 09c68bddc3
4 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/authentic2/manager/forms.py
View File

@ -599,6 +599,10 @@ class UserSearchForm(OUSearchForm, CssClass, PrefixFormMixin, FormWithRequest):
return qs
class UserAddChooseOUForm(OUSearchForm):
ou_permission = 'custom_user.add_user'
class NameSearchForm(CssClass, PrefixFormMixin, FormWithRequest):
prefix = 'search'

4
src/authentic2/manager/templates/authentic2/manager/users.html
View File

@ -7,12 +7,16 @@
{{ block.super }}
<span class="actions">
<a class="extra-actions-menu-opener"></a>
{% if view.can_add %}
<a
{% if add_ou %}href="{% url "a2-manager-user-add" ou_pk=add_ou.pk %}"{% else %}
href="{% url "a2-manager-user-add-choose-ou" %}" rel="popup"{% endif %}
id="add-user-btn">
{% trans "Add user" %}
</a>
{% else %}
<a href="#" class="disabled" id="add-user-btn">{% trans "Add user" %}</a>
{% endif %}
{% if extra_actions %}
<ul class="extra-actions-menu">
{% for extra_action in extra_actions %}

11
src/authentic2/manager/user_views.py
View File

@ -55,7 +55,7 @@ from .tables import UserTable, UserRolesTable, OuUserRolesTable, UserAuthorizati
from .forms import (UserSearchForm, UserAddForm, UserEditForm,
UserChangePasswordForm, ChooseUserRoleForm,
UserRoleSearchForm, UserChangeEmailForm, UserNewImportForm,
UserEditImportForm, ChooseUserAuthorizationsForm, OUSearchForm)
UserEditImportForm, ChooseUserAuthorizationsForm, UserAddChooseOUForm)
from .resources import UserResource
from .utils import get_ou_count, has_show_username
from .journal_views import BaseJournalView
@ -121,8 +121,11 @@ class UsersView(HideOUColumnMixin, BaseTableView):
ou = get_default_ou()
else:
ou = self.search_form.cleaned_data.get('ou')
if ou and self.request.user.has_ou_perm('custom_user.add_user', ou):
ctx['add_ou'] = ou
if ou:
if self.request.user.has_ou_perm('custom_user.add_user', ou):
ctx['add_ou'] = ou
else:
self.can_add = False
extra_actions = ctx['extra_actions'] = []
if self.request.user.has_perm('custom_user.admin_user'):
extra_actions.append({
@ -243,7 +246,7 @@ def user_add_default_ou(request):
class UserAddChooseOU(TitleMixin, FormNeedsRequest, FormView):
template_name = 'authentic2/manager/form.html'
title = _('Choose organizational unit in which to create user')
form_class = OUSearchForm
form_class = UserAddChooseOUForm
def get_success_url(self):
return reverse('a2-manager-user-add', kwargs={'ou_pk': self.ou_pk})

11
tests/test_user_manager.py
View File

@ -47,7 +47,7 @@ from authentic2.manager import user_import
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
from .utils import login, get_link_from_mail
from .utils import login, get_link_from_mail, logout
OU = get_ou_model()
@ -204,7 +204,7 @@ def test_create_user_no_password(app, superuser):
assert user.has_usable_password()
def test_create_user_choose_ou(app, superuser, ou1, ou2):
def test_create_user_choose_ou(app, superuser, simple_user, ou1, ou2):
response = login(app, superuser, '/manage/users/')
response = response.click('Add user')
assert 'Choose organizational unit' in response.text
@ -218,6 +218,13 @@ def test_create_user_choose_ou(app, superuser, ou1, ou2):
response = response.form.submit()
assert str(ou1.pk) in response.url
logout(app)
view_user_role = get_role_model().objects.create(name='view_user', ou=simple_user.ou)
view_user_role.permissions.add(get_view_user_perm())
simple_user.roles.add(view_user_role)
response = login(app, simple_user, '/manage/users/')
assert response.pyquery.find('a#add-user-btn.disabled')
def test_manager_user_change_email(app, superuser_or_admin, simple_user, mailoutbox):
ou = get_default_ou()