a2_rbac: disable required attributes check at OU level (#58546)

2021-12-02 11:26:49 +01:00 · 2021-12-02 11:26:49 +01:00 · 7b1727f599
parent a925b6731f
commit 7b1727f599
5 changed files with 49 additions and 0 deletions
--- a/src/authentic2/a2_rbac/migrations/0026_organizationalunit_check_required_on_login_attributes.py
+++ b/src/authentic2/a2_rbac/migrations/0026_organizationalunit_check_required_on_login_attributes.py
@ -0,0 +1,20 @@
+# Generated by Django 2.2.19 on 2021-12-02 10:11
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('a2_rbac', '0025_auto_20210622_1132'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='organizationalunit',
+            name='check_required_on_login_attributes',
+            field=models.BooleanField(
+                blank=True, default=True, verbose_name='Check required on login attributes'
+            ),
+        ),
+    ]
--- a/src/authentic2/a2_rbac/models.py
+++ b/src/authentic2/a2_rbac/models.py
@ -73,6 +73,10 @@ class OrganizationalUnit(OrganizationalUnitAbstractBase):

    show_username = models.BooleanField(blank=True, default=True, verbose_name=_('Show username'))

+    check_required_on_login_attributes = models.BooleanField(
+        blank=True, default=True, verbose_name=_('Check required on login attributes')
+    )
+
    admin_perms = GenericRelation('Permission', content_type_field='target_ct', object_id_field='target_id')

    user_can_reset_password = models.NullBooleanField(
--- a/src/authentic2/manager/forms.py
+++ b/src/authentic2/manager/forms.py
@ -629,6 +629,7 @@ class OUEditForm(SlugMixin, CssClass, forms.ModelForm):
            'email_is_unique',
            'validate_emails',
            'show_username',
+            'check_required_on_login_attributes',
            'user_can_reset_password',
            'user_add_password_policy',
            'clean_unused_accounts_alert',
--- a/src/authentic2/middleware.py
+++ b/src/authentic2/middleware.py
@ -152,6 +152,9 @@ class ViewRestrictionMiddleware(MiddlewareMixin):
        if user.is_superuser:
            return None

+        if user.ou and not user.ou.check_required_on_login_attributes:
+            return None
+
        missing = user.get_missing_required_on_login_attributes()
        if missing:
            return 'profile_required_edit'
--- a/tests/middlewares/test_required_on_login_restriction.py
+++ b/tests/middlewares/test_required_on_login_restriction.py
@ -34,3 +34,24 @@ def test_simple(app_factory, db, simple_user, cgu_attribute, settings):
    resp = resp.follow()
    assert 'A2_OPENED_SESSION' in app.cookies
    assert 'les conditions générales d\'utilisation\xa0:\nTrue' in resp.pyquery.text()
+
+
+def test_superuser(app_factory, db, cgu_attribute, settings, superuser):
+    app = app_factory('example.com')
+    settings.A2_OPENED_SESSION_COOKIE_DOMAIN = 'example.com'
+    settings.ALLOWED_HOSTS = ['example.com']
+
+    resp = login(app, superuser, path='/accounts/')
+    assert 'Your account' in resp.text
+
+
+def test_check_disabled_at_ou_level(app_factory, db, cgu_attribute, settings, simple_user):
+    app = app_factory('example.com')
+    settings.A2_OPENED_SESSION_COOKIE_DOMAIN = 'example.com'
+    settings.ALLOWED_HOSTS = ['example.com']
+
+    simple_user.ou.check_required_on_login_attributes = False
+    simple_user.ou.save()
+
+    resp = login(app, simple_user, path='/accounts/')
+    assert 'Your account' in resp.text