a2_rbac: disable required attributes check at OU level (#58546)
This commit is contained in:
parent
a925b6731f
commit
7b1727f599
|
@ -0,0 +1,20 @@
|
|||
# Generated by Django 2.2.19 on 2021-12-02 10:11
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('a2_rbac', '0025_auto_20210622_1132'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name='organizationalunit',
|
||||
name='check_required_on_login_attributes',
|
||||
field=models.BooleanField(
|
||||
blank=True, default=True, verbose_name='Check required on login attributes'
|
||||
),
|
||||
),
|
||||
]
|
|
@ -73,6 +73,10 @@ class OrganizationalUnit(OrganizationalUnitAbstractBase):
|
|||
|
||||
show_username = models.BooleanField(blank=True, default=True, verbose_name=_('Show username'))
|
||||
|
||||
check_required_on_login_attributes = models.BooleanField(
|
||||
blank=True, default=True, verbose_name=_('Check required on login attributes')
|
||||
)
|
||||
|
||||
admin_perms = GenericRelation('Permission', content_type_field='target_ct', object_id_field='target_id')
|
||||
|
||||
user_can_reset_password = models.NullBooleanField(
|
||||
|
|
|
@ -629,6 +629,7 @@ class OUEditForm(SlugMixin, CssClass, forms.ModelForm):
|
|||
'email_is_unique',
|
||||
'validate_emails',
|
||||
'show_username',
|
||||
'check_required_on_login_attributes',
|
||||
'user_can_reset_password',
|
||||
'user_add_password_policy',
|
||||
'clean_unused_accounts_alert',
|
||||
|
|
|
@ -152,6 +152,9 @@ class ViewRestrictionMiddleware(MiddlewareMixin):
|
|||
if user.is_superuser:
|
||||
return None
|
||||
|
||||
if user.ou and not user.ou.check_required_on_login_attributes:
|
||||
return None
|
||||
|
||||
missing = user.get_missing_required_on_login_attributes()
|
||||
if missing:
|
||||
return 'profile_required_edit'
|
||||
|
|
|
@ -34,3 +34,24 @@ def test_simple(app_factory, db, simple_user, cgu_attribute, settings):
|
|||
resp = resp.follow()
|
||||
assert 'A2_OPENED_SESSION' in app.cookies
|
||||
assert 'les conditions générales d\'utilisation\xa0:\nTrue' in resp.pyquery.text()
|
||||
|
||||
|
||||
def test_superuser(app_factory, db, cgu_attribute, settings, superuser):
|
||||
app = app_factory('example.com')
|
||||
settings.A2_OPENED_SESSION_COOKIE_DOMAIN = 'example.com'
|
||||
settings.ALLOWED_HOSTS = ['example.com']
|
||||
|
||||
resp = login(app, superuser, path='/accounts/')
|
||||
assert 'Your account' in resp.text
|
||||
|
||||
|
||||
def test_check_disabled_at_ou_level(app_factory, db, cgu_attribute, settings, simple_user):
|
||||
app = app_factory('example.com')
|
||||
settings.A2_OPENED_SESSION_COOKIE_DOMAIN = 'example.com'
|
||||
settings.ALLOWED_HOSTS = ['example.com']
|
||||
|
||||
simple_user.ou.check_required_on_login_attributes = False
|
||||
simple_user.ou.save()
|
||||
|
||||
resp = login(app, simple_user, path='/accounts/')
|
||||
assert 'Your account' in resp.text
|
||||
|
|
Loading…
Reference in New Issue