account: don't display authorization management link unless services (#45635)
This commit is contained in:
parent
2117a108d2
commit
9ea1fdda60
|
@ -506,13 +506,18 @@ class ProfileView(cbv.TemplateNamesMixin, TemplateView):
|
|||
'allow_account_deletion': app_settings.A2_REGISTRATION_CAN_DELETE_ACCOUNT,
|
||||
'allow_profile_edit': EditProfile.can_edit_profile(),
|
||||
'allow_email_change': app_settings.A2_PROFILE_CAN_CHANGE_EMAIL,
|
||||
'allow_authorization_management': (
|
||||
app_settings.A2_PROFILE_CAN_MANAGE_SERVICE_AUTHORIZATIONS
|
||||
and 'authentic2_idp_oidc' in settings.INSTALLED_APPS),
|
||||
'allow_authorization_management': False,
|
||||
# TODO: deprecated should be removed when publik-base-theme is updated
|
||||
'allow_password_change': utils.user_can_change_password(request=request),
|
||||
'federation_management': federation_management,
|
||||
})
|
||||
|
||||
if ('authentic2_idp_oidc' in settings.INSTALLED_APPS and
|
||||
app_settings.A2_PROFILE_CAN_MANAGE_SERVICE_AUTHORIZATIONS):
|
||||
from authentic2_idp_oidc.models import OIDCClient
|
||||
context['allow_authorization_management'] = OIDCClient.objects.filter(
|
||||
authorization_mode=OIDCClient.AUTHORIZATION_MODE_BY_SERVICE).exists()
|
||||
|
||||
hooks.call_hooks('modify_context_data', self, context)
|
||||
return context
|
||||
|
||||
|
|
|
@ -22,7 +22,9 @@ import pytest
|
|||
|
||||
from django.urls import reverse
|
||||
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.models import Attribute
|
||||
from authentic2_idp_oidc.models import OIDCClient
|
||||
|
||||
from . import utils
|
||||
|
||||
|
@ -194,9 +196,23 @@ def test_account_edit_locked_title(app, simple_user):
|
|||
assert len(response.pyquery('input[type="text"][name="edit-profile-title@disabled"][readonly]')) == 1
|
||||
|
||||
|
||||
def test_acount_view(app, simple_user, settings):
|
||||
def test_account_view(app, simple_user, settings):
|
||||
utils.login(app, simple_user)
|
||||
url = reverse('account_management')
|
||||
# no oidc client defined -> no authorization management
|
||||
response = app.get(url, status=200)
|
||||
assert [x['href'] for x in response.html.find('div', {'id': 'a2-profile'}).find_all('a')] == [
|
||||
reverse('email-change'),
|
||||
reverse('profile_edit'),
|
||||
reverse('delete_account')
|
||||
]
|
||||
|
||||
# oidc client defined -> authorization management
|
||||
client = OIDCClient.objects.create(
|
||||
name='client',
|
||||
slug='client',
|
||||
ou=get_default_ou(),
|
||||
redirect_uris='https://example.com/')
|
||||
response = app.get(url, status=200)
|
||||
assert [x['href'] for x in response.html.find('div', {'id': 'a2-profile'}).find_all('a')] == [
|
||||
reverse('email-change'),
|
||||
|
@ -205,6 +221,21 @@ def test_acount_view(app, simple_user, settings):
|
|||
reverse('delete_account')
|
||||
]
|
||||
|
||||
# oidc client defined but no authorization mode -> no authorization management
|
||||
client.authorization_mode = OIDCClient.AUTHORIZATION_MODE_NONE
|
||||
client.save()
|
||||
response = app.get(url, status=200)
|
||||
assert [x['href'] for x in response.html.find('div', {'id': 'a2-profile'}).find_all('a')] == [
|
||||
reverse('email-change'),
|
||||
reverse('profile_edit'),
|
||||
reverse('delete_account')
|
||||
]
|
||||
|
||||
# restore authorization mode
|
||||
client.authorization_mode = OIDCClient.AUTHORIZATION_MODE_BY_SERVICE
|
||||
client.save()
|
||||
|
||||
# disabled authentic2_idp_oidc app -> no authorization management
|
||||
settings.INSTALLED_APPS = tuple(x for x in settings.INSTALLED_APPS if x != 'authentic2_idp_oidc')
|
||||
url = reverse('account_management')
|
||||
response = app.get(url, status=200)
|
||||
|
@ -215,6 +246,7 @@ def test_acount_view(app, simple_user, settings):
|
|||
]
|
||||
settings.INSTALLED_APPS += ('authentic2_idp_oidc',)
|
||||
|
||||
# more disabled options -> less actions
|
||||
settings.A2_PROFILE_CAN_CHANGE_EMAIL = False
|
||||
settings.A2_PROFILE_CAN_MANAGE_SERVICE_AUTHORIZATIONS = False
|
||||
settings.A2_REGISTRATION_CAN_DELETE_ACCOUNT = False
|
||||
|
|
Loading…
Reference in New Issue