diff --git a/src/authentic2/manager/templates/authentic2/manager/user_detail.html b/src/authentic2/manager/templates/authentic2/manager/user_detail.html
index 8de582dde..caa710fa2 100644
--- a/src/authentic2/manager/templates/authentic2/manager/user_detail.html
+++ b/src/authentic2/manager/templates/authentic2/manager/user_detail.html
@@ -16,7 +16,9 @@
{% trans "Edit" %}
{% endif %}
+ {% if view.is_oidc_services %}
{% trans "Authorizations" %}
+ {% endif %}
{% endblock %}
diff --git a/src/authentic2/manager/user_views.py b/src/authentic2/manager/user_views.py
index a0e03e1e0..a095d6660 100644
--- a/src/authentic2/manager/user_views.py
+++ b/src/authentic2/manager/user_views.py
@@ -40,7 +40,7 @@ from authentic2.models import Attribute, AttributeValue, PasswordReset
from authentic2.utils import send_password_reset_mail, redirect, select_next_url, make_url, switch_user
from authentic2.a2_rbac.utils import get_default_ou
from authentic2 import hooks
-from authentic2_idp_oidc.models import OIDCAuthorization
+from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
from django_rbac.utils import get_role_model, get_role_parenting_model, get_ou_model
@@ -235,6 +235,10 @@ class UserDetailView(OtherActionsMixin, BaseDetailView):
def title(self):
return self.object.get_full_name()
+ @property
+ def is_oidc_services(self):
+ return OIDCClient.objects.exists()
+
def get_other_actions(self):
for action in super(UserDetailView, self).get_other_actions():
yield action
diff --git a/tests/test_user_manager.py b/tests/test_user_manager.py
index 764cc6ed5..981c12bc0 100644
--- a/tests/test_user_manager.py
+++ b/tests/test_user_manager.py
@@ -846,6 +846,13 @@ def test_manager_user_authorizations(app, superuser, simple_user):
from authentic2.a2_rbac.models import MANAGE_AUTHORIZATIONS_OP
from tests.conftest import create_user
Role = get_role_model()
+ user_detail_url = reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id})
+ user_authorizations_url = reverse(
+ 'a2-manager-user-authorizations', kwargs={'pk': simple_user.id})
+
+ resp = login(app, superuser)
+ resp = app.get(user_detail_url, status=200)
+ assert not resp.html.find('div', {'id': 'appbar'}).find_all('a', {'href': user_authorizations_url})
# add a service consent to simple_user
oidc_client = OIDCClient.objects.create(
@@ -853,6 +860,10 @@ def test_manager_user_authorizations(app, superuser, simple_user):
slug='client',
ou=simple_user.ou,
redirect_uris='https://example.com/')
+
+ resp = app.get(user_detail_url, status=200)
+ assert resp.html.find('div', {'id': 'appbar'}).find_all('a', {'href': user_authorizations_url})
+
auth = OIDCAuthorization.objects.create(
client=oidc_client, user=simple_user, scopes='openid',
expired='2020-01-01T12:01:01Z')
@@ -878,10 +889,6 @@ def test_manager_user_authorizations(app, superuser, simple_user):
user3 = create_user(username='agent3', ou=simple_user.ou)
user3.roles.add(manage_auth_role)
- user_detail_url = reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id})
- user_authorizations_url = reverse(
- 'a2-manager-user-authorizations', kwargs={'pk': simple_user.id})
-
# user1 without permission
resp = login(app, user1)
resp = app.get(user_detail_url, status=403)