From bb428414e888f029943b3bdd27ab75e241b6312d Mon Sep 17 00:00:00 2001 From: Nicolas ROCHE Date: Tue, 6 Oct 2020 09:35:24 +0200 Subject: [PATCH] manager: hide authorizations page if no oidc service defined (#47305) --- .../templates/authentic2/manager/user_detail.html | 2 ++ src/authentic2/manager/user_views.py | 6 +++++- tests/test_user_manager.py | 15 +++++++++++---- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/src/authentic2/manager/templates/authentic2/manager/user_detail.html b/src/authentic2/manager/templates/authentic2/manager/user_detail.html index 8de582dde..caa710fa2 100644 --- a/src/authentic2/manager/templates/authentic2/manager/user_detail.html +++ b/src/authentic2/manager/templates/authentic2/manager/user_detail.html @@ -16,7 +16,9 @@ {% trans "Edit" %} {% endif %} + {% if view.is_oidc_services %} {% trans "Authorizations" %} + {% endif %} {% endblock %} diff --git a/src/authentic2/manager/user_views.py b/src/authentic2/manager/user_views.py index a0e03e1e0..a095d6660 100644 --- a/src/authentic2/manager/user_views.py +++ b/src/authentic2/manager/user_views.py @@ -40,7 +40,7 @@ from authentic2.models import Attribute, AttributeValue, PasswordReset from authentic2.utils import send_password_reset_mail, redirect, select_next_url, make_url, switch_user from authentic2.a2_rbac.utils import get_default_ou from authentic2 import hooks -from authentic2_idp_oidc.models import OIDCAuthorization +from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient from django_rbac.utils import get_role_model, get_role_parenting_model, get_ou_model @@ -235,6 +235,10 @@ class UserDetailView(OtherActionsMixin, BaseDetailView): def title(self): return self.object.get_full_name() + @property + def is_oidc_services(self): + return OIDCClient.objects.exists() + def get_other_actions(self): for action in super(UserDetailView, self).get_other_actions(): yield action diff --git a/tests/test_user_manager.py b/tests/test_user_manager.py index 764cc6ed5..981c12bc0 100644 --- a/tests/test_user_manager.py +++ b/tests/test_user_manager.py @@ -846,6 +846,13 @@ def test_manager_user_authorizations(app, superuser, simple_user): from authentic2.a2_rbac.models import MANAGE_AUTHORIZATIONS_OP from tests.conftest import create_user Role = get_role_model() + user_detail_url = reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id}) + user_authorizations_url = reverse( + 'a2-manager-user-authorizations', kwargs={'pk': simple_user.id}) + + resp = login(app, superuser) + resp = app.get(user_detail_url, status=200) + assert not resp.html.find('div', {'id': 'appbar'}).find_all('a', {'href': user_authorizations_url}) # add a service consent to simple_user oidc_client = OIDCClient.objects.create( @@ -853,6 +860,10 @@ def test_manager_user_authorizations(app, superuser, simple_user): slug='client', ou=simple_user.ou, redirect_uris='https://example.com/') + + resp = app.get(user_detail_url, status=200) + assert resp.html.find('div', {'id': 'appbar'}).find_all('a', {'href': user_authorizations_url}) + auth = OIDCAuthorization.objects.create( client=oidc_client, user=simple_user, scopes='openid', expired='2020-01-01T12:01:01Z') @@ -878,10 +889,6 @@ def test_manager_user_authorizations(app, superuser, simple_user): user3 = create_user(username='agent3', ou=simple_user.ou) user3.roles.add(manage_auth_role) - user_detail_url = reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id}) - user_authorizations_url = reverse( - 'a2-manager-user-authorizations', kwargs={'pk': simple_user.id}) - # user1 without permission resp = login(app, user1) resp = app.get(user_detail_url, status=403)