backoffice: fix admin-for-all check to apply in all conditions (#7178)
This commit is contained in:
parent
28f249224a
commit
99129c3ba0
|
@ -35,9 +35,8 @@ def setup_module(module):
|
|||
pub.write_cfg()
|
||||
|
||||
def create_superuser():
|
||||
global user1
|
||||
if pub.user_class.has_key('admin'):
|
||||
return
|
||||
return pub.user_class.get('admin')
|
||||
user1 = pub.user_class(name='admin')
|
||||
user1.id = 'admin'
|
||||
user1.is_admin = True
|
||||
|
@ -90,6 +89,13 @@ def test_admin_for_all():
|
|||
|
||||
try:
|
||||
open(os.path.join(pub.app_dir, 'ADMIN_FOR_ALL'), 'w').close()
|
||||
resp = get_app(pub).get('/backoffice/', status=200)
|
||||
# check there are menu items
|
||||
resp.click('Management', index=0)
|
||||
resp.click('Forms Workshop', index=0)
|
||||
resp.click('Settings', index=0)
|
||||
|
||||
# cheeck it's possible to get inside the subdirectories
|
||||
resp = get_app(pub).get('/backoffice/settings/', status=200)
|
||||
|
||||
pub.cfg['admin-permissions'] = {'settings': [role.id]}
|
||||
|
@ -108,11 +114,24 @@ def test_admin_for_all():
|
|||
fd.close()
|
||||
resp = get_app(pub).get('/backoffice/settings/', status=200)
|
||||
|
||||
# check it's also ok if the user is logged in but doesn't have the
|
||||
# permissions
|
||||
user.is_admin = False
|
||||
user.store()
|
||||
resp = login(get_app(pub)).get('/backoffice/settings/', status=200)
|
||||
# check there are menu items
|
||||
resp.click('Management', index=0)
|
||||
resp.click('Forms Workshop', index=0)
|
||||
resp.click('Settings', index=0)
|
||||
|
||||
finally:
|
||||
del pub.cfg['admin-permissions']
|
||||
pub.write_cfg()
|
||||
if 'admin-permissions' in pub.cfg:
|
||||
del pub.cfg['admin-permissions']
|
||||
pub.write_cfg()
|
||||
os.unlink(os.path.join(pub.app_dir, 'ADMIN_FOR_ALL'))
|
||||
role.remove_self()
|
||||
user.is_admin = True
|
||||
user.store()
|
||||
|
||||
def test_forms():
|
||||
app = login(get_app(pub))
|
||||
|
|
|
@ -74,14 +74,16 @@ class RootDirectory(BackofficeRootDirectory):
|
|||
@classmethod
|
||||
def is_accessible(cls, subdirectory):
|
||||
# check a backoffice directory is accessible to the current user
|
||||
|
||||
if getattr(get_response(), 'filter', {}) and get_response().filter.get('admin_for_all'):
|
||||
# if admin for all is set, access is granted to everything
|
||||
return True
|
||||
|
||||
if not get_request().user:
|
||||
if get_publisher().user_class.count() == 0:
|
||||
# setting up the site, access is granted to settings and users
|
||||
# sections
|
||||
return subdirectory in ('settings', 'users')
|
||||
if getattr(get_response(), 'filter', {}) and get_response().filter.get('admin_for_all'):
|
||||
# if admin for all is set, access is granted to everything
|
||||
return True
|
||||
return False
|
||||
|
||||
user_roles = set(get_request().user.roles or [])
|
||||
|
@ -217,9 +219,8 @@ class RootDirectory(BackofficeRootDirectory):
|
|||
|
||||
def get_menu_items(self):
|
||||
if not get_request().user:
|
||||
# check if it's not a first connection on an empty site
|
||||
if get_publisher().user_class.count() > 0:
|
||||
return []
|
||||
# this could happen if admin-for-all is set, or if it's the first
|
||||
# user connecting.
|
||||
user_roles = set()
|
||||
else:
|
||||
user_roles = set(get_request().user.roles or [])
|
||||
|
|
Loading…
Reference in New Issue