backoffice: fix admin-for-all check to apply in all conditions (#7178)

2015-05-07 17:54:30 +02:00 · 2015-05-07 17:54:30 +02:00 · 99129c3ba0
parent 28f249224a
commit 99129c3ba0
2 changed files with 30 additions and 10 deletions
--- a/tests/test_admin_pages.py
+++ b/tests/test_admin_pages.py
@ -35,9 +35,8 @@ def setup_module(module):
    pub.write_cfg()

 def create_superuser():
-    global user1
    if pub.user_class.has_key('admin'):
-        return
+        return pub.user_class.get('admin')
    user1 = pub.user_class(name='admin')
    user1.id = 'admin'
    user1.is_admin = True
@ -90,6 +89,13 @@ def test_admin_for_all():

    try:
        open(os.path.join(pub.app_dir, 'ADMIN_FOR_ALL'), 'w').close()
+        resp = get_app(pub).get('/backoffice/', status=200)
+        # check there are menu items
+        resp.click('Management', index=0)
+        resp.click('Forms Workshop', index=0)
+        resp.click('Settings', index=0)
+
+        # cheeck it's possible to get inside the subdirectories
        resp = get_app(pub).get('/backoffice/settings/', status=200)

        pub.cfg['admin-permissions'] = {'settings': [role.id]}
@ -108,11 +114,24 @@ def test_admin_for_all():
        fd.close()
        resp = get_app(pub).get('/backoffice/settings/', status=200)

+        # check it's also ok if the user is logged in but doesn't have the
+        # permissions
+        user.is_admin = False
+        user.store()
+        resp = login(get_app(pub)).get('/backoffice/settings/', status=200)
+        # check there are menu items
+        resp.click('Management', index=0)
+        resp.click('Forms Workshop', index=0)
+        resp.click('Settings', index=0)
+
    finally:
-        del pub.cfg['admin-permissions']
-        pub.write_cfg()
+        if 'admin-permissions' in pub.cfg:
+            del pub.cfg['admin-permissions']
+            pub.write_cfg()
        os.unlink(os.path.join(pub.app_dir, 'ADMIN_FOR_ALL'))
        role.remove_self()
+        user.is_admin = True
+        user.store()

 def test_forms():
    app = login(get_app(pub))
--- a/wcs/backoffice/root.py
+++ b/wcs/backoffice/root.py
@ -74,14 +74,16 @@ class RootDirectory(BackofficeRootDirectory):
    @classmethod
    def is_accessible(cls, subdirectory):
        # check a backoffice directory is accessible to the current user
+
+        if getattr(get_response(), 'filter', {}) and get_response().filter.get('admin_for_all'):
+            # if admin for all is set, access is granted to everything
+            return True
+
        if not get_request().user:
            if get_publisher().user_class.count() == 0:
                # setting up the site, access is granted to settings and users
                # sections
                return subdirectory in ('settings', 'users')
-            if getattr(get_response(), 'filter', {}) and get_response().filter.get('admin_for_all'):
-                # if admin for all is set, access is granted to everything
-                return True
            return False

        user_roles = set(get_request().user.roles or [])
@ -217,9 +219,8 @@ class RootDirectory(BackofficeRootDirectory):

    def get_menu_items(self):
        if not get_request().user:
-            # check if it's not a first connection on an empty site
-            if get_publisher().user_class.count() > 0:
-                return []
+            # this could happen if admin-for-all is set, or if it's the first
+            # user connecting.
            user_roles = set()
        else:
            user_roles = set(get_request().user.roles or [])