0008-manager-disable-popup-display-on-insufficient-auth-l.patch

Valentin Deniaud, 28 May 2019 05:24 PM

View differences: inline side by side

Subject: [PATCH 8/8] manager: disable popup display on insufficient auth level
 (#33515)

Prevent redirects to login happening inside popups.

 .../templates/authentic2/manager/ou_detail.html  |  2 +-
 .../templates/authentic2/manager/ous.html        |  2 +-
 .../authentic2/manager/role_members.html         |  8 ++++----
 .../authentic2/manager/role_permissions.html     |  2 +-
 .../templates/authentic2/manager/roles.html      |  2 +-
 .../authentic2/manager/user_detail.html          |  2 +-
 src/authentic2/manager/views.py                  | 16 ++++++++++++++--
 7 files changed, 23 insertions(+), 11 deletions(-)

       {{ block.super }}
       <span class="actions">
       {% if view.could_delete %}
         <a rel="popup" href="{% url "a2-manager-ou-delete" pk=object.pk %}">{% trans "Delete" %}</a>
       <a rel="{{ delete_rel }}" href="{% url "a2-manager-ou-delete" pk=object.pk %}">{% trans "Delete" %}</a>
       {% else %}
         <a class="disabled" title="{% trans "You do not have the rights to delete this organizational unit." %}" href="#">{% trans "Delete" %}</a>
       {% endif %}

       {{ block.super }}
       <span class="actions">
       {% if view.could_add %}
         <a href="{% url "a2-manager-ou-add" %}" rel="popup">{% trans "Add organizational unit" %}</a>
         <a href="{% url "a2-manager-ou-add" %}" rel="{{ add_rel }}">{% trans "Add organizational unit" %}</a>
       {% endif %}
       </span>
     {% endblock %}

       {{ block.super }}
       <span class="actions">
       {% if not object.is_internal and view.could_delete %}
         <a rel="popup" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
         <a rel="{{ delete_rel }}" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
       {% else %}
         <a class="disabled" title="{% trans "This role is technical, you cannot delete it." %}" href="#">{% trans "Delete" %}</a>
       {% endif %}
-...
          {% endif %}
        {% endfor %}
       {% if view.could_change %}
         <a rel="popup" href="{% url "a2-manager-role-add-admin-user" pk=object.pk %}" class="role-add icon-add-sign"></a>
         <a rel="{{ change_rel }}" href="{% url "a2-manager-role-add-admin-user" pk=object.pk %}" class="role-add icon-add-sign"></a>
       {% else %}
         <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
       {% endif %}
-...
          {% endif %}
        {% endfor %}
       {% if view.could_change %}
         <a rel="popup" href="{% url "a2-manager-role-add-admin-role" pk=object.pk %}" class="role-add icon-add-sign"></a>
         <a rel="{{ change_rel }}" href="{% url "a2-manager-role-add-admin-role" pk=object.pk %}" class="role-add icon-add-sign"></a>
       {% else %}
         <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
       {% endif %}
-...
          {% endif %}
        {% endfor %}
       {% if view.could_change %}
         <a rel="popup" href="{% url "a2-manager-role-add-child" pk=object.pk %}" class="role-add icon-add-sign"></a>
         <a rel="{{ change_rel }}" href="{% url "a2-manager-role-add-child" pk=object.pk %}" class="role-add icon-add-sign"></a>
       {% else %}
         <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
       {% endif %}

       {{ block.super }}
       <span class="actions">
       {% if view.could_delete %}
         <a rel="popup" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
         <a rel="{{ delete_rel }}" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
       {% endif %}
       {% if view.could_change and not object.is_internal %}
         <a href="{% url "a2-manager-role-edit" pk=object.pk %}">{% trans "Edit" %}</a>

       {{ block.super }}
       <span class="actions">
       {% if view.could_add %}
         <a href="{% url "a2-manager-role-add" %}" rel="popup">{% trans "Add role" %}</a>
       <a href="{% url "a2-manager-role-add" %}" rel="{{ add_rel }}">{% trans "Add role" %}</a>
       {% else %}
         <a href="#" class="disabled" rel="popup">{% trans "Add role" %}</a>
       {% endif %}

       {{ block.super }}
       <span class="actions">
       {% if view.could_delete %}
         <a rel="popup" href="{% url "a2-manager-user-delete" pk=object.pk %}">{% trans "Delete" %}</a>
         <a rel="{{ delete_rel }}" href="{% url "a2-manager-user-delete" pk=object.pk %}">{% trans "Delete" %}</a>
       {% else %}
         <a class="disabled" title="{% trans "You do not have the rights to delete this user." %}" href="#">{% trans "Delete" %}</a>
       {% endif %}

                 return response
             return super(PermissionMixin, self).dispatch(request, *args, **kwargs)
         def get_context_data(self, **kwargs):
             ctx = super(PermissionMixin, self).get_context_data(**kwargs)
             for perm in ['view', 'add', 'delete', 'change']:
                 if getattr(self, 'can_' + perm, False):
                     ctx[perm + '_rel'] = 'popup'
             return ctx
     def filter_view(request, qs):
         model = qs.model
-...
                 self.permission = permission
         def display(self, instance, request):
             if self.permission:
                 return request.user.has_perm(self.permission, instance)
             auth_level = request.session.get('auth_level', 1)
             try:
                 if self.permission:
                     return request.user.has_perm(self.permission, instance,
                                                  auth_level=auth_level)
             except InsufficientAuthLevel:
                 self.popup = False
             return True

Project

General

Profile

Produits Entr'ouvert » Authentic 2

0008-manager-disable-popup-display-on-insufficient-auth-l.patch