0001-utils-authorize-admin-access-to-all-endpoints-38365.patch
passerelle/utils/__init__.py | ||
---|---|---|
124 | 124 |
def is_authorized(request, obj, perm): |
125 | 125 |
from passerelle.base.models import AccessRight |
126 | 126 | |
127 |
if request.user.is_superuser: |
|
128 |
return True |
|
127 | 129 |
if is_trusted(request): |
128 | 130 |
return True |
129 | 131 |
resource_type = ContentType.objects.get_for_model(obj) |
tests/test_generic_endpoint.py | ||
---|---|---|
36 | 36 |
from passerelle.contrib.stub_invoices.models import StubInvoicesConnector |
37 | 37 |
from passerelle.utils.api import endpoint |
38 | 38 | |
39 |
from test_manager import login, admin_user, simple_user |
|
40 | ||
39 | 41 | |
40 | 42 |
@pytest.fixture |
41 | 43 |
def mdel(db): |
... | ... | |
506 | 508 |
assert len(up_endpoints) == 1 |
507 | 509 |
else: |
508 | 510 |
assert up_endpoints == [] |
511 | ||
512 | ||
513 |
def test_generic_endpoint_superuser_access(db, app, admin_user, simple_user): |
|
514 |
connector = MDEL.objects.create(slug='test') |
|
515 | ||
516 |
app = login(app, username='user', password='user') |
|
517 |
resp = app.get('/mdel/test/status', params={'demand_id': '1-14-ILE-LA'}, status=403) |
|
518 | ||
519 |
app = login(app, username='admin', password='admin') |
|
520 |
resp = app.get('/mdel/test/status', params={'demand_id': '1-14-ILE-LA'}, status=404) |
|
509 |
- |