0001-utils-authorize-admin-access-to-all-endpoints-38365.patch
| passerelle/utils/__init__.py | ||
|---|---|---|
| 124 | 124 |
def is_authorized(request, obj, perm): |
| 125 | 125 |
from passerelle.base.models import AccessRight |
| 126 | 126 | |
| 127 |
if request.user.is_superuser: |
|
| 128 |
return True |
|
| 127 | 129 |
if is_trusted(request): |
| 128 | 130 |
return True |
| 129 | 131 |
resource_type = ContentType.objects.get_for_model(obj) |
| tests/test_generic_endpoint.py | ||
|---|---|---|
| 36 | 36 |
from passerelle.contrib.stub_invoices.models import StubInvoicesConnector |
| 37 | 37 |
from passerelle.utils.api import endpoint |
| 38 | 38 | |
| 39 |
from test_manager import login, admin_user, simple_user |
|
| 40 | ||
| 39 | 41 | |
| 40 | 42 |
@pytest.fixture |
| 41 | 43 |
def mdel(db): |
| ... | ... | |
| 506 | 508 |
assert len(up_endpoints) == 1 |
| 507 | 509 |
else: |
| 508 | 510 |
assert up_endpoints == [] |
| 511 | ||
| 512 | ||
| 513 |
def test_generic_endpoint_superuser_access(db, app, admin_user, simple_user): |
|
| 514 |
connector = MDEL.objects.create(slug='test') |
|
| 515 | ||
| 516 |
app = login(app, username='user', password='user') |
|
| 517 |
resp = app.get('/mdel/test/status', params={'demand_id': '1-14-ILE-LA'}, status=403)
|
|
| 518 | ||
| 519 |
app = login(app, username='admin', password='admin') |
|
| 520 |
resp = app.get('/mdel/test/status', params={'demand_id': '1-14-ILE-LA'}, status=404)
|
|
| 509 |
- |
|