0001-utils-authorize-admin-access-to-all-endpoints-38365.patch
| passerelle/utils/__init__.py | ||
|---|---|---|
| 124 | 124 |
def is_authorized(request, obj, perm): |
| 125 | 125 |
from passerelle.base.models import AccessRight |
| 126 | 126 | |
| 127 |
if request.user.is_superuser: |
|
| 128 |
return True |
|
| 127 | 129 |
if is_trusted(request): |
| 128 | 130 |
return True |
| 129 | 131 |
resource_type = ContentType.objects.get_for_model(obj) |
| tests/test_generic_endpoint.py | ||
|---|---|---|
| 36 | 36 |
from passerelle.contrib.stub_invoices.models import StubInvoicesConnector |
| 37 | 37 |
from passerelle.utils.api import endpoint |
| 38 | 38 | |
| 39 |
from test_manager import login, admin_user, simple_user |
|
| 40 | ||
| 39 | 41 | |
| 40 | 42 |
@pytest.fixture |
| 41 | 43 |
def mdel(db): |
| ... | ... | |
| 506 | 508 |
assert len(up_endpoints) == 1 |
| 507 | 509 |
else: |
| 508 | 510 |
assert up_endpoints == [] |
| 511 | ||
| 512 | ||
| 513 |
def test_generic_endpoint_superuser_access(db, app, admin_user, simple_user): |
|
| 514 |
connector = MDEL.objects.create(slug='test') |
|
| 515 |
filename = os.path.join(os.path.dirname(__file__), 'data', 'mdel', 'formdata.json') |
|
| 516 |
payload = json.load(open(filename)) |
|
| 517 | ||
| 518 |
app = login(app, username='user', password='user') |
|
| 519 |
resp = app.post_json('/mdel/test/create', params=payload, status=403)
|
|
| 520 | ||
| 521 |
app = login(app, username='admin', password='admin') |
|
| 522 |
resp = app.post_json('/mdel/test/create', params=payload, status=200)
|
|
| 523 |
assert resp.json['data']['demand_id'] == '1-14-ILE-LA' |
|
| 509 |
- |
|