0001-utils-authorize-admin-access-to-all-endpoints-38365.patch
passerelle/utils/__init__.py | ||
---|---|---|
124 | 124 |
def is_authorized(request, obj, perm): |
125 | 125 |
from passerelle.base.models import AccessRight |
126 | 126 | |
127 |
if request.user.is_superuser: |
|
128 |
return True |
|
127 | 129 |
if is_trusted(request): |
128 | 130 |
return True |
129 | 131 |
resource_type = ContentType.objects.get_for_model(obj) |
tests/test_generic_endpoint.py | ||
---|---|---|
36 | 36 |
from passerelle.contrib.stub_invoices.models import StubInvoicesConnector |
37 | 37 |
from passerelle.utils.api import endpoint |
38 | 38 | |
39 |
from test_manager import login, admin_user, simple_user |
|
40 | ||
39 | 41 | |
40 | 42 |
@pytest.fixture |
41 | 43 |
def mdel(db): |
... | ... | |
506 | 508 |
assert len(up_endpoints) == 1 |
507 | 509 |
else: |
508 | 510 |
assert up_endpoints == [] |
511 | ||
512 | ||
513 |
def test_generic_endpoint_superuser_access(db, app, admin_user, simple_user): |
|
514 |
connector = MDEL.objects.create(slug='test') |
|
515 |
filename = os.path.join(os.path.dirname(__file__), 'data', 'mdel', 'formdata.json') |
|
516 |
payload = json.load(open(filename)) |
|
517 | ||
518 |
app = login(app, username='user', password='user') |
|
519 |
resp = app.post_json('/mdel/test/create', params=payload, status=403) |
|
520 | ||
521 |
app = login(app, username='admin', password='admin') |
|
522 |
resp = app.post_json('/mdel/test/create', params=payload, status=200) |
|
523 |
assert resp.json['data']['demand_id'] == '1-14-ILE-LA' |
|
509 |
- |