0002-manager-raise-PermissionDenied-if-user-has-no-add-us.patch

Benjamin Dauvergne, 10 juillet 2020 12:14

Voir les différences: en ligne côte à côte

Subject: [PATCH 2/2] manager: raise PermissionDenied if user has no add user
 permission (#45009)

 src/authentic2/manager/templates/403.html |  2 +-
 src/authentic2/manager/user_views.py      | 16 ++++++++++------
 tests/test_user_manager.py                | 10 ++++++++++
 3 files changed, 21 insertions(+), 7 deletions(-)

     {% load i18n %}
     {% block content %}
       <p>{% trans "You are not authorized to see this page." %} </p>
       <p>{% trans "You are not authorized to see this page." %}</p>
       <p>
         <button onclick="window.location = '/'">{% trans "Homepage" %}</button>
         <button onclick="window.history.back()">{% trans "Back" %}</button>

     from . import app_settings
     User = get_user_model()
     OU = get_ou_model()
     class UsersView(HideOUColumnMixin, BaseTableView):
-...
         permissions = ['custom_user.add_user']
         template_name = 'authentic2/manager/user_add.html'
         def dispatch(self, request, *args, **kwargs):
             qs = request.user.ous_with_perm('custom_user.add_user')
             try:
                 self.ou = qs.get(pk=self.kwargs['ou_pk'])
             except OU.DoesNotExist:
                 raise PermissionDenied
             return super().dispatch(request, *args, **kwargs)
         def get_form_kwargs(self):
             kwargs = super(UserAddView, self).get_form_kwargs()
             kwargs['ou'] = self.ou
             return kwargs
         def get_form_class(self):
             qs = self.request.user.ous_with_perm('custom_user.add_user')
             self.ou = qs.get(pk=self.kwargs['ou_pk'])
             return super(UserAddView, self).get_form_class()
         def get_fields(self):
             fields = list(self.fields)
             if not self.ou.show_username:
-...
             return initial
         def get_user_add_policies(self, *args, **kwargs):
             ou = get_ou_model().objects.get(pk=self.kwargs['ou_pk'])
             ou = OU.objects.get(pk=self.kwargs['ou_pk'])
             value = ou.user_add_password_policy
             return ou.USER_ADD_PASSWD_POLICY_VALUES[value]._asdict()

         assert user.check_password('1234Password')
     def test_create_user_permission_denied(app, simple_user, ou1, ou2):
         ou1.get_admin_role().members.add(simple_user)
         response = login(app, simple_user, '/manage/users/%s/add/' % ou1.id)
         assert 'You are not authorized to see this page.' not in response.text
         response = app.get('/manage/users/%s/add/' % ou2.id, status=403)
         assert 'You are not authorized to see this page.' in response.text
     def test_create_user_only_name(app, superuser):
         response = login(app, superuser, '/manage/users/')
         response = response.click('Add user')
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0002-manager-raise-PermissionDenied-if-user-has-no-add-us.patch