Projet

Général

Profil

0001-account-don-t-display-authorization-management-link-.patch

Frédéric Péters, 31 juillet 2020 08:49

Télécharger (4,52 ko)

Voir les différences: 

Subject: [PATCH] account: don't display authorization management link unless
 services (#45635)


 src/authentic2/views.py | 11 ++++++++---
 tests/test_profile.py   | 34 +++++++++++++++++++++++++++++++++-
 2 files changed, 41 insertions(+), 4 deletions(-)
src/authentic2/views.py
506 506 
            'allow_account_deletion': app_settings.A2_REGISTRATION_CAN_DELETE_ACCOUNT,
507 507 
            'allow_profile_edit': EditProfile.can_edit_profile(),
508 508 
            'allow_email_change': app_settings.A2_PROFILE_CAN_CHANGE_EMAIL,
509 
            'allow_authorization_management': (
510 
                app_settings.A2_PROFILE_CAN_MANAGE_SERVICE_AUTHORIZATIONS
511 
                and 'authentic2_idp_oidc' in settings.INSTALLED_APPS),
509 
            'allow_authorization_management': False,
512 510 
            # TODO: deprecated should be removed when publik-base-theme is updated
513 511 
            'allow_password_change': utils.user_can_change_password(request=request),
514 512 
            'federation_management': federation_management,
515 513 
        })
514 

  		




  
  515
  
    
        if ('authentic2_idp_oidc' in settings.INSTALLED_APPS and

  		




  
  516
  
    
                app_settings.A2_PROFILE_CAN_MANAGE_SERVICE_AUTHORIZATIONS):

  		




  
  517
  
    
            from authentic2_idp_oidc.models import OIDCClient

  		




  
  518
  
    
            context['allow_authorization_management'] = OIDCClient.objects.filter(

  		




  
  519
  
    
                    authorization_mode=OIDCClient.AUTHORIZATION_MODE_BY_SERVICE).exists()

  		




  
  520
  
    

  		




  516
  521
  
    
        hooks.call_hooks('modify_context_data', self, context)

  		




  517
  522
  
    
        return context

  		




  518
  523
  
    

  		












  

    
      tests/test_profile.py
    
  





  22
  22
  
    

  		




  23
  23
  
    
from django.urls import reverse

  		




  24
  24
  
    

  		




  
  25
  
    
from authentic2.a2_rbac.utils import get_default_ou

  		




  25
  26
  
    
from authentic2.models import Attribute

  		




  
  27
  
    
from authentic2_idp_oidc.models import OIDCClient

  		




  26
  28
  
    

  		




  27
  29
  
    
from . import utils

  		




  28
  30
  
    

  		




  ......




  194
  196
  
    
    assert len(response.pyquery('input[type="text"][name="edit-profile-title@disabled"][readonly]')) == 1

  		




  195
  197
  
    

  		




  196
  198
  
    

  		




  197
  
  
    
def test_acount_view(app, simple_user, settings):

  		




  
  199
  
    
def test_account_view(app, simple_user, settings):

  		




  198
  200
  
    
    utils.login(app, simple_user)

  		




  199
  201
  
    
    url = reverse('account_management')

  		




  
  202
  
    
    # no oidc client defined -> no authorization management

  		




  
  203
  
    
    response = app.get(url, status=200)

  		




  
  204
  
    
    assert [x['href'] for x in response.html.find('div', {'id': 'a2-profile'}).find_all('a')] == [

  		




  
  205
  
    
        reverse('email-change'),

  		




  
  206
  
    
        reverse('profile_edit'),

  		




  
  207
  
    
        reverse('delete_account')

  		




  
  208
  
    
    ]

  		




  
  209
  
    

  		




  
  210
  
    
    # oidc client defined -> authorization management

  		




  
  211
  
    
    client = OIDCClient.objects.create(

  		




  
  212
  
    
        name='client',

  		




  
  213
  
    
        slug='client',

  		




  
  214
  
    
        ou=get_default_ou(),

  		




  
  215
  
    
        redirect_uris='https://example.com/')

  		




  200
  216
  
    
    response = app.get(url, status=200)

  		




  201
  217
  
    
    assert [x['href'] for x in response.html.find('div', {'id': 'a2-profile'}).find_all('a')] == [

  		




  202
  218
  
    
        reverse('email-change'),

  		




  ......




  205
  221
  
    
        reverse('delete_account')

  		




  206
  222
  
    
    ]

  		




  207
  223
  
    

  		




  
  224
  
    
    # oidc client defined but no authorization mode -> no authorization management

  		




  
  225
  
    
    client.authorization_mode = OIDCClient.AUTHORIZATION_MODE_NONE

  		




  
  226
  
    
    client.save()

  		




  
  227
  
    
    response = app.get(url, status=200)

  		




  
  228
  
    
    assert [x['href'] for x in response.html.find('div', {'id': 'a2-profile'}).find_all('a')] == [

  		




  
  229
  
    
        reverse('email-change'),

  		




  
  230
  
    
        reverse('profile_edit'),

  		




  
  231
  
    
        reverse('delete_account')

  		




  
  232
  
    
    ]

  		




  
  233
  
    

  		




  
  234
  
    
    # restore authorization mode

  		




  
  235
  
    
    client.authorization_mode = OIDCClient.AUTHORIZATION_MODE_BY_SERVICE

  		




  
  236
  
    
    client.save()

  		




  
  237
  
    

  		




  
  238
  
    
    # disabled authentic2_idp_oidc app -> no authorization management

  		




  208
  239
  
    
    settings.INSTALLED_APPS = tuple(x for x in settings.INSTALLED_APPS if x != 'authentic2_idp_oidc')

  		




  209
  240
  
    
    url = reverse('account_management')

  		




  210
  241
  
    
    response = app.get(url, status=200)

  		




  ......




  215
  246
  
    
    ]

  		




  216
  247
  
    
    settings.INSTALLED_APPS += ('authentic2_idp_oidc',)

  		




  217
  248
  
    

  		




  
  249
  
    
    # more disabled options -> less actions

  		




  218
  250
  
    
    settings.A2_PROFILE_CAN_CHANGE_EMAIL = False

  		




  219
  251
  
    
    settings.A2_PROFILE_CAN_MANAGE_SERVICE_AUTHORIZATIONS = False

  		




  220
  252
  
    
    settings.A2_REGISTRATION_CAN_DELETE_ACCOUNT = False

  		




  221
  
  
    
-