25 |
25 |
import pytest
|
26 |
26 |
from webtest import Upload
|
27 |
27 |
|
|
28 |
from django.contrib.auth import get_user_model
|
28 |
29 |
from django.contrib.contenttypes.models import ContentType
|
29 |
30 |
from django.urls import reverse
|
30 |
31 |
from django.utils.six import text_type
|
31 |
32 |
|
32 |
|
from django_rbac.utils import get_ou_model
|
|
33 |
from django_rbac.models import VIEW_OP
|
|
34 |
from django_rbac.utils import (
|
|
35 |
get_operation,
|
|
36 |
get_ou_model,
|
|
37 |
get_permission_model,
|
|
38 |
get_role_model,
|
|
39 |
)
|
33 |
40 |
|
34 |
41 |
from authentic2.custom_user.models import User
|
35 |
42 |
from authentic2.models import Attribute, AttributeValue
|
36 |
43 |
from authentic2.a2_rbac.utils import get_default_ou
|
|
44 |
from authentic2.a2_rbac.utils import get_view_user_perm
|
37 |
45 |
from authentic2.manager import user_import
|
38 |
46 |
|
39 |
47 |
|
... | ... | |
782 |
790 |
assert resp.html.find('input', {'name': 'username'})
|
783 |
791 |
resp = app.get(reverse('a2-manager-user-edit', kwargs={'pk': simple_user.id}))
|
784 |
792 |
assert resp.html.find('input', {'name': 'username'})
|
|
793 |
|
|
794 |
|
|
795 |
def test_manager_user_roles_visibility(app, simple_user, admin, ou1, ou2):
|
|
796 |
Role = get_role_model()
|
|
797 |
role1 = Role.objects.create(name='Role 1', slug='role1', ou=ou1)
|
|
798 |
role2 = Role.objects.create(name='Role 2', slug='role2', ou=ou2)
|
|
799 |
simple_user.roles.add(role1)
|
|
800 |
simple_user.roles.add(role2)
|
|
801 |
simple_user.save()
|
|
802 |
|
|
803 |
login(app, admin, '/manage/')
|
|
804 |
|
|
805 |
resp = app.get(reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id}))
|
|
806 |
assert '/manage/roles/%s/' % role1.pk in resp.text
|
|
807 |
assert 'Role 1' in resp.text
|
|
808 |
assert '/manage/roles/%s/' % role2.pk in resp.text
|
|
809 |
assert 'Role 2' in resp.text
|
|
810 |
|
|
811 |
app.get('/logout/').form.submit()
|
|
812 |
|
|
813 |
other_user = get_user_model().objects.create(
|
|
814 |
username='other_user', ou=ou1)
|
|
815 |
other_user.set_password('auietsrn')
|
|
816 |
other_role = Role.objects.create(name='Other role', slug='other-role', ou=ou1)
|
|
817 |
view_role1_perm = get_permission_model().objects.create(
|
|
818 |
operation=get_operation(VIEW_OP),
|
|
819 |
target_ct=ContentType.objects.get_for_model(Role),
|
|
820 |
target_id=role1.pk)
|
|
821 |
other_role.permissions.add(get_view_user_perm())
|
|
822 |
other_role.permissions.add(view_role1_perm)
|
|
823 |
other_role.save()
|
|
824 |
other_user.roles.add(other_role)
|
|
825 |
other_user.save()
|
|
826 |
|
|
827 |
login(app, other_user, '/manage/', 'auietsrn')
|
|
828 |
resp = app.get(reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id}))
|
|
829 |
assert '/manage/roles/%s/' % role1.pk in resp.text
|
|
830 |
assert 'Role 1' in resp.text
|
|
831 |
assert '/manage/roles/%s/' % role2.pk not in resp.text
|
|
832 |
assert 'Role 2' in resp.text
|
|
833 |
app.get('/manage/roles/%s/' % role2.pk, status=403)
|
785 |
|
-
|