0001-manager-check-permissions-before-showing-add-user-bu.patch
src/authentic2/manager/forms.py | ||
---|---|---|
599 | 599 |
return qs |
600 | 600 | |
601 | 601 | |
602 |
class UserAddChooseOUForm(OUSearchForm): |
|
603 |
ou_permission = 'custom_user.add_user' |
|
604 | ||
605 | ||
602 | 606 |
class NameSearchForm(CssClass, PrefixFormMixin, FormWithRequest): |
603 | 607 |
prefix = 'search' |
604 | 608 |
src/authentic2/manager/templates/authentic2/manager/users.html | ||
---|---|---|
7 | 7 |
{{ block.super }} |
8 | 8 |
<span class="actions"> |
9 | 9 |
<a class="extra-actions-menu-opener"></a> |
10 |
{% if view.can_add %} |
|
10 | 11 |
<a |
11 | 12 |
{% if add_ou %}href="{% url "a2-manager-user-add" ou_pk=add_ou.pk %}"{% else %} |
12 | 13 |
href="{% url "a2-manager-user-add-choose-ou" %}" rel="popup"{% endif %} |
13 | 14 |
id="add-user-btn"> |
14 | 15 |
{% trans "Add user" %} |
15 | 16 |
</a> |
17 |
{% else %} |
|
18 |
<a href="#" class="disabled" id="add-user-btn">{% trans "Add user" %}</a> |
|
19 |
{% endif %} |
|
16 | 20 |
{% if extra_actions %} |
17 | 21 |
<ul class="extra-actions-menu"> |
18 | 22 |
{% for extra_action in extra_actions %} |
src/authentic2/manager/user_views.py | ||
---|---|---|
55 | 55 |
from .forms import (UserSearchForm, UserAddForm, UserEditForm, |
56 | 56 |
UserChangePasswordForm, ChooseUserRoleForm, |
57 | 57 |
UserRoleSearchForm, UserChangeEmailForm, UserNewImportForm, |
58 |
UserEditImportForm, ChooseUserAuthorizationsForm, OUSearchForm)
|
|
58 |
UserEditImportForm, ChooseUserAuthorizationsForm, UserAddChooseOUForm)
|
|
59 | 59 |
from .resources import UserResource |
60 | 60 |
from .utils import get_ou_count, has_show_username |
61 | 61 |
from .journal_views import BaseJournalView |
... | ... | |
121 | 121 |
ou = get_default_ou() |
122 | 122 |
else: |
123 | 123 |
ou = self.search_form.cleaned_data.get('ou') |
124 |
if ou and self.request.user.has_ou_perm('custom_user.add_user', ou): |
|
125 |
ctx['add_ou'] = ou |
|
124 |
if ou: |
|
125 |
if self.request.user.has_ou_perm('custom_user.add_user', ou): |
|
126 |
ctx['add_ou'] = ou |
|
127 |
else: |
|
128 |
self.can_add = False |
|
126 | 129 |
extra_actions = ctx['extra_actions'] = [] |
127 | 130 |
if self.request.user.has_perm('custom_user.admin_user'): |
128 | 131 |
extra_actions.append({ |
... | ... | |
243 | 246 |
class UserAddChooseOU(TitleMixin, FormNeedsRequest, FormView): |
244 | 247 |
template_name = 'authentic2/manager/form.html' |
245 | 248 |
title = _('Choose organizational unit in which to create user') |
246 |
form_class = OUSearchForm
|
|
249 |
form_class = UserAddChooseOUForm
|
|
247 | 250 | |
248 | 251 |
def get_success_url(self): |
249 | 252 |
return reverse('a2-manager-user-add', kwargs={'ou_pk': self.ou_pk}) |
tests/test_user_manager.py | ||
---|---|---|
47 | 47 |
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient |
48 | 48 | |
49 | 49 | |
50 |
from .utils import login, get_link_from_mail |
|
50 |
from .utils import login, get_link_from_mail, logout
|
|
51 | 51 | |
52 | 52 |
OU = get_ou_model() |
53 | 53 | |
... | ... | |
204 | 204 |
assert user.has_usable_password() |
205 | 205 | |
206 | 206 | |
207 |
def test_create_user_choose_ou(app, superuser, ou1, ou2): |
|
207 |
def test_create_user_choose_ou(app, superuser, simple_user, ou1, ou2):
|
|
208 | 208 |
response = login(app, superuser, '/manage/users/') |
209 | 209 |
response = response.click('Add user') |
210 | 210 |
assert 'Choose organizational unit' in response.text |
... | ... | |
218 | 218 |
response = response.form.submit() |
219 | 219 |
assert str(ou1.pk) in response.url |
220 | 220 | |
221 |
logout(app) |
|
222 |
view_user_role = get_role_model().objects.create(name='view_user', ou=simple_user.ou) |
|
223 |
view_user_role.permissions.add(get_view_user_perm()) |
|
224 |
simple_user.roles.add(view_user_role) |
|
225 |
response = login(app, simple_user, '/manage/users/') |
|
226 |
assert response.pyquery.find('a#add-user-btn.disabled') |
|
227 | ||
221 | 228 | |
222 | 229 |
def test_manager_user_change_email(app, superuser_or_admin, simple_user, mailoutbox): |
223 | 230 |
ou = get_default_ou() |
224 |
- |