0001-manager-check-permissions-before-showing-add-user-bu.patch
| src/authentic2/manager/forms.py | ||
|---|---|---|
| 599 | 599 |
return qs |
| 600 | 600 | |
| 601 | 601 | |
| 602 |
class UserAddChooseOUForm(OUSearchForm): |
|
| 603 |
ou_permission = 'custom_user.add_user' |
|
| 604 | ||
| 605 | ||
| 602 | 606 |
class NameSearchForm(CssClass, PrefixFormMixin, FormWithRequest): |
| 603 | 607 |
prefix = 'search' |
| 604 | 608 | |
| src/authentic2/manager/templates/authentic2/manager/users.html | ||
|---|---|---|
| 7 | 7 |
{{ block.super }}
|
| 8 | 8 |
<span class="actions"> |
| 9 | 9 |
<a class="extra-actions-menu-opener"></a> |
| 10 |
{% if view.can_add %}
|
|
| 10 | 11 |
<a |
| 11 | 12 |
{% if add_ou %}href="{% url "a2-manager-user-add" ou_pk=add_ou.pk %}"{% else %}
|
| 12 | 13 |
href="{% url "a2-manager-user-add-choose-ou" %}" rel="popup"{% endif %}
|
| 13 | 14 |
id="add-user-btn"> |
| 14 | 15 |
{% trans "Add user" %}
|
| 15 | 16 |
</a> |
| 17 |
{% else %}
|
|
| 18 |
<a href="#" class="disabled" id="add-user-btn">{% trans "Add user" %}</a>
|
|
| 19 |
{% endif %}
|
|
| 16 | 20 |
{% if extra_actions %}
|
| 17 | 21 |
<ul class="extra-actions-menu"> |
| 18 | 22 |
{% for extra_action in extra_actions %}
|
| src/authentic2/manager/user_views.py | ||
|---|---|---|
| 55 | 55 |
from .forms import (UserSearchForm, UserAddForm, UserEditForm, |
| 56 | 56 |
UserChangePasswordForm, ChooseUserRoleForm, |
| 57 | 57 |
UserRoleSearchForm, UserChangeEmailForm, UserNewImportForm, |
| 58 |
UserEditImportForm, ChooseUserAuthorizationsForm, OUSearchForm)
|
|
| 58 |
UserEditImportForm, ChooseUserAuthorizationsForm, UserAddChooseOUForm)
|
|
| 59 | 59 |
from .resources import UserResource |
| 60 | 60 |
from .utils import get_ou_count, has_show_username |
| 61 | 61 |
from .journal_views import BaseJournalView |
| ... | ... | |
| 121 | 121 |
ou = get_default_ou() |
| 122 | 122 |
else: |
| 123 | 123 |
ou = self.search_form.cleaned_data.get('ou')
|
| 124 |
if ou and self.request.user.has_ou_perm('custom_user.add_user', ou):
|
|
| 125 |
ctx['add_ou'] = ou |
|
| 124 |
if ou: |
|
| 125 |
if self.request.user.has_ou_perm('custom_user.add_user', ou):
|
|
| 126 |
ctx['add_ou'] = ou |
|
| 127 |
else: |
|
| 128 |
self.can_add = False |
|
| 126 | 129 |
extra_actions = ctx['extra_actions'] = [] |
| 127 | 130 |
if self.request.user.has_perm('custom_user.admin_user'):
|
| 128 | 131 |
extra_actions.append({
|
| ... | ... | |
| 243 | 246 |
class UserAddChooseOU(TitleMixin, FormNeedsRequest, FormView): |
| 244 | 247 |
template_name = 'authentic2/manager/form.html' |
| 245 | 248 |
title = _('Choose organizational unit in which to create user')
|
| 246 |
form_class = OUSearchForm
|
|
| 249 |
form_class = UserAddChooseOUForm
|
|
| 247 | 250 | |
| 248 | 251 |
def get_success_url(self): |
| 249 | 252 |
return reverse('a2-manager-user-add', kwargs={'ou_pk': self.ou_pk})
|
| tests/test_user_manager.py | ||
|---|---|---|
| 47 | 47 |
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient |
| 48 | 48 | |
| 49 | 49 | |
| 50 |
from .utils import login, get_link_from_mail |
|
| 50 |
from .utils import login, get_link_from_mail, logout
|
|
| 51 | 51 | |
| 52 | 52 |
OU = get_ou_model() |
| 53 | 53 | |
| ... | ... | |
| 204 | 204 |
assert user.has_usable_password() |
| 205 | 205 | |
| 206 | 206 | |
| 207 |
def test_create_user_choose_ou(app, superuser, ou1, ou2): |
|
| 207 |
def test_create_user_choose_ou(app, superuser, simple_user, ou1, ou2):
|
|
| 208 | 208 |
response = login(app, superuser, '/manage/users/') |
| 209 | 209 |
response = response.click('Add user')
|
| 210 | 210 |
assert 'Choose organizational unit' in response.text |
| ... | ... | |
| 218 | 218 |
response = response.form.submit() |
| 219 | 219 |
assert str(ou1.pk) in response.url |
| 220 | 220 | |
| 221 |
logout(app) |
|
| 222 |
view_user_role = get_role_model().objects.create(name='view_user', ou=simple_user.ou) |
|
| 223 |
view_user_role.permissions.add(get_view_user_perm()) |
|
| 224 |
simple_user.roles.add(view_user_role) |
|
| 225 |
response = login(app, simple_user, '/manage/users/') |
|
| 226 |
assert response.pyquery.find('a#add-user-btn.disabled')
|
|
| 227 | ||
| 221 | 228 | |
| 222 | 229 |
def test_manager_user_change_email(app, superuser_or_admin, simple_user, mailoutbox): |
| 223 | 230 |
ou = get_default_ou() |
| 224 |
- |
|