0001-manager-add-permissions-based-access-to-global-journ.patch
src/authentic2/manager/journal_views.py | ||
---|---|---|
129 | 129 |
return ctx |
130 | 130 | |
131 | 131 | |
132 |
class GlobalJournalView(BaseJournalView): |
|
132 |
class GlobalJournalView(views.PermissionMixin, BaseJournalView):
|
|
133 | 133 |
template_name = 'authentic2/manager/journal.html' |
134 | ||
135 |
def dispatch(self, request, *args, **kwargs): |
|
136 |
if not request.user.is_superuser: |
|
137 |
raise PermissionDenied |
|
138 |
return super().dispatch(request, *args, **kwargs) |
|
134 |
permissions_global = True |
|
135 |
permissions = ['custom_user.view_user', 'a2_rbac.view_role'] |
|
139 | 136 | |
140 | 137 | |
141 | 138 |
journal = GlobalJournalView.as_view() |
src/authentic2/manager/templates/authentic2/manager/homepage.html | ||
---|---|---|
6 | 6 | |
7 | 7 |
{% block appbar %} |
8 | 8 |
<h2>{% blocktrans %}Here you can manage objects related to organizational units, users, roles and applications.{% endblocktrans %}</h2> |
9 |
{% if user.is_superuser %} |
|
9 |
{% if user.is_superuser or can_view_journal %}
|
|
10 | 10 |
<span class="actions"> |
11 | 11 |
<a class="extra-actions-menu-opener"></a> |
12 | 12 |
<ul class="extra-actions-menu"> |
13 |
{% if user.is_superuser %} |
|
13 | 14 |
<li><a download href="{% url 'a2-manager-site-export' %}">{% trans 'Export Site' %}</a></li> |
14 | 15 |
<li><a href="{% url 'a2-manager-site-import' %}" rel="popup">{% trans 'Import Site' %}</a></li> |
16 |
{% endif %} |
|
17 |
{% if user.is_superuser or can_view_journal %} |
|
15 | 18 |
<li><a href="{% url 'a2-manager-journal' %}">{% trans 'Journal' %}</a></li> |
19 |
{% endif %} |
|
16 | 20 |
</ul> |
17 | 21 |
</span> |
18 | 22 |
{% endif %} |
src/authentic2/manager/views.py | ||
---|---|---|
658 | 658 | |
659 | 659 |
def get_context_data(self, **kwargs): |
660 | 660 |
kwargs['entries'] = self.get_homepage_entries() |
661 |
kwargs['can_view_journal'] = self.request.user.has_perms( |
|
662 |
['custom_user.view_user', 'a2_rbac.view_role'] |
|
663 |
) |
|
661 | 664 |
return super(HomepageView, self).get_context_data(**kwargs) |
662 | 665 | |
663 | 666 |
tests/test_manager_journal.py | ||
---|---|---|
28 | 28 |
from authentic2.journal import journal |
29 | 29 |
from authentic2.models import Service |
30 | 30 | |
31 |
from .utils import login, text_content |
|
31 |
from .utils import login, logout, text_content
|
|
32 | 32 | |
33 | 33 | |
34 |
def test_journal_authorization(app, db, admin): |
|
35 |
response = login(app, admin, path='/manage/') |
|
36 |
assert 'Journal' not in response |
|
34 |
def test_journal_authorization(app, db, simple_user, admin): |
|
35 |
response = login(app, simple_user) |
|
37 | 36 |
app.get('/manage/journal/', status=403) |
38 | 37 | |
38 |
logout(app) |
|
39 |
response = login(app, admin, path='/manage/') |
|
40 |
assert 'Journal' in response |
|
41 |
app.get('/manage/journal/', status=200) |
|
42 | ||
39 | 43 | |
40 | 44 |
@pytest.fixture(autouse=True) |
41 | 45 |
def events(db, freezer): |
42 |
- |