0001-models-authorize-superusers-to-access-every-service-.patch
| src/authentic2/models.py | ||
|---|---|---|
| 416 | 416 |
def authorize(self, user): |
| 417 | 417 |
if not self.authorized_roles.exists(): |
| 418 | 418 |
return True |
| 419 |
if user.is_superuser: |
|
| 420 |
return True |
|
| 419 | 421 |
if user.roles_and_parents().filter(allowed_services=self).exists(): |
| 420 | 422 |
return True |
| 421 | 423 |
raise ServiceAccessDenied(service=self) |
| tests/test_models.py | ||
|---|---|---|
| 18 | 18 |
import pytest |
| 19 | 19 | |
| 20 | 20 |
from authentic2.custom_user.models import User |
| 21 |
from authentic2.models import Attribute |
|
| 21 |
from authentic2.models import Attribute, Service |
|
| 22 |
from authentic2.utils.misc import ServiceAccessDenied |
|
| 23 |
from django_rbac.utils import get_role_model |
|
| 22 | 24 | |
| 23 | 25 | |
| 24 | 26 |
def test_attribute_disabled(db): |
| ... | ... | |
| 36 | 38 | |
| 37 | 39 |
with pytest.raises(AttributeError): |
| 38 | 40 |
user.attributes.test = '1234' |
| 41 | ||
| 42 | ||
| 43 |
def test_service_authorize(db): |
|
| 44 |
service = Service.objects.create(name='foo', slug='foo') |
|
| 45 |
role = get_role_model().objects.create(name='foo') |
|
| 46 |
service.authorized_roles.add(role) |
|
| 47 | ||
| 48 |
user = User.objects.create() |
|
| 49 |
with pytest.raises(ServiceAccessDenied): |
|
| 50 |
service.authorize(user) |
|
| 51 | ||
| 52 |
user.is_superuser = True |
|
| 53 |
user.save() |
|
| 54 |
assert service.authorize(user) |
|
| 39 |
- |
|