0001-models-authorize-superusers-to-access-every-service-.patch
src/authentic2/models.py | ||
---|---|---|
416 | 416 |
def authorize(self, user): |
417 | 417 |
if not self.authorized_roles.exists(): |
418 | 418 |
return True |
419 |
if user.is_superuser: |
|
420 |
return True |
|
419 | 421 |
if user.roles_and_parents().filter(allowed_services=self).exists(): |
420 | 422 |
return True |
421 | 423 |
raise ServiceAccessDenied(service=self) |
tests/test_models.py | ||
---|---|---|
18 | 18 |
import pytest |
19 | 19 | |
20 | 20 |
from authentic2.custom_user.models import User |
21 |
from authentic2.models import Attribute |
|
21 |
from authentic2.models import Attribute, Service |
|
22 |
from authentic2.utils.misc import ServiceAccessDenied |
|
23 |
from django_rbac.utils import get_role_model |
|
22 | 24 | |
23 | 25 | |
24 | 26 |
def test_attribute_disabled(db): |
... | ... | |
36 | 38 | |
37 | 39 |
with pytest.raises(AttributeError): |
38 | 40 |
user.attributes.test = '1234' |
41 | ||
42 | ||
43 |
def test_service_authorize(db): |
|
44 |
service = Service.objects.create(name='foo', slug='foo') |
|
45 |
role = get_role_model().objects.create(name='foo') |
|
46 |
service.authorized_roles.add(role) |
|
47 | ||
48 |
user = User.objects.create() |
|
49 |
with pytest.raises(ServiceAccessDenied): |
|
50 |
service.authorize(user) |
|
51 | ||
52 |
user.is_superuser = True |
|
53 |
user.save() |
|
54 |
assert service.authorize(user) |
|
39 |
- |