0001-a2_rbac-disable-required-attributes-check-at-OU-leve.patch

Valentin Deniaud, 08 décembre 2021 15:49

Voir les différences: en ligne côte à côte

Subject: [PATCH] a2_rbac: disable required attributes check at OU level
 (#58546)

 ...unit_check_required_on_login_attributes.py | 20 ++++++++++++++++++
 src/authentic2/a2_rbac/models.py              |  4 ++++
 src/authentic2/manager/forms.py               |  1 +
 src/authentic2/middleware.py                  |  3 +++
 .../test_required_on_login_restriction.py     | 21 +++++++++++++++++++
 5 files changed, 49 insertions(+)
 create mode 100644 src/authentic2/a2_rbac/migrations/0026_organizationalunit_check_required_on_login_attributes.py

     # Generated by Django 2.2.19 on 2021-12-02 10:11
     from django.db import migrations, models
     class Migration(migrations.Migration):
         dependencies = [
             ('a2_rbac', '0025_auto_20210622_1132'),
+        ]
         operations = [
             migrations.AddField(
                 model_name='organizationalunit',
                 name='check_required_on_login_attributes',
                 field=models.BooleanField(
                     blank=True, default=True, verbose_name='Check required on login attributes'
                 ),
             ),
+        ]

         show_username = models.BooleanField(blank=True, default=True, verbose_name=_('Show username'))
         check_required_on_login_attributes = models.BooleanField(
             blank=True, default=True, verbose_name=_('Check required on login attributes')
+        )
         admin_perms = GenericRelation('Permission', content_type_field='target_ct', object_id_field='target_id')
         user_can_reset_password = models.NullBooleanField(

src/authentic2/manager/forms.py
629	629	'email_is_unique',
630	630	'validate_emails',
631	631	'show_username',
	632	'check_required_on_login_attributes',
632	633	'user_can_reset_password',
633	634	'user_add_password_policy',
634	635	'clean_unused_accounts_alert',

             if user.is_superuser:
                 return None
             if user.ou and not user.ou.check_required_on_login_attributes:
                 return None
             missing = user.get_missing_required_on_login_attributes()
             if missing:
                 return 'profile_required_edit'

         resp = resp.follow()
         assert 'A2_OPENED_SESSION' in app.cookies
         assert 'les conditions générales d\'utilisation\xa0:\nTrue' in resp.pyquery.text()
     def test_superuser(app_factory, db, cgu_attribute, settings, superuser):
         app = app_factory('example.com')
         settings.A2_OPENED_SESSION_COOKIE_DOMAIN = 'example.com'
         settings.ALLOWED_HOSTS = ['example.com']
         resp = login(app, superuser, path='/accounts/')
         assert 'Your account' in resp.text
     def test_check_disabled_at_ou_level(app_factory, db, cgu_attribute, settings, simple_user):
         app = app_factory('example.com')
         settings.A2_OPENED_SESSION_COOKIE_DOMAIN = 'example.com'
         settings.ALLOWED_HOSTS = ['example.com']
         simple_user.ou.check_required_on_login_attributes = False
         simple_user.ou.save()
         resp = login(app, simple_user, path='/accounts/')
         assert 'Your account' in resp.text
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-a2_rbac-disable-required-attributes-check-at-OU-leve.patch