0002-manager-filter-apiclient-s-available-ous-on-user-s-o.patch
src/authentic2/manager/apiclient_views.py | ||
---|---|---|
46 | 46 |
return qs.filter(ou__in=allowed_ous) |
47 | 47 | |
48 | 48 | |
49 |
class APIClientsFormViewMixin(APIClientsMixin): |
|
50 |
def get_form(self, form_class=None): |
|
51 |
form = super().get_form(form_class=form_class) |
|
52 |
if not self.request.user.has_perm('authentic2.admin_apiclient'): |
|
53 |
allowed_ous = [] |
|
54 |
for ou in OrganizationalUnit.objects.all(): |
|
55 |
if self.request.user.has_ou_perm('authentic2.admin_apiclient', ou): |
|
56 |
allowed_ous.append(ou.id) |
|
57 |
form.fields['ou'].queryset = OrganizationalUnit.objects.filter(id__in=allowed_ous) |
|
58 |
return form |
|
59 | ||
60 | ||
49 | 61 |
class APIClientsView(APIClientsMixin, ListView): |
50 | 62 |
template_name = 'authentic2/manager/api_clients.html' |
51 | 63 |
title = _('API Clients') |
... | ... | |
71 | 83 |
detail = APIClientDetailView.as_view() |
72 | 84 | |
73 | 85 | |
74 |
class APIClientAddView(APIClientsMixin, CreateView): |
|
86 |
class APIClientAddView(APIClientsFormViewMixin, CreateView):
|
|
75 | 87 |
template_name = 'authentic2/manager/api_client_form.html' |
76 | 88 |
title = _('New API client') |
77 | 89 |
form_class = forms.APIClientForm |
... | ... | |
93 | 105 |
add = APIClientAddView.as_view() |
94 | 106 | |
95 | 107 | |
96 |
class APIClientEditView(APIClientsMixin, UpdateView): |
|
108 |
class APIClientEditView(APIClientsFormViewMixin, UpdateView):
|
|
97 | 109 |
template_name = 'authentic2/manager/api_client_form.html' |
98 | 110 |
title = _('Edit API client') |
99 | 111 |
form_class = forms.APIClientForm |
src/authentic2/manager/forms.py | ||
---|---|---|
922 | 922 |
'description', |
923 | 923 |
'identifier', |
924 | 924 |
'password', |
925 |
'ou', |
|
925 | 926 |
'restrict_to_anonymised_data', |
926 | 927 |
'apiclient_roles', |
927 | 928 |
) |
... | ... | |
933 | 934 |
'description', |
934 | 935 |
'identifier', |
935 | 936 |
'password', |
937 |
'ou', |
|
936 | 938 |
'restrict_to_anonymised_data', |
937 | 939 |
'apiclient_roles', |
938 | 940 |
) |
tests/test_manager_apiclient.py | ||
---|---|---|
177 | 177 |
assert urlparse(response.request.url).path == api_client.get_absolute_url() |
178 | 178 | |
179 | 179 | |
180 |
def test_add_local_admin(admin_ou1, app, ou1, ou2): |
|
181 |
assert APIClient.objects.count() == 0 |
|
182 |
resp = login(app, admin_ou1, 'a2-manager-api-client-add') |
|
183 |
form = resp.form |
|
184 |
assert len(form['ou'].options) == 1 |
|
185 |
assert form['ou'].options[0][2] == 'OU1' |
|
186 | ||
187 |
role = Role.objects.get(slug='_a2-manager-of-api-clients-%s' % ou2.slug) |
|
188 |
admin_ou1.roles.add(role) |
|
189 |
resp = app.get(reverse('a2-manager-api-client-add')) |
|
190 |
assert len(resp.form['ou'].options) == 2 |
|
191 | ||
192 | ||
180 | 193 |
def test_add_description_non_mandatory(superuser, app): |
181 | 194 |
assert APIClient.objects.count() == 0 |
182 | 195 |
role_1 = Role.objects.create(name='role-1') |
... | ... | |
241 | 254 |
assert api_client.identifier == 'foo-identifier' |
242 | 255 | |
243 | 256 | |
257 |
def test_edit_local_admin(admin_ou1, app, ou1, ou2): |
|
258 |
api_client_ou1 = APIClient.objects.create( |
|
259 |
name='foo', |
|
260 |
description='foo-description', |
|
261 |
identifier='foo-description', |
|
262 |
password='foo-password', |
|
263 |
ou=ou1, |
|
264 |
) |
|
265 |
api_client_ou2 = APIClient.objects.create( |
|
266 |
name='bar', |
|
267 |
description='bar-description', |
|
268 |
identifier='bar-description', |
|
269 |
password='bar-password', |
|
270 |
ou=ou2, |
|
271 |
) |
|
272 |
resp = login(app, admin_ou1, 'a2-manager-api-client-edit', kwargs={'pk': api_client_ou1.pk}) |
|
273 |
form = resp.form |
|
274 |
assert form.get('password').value == 'foo-password' |
|
275 |
resp.form.set('password', 'easy') |
|
276 |
response = form.submit().follow() |
|
277 |
assert urlparse(response.request.url).path == api_client_ou1.get_absolute_url() |
|
278 |
api_client = APIClient.objects.get(password='easy') |
|
279 |
assert api_client.identifier == 'foo-description' |
|
280 | ||
281 |
role = Role.objects.get(slug='_a2-manager-of-api-clients-%s' % ou2.slug) |
|
282 |
admin_ou1.roles.add(role) |
|
283 |
resp = app.get(reverse('a2-manager-api-client-edit', kwargs={'pk': api_client_ou2.pk})) |
|
284 |
assert resp.form.get('password').value == 'bar-password' |
|
285 |
resp.form.set('ou', ou1.id) |
|
286 |
resp.form.submit().follow() |
|
287 |
assert APIClient.objects.filter(ou=ou1).count() == 2 |
|
288 | ||
289 | ||
244 | 290 |
def test_delete(superuser, app): |
245 | 291 |
api_client = APIClient.objects.create( |
246 | 292 |
name='foo', description='foo-description', identifier='foo-identifier', password='foo-password' |
247 |
- |