0002-manager-filter-apiclient-s-available-ous-on-user-s-o.patch
| src/authentic2/manager/apiclient_views.py | ||
|---|---|---|
| 46 | 46 |
return qs.filter(ou__in=allowed_ous) |
| 47 | 47 | |
| 48 | 48 | |
| 49 |
class APIClientsFormViewMixin(APIClientsMixin): |
|
| 50 |
def get_form(self, form_class=None): |
|
| 51 |
form = super().get_form(form_class=form_class) |
|
| 52 |
if not self.request.user.has_perm('authentic2.admin_apiclient'):
|
|
| 53 |
allowed_ous = [] |
|
| 54 |
for ou in OrganizationalUnit.objects.all(): |
|
| 55 |
if self.request.user.has_ou_perm('authentic2.admin_apiclient', ou):
|
|
| 56 |
allowed_ous.append(ou.id) |
|
| 57 |
form.fields['ou'].queryset = OrganizationalUnit.objects.filter(id__in=allowed_ous) |
|
| 58 |
return form |
|
| 59 | ||
| 60 | ||
| 49 | 61 |
class APIClientsView(APIClientsMixin, ListView): |
| 50 | 62 |
template_name = 'authentic2/manager/api_clients.html' |
| 51 | 63 |
title = _('API Clients')
|
| ... | ... | |
| 71 | 83 |
detail = APIClientDetailView.as_view() |
| 72 | 84 | |
| 73 | 85 | |
| 74 |
class APIClientAddView(APIClientsMixin, CreateView): |
|
| 86 |
class APIClientAddView(APIClientsFormViewMixin, CreateView):
|
|
| 75 | 87 |
template_name = 'authentic2/manager/api_client_form.html' |
| 76 | 88 |
title = _('New API client')
|
| 77 | 89 |
form_class = forms.APIClientForm |
| ... | ... | |
| 93 | 105 |
add = APIClientAddView.as_view() |
| 94 | 106 | |
| 95 | 107 | |
| 96 |
class APIClientEditView(APIClientsMixin, UpdateView): |
|
| 108 |
class APIClientEditView(APIClientsFormViewMixin, UpdateView):
|
|
| 97 | 109 |
template_name = 'authentic2/manager/api_client_form.html' |
| 98 | 110 |
title = _('Edit API client')
|
| 99 | 111 |
form_class = forms.APIClientForm |
| src/authentic2/manager/forms.py | ||
|---|---|---|
| 922 | 922 |
'description', |
| 923 | 923 |
'identifier', |
| 924 | 924 |
'password', |
| 925 |
'ou', |
|
| 925 | 926 |
'restrict_to_anonymised_data', |
| 926 | 927 |
'apiclient_roles', |
| 927 | 928 |
) |
| ... | ... | |
| 933 | 934 |
'description', |
| 934 | 935 |
'identifier', |
| 935 | 936 |
'password', |
| 937 |
'ou', |
|
| 936 | 938 |
'restrict_to_anonymised_data', |
| 937 | 939 |
'apiclient_roles', |
| 938 | 940 |
) |
| tests/test_manager_apiclient.py | ||
|---|---|---|
| 177 | 177 |
assert urlparse(response.request.url).path == api_client.get_absolute_url() |
| 178 | 178 | |
| 179 | 179 | |
| 180 |
def test_add_local_admin(admin_ou1, app, ou1, ou2): |
|
| 181 |
assert APIClient.objects.count() == 0 |
|
| 182 |
resp = login(app, admin_ou1, 'a2-manager-api-client-add') |
|
| 183 |
form = resp.form |
|
| 184 |
assert len(form['ou'].options) == 1 |
|
| 185 |
assert form['ou'].options[0][2] == 'OU1' |
|
| 186 | ||
| 187 |
role = Role.objects.get(slug='_a2-manager-of-api-clients-%s' % ou2.slug) |
|
| 188 |
admin_ou1.roles.add(role) |
|
| 189 |
resp = app.get(reverse('a2-manager-api-client-add'))
|
|
| 190 |
assert len(resp.form['ou'].options) == 2 |
|
| 191 | ||
| 192 | ||
| 180 | 193 |
def test_add_description_non_mandatory(superuser, app): |
| 181 | 194 |
assert APIClient.objects.count() == 0 |
| 182 | 195 |
role_1 = Role.objects.create(name='role-1') |
| ... | ... | |
| 241 | 254 |
assert api_client.identifier == 'foo-identifier' |
| 242 | 255 | |
| 243 | 256 | |
| 257 |
def test_edit_local_admin(admin_ou1, app, ou1, ou2): |
|
| 258 |
api_client_ou1 = APIClient.objects.create( |
|
| 259 |
name='foo', |
|
| 260 |
description='foo-description', |
|
| 261 |
identifier='foo-description', |
|
| 262 |
password='foo-password', |
|
| 263 |
ou=ou1, |
|
| 264 |
) |
|
| 265 |
api_client_ou2 = APIClient.objects.create( |
|
| 266 |
name='bar', |
|
| 267 |
description='bar-description', |
|
| 268 |
identifier='bar-description', |
|
| 269 |
password='bar-password', |
|
| 270 |
ou=ou2, |
|
| 271 |
) |
|
| 272 |
resp = login(app, admin_ou1, 'a2-manager-api-client-edit', kwargs={'pk': api_client_ou1.pk})
|
|
| 273 |
form = resp.form |
|
| 274 |
assert form.get('password').value == 'foo-password'
|
|
| 275 |
resp.form.set('password', 'easy')
|
|
| 276 |
response = form.submit().follow() |
|
| 277 |
assert urlparse(response.request.url).path == api_client_ou1.get_absolute_url() |
|
| 278 |
api_client = APIClient.objects.get(password='easy') |
|
| 279 |
assert api_client.identifier == 'foo-description' |
|
| 280 | ||
| 281 |
role = Role.objects.get(slug='_a2-manager-of-api-clients-%s' % ou2.slug) |
|
| 282 |
admin_ou1.roles.add(role) |
|
| 283 |
resp = app.get(reverse('a2-manager-api-client-edit', kwargs={'pk': api_client_ou2.pk}))
|
|
| 284 |
assert resp.form.get('password').value == 'bar-password'
|
|
| 285 |
resp.form.set('ou', ou1.id)
|
|
| 286 |
resp.form.submit().follow() |
|
| 287 |
assert APIClient.objects.filter(ou=ou1).count() == 2 |
|
| 288 | ||
| 289 | ||
| 244 | 290 |
def test_delete(superuser, app): |
| 245 | 291 |
api_client = APIClient.objects.create( |
| 246 | 292 |
name='foo', description='foo-description', identifier='foo-identifier', password='foo-password' |
| 247 |
- |
|