From afca41a2850a593ecae72c38b86b172e22cdc636 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Tue, 7 May 2019 17:21:58 +0200
Subject: [PATCH 8/8] manager: disable popup display on insufficient auth level
 (#33515)

Prevent redirects to login happening inside popups.
---
 .../templates/authentic2/manager/ou_detail.html  |  2 +-
 .../templates/authentic2/manager/ous.html        |  2 +-
 .../authentic2/manager/role_members.html         |  8 ++++----
 .../authentic2/manager/role_permissions.html     |  2 +-
 .../templates/authentic2/manager/roles.html      |  2 +-
 .../authentic2/manager/user_detail.html          |  2 +-
 src/authentic2/manager/views.py                  | 16 ++++++++++++++--
 7 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/src/authentic2/manager/templates/authentic2/manager/ou_detail.html b/src/authentic2/manager/templates/authentic2/manager/ou_detail.html
index 3a115283..0ecfce91 100644
--- a/src/authentic2/manager/templates/authentic2/manager/ou_detail.html
+++ b/src/authentic2/manager/templates/authentic2/manager/ou_detail.html
@@ -18,7 +18,7 @@
   {{ block.super }}
   <span class="actions">
   {% if view.could_delete %}
-    <a rel="popup" href="{% url "a2-manager-ou-delete" pk=object.pk %}">{% trans "Delete" %}</a>
+  <a rel="{{ delete_rel }}" href="{% url "a2-manager-ou-delete" pk=object.pk %}">{% trans "Delete" %}</a>
   {% else %}
     <a class="disabled" title="{% trans "You do not have the rights to delete this organizational unit." %}" href="#">{% trans "Delete" %}</a>
   {% endif %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/ous.html b/src/authentic2/manager/templates/authentic2/manager/ous.html
index 73013353..bfd20ca6 100644
--- a/src/authentic2/manager/templates/authentic2/manager/ous.html
+++ b/src/authentic2/manager/templates/authentic2/manager/ous.html
@@ -11,7 +11,7 @@
   {{ block.super }}
   <span class="actions">
   {% if view.could_add %}
-    <a href="{% url "a2-manager-ou-add" %}" rel="popup">{% trans "Add organizational unit" %}</a>
+    <a href="{% url "a2-manager-ou-add" %}" rel="{{ add_rel }}">{% trans "Add organizational unit" %}</a>
   {% endif %}
   </span>
 {% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_members.html b/src/authentic2/manager/templates/authentic2/manager/role_members.html
index 36f30741..13eed7ef 100644
--- a/src/authentic2/manager/templates/authentic2/manager/role_members.html
+++ b/src/authentic2/manager/templates/authentic2/manager/role_members.html
@@ -20,7 +20,7 @@
   {{ block.super }}
   <span class="actions">
   {% if not object.is_internal and view.could_delete %}
-    <a rel="popup" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
+    <a rel="{{ delete_rel }}" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
   {% else %}
     <a class="disabled" title="{% trans "This role is technical, you cannot delete it." %}" href="#">{% trans "Delete" %}</a>
   {% endif %}
@@ -72,7 +72,7 @@
      {% endif %}
    {% endfor %}
   {% if view.could_change %}
-    <a rel="popup" href="{% url "a2-manager-role-add-admin-user" pk=object.pk %}" class="role-add icon-add-sign"></a>
+    <a rel="{{ change_rel }}" href="{% url "a2-manager-role-add-admin-user" pk=object.pk %}" class="role-add icon-add-sign"></a>
   {% else %}
     <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
   {% endif %}
@@ -88,7 +88,7 @@
      {% endif %}
    {% endfor %}
   {% if view.could_change %}
-    <a rel="popup" href="{% url "a2-manager-role-add-admin-role" pk=object.pk %}" class="role-add icon-add-sign"></a>
+    <a rel="{{ change_rel }}" href="{% url "a2-manager-role-add-admin-role" pk=object.pk %}" class="role-add icon-add-sign"></a>
   {% else %}
     <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
   {% endif %}
@@ -104,7 +104,7 @@
      {% endif %}
    {% endfor %}
   {% if view.could_change %}
-    <a rel="popup" href="{% url "a2-manager-role-add-child" pk=object.pk %}" class="role-add icon-add-sign"></a>
+    <a rel="{{ change_rel }}" href="{% url "a2-manager-role-add-child" pk=object.pk %}" class="role-add icon-add-sign"></a>
   {% else %}
     <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
   {% endif %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_permissions.html b/src/authentic2/manager/templates/authentic2/manager/role_permissions.html
index d3562f6e..0b92e941 100644
--- a/src/authentic2/manager/templates/authentic2/manager/role_permissions.html
+++ b/src/authentic2/manager/templates/authentic2/manager/role_permissions.html
@@ -11,7 +11,7 @@
   {{ block.super }}
   <span class="actions">
   {% if view.could_delete %}
-    <a rel="popup" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
+    <a rel="{{ delete_rel }}" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
   {% endif %}
   {% if view.could_change and not object.is_internal %}
     <a href="{% url "a2-manager-role-edit" pk=object.pk %}">{% trans "Edit" %}</a>
diff --git a/src/authentic2/manager/templates/authentic2/manager/roles.html b/src/authentic2/manager/templates/authentic2/manager/roles.html
index c228a5a3..d2d062f0 100644
--- a/src/authentic2/manager/templates/authentic2/manager/roles.html
+++ b/src/authentic2/manager/templates/authentic2/manager/roles.html
@@ -7,7 +7,7 @@
   {{ block.super }}
   <span class="actions">
   {% if view.could_add %}
-    <a href="{% url "a2-manager-role-add" %}" rel="popup">{% trans "Add role" %}</a>
+  <a href="{% url "a2-manager-role-add" %}" rel="{{ add_rel }}">{% trans "Add role" %}</a>
   {% else %}
     <a href="#" class="disabled" rel="popup">{% trans "Add role" %}</a>
   {% endif %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/user_detail.html b/src/authentic2/manager/templates/authentic2/manager/user_detail.html
index 661ce730..b1262284 100644
--- a/src/authentic2/manager/templates/authentic2/manager/user_detail.html
+++ b/src/authentic2/manager/templates/authentic2/manager/user_detail.html
@@ -7,7 +7,7 @@
   {{ block.super }}
   <span class="actions">
   {% if view.could_delete %}
-    <a rel="popup" href="{% url "a2-manager-user-delete" pk=object.pk %}">{% trans "Delete" %}</a>
+    <a rel="{{ delete_rel }}" href="{% url "a2-manager-user-delete" pk=object.pk %}">{% trans "Delete" %}</a>
   {% else %}
     <a class="disabled" title="{% trans "You do not have the rights to delete this user." %}" href="#">{% trans "Delete" %}</a>
   {% endif %}
diff --git a/src/authentic2/manager/views.py b/src/authentic2/manager/views.py
index 62bf1676..bc01bee0 100644
--- a/src/authentic2/manager/views.py
+++ b/src/authentic2/manager/views.py
@@ -156,6 +156,13 @@ class PermissionMixin(object):
             return response
         return super(PermissionMixin, self).dispatch(request, *args, **kwargs)
 
+    def get_context_data(self, **kwargs):
+        ctx = super(PermissionMixin, self).get_context_data(**kwargs)
+        for perm in ['view', 'add', 'delete', 'change']:
+            if getattr(self, 'can_' + perm, False):
+                ctx[perm + '_rel'] = 'popup'
+        return ctx
+
 
 def filter_view(request, qs):
     model = qs.model
@@ -264,8 +271,13 @@ class Action(object):
             self.permission = permission
 
     def display(self, instance, request):
-        if self.permission:
-            return request.user.has_perm(self.permission, instance)
+        auth_level = request.session.get('auth_level', 1)
+        try:
+            if self.permission:
+                return request.user.has_perm(self.permission, instance,
+                                             auth_level=auth_level)
+        except InsufficientAuthLevel:
+            self.popup = False
         return True
 
 
-- 
2.20.1