From 36c7bdb3893e23930ae0d068467194d7185a013b Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Thu, 12 Dec 2019 10:20:34 +0100
Subject: [PATCH] utils: authorize admin access to all endpoints (#38365)

---
 passerelle/utils/__init__.py   |  2 ++
 tests/test_generic_endpoint.py | 12 ++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/passerelle/utils/__init__.py b/passerelle/utils/__init__.py
index 582e34ec..fcf4bb4c 100644
--- a/passerelle/utils/__init__.py
+++ b/passerelle/utils/__init__.py
@@ -124,6 +124,8 @@ def is_trusted(request):
 def is_authorized(request, obj, perm):
     from passerelle.base.models import AccessRight
 
+    if request.user.is_superuser:
+        return True
     if is_trusted(request):
         return True
     resource_type = ContentType.objects.get_for_model(obj)
diff --git a/tests/test_generic_endpoint.py b/tests/test_generic_endpoint.py
index b40b049d..8eafc867 100644
--- a/tests/test_generic_endpoint.py
+++ b/tests/test_generic_endpoint.py
@@ -36,6 +36,8 @@ from passerelle.apps.mdel.models import MDEL
 from passerelle.contrib.stub_invoices.models import StubInvoicesConnector
 from passerelle.utils.api import endpoint
 
+from test_manager import login, admin_user, simple_user
+
 
 @pytest.fixture
 def mdel(db):
@@ -506,3 +508,13 @@ def test_generic_up_in_endpoints_infos(db, app, connector_class, expected):
         assert len(up_endpoints) == 1
     else:
         assert up_endpoints == []
+
+
+def test_generic_endpoint_superuser_access(db, app, admin_user, simple_user):
+    connector = MDEL.objects.create(slug='test')
+
+    app = login(app, username='user', password='user')
+    resp = app.get('/mdel/test/status', params={'demand_id': '1-14-ILE-LA'}, status=403)
+
+    app = login(app, username='admin', password='admin')
+    resp = app.get('/mdel/test/status', params={'demand_id': '1-14-ILE-LA'}, status=404)
-- 
2.20.1