From d2d7aaf29472ff063f8b052877a2caa6e2b0f48e Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Thu, 12 Dec 2019 10:20:34 +0100 Subject: [PATCH] utils: authorize admin access to all endpoints (#38365) --- passerelle/utils/__init__.py | 2 ++ tests/test_generic_endpoint.py | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/passerelle/utils/__init__.py b/passerelle/utils/__init__.py index 582e34ec..fcf4bb4c 100644 --- a/passerelle/utils/__init__.py +++ b/passerelle/utils/__init__.py @@ -124,6 +124,8 @@ def is_trusted(request): def is_authorized(request, obj, perm): from passerelle.base.models import AccessRight + if request.user.is_superuser: + return True if is_trusted(request): return True resource_type = ContentType.objects.get_for_model(obj) diff --git a/tests/test_generic_endpoint.py b/tests/test_generic_endpoint.py index b40b049d..8a97df75 100644 --- a/tests/test_generic_endpoint.py +++ b/tests/test_generic_endpoint.py @@ -36,6 +36,8 @@ from passerelle.apps.mdel.models import MDEL from passerelle.contrib.stub_invoices.models import StubInvoicesConnector from passerelle.utils.api import endpoint +from test_manager import login, admin_user, simple_user + @pytest.fixture def mdel(db): @@ -506,3 +508,16 @@ def test_generic_up_in_endpoints_infos(db, app, connector_class, expected): assert len(up_endpoints) == 1 else: assert up_endpoints == [] + + +def test_generic_endpoint_superuser_access(db, app, admin_user, simple_user): + connector = MDEL.objects.create(slug='test') + filename = os.path.join(os.path.dirname(__file__), 'data', 'mdel', 'formdata.json') + payload = json.load(open(filename)) + + app = login(app, username='user', password='user') + resp = app.post_json('/mdel/test/create', params=payload, status=403) + + app = login(app, username='admin', password='admin') + resp = app.post_json('/mdel/test/create', params=payload, status=200) + assert resp.json['data']['demand_id'] == '1-14-ILE-LA' -- 2.20.1