From 9b5e8be36b041e6dfdefe5e8e116c8fd0d006d9e Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Wed, 7 Apr 2021 17:22:23 +0200 Subject: [PATCH] manager: add permissions based access to global journal (#52765) --- src/authentic2/manager/journal_views.py | 9 +++------ tests/test_manager_journal.py | 5 +++++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/authentic2/manager/journal_views.py b/src/authentic2/manager/journal_views.py index bada503f..70e8fce2 100644 --- a/src/authentic2/manager/journal_views.py +++ b/src/authentic2/manager/journal_views.py @@ -129,13 +129,10 @@ class BaseJournalView(views.TitleMixin, views.MediaMixin, views.MultipleOUMixin, return ctx -class GlobalJournalView(BaseJournalView): +class GlobalJournalView(views.PermissionMixin, BaseJournalView): template_name = 'authentic2/manager/journal.html' - - def dispatch(self, request, *args, **kwargs): - if not request.user.is_superuser: - raise PermissionDenied - return super().dispatch(request, *args, **kwargs) + permissions_global = True + permissions = ['custom_user.view_user', 'a2_rbac.view_role'] journal = GlobalJournalView.as_view() diff --git a/tests/test_manager_journal.py b/tests/test_manager_journal.py index c19ef4c0..a01e846a 100644 --- a/tests/test_manager_journal.py +++ b/tests/test_manager_journal.py @@ -964,3 +964,8 @@ def test_search(app, superuser, events): 'addition of user "user (111111)" as administrator of role "role1"', 'removal of role "role2" as administrator of role "role1"', ] + + +def test_global_journal_permission_denied(app, simple_user, events): + response = login(app, user=simple_user) + response = app.get('/manage/journal/', status=403) -- 2.20.1