Bugfix Django user permissions

A staff user can't see/change anything ;)
This commit is contained in:
Jens Diemer 2024-08-25 20:16:19 +02:00
parent 15598e9d52
commit 85bb7e5b0b
3 changed files with 210 additions and 7 deletions

View file

@ -4,5 +4,6 @@ def setup_project_user(user):
Called from django_yunohost_integration.sso_auth Called from django_yunohost_integration.sso_auth
""" """
user.is_staff = True user.is_staff = True
user.is_superuser = True
user.save() user.save()
return user return user

View file

@ -81,7 +81,7 @@ class DjangoYnhTestCase(HtmlAssertionMixin, TestCase):
assert user.username == 'test' assert user.username == 'test'
assert user.is_active is True assert user.is_active is True
assert user.is_staff is True # Set by: conf.setup_user.setup_project_user assert user.is_staff is True # Set by: conf.setup_user.setup_project_user
assert user.is_superuser is False assert user.is_superuser is True # Set by: conf.setup_user.setup_project_user
self.assert_html_parts( self.assert_html_parts(
response, response,
@ -111,7 +111,7 @@ class DjangoYnhTestCase(HtmlAssertionMixin, TestCase):
assert user.username == 'test' assert user.username == 'test'
assert user.is_active is True assert user.is_active is True
assert user.is_staff is True # Set by: conf.setup_user.setup_project_user assert user.is_staff is True # Set by: conf.setup_user.setup_project_user
assert user.is_superuser is False assert user.is_superuser is True # Set by: conf.setup_user.setup_project_user
assert AccessLog.objects.count() == 1 assert AccessLog.objects.count() == 1
@ -136,7 +136,7 @@ class DjangoYnhTestCase(HtmlAssertionMixin, TestCase):
assert user.username == 'test' assert user.username == 'test'
assert user.is_active is True assert user.is_active is True
assert user.is_staff is True # Set by: conf.setup_user.setup_project_user assert user.is_staff is True # Set by: conf.setup_user.setup_project_user
assert user.is_superuser is False assert user.is_superuser is True # Set by: conf.setup_user.setup_project_user
assert AccessLog.objects.count() == 1 assert AccessLog.objects.count() == 1
@ -163,7 +163,7 @@ class DjangoYnhTestCase(HtmlAssertionMixin, TestCase):
assert user.username == 'test' assert user.username == 'test'
assert user.is_active is True assert user.is_active is True
assert user.is_staff is True # Set by: conf.setup_user.setup_project_user assert user.is_staff is True # Set by: conf.setup_user.setup_project_user
assert user.is_superuser is False assert user.is_superuser is True # Set by: conf.setup_user.setup_project_user
assert AccessLog.objects.count() == 1 assert AccessLog.objects.count() == 1

View file

@ -6,9 +6,211 @@
Site administration Site administration
</h1> </h1>
<div id="content-main"> <div id="content-main">
<p> <div class="app-auth module">
You dont have permission to view or edit anything. <table>
</p> <caption>
<a class="section" href="/app_path/auth/" title="Models in the Authentication and Authorization application">
Authentication and Authorization
</a>
</caption>
<tr class="model-group">
<th id="auth-group" scope="row">
<a href="/app_path/auth/group/">
Groups
</a>
</th>
<td>
<a aria-describedby="auth-group" class="addlink" href="/app_path/auth/group/add/">
Add
</a>
</td>
<td>
<a aria-describedby="auth-group" class="changelink" href="/app_path/auth/group/">
Change
</a>
</td>
</tr>
<tr class="model-user">
<th id="auth-user" scope="row">
<a href="/app_path/auth/user/">
Users
</a>
</th>
<td>
<a aria-describedby="auth-user" class="addlink" href="/app_path/auth/user/add/">
Add
</a>
</td>
<td>
<a aria-describedby="auth-user" class="changelink" href="/app_path/auth/user/">
Change
</a>
</td>
</tr>
</table>
</div>
<div class="app-axes module">
<table>
<caption>
<a class="section" href="/app_path/axes/" title="Models in the Axes application">
Axes
</a>
</caption>
<tr class="model-accessattempt">
<th id="axes-accessattempt" scope="row">
<a href="/app_path/axes/accessattempt/">
Access attempts
</a>
</th>
<td>
</td>
<td>
<a aria-describedby="axes-accessattempt" class="changelink" href="/app_path/axes/accessattempt/">
Change
</a>
</td>
</tr>
<tr class="model-accessfailurelog">
<th id="axes-accessfailurelog" scope="row">
<a href="/app_path/axes/accessfailurelog/">
Access failures
</a>
</th>
<td>
</td>
<td>
<a aria-describedby="axes-accessfailurelog" class="changelink" href="/app_path/axes/accessfailurelog/">
Change
</a>
</td>
</tr>
<tr class="model-accesslog">
<th id="axes-accesslog" scope="row">
<a href="/app_path/axes/accesslog/">
Access logs
</a>
</th>
<td>
</td>
<td>
<a aria-describedby="axes-accesslog" class="changelink" href="/app_path/axes/accesslog/">
Change
</a>
</td>
</tr>
</table>
</div>
<div class="app-for_runners module">
<table>
<caption>
<a class="section" href="/app_path/for_runners/" title="Models in the ForRunners application">
ForRunners
</a>
</caption>
<tr class="model-disciplinemodel">
<th id="for_runners-disciplinemodel" scope="row">
<a href="/app_path/for_runners/disciplinemodel/">
Discipline models
</a>
</th>
<td>
<a aria-describedby="for_runners-disciplinemodel" class="addlink" href="/app_path/for_runners/disciplinemodel/add/">
Add
</a>
</td>
<td>
<a aria-describedby="for_runners-disciplinemodel" class="changelink" href="/app_path/for_runners/disciplinemodel/">
Change
</a>
</td>
</tr>
<tr class="model-distancemodel">
<th id="for_runners-distancemodel" scope="row">
<a href="/app_path/for_runners/distancemodel/">
Distances
</a>
</th>
<td>
<a aria-describedby="for_runners-distancemodel" class="addlink" href="/app_path/for_runners/distancemodel/add/">
Add
</a>
</td>
<td>
<a aria-describedby="for_runners-distancemodel" class="changelink" href="/app_path/for_runners/distancemodel/">
Change
</a>
</td>
</tr>
<tr class="model-participationmodel">
<th id="for_runners-participationmodel" scope="row">
<a href="/app_path/for_runners/participationmodel/">
Event Participations
</a>
</th>
<td>
<a aria-describedby="for_runners-participationmodel" class="addlink" href="/app_path/for_runners/participationmodel/add/">
Add
</a>
</td>
<td>
<a aria-describedby="for_runners-participationmodel" class="changelink" href="/app_path/for_runners/participationmodel/">
Change
</a>
</td>
</tr>
<tr class="model-eventlinkmodel">
<th id="for_runners-eventlinkmodel" scope="row">
<a href="/app_path/for_runners/eventlinkmodel/">
Event link models
</a>
</th>
<td>
<a aria-describedby="for_runners-eventlinkmodel" class="addlink" href="/app_path/for_runners/eventlinkmodel/add/">
Add
</a>
</td>
<td>
<a aria-describedby="for_runners-eventlinkmodel" class="changelink" href="/app_path/for_runners/eventlinkmodel/">
Change
</a>
</td>
</tr>
<tr class="model-eventmodel">
<th id="for_runners-eventmodel" scope="row">
<a href="/app_path/for_runners/eventmodel/">
Events
</a>
</th>
<td>
<a aria-describedby="for_runners-eventmodel" class="addlink" href="/app_path/for_runners/eventmodel/add/">
Add
</a>
</td>
<td>
<a aria-describedby="for_runners-eventmodel" class="changelink" href="/app_path/for_runners/eventmodel/">
Change
</a>
</td>
</tr>
<tr class="model-gpxmodel">
<th id="for_runners-gpxmodel" scope="row">
<a href="/app_path/for_runners/gpxmodel/">
GPX Tracks
</a>
</th>
<td>
<a aria-describedby="for_runners-gpxmodel" class="addlink" href="/app_path/for_runners/gpxmodel/add/">
Add
</a>
</td>
<td>
<a aria-describedby="for_runners-gpxmodel" class="changelink" href="/app_path/for_runners/gpxmodel/">
Change
</a>
</td>
</tr>
</table>
</div>
</div> </div>
<div id="content-related"> <div id="content-related">
<div class="module" id="recent-actions-module"> <div class="module" id="recent-actions-module">