Fix default django permission

author: Étienne Loks <etienne.loks@iggdrasil.net> 2019-09-23 12:19:40 +0200
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2019-09-23 12:19:40 +0200
commit: 18f5651ca2025a658397ba70acc24b42ebacd12d (patch)
tree: 9e28d1c11c7b46bb339de45f93cc2a0cae31935e
parent: f4f4f50799eef631f6e9f3b382773313c597d23d (diff)
download: Ishtar-18f5651ca2025a658397ba70acc24b42ebacd12d.tar.bz2
Ishtar-18f5651ca2025a658397ba70acc24b42ebacd12d.zip
2 files changed, 34 insertions, 1 deletions
diff --git a/ishtar_common/backend.py b/ishtar_common/backend.py
index 39df9017a..cef1f0fa2 100644
--- a/ishtar_common/backend.py
+++ b/ishtar_common/backend.py
@@ -36,7 +36,10 @@ class ObjectPermBackend(ModelBackend):
         if not user_obj.is_authenticated():
             return False
         if not model:
-            # let it manage by the default backend
+            if user_obj.is_staff:
+                # let it manage by the default backend
+                return super(ObjectPermBackend, self).has_perm(
+                    user_obj=user_obj, perm=perm, obj=obj)
             return False
         try:
             ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj)
diff --git a/ishtar_common/tests.py b/ishtar_common/tests.py
index 2bd4afef1..4596f9b5e 100644
--- a/ishtar_common/tests.py
+++ b/ishtar_common/tests.py
@@ -1172,6 +1172,36 @@ class AccessControlTest(TestCase):
             ).count(), 1
         )
 
+    def test_django_admin(self):
+        username, password = "myusername", "mypassword"
+        __, __, user = create_user(username=username, password=password)
+        user.is_superuser = False
+        user.is_staff = False
+        user.save()
+        client = Client()
+
+        url = "/admin/"
+        client.login(username=username, password=password)
+        response = client.get(url)
+        self.assertRedirects(response, "/admin/login/?next={}".format(url))
+
+        User.objects.filter(username='myusername').update(is_staff=True)
+        client.logout()
+        client.login(username=username, password=password)
+        response = client.get(url)
+        self.assertEqual(response.status_code, 200)
+
+        url += "ishtar_common/persontype/"
+        response = client.get(url)
+        self.assertEqual(response.status_code, 403)
+
+        user.user_permissions.add(Permission.objects.get(
+            codename='change_persontype'))
+        client.logout()
+        client.login(username=username, password=password)
+        response = client.get(url)
+        self.assertEqual(response.status_code, 200)
+
 
 class UserProfileTest(TestCase):
     fixtures = OPERATION_FIXTURES
author	Étienne Loks <etienne.loks@iggdrasil.net>	2019-09-23 12:19:40 +0200
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2019-09-23 12:19:40 +0200
commit	18f5651ca2025a658397ba70acc24b42ebacd12d (patch)
tree	9e28d1c11c7b46bb339de45f93cc2a0cae31935e
parent	f4f4f50799eef631f6e9f3b382773313c597d23d (diff)
download	Ishtar-18f5651ca2025a658397ba70acc24b42ebacd12d.tar.bz2 Ishtar-18f5651ca2025a658397ba70acc24b42ebacd12d.zip