Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2026-02-10 00:56:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Close security loopholes to make non-superuser admins usable

Browse Source
This commit is contained in:
Erik Kalkoken
2022-05-12 03:56:22 +00:00
committed by Ariel Rin
parent da93940e13
commit dd1a368ff6
13 changed files with 694 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
allianceauth/tests/auth_utils.py
View File

@@ -1,3 +1,5 @@
from typing import List
from django.contrib.auth.models import User, Group, Permission
from django.db.models.signals import m2m_changed, pre_save, post_save
from django.test import TestCase
@@ -258,6 +260,23 @@ class AuthUtils:
p = cls.get_permission_by_name(perm)
return cls.add_permissions_to_user([p], user, disconnect_signals)
@classmethod
def add_permissions_to_user_by_name(
cls, perms: List[str], user: User, disconnect_signals: bool = True
) -> User:
"""Add permissions given by name to a user
Args:
perms: List of permission names as 'app_label.codename'
user: user object
disconnect_signals: whether to run process without signals
Returns:
Updated user object
"""
permissions = [cls.get_permission_by_name(perm) for perm in perms]
return cls.add_permissions_to_user(permissions, user, disconnect_signals)
@staticmethod
def get_permission_by_name(perm: str) -> Permission:
"""returns permission specified by qualified name