Implment user view for admins, Close #48

2019-04-15 17:40:01 +02:00 · 2019-04-15 17:40:01 +02:00 · d4aeaf437f
commit d4aeaf437f
parent f0b819a5f8
3 changed files with 7 additions and 4 deletions
--- a/src/account_manager/main_views.py
+++ b/src/account_manager/main_views.py
@ -39,15 +39,15 @@ def realm_list(request):
    else:
        realms = Realm.objects.filter(admin_group__user__username__contains=user.username).order_by('name').order_by(
            'name')
-
-    if len(realms) == 0 and not user.is_superuser:
+    show_user = request.GET.get('show_user', False)
+    if show_user or (len(realms) == 0 and not user.is_superuser):
        try:
            LdapUser.base_dn = LdapUser.ROOT_DN
            user = LdapUser.objects.get(username=user.username)
            realm_base_dn = re.compile('(uid=[a-zA-Z0-9_]*),(ou=[a-zA-Z_]*),(.*)').match(user.dn).group(3)
            realm = Realm.objects.get(ldap_base_dn=realm_base_dn)

-            return redirect('user-detail', user.dn, realm.id )
+            return redirect('user-detail', user.dn, realm.id)
        except ObjectDoesNotExist as err:
            logger.info('Anmeldung fehlgeschlagen', err)
            return HttpResponse("Invalid login. Please try again.")
--- a/src/account_manager/views/user_views.py
+++ b/src/account_manager/views/user_views.py
@ -276,6 +276,7 @@ def user_delete(request, realm_id, user_dn):

@login_required
@is_realm_admin
+@protect_cross_realm_user_access
 def realm_user_group_update(request, realm_id, user_dn, error=None):
    realm = Realm.objects.get(id=realm_id)
    ldap_user, realm_groups_available, user_groups = get_available_given_groups(realm, user_dn)
@ -300,6 +301,7 @@ def get_available_given_groups(realm, user_dn):

@login_required
@is_realm_admin
+@protect_cross_realm_user_access
 def realm_user_group_update_add(request, realm_id, user_dn):
    realm = Realm.objects.get(id=realm_id)
    LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
@ -318,6 +320,7 @@ def realm_user_group_update_add(request, realm_id, user_dn):

@login_required
@is_realm_admin
+@protect_cross_realm_user_access
 def realm_user_group_update_delete(request, realm_id, user_dn):
    realm = Realm.objects.get(id=realm_id)
    LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
--- a/src/templates/base.jinja2
+++ b/src/templates/base.jinja2
@ -38,7 +38,7 @@

    {% if request.user.is_authenticated %}
        <span class="navbar-text">
-        Hi {{ request.user.username }}!
+        Hi <a href="{{ url('realm-home') }}?show_user=True">{{ request.user.username }}</a>!
        <a href="{{ url('logout') }}?next=/">Logout <i class="fas fa-sign-out-alt"></i></a>
    {% else %}
        <a href="{{ url('login') }}"><i class="fas fa-sign-in-alt"></i> Login</a>