From 19e87bfb6d53f25a2fc4558e4d6e0683f9f52379 Mon Sep 17 00:00:00 2001 From: Jake Rosenberg Date: Thu, 15 Jun 2023 16:58:14 -0500 Subject: [PATCH] task/TUP-511: Use a specific Impersonator group to manage impersonation permissions. (#244) * only allow impersonation if users belong to the Impersonator group * handle case where user doesn't exist --------- Co-authored-by: Jake Rosenberg Co-authored-by: Wesley B <62723358+wesleyboar@users.noreply.github.com> --- apps/tup-cms/src/apps/portal/views.py | 6 +++++- .../portal_nav/templates/portal_nav/nav_portal.raw.html | 2 +- apps/tup-cms/src/apps/portal_nav/views.py | 5 ++++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/apps/tup-cms/src/apps/portal/views.py b/apps/tup-cms/src/apps/portal/views.py index d688e192f..af9a684b6 100644 --- a/apps/tup-cms/src/apps/portal/views.py +++ b/apps/tup-cms/src/apps/portal/views.py @@ -34,7 +34,11 @@ def LogoutView(request): def ImpersonateView(request): resp = HttpResponseRedirect("/portal/dashboard") - if not request.user.is_superuser: + + if not request.user: + return resp + + if not request.user.groups.filter(name='Impersonator').exists(): return resp headers = {"x-tup-token": settings.TUP_SERVICES_ADMIN_JWT} diff --git a/apps/tup-cms/src/apps/portal_nav/templates/portal_nav/nav_portal.raw.html b/apps/tup-cms/src/apps/portal_nav/templates/portal_nav/nav_portal.raw.html index aaa3f8261..dfef38819 100644 --- a/apps/tup-cms/src/apps/portal_nav/templates/portal_nav/nav_portal.raw.html +++ b/apps/tup-cms/src/apps/portal_nav/templates/portal_nav/nav_portal.raw.html @@ -39,7 +39,7 @@ Manage Account - {% if user.is_superuser %} + {% if show_impersonation %} Impersonate User diff --git a/apps/tup-cms/src/apps/portal_nav/views.py b/apps/tup-cms/src/apps/portal_nav/views.py index 97cd2113f..d3855edbf 100644 --- a/apps/tup-cms/src/apps/portal_nav/views.py +++ b/apps/tup-cms/src/apps/portal_nav/views.py @@ -5,6 +5,9 @@ def PortalNavView(request): user = authenticate(request) - context = {'user': user} + is_impersonator = False + if user: + is_impersonator = user.groups.filter(name='Impersonator').exists() + context = {'user': user, 'show_impersonation': is_impersonator} template = loader.get_template('portal_nav/nav_portal.raw.html') return HttpResponse(template.render(context, request))