Skip to content

Commit c2b4616

Browse files
AlanCodingAlanCoding
authored
AAP-60826 Add Annon condition to visible_users (#919)
Add condition for when we don't have a database or nothing. Fails-safe, returning valid queryset with no objects. Addresses the issue of missing components and data in openapi schema.
1 parent 2bf1cae commit c2b4616

2 files changed

Lines changed: 15 additions & 1 deletion

File tree

ansible_base/rbac/policies.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,10 @@
1616
def visible_users(request_user, queryset=None, always_show_superusers=True, always_show_self=True) -> QuerySet:
1717
"""Gives a queryset of users that another user should be able to view"""
1818
user_cls = permission_registry.user_model
19+
20+
if not getattr(request_user, "is_authenticated", False):
21+
return user_cls.objects.none()
22+
1923
org_cls = apps.get_model(settings.ANSIBLE_BASE_ORGANIZATION_MODEL)
2024

2125
if can_view_all_users(request_user):

test_app/tests/rbac/test_policies.py

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
import pytest
2+
from django.contrib.auth.models import AnonymousUser
23

3-
from ansible_base.rbac.policies import can_change_user
4+
from ansible_base.rbac.policies import can_change_user, visible_users
45
from test_app.models import User
56

67

@@ -32,3 +33,12 @@ def test_superuser_can_change_new_user(admin_user):
3233
def test_user_can_manage_themselves():
3334
alice = User.objects.create(username='alice')
3435
assert can_change_user(alice, alice)
36+
37+
38+
@pytest.mark.django_db
39+
def test_visible_users_anonymous_user():
40+
User.objects.create(username='alice')
41+
User.objects.create(username='bob', is_superuser=True)
42+
43+
qs = visible_users(AnonymousUser())
44+
assert not qs.exists()

0 commit comments

Comments
 (0)