Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Iss2205 #2355

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Iss2205 #2355

wants to merge 2 commits into from

Conversation

ybrnr
Copy link
Collaborator

@ybrnr ybrnr commented Dec 16, 2024

fix #2205

janno42
janno42 approved these changes Dec 16, 2024
View reviewed changes
Copy link
Member

@janno42 janno42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice 👍

Please check the formatting

Kakadus
Kakadus reviewed Dec 17, 2024
View reviewed changes
Copy link
Collaborator

@Kakadus Kakadus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

naturally, a test would be nice : )

Thanks!

evap/staff/staff_mode.py
@@ -52,6 +52,9 @@ def is_in_staff_mode(request):


def update_staff_mode(request):
if not request.user.has_staff_permission:
exit_staff_mode(request)
return
assert request.user.has_staff_permission
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this assertion is no longer needed

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd move it up to line 33, where I think it would still add value.

The call graphs we can get now are a bit wonky. We can have
enter_staff_mode -> update_staff_mode -> finds out that not request.user.has_staff_permission -> exit_staff_mode and returns without exception, which is probably never what the initial caller intended?

It seems to me that update_staff_mode was about "update the timestamp in the session to now()" in the past, now it has changed semantics. Could use a little clean up in general, I think.

richardebeling
richardebeling requested changes Dec 20, 2024
View reviewed changes
Copy link
Member

@richardebeling richardebeling left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking for missing test, since this is authorization logic and we discovered a code path in the issue that we considered not to happen naturally before. Feel free to assign the PR to me if you want me to write the test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kakadus Kakadus Kakadus left review comments

@richardebeling richardebeling richardebeling requested changes

@janno42 janno42 janno42 approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Clear session of user on permission change
4 participants
@ybrnr @janno42 @richardebeling @Kakadus