diff options
| author | Dave Arter <davea@mysociety.org> | 2019-10-15 14:00:00 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2019-12-09 12:48:12 +0000 |
| commit | 16bcc7fc5df90ffce3a45e904f46ca3fc4301f48 (patch) | |
| tree | e23c26f8e48c3fd1fed1e917a07a54002b8b83e1 | |
| parent | ee0a6059d1cea1e56e78e316e84f172b787139c6 (diff) | |
[TfL] Allow TfL staff to access admin
Also prevents TfL staff accessing other London cobrand admins
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/TfL.pm | 7 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/UKCouncils.pm | 2 | ||||
| -rw-r--r-- | t/cobrand/tfl.t | 38 |
3 files changed, 47 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/Cobrand/TfL.pm b/perllib/FixMyStreet/Cobrand/TfL.pm index d6399b5e6..af1df08f2 100644 --- a/perllib/FixMyStreet/Cobrand/TfL.pm +++ b/perllib/FixMyStreet/Cobrand/TfL.pm @@ -87,4 +87,11 @@ sub pin_colour { return 'orange'; # all the other `open_states` like "in progress" } +sub admin_allow_user { + my ( $self, $user ) = @_; + return 1 if $user->is_superuser; + return undef unless defined $user->from_body; + return $user->from_body->name eq 'TfL'; +} + 1; diff --git a/perllib/FixMyStreet/Cobrand/UKCouncils.pm b/perllib/FixMyStreet/Cobrand/UKCouncils.pm index c652e44c2..3a831b431 100644 --- a/perllib/FixMyStreet/Cobrand/UKCouncils.pm +++ b/perllib/FixMyStreet/Cobrand/UKCouncils.pm @@ -241,6 +241,8 @@ sub admin_allow_user { my ( $self, $user ) = @_; return 1 if $user->is_superuser; return undef unless defined $user->from_body; + # Make sure TfL staff can't access other London cobrand admins + return undef if $user->from_body->name eq 'TfL'; return $user->from_body->areas->{$self->council_area_id}; } diff --git a/t/cobrand/tfl.t b/t/cobrand/tfl.t index 22727387d..bb074a872 100644 --- a/t/cobrand/tfl.t +++ b/t/cobrand/tfl.t @@ -20,6 +20,9 @@ $staffuser->user_body_permissions->create({ }); my $user = $mech->create_user_ok('londonresident@example.com'); +my $bromley = $mech->create_body_ok(2482, 'Bromley'); +my $bromleyuser = $mech->create_user_ok('bromleyuser@bromley.example.com', name => 'Bromley Staff', from_body => $bromley); + my $contact1 = $mech->create_contact_ok( body_id => $body->id, @@ -152,6 +155,41 @@ subtest 'check report age on /around' => sub { $mech->content_lacks($report->title); }; +subtest 'TfL staff can access TfL admin' => sub { + $mech->log_in_ok( $staffuser->email ); + $mech->get_ok('/admin'); + $mech->content_contains( 'This is the administration interface for' ); + $mech->log_out_ok; +}; + +subtest 'Bromley staff cannot access TfL admin' => sub { + $mech->log_in_ok( $bromleyuser->email ); + ok $mech->get('/admin'); + is $mech->res->code, 403, "got 403"; + $mech->log_out_ok; +}; + +}; + +FixMyStreet::override_config { + ALLOWED_COBRANDS => 'bromley', + MAPIT_URL => 'http://mapit.uk/' +}, sub { + +subtest 'Bromley staff can access Bromley admin' => sub { + $mech->log_in_ok( $bromleyuser->email ); + $mech->get_ok('/admin'); + $mech->content_contains( 'This is the administration interface for' ); + $mech->log_out_ok; +}; + +subtest 'TfL staff cannot access Bromley admin' => sub { + $mech->log_in_ok( $staffuser->email ); + ok $mech->get('/admin'); + is $mech->res->code, 403, "got 403"; + $mech->log_out_ok; +}; + }; done_testing(); |