diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2020-03-09 12:58:42 +0000 |
|---|---|---|
| committer | Matthew Somerville <matthew@mysociety.org> | 2020-03-09 12:58:44 +0000 |
| commit | 61c8c7610e63d93b8018afa4ccb22d35e6c26182 (patch) | |
| tree | a65b96628835479908f4200c4238cad2be0d59ea | |
| parent | 07bcfacab98ce6167b54ff6f611e0ad75486f5e8 (diff) | |
[UK Councils] Superusers cannot be edited by staff
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/UKCouncils.pm | 6 | ||||
| -rw-r--r-- | t/app/controller/admin/users.t | 5 |
2 files changed, 9 insertions, 2 deletions
diff --git a/perllib/FixMyStreet/Cobrand/UKCouncils.pm b/perllib/FixMyStreet/Cobrand/UKCouncils.pm index 6709ef565..64c22d543 100644 --- a/perllib/FixMyStreet/Cobrand/UKCouncils.pm +++ b/perllib/FixMyStreet/Cobrand/UKCouncils.pm @@ -130,7 +130,11 @@ sub users_restriction { push @$or_query, email => @domains; } - return $rs->search($or_query); + my $query = { + is_superuser => 0, + -or => $or_query + }; + return $rs->search($query); } sub base_url { diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t index a36a4187a..4f0298103 100644 --- a/t/app/controller/admin/users.t +++ b/t/app/controller/admin/users.t @@ -103,9 +103,12 @@ subtest 'search does not show user from another council' => sub { FixMyStreet::override_config { ALLOWED_COBRANDS => [ 'oxfordshire' ], }, sub { + $superuser->update({ from_body => $oxfordshire->id }); $mech->get_ok('/admin/users'); - $mech->get_ok('/admin/users?search=' . $user->name); + $mech->content_lacks('Super User'); + $superuser->update({ from_body => undef }); + $mech->get_ok('/admin/users?search=' . $user->name); $mech->content_contains( "Searching found no users." ); $mech->get_ok('/admin/users?search=' . $user->email); |