diff --git a/controlpanel/api/rules.py b/controlpanel/api/rules.py index 058a3f7bb..939d5f31a 100644 --- a/controlpanel/api/rules.py +++ b/controlpanel/api/rules.py @@ -48,7 +48,7 @@ def is_app_admin(user, obj): add_perm("api.list_app", is_authenticated) -add_perm("api.create_app", is_authenticated & is_superuser) +add_perm("api.create_app", is_authenticated) add_perm("api.retrieve_app", is_authenticated & is_app_admin) add_perm("api.update_app", is_authenticated & is_superuser) add_perm("api.destroy_app", is_authenticated & is_superuser) @@ -187,6 +187,8 @@ def is_self(user, other): add_perm("api.update_ip_allowlists", is_authenticated & is_superuser) add_perm("api.destroy_ip_allowlists", is_authenticated & is_superuser) +add_perm("api.create_connections", is_authenticated & is_superuser) + @predicate def is_owner(user, obj): diff --git a/controlpanel/api/serializers.py b/controlpanel/api/serializers.py index 7761379c4..e0b70c56c 100644 --- a/controlpanel/api/serializers.py +++ b/controlpanel/api/serializers.py @@ -362,7 +362,7 @@ class AppAuthSettingsSerializer(serializers.BaseSerializer): "edit_link": "update-app-ip-allowlists" }, cluster.App.AUTH0_CONNECTIONS: { - "permission_flag": "api.create_app", + "permission_flag": "api.create_connections", "edit_link": "update-auth0-connections" } } diff --git a/controlpanel/frontend/views/app.py b/controlpanel/frontend/views/app.py index 821a0138d..02750ec3d 100644 --- a/controlpanel/frontend/views/app.py +++ b/controlpanel/frontend/views/app.py @@ -170,7 +170,7 @@ class UpdateAppAuth0Connections( form_class = UpdateAppAuth0ConnectionsForm model = App - permission_required = "api.create_app" + permission_required = "api.create_connections" template_name = "webapp-auth0-connections-update.html" success_url = "manage-app" diff --git a/tests/api/permissions/test_app_permissions.py b/tests/api/permissions/test_app_permissions.py index 0c14960d5..047faefed 100644 --- a/tests/api/permissions/test_app_permissions.py +++ b/tests/api/permissions/test_app_permissions.py @@ -98,13 +98,13 @@ def test_authenticated_user_has_basic_perms(client, users): (app_detail, "app_user", status.HTTP_403_FORBIDDEN), (app_detail, "normal_user", status.HTTP_404_NOT_FOUND), (app_delete, "normal_user", status.HTTP_403_FORBIDDEN), - (app_create, "normal_user", status.HTTP_403_FORBIDDEN), + (app_create, "normal_user", status.HTTP_201_CREATED), (app_update, "normal_user", status.HTTP_403_FORBIDDEN), (app_list, "app_admin", status.HTTP_200_OK), (app_detail, "app_admin", status.HTTP_200_OK), (app_delete, "app_admin", status.HTTP_403_FORBIDDEN), - (app_create, "app_admin", status.HTTP_403_FORBIDDEN), + (app_create, "app_admin", status.HTTP_201_CREATED), (app_update, "app_admin", status.HTTP_403_FORBIDDEN), ], ) diff --git a/tests/frontend/views/test_app.py b/tests/frontend/views/test_app.py index f1ccc6dc3..9033f96d8 100644 --- a/tests/frontend/views/test_app.py +++ b/tests/frontend/views/test_app.py @@ -282,8 +282,8 @@ def update_ip_allowlists(client, app, *args): (update_auth0_connections, "app_admin", status.HTTP_403_FORBIDDEN), (update_auth0_connections, "normal_user", status.HTTP_403_FORBIDDEN), (create, "superuser", status.HTTP_200_OK), - (create, "app_admin", status.HTTP_403_FORBIDDEN), - (create, "normal_user", status.HTTP_403_FORBIDDEN), + (create, "app_admin", status.HTTP_200_OK), + (create, "normal_user", status.HTTP_200_OK), (delete, "superuser", status.HTTP_302_FOUND), (delete, "app_admin", status.HTTP_403_FORBIDDEN), (delete, "normal_user", status.HTTP_403_FORBIDDEN),