zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-25 03:58:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add logic for superuser

Browse source
This commit is contained in:
zandercymatics 2024-02-23 14:25:48 -07:00
parent c02e99b972
commit afeb0f55b1
No known key found for this signature in database
GPG key ID: FF4636ABEC9682B7
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/registrar/admin.py
View file

@ -827,15 +827,18 @@ class DomainApplicationAdminForm(forms.ModelForm):
def _check_investigators_on_approval(self, investigator): def _check_investigators_on_approval(self, investigator):
"""Checks the investigator field when an approval occurs""" """Checks the investigator field when an approval occurs"""
# Get information about the current user making the request
current_user = self.request.user
is_superuser = current_user.has_perm("registrar.full_access_permission")
error_message = None error_message = None
# Check if an investigator is assigned. No approval is possible without one. # Check if an investigator is assigned. No approval is possible without one.
if investigator is not None: if investigator is not None:
if not investigator.is_staff: if not investigator.is_staff:
# Investigators must be staff users. # Investigators must be staff users.
# This is handled elsewhere, but we should check here as a precaution. # This is handled elsewhere, but we should check here as a precaution.
error_message = ApplicationStatusError.get_error_message(FSMErrorCodes.APPROVE_INVESTIGATOR_NOT_STAFF) error_message = ApplicationStatusError.get_error_message(FSMErrorCodes.APPROVE_INVESTIGATOR_NOT_STAFF)
elif investigator != self.request.user: elif investigator != current_user and not is_superuser:
# If the submitting user is not the investigator, block this action. # If the submitting user is not the investigator, block this action.
# This is to enforce accountability. Superusers do not have this restriction. # This is to enforce accountability. Superusers do not have this restriction.
error_message = ApplicationStatusError.get_error_message( error_message = ApplicationStatusError.get_error_message(