Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Impersonation suggestion #27018

Merged
merged 2 commits into from
Dec 19, 2024
Merged

fix: Impersonation suggestion #27018

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1b2bf11
Fix impersonation suggestion
benjackwhite Dec 18, 2024
881a7bf
Fixes
benjackwhite Dec 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 4 additions & 7 deletions posthog/middleware.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,13 +278,10 @@ def can_switch_to_team(self, new_team: Team, request: HttpRequest):

# :KLUDGE: This is more inefficient than needed, doing several expensive lookups
# However this should be a rare operation!
if not user_access_control.check_access_level_for_object(new_team, "member"):
# Do something to indicate that they don't have access to the team...
return False

# :KLUDGE: This is more inefficient than needed, doing several expensive lookups
# However this should be a rare operation!
if user_permissions.team(new_team).effective_membership_level is None:
if (
not user_access_control.check_access_level_for_object(new_team, "member")
and user_permissions.team(new_team).effective_membership_level is None
):
if user.is_staff:
# Staff users get a popup with suggested users to log in as, facilating support
request.suggested_users_with_access = UserBasicSerializer( # type: ignore
Expand Down
4 changes: 2 additions & 2 deletions posthog/test/test_middleware.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ def setUp(self):
def test_project_switched_when_accessing_dashboard_of_another_accessible_team(self):
dashboard = Dashboard.objects.create(team=self.second_team)

with self.assertNumQueries(self.base_app_num_queries + 7): # AutoProjectMiddleware adds 4 queries
with self.assertNumQueries(self.base_app_num_queries + 6): # AutoProjectMiddleware adds 4 queries
response_app = self.client.get(f"/dashboard/{dashboard.id}")
response_users_api = self.client.get(f"/api/users/@me/")
response_users_api_data = response_users_api.json()
Expand Down Expand Up @@ -282,7 +282,7 @@ def test_project_switched_when_accessing_cohort_of_another_accessible_team(self)
def test_project_switched_when_accessing_feature_flag_of_another_accessible_team(self):
feature_flag = FeatureFlag.objects.create(team=self.second_team, created_by=self.user)

with self.assertNumQueries(self.base_app_num_queries + 7):
with self.assertNumQueries(self.base_app_num_queries + 6):
response_app = self.client.get(f"/feature_flags/{feature_flag.id}")
response_users_api = self.client.get(f"/api/users/@me/")
response_users_api_data = response_users_api.json()
Expand Down
Loading