refactor(users): migrate remaining Python is_staff checks to is_staff_user (#174)#179
Open
b3lz3but wants to merge 1 commit intocaptainpragmatic:masterfrom
Open
Conversation
…_user (captainpragmatic#174) - decorators.py: can_manage_financial_data now gates on is_staff_user so staff-by-role users (staff_role="admin" with is_staff=False) are correctly recognized as staff for financial data management - context_processors.py: can_access_admin uses is_staff_user with getattr guard for AnonymousUser safety - permissions.py: can_deploy_nodes uses is_staff_user so support agents with deploy perms are no longer locked out - orders/views.py: _validate_manual_price_override uses is_staff_user and cleaned up hasattr guards to getattr pattern - Update permission_matrix test to reflect that staff_role="admin" users are now correctly classified as staff regardless of is_staff flag Role-specific checks (staff_role in _REVIEW_APPROVE_ROLES, billing_staff_required, support_staff_required) are intentionally kept — they gate specific roles, not generic staff access. Audit metadata fields (is_staff in audit/services.py) and API response fields (is_staff in api/users/views.py) are intentionally unchanged as they record the raw Django flag, not the computed property. Addresses captainpragmatic#174. Signed-off-by: Ciprian Radulescu <craps2003@gmail.com>
Contributor
Author
|
@mostlyvirtual CI green — migrates the permission-check locations to is_staff_user. Role-specific guards, audit metadata, and API fields intentionally unchanged. Ready for review 🙏 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
can_manage_financial_datanow gates onis_staff_userso staff-by-role users (staff_role="admin"withis_staff=False) are correctly recognizedcan_access_adminusesis_staff_userwithgetattrguard for AnonymousUser safetycan_deploy_nodesusesis_staff_userso support agents with deploy perms aren't locked out_validate_manual_price_overrideusesis_staff_userand cleanedhasattrtogetattrpatternNot migrated (intentionally)
staff_role in _REVIEW_APPROVE_ROLES,billing_staff_required,support_staff_required) — these gate specific roles, not generic staff accessis_staffinaudit/services.py) — records the raw Django flag for complianceis_staffinapi/users/views.py) — changing would be a breaking API changeTest plan
staff_role="admin"withis_staff=Falsenow correctly returnsTrueforcan_manage_financial_dataAddresses #174
🤖 Generated with Claude Code
Closes #174