From 11e13cea1d3f1c51a7e5c80fe1e3c53f6c227093 Mon Sep 17 00:00:00 2001
From: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Date: Tue, 30 Apr 2019 12:59:55 -0400
Subject: [PATCH] Don't link to the user details of admin or staff

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
---
 mayan/apps/events/html_widgets.py             |  7 ++++++
 .../apps/user_management/tests/test_views.py  | 22 ++++++++++++++++---
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/mayan/apps/events/html_widgets.py b/mayan/apps/events/html_widgets.py
index 3ce2babb92..47b3fd316e 100644
--- a/mayan/apps/events/html_widgets.py
+++ b/mayan/apps/events/html_widgets.py
@@ -29,6 +29,13 @@ class ObjectLinkWidget(object):
             except AttributeError:
                 url = None
 
+            if getattr(value, 'is_staff', None) or getattr(value, 'is_superuser', None):
+                # Don't display a anchor to for the user details view for
+                # superusers and staff, the details view filters them. Staff
+                # and admin users are not manageable by the normal user views.
+                url = '#'
+                return '{}{}'.format(object_type, label)
+
         return self.template.render(
             context=Context(
                 {'label': label, 'object_type': object_type, 'url': url or '#'}
diff --git a/mayan/apps/user_management/tests/test_views.py b/mayan/apps/user_management/tests/test_views.py
index dd6eb6627c..c95210da9c 100644
--- a/mayan/apps/user_management/tests/test_views.py
+++ b/mayan/apps/user_management/tests/test_views.py
@@ -163,9 +163,11 @@ class GroupViewsTestCase(GroupTestMixin, GroupViewTestMixin, UserTestMixin, Gene
 
 
 class SuperUserViewTestCase(UserTestMixin, UserViewTestMixin, GenericViewTestCase):
-    def test_superuser_delete_view_with_access(self):
+    def setUp(self):
+        super(SuperUserViewTestCase, self).setUp()
         self._create_test_superuser()
 
+    def test_superuser_delete_view_with_access(self):
         superuser_count = get_user_model().objects.filter(is_superuser=True).count()
         self.grant_access(
             obj=self.test_superuser, permission=permission_user_delete
@@ -178,14 +180,28 @@ class SuperUserViewTestCase(UserTestMixin, UserViewTestMixin, GenericViewTestCas
         )
 
     def test_superuser_detail_view_with_access(self):
-        self._create_test_superuser()
-
         self.grant_access(
             obj=self.test_superuser, permission=permission_user_view
         )
         response = self._request_test_superuser_detail_view()
         self.assertEqual(response.status_code, 404)
 
+    def _request_test_user_detail_view(self):
+        return self.get(
+            viewname='user_management:user_details', kwargs={
+                'pk': self.test_user.pk
+            }
+        )
+
+    def test_superuser_normal_user_detail_view_with_access(self):
+        self.grant_access(
+            obj=self.test_superuser, permission=permission_user_view
+        )
+
+        self.test_user = self.test_superuser
+        response = self._request_test_user_detail_view()
+        self.assertEqual(response.status_code, 404)
+
 
 class UserViewTestCase(UserTestMixin, UserViewTestMixin, GenericViewTestCase):
     def test_user_create_view_no_permission(self):