diff --git a/SAS/TMSS/backend/src/tmss/tmssapp/populate.py b/SAS/TMSS/backend/src/tmss/tmssapp/populate.py
index 4d274999457d157af50a67241c65a213a791a2bb..1768345692a3b519bac2c555834231455ebe611d 100644
--- a/SAS/TMSS/backend/src/tmss/tmssapp/populate.py
+++ b/SAS/TMSS/backend/src/tmss/tmssapp/populate.py
@@ -602,23 +602,23 @@ def assign_system_permissions():
def populate_system_test_users():
# TODO: Set proper credentials (passwords at least).
- to_observer_user = User.objects.create(username='to_observer', password='to_observer')
+ to_observer_user, _ = User.objects.get_or_create(username='to_observer', password='to_observer')
to_observer_user.groups.add(Group.objects.get(name='TO observer'))
- sdco_support_user = User.objects.create(username='sdco_support', password='sdco_support')
+ sdco_support_user, _ = User.objects.get_or_create(username='sdco_support', password='sdco_support')
sdco_support_user.groups.add(Group.objects.get(name='SDCO support'))
- tmss_maintainer_user = User.objects.create(username='tmss_maintainer', password='tmss_maintainer')
+ tmss_maintainer_user, _ = User.objects.get_or_create(username='tmss_maintainer', password='tmss_maintainer')
tmss_maintainer_user.groups.add(Group.objects.get(name='TMSS Maintainer'))
- tmss_admin_user = User.objects.create(username='tmss_admin', password='tmss_admin')
+ tmss_admin_user, _ = User.objects.get_or_create(username='tmss_admin', password='tmss_admin')
tmss_admin_user.groups.add(Group.objects.get(name='TMSS Admin'))
- to_maintenance_user = User.objects.create(username='to_maintenance', password='to_maintenance')
+ to_maintenance_user, _ = User.objects.get_or_create(username='to_maintenance', password='to_maintenance')
to_maintenance_user.groups.add(Group.objects.get(name='TO maintenance'))
- to_user = User.objects.create(username='to_user', password='to_user')
+ to_user, _ = User.objects.get_or_create(username='to_user', password='to_user')
to_user.groups.add(Group.objects.get(name='TO user'))
- scientist_user = User.objects.create(username='scientist', password='scientist')
+ scientist_user, _ = User.objects.get_or_create(username='scientist', password='scientist')
scientist_user.groups.add(Group.objects.get(name='Scientist'))
- e_scientist_user = User.objects.create(username='e_scientist', password='e_scientist')
+ e_scientist_user, _ = User.objects.get_or_create(username='e_scientist', password='e_scientist')
e_scientist_user.groups.add(Group.objects.get(name='Scientist (Expert)'))
- guest_user = User.objects.create(username='guest', password='guest')
+ guest_user, _ = User.objects.get_or_create(username='guest', password='guest')
guest_user.groups.add(Group.objects.get(name='Guest'))
- lta_user = User.objects.create(username='lta_user', password='lta_user')
+ lta_user, _ = User.objects.get_or_create(username='lta_user', password='lta_user')
lta_user.groups.add(Group.objects.get(name='LTA User'))
diff --git a/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/permissions.py b/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/permissions.py
index 66124b5c3ba77f70eecd7533369037b9d1f5d88e..5ec90752626b1523eb195c883d84ee43bdc9900f 100644
--- a/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/permissions.py
+++ b/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/permissions.py
@@ -233,6 +233,10 @@ class IsProjectMemberFilterBackend(drf_filters.BaseFilterBackend):
if view.action != 'list':
return queryset
+ # if a system role allows general access to the model, do not filter
+ if TMSSDjangoModelPermissions().has_permission(request, view):
+ return queryset
+
# we don't filer for superuser (e.g. in test environment, where a regular user is created to test filtering specifically)
if request.user.is_superuser:
logger.info("IsProjectMemberFilterBackend: User=%s is superuser. Not enforcing project permissions!" % request.user)
diff --git a/SAS/TMSS/backend/test/ldap_test_service.py b/SAS/TMSS/backend/test/ldap_test_service.py
index 308aa5ed76c8f910519f0730a123a5e14e412f64..6db66a2294d0d9f0e5e767d75203a48bbb7eb1e6 100644
--- a/SAS/TMSS/backend/test/ldap_test_service.py
+++ b/SAS/TMSS/backend/test/ldap_test_service.py
@@ -105,6 +105,86 @@ class TestLDAPServer():
'mail': '%s@lofar.test' % self.dbcreds.user,
'givenName': self.dbcreds.user,
'sn': 'lofar_test'}},
+ {'objectclass': 'lofarPerson',
+ 'dn': 'cn=to_observer,ou=users,o=lofar,c=eu',
+ 'attributes': {'cn': 'to_observer',
+ 'userPassword': 'to_observer',
+ 'mail': 'to_observer@astron.nl',
+ 'givenName': 'to_observer',
+ 'sn': 'to_observer',
+ 'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
+ {'objectclass': 'lofarPerson',
+ 'dn': 'cn=sdco_support,ou=users,o=lofar,c=eu',
+ 'attributes': {'cn': 'sdco_support',
+ 'userPassword': 'sdco_support',
+ 'mail': 'sdco_support@astron.nl',
+ 'givenName': 'sdco_support',
+ 'sn': 'sdco_support',
+ 'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
+ {'objectclass': 'lofarPerson',
+ 'dn': 'cn=tmss_maintainer,ou=users,o=lofar,c=eu',
+ 'attributes': {'cn': 'tmss_maintainer',
+ 'userPassword': 'tmss_maintainer',
+ 'mail': 'tmss_maintainer@astron.nl',
+ 'givenName': 'tmss_maintainer',
+ 'sn': 'tmss_maintainer',
+ 'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
+ {'objectclass': 'lofarPerson',
+ 'dn': 'cn=tmss_admin,ou=users,o=lofar,c=eu',
+ 'attributes': {'cn': 'tmss_admin',
+ 'userPassword': 'tmss_admin',
+ 'mail': 'tmss_admin@astron.nl',
+ 'givenName': 'tmss_admin',
+ 'sn': 'tmss_admin',
+ 'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
+ {'objectclass': 'lofarPerson',
+ 'dn': 'cn=to_maintenance,ou=users,o=lofar,c=eu',
+ 'attributes': {'cn': 'to_maintenance',
+ 'userPassword': 'to_maintenance',
+ 'mail': 'to_maintenance@astron.nl',
+ 'givenName': 'to_maintenance',
+ 'sn': 'to_maintenance',
+ 'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
+ {'objectclass': 'lofarPerson',
+ 'dn': 'cn=to_user,ou=users,o=lofar,c=eu',
+ 'attributes': {'cn': 'to_user',
+ 'userPassword': 'to_user',
+ 'mail': 'to_user@astron.nl',
+ 'givenName': 'to_user',
+ 'sn': 'to_user',
+ 'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
+ {'objectclass': 'lofarPerson',
+ 'dn': 'cn=scientist,ou=users,o=lofar,c=eu',
+ 'attributes': {'cn': 'scientist',
+ 'userPassword': 'scientist',
+ 'mail': 'scientist@astron.nl',
+ 'givenName': 'scientist',
+ 'sn': 'scientist',
+ 'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
+ {'objectclass': 'lofarPerson',
+ 'dn': 'cn=e_scientist,ou=users,o=lofar,c=eu',
+ 'attributes': {'cn': 'e_scientist',
+ 'userPassword': 'e_scientist',
+ 'mail': 'e_scientist@astron.nl',
+ 'givenName': 'e_scientist',
+ 'sn': 'e_scientist',
+ 'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
+ {'objectclass': 'lofarPerson',
+ 'dn': 'cn=guest,ou=users,o=lofar,c=eu',
+ 'attributes': {'cn': 'guest',
+ 'userPassword': 'guest',
+ 'mail': 'guest@astron.nl',
+ 'givenName': 'guest',
+ 'sn': 'guest',
+ 'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
+ {'objectclass': 'lofarPerson',
+ 'dn': 'cn=lta_user,ou=users,o=lofar,c=eu',
+ 'attributes': {'cn': 'lta_user',
+ 'userPassword': 'lta_user',
+ 'mail': 'lta_user@astron.nl',
+ 'givenName': 'lta_user',
+ 'sn': 'lta_user',
+ 'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'organizationUnit',
'dn': 'ou=Roles,o=lofar,c=eu',
'attributes': {'ou': 'Roles'}},