BLT icon indicating copy to clipboard operation
BLT copied to clipboard
verified publisher icon OWASP-BLT

Add organization switching for administrators managing multiple organizations

Open Copilot opened this issue 2 months ago • 45 comments

Allow administrators to switch between organizations in the dashboard

Test Fix - Regular User Access

Fixed: Test test_regular_user_cannot_access_dashboard now properly tests a user with no organizations

Problem: The test setup was creating org3 with regular_user as admin, giving them access to an organization. This caused the test to fail because the view returned 200 (showing the organization) instead of 302 (redirecting away).

Solution: Changed org3 to not have an admin user initially. The organization is only managed by manager_user, ensuring regular_user truly has no organizations to access.

Changes in website/tests/test_organization.py:

  • Removed admin=self.regular_user from org3 creation
  • Added comment clarifying that org3 has no admin initially
  • Now regular_user has no organizations and the test correctly expects a redirect

This fix ensures:

  • regular_user has no organizations (as intended by the test)
  • manager_user can still manage org3 via managers relationship
  • admin_user cannot access org3 (for other tests)
  • ✅ All test scenarios work as expected

Previous Updates

JavaScript Block Fix:

  • Moved JavaScript from non-existent extra_js block to content block
  • Organization switcher now works correctly

Performance Optimization:

  • Fixed N+1 query problem (reduced from 6+ queries to 1)
  • Credit to @sidd190 for identifying this issue

Security Fix:

  • Fixed CodeQL "DOM text reinterpreted as HTML" alert
  • Added protocol validation, URL encoding, and safer navigation

All PR Review Comments Addressed:

  • Performance optimization (organizations_count in context)
  • Input validation (integer validation for switch_to)
  • Accessibility (aria-hidden on SVG icons)
  • Code quality (GitHub spelling, removed unused variable)
  • Comprehensive edge case tests (17 total test cases)

Test Coverage

  • Original tests: 13
  • New edge case tests: 4
  • Total: 17 comprehensive test cases
Original prompt

This section details on the original issue you should resolve

<issue_title>allow for administrators to switch to different organizations if they manage more than one in the dashboard</issue_title> <issue_description></issue_description>

Comments on the Issue (you are @copilot in this section)

  • Fixes OWASP-BLT/BLT#5256

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot avatar Dec 10 '25 23:12 Copilot