0001-api-add-parameters-to-filter-users-by-allowed-servic.patch
| src/authentic2/api_views.py | ||
|---|---|---|
| 548 | 548 |
if self.request.method == 'GET': |
| 549 | 549 |
qs = qs.prefetch_related('attribute_values', 'attribute_values__attribute')
|
| 550 | 550 |
qs = self.request.user.filter_by_perm(['custom_user.view_user'], qs) |
| 551 |
# filter users authorized for a specified service |
|
| 552 |
if 'service-slug' in self.request.GET and 'service-ou' in self.request.GET: |
|
| 553 |
service_slug = self.request.GET['service-slug'] |
|
| 554 |
service_ou = self.request.GET['service-ou'] |
|
| 555 |
qs = (qs.filter(roles__allowed_services__slug=service_slug, roles__allowed_services__ou__slug=service_ou) |
|
| 556 |
| qs.filter(roles__parent_relation__parent__allowed_services__slug=service_slug, |
|
| 557 |
roles__parent_relation__parent__allowed_services__ou__slug=service_ou)) |
|
| 558 |
qs = qs.distinct() |
|
| 551 | 559 |
new_qs = hooks.call_hooks_first_result('api_modify_queryset', self, qs)
|
| 552 | 560 |
if new_qs is not None: |
| 553 | 561 |
return new_qs |
| src/authentic2/models.py | ||
|---|---|---|
| 333 | 333 |
authorized_roles = models.ManyToManyField( |
| 334 | 334 |
get_role_model_name(), verbose_name=_('authorized services'),
|
| 335 | 335 |
through='AuthorizedRole', through_fields=('service', 'role'),
|
| 336 |
related_name='authorized_roles', blank=True)
|
|
| 336 |
related_name='allowed_services', blank=True)
|
|
| 337 | 337 |
unauthorized_url = models.URLField( |
| 338 | 338 |
verbose_name=_('callback url when unauthorized'),
|
| 339 | 339 |
max_length=256, null=True, blank=True) |
| tests/test_api.py | ||
|---|---|---|
| 141 | 141 |
assert resp.json['next'] is None |
| 142 | 142 | |
| 143 | 143 | |
| 144 |
def test_api_users_list_by_authorized_service(app, superuser): |
|
| 145 |
from authentic2.models import Service |
|
| 146 | ||
| 147 |
app.authorization = ('Basic', (superuser.username, superuser.username))
|
|
| 148 |
User = get_user_model() |
|
| 149 |
Role = get_role_model() |
|
| 150 | ||
| 151 |
user1 = User.objects.create(username='user1') |
|
| 152 |
user2 = User.objects.create(username='user2') |
|
| 153 |
user3 = User.objects.create(username='user3') |
|
| 154 | ||
| 155 |
role1 = Role.objects.create(name='role1') |
|
| 156 |
role2 = Role.objects.create(name='role2') |
|
| 157 |
role1.add_child(role2) |
|
| 158 |
user1.roles = [role1] |
|
| 159 |
user2.roles = [role2] |
|
| 160 | ||
| 161 |
service = Service.objects.create(ou=get_default_ou(), name='service', slug='service') |
|
| 162 |
service.add_authorized_role(role1) |
|
| 163 | ||
| 164 |
resp = app.get('/api/users/')
|
|
| 165 |
assert len(resp.json['results']) == 4 |
|
| 166 | ||
| 167 |
resp = app.get('/api/users/?service-ou=default&service-slug=service')
|
|
| 168 |
assert len(resp.json['results']) == 2 |
|
| 169 |
assert set(user['username'] for user in resp.json['results']) == set(['user1', 'user2']) |
|
| 170 | ||
| 171 | ||
| 144 | 172 |
def test_api_users_create(settings, app, api_user): |
| 145 | 173 |
from django.contrib.auth import get_user_model |
| 146 | 174 |
from authentic2.models import Attribute, AttributeValue |
| 147 |
- |
|