28 |
28 |
from .custom_user.models import User
|
29 |
29 |
from . import utils, decorators, attribute_kinds, app_settings, hooks
|
30 |
30 |
from .models import Attribute, PasswordReset
|
|
31 |
from .a2_rbac.models import RoleAttribute
|
31 |
32 |
from .a2_rbac.utils import get_default_ou
|
32 |
33 |
|
33 |
34 |
|
... | ... | |
444 |
445 |
exclude = ('date_joined', 'user_permissions', 'groups', 'last_login')
|
445 |
446 |
|
446 |
447 |
|
|
448 |
class RoleAttributeSerializer(serializer.ModelSerializer):
|
|
449 |
class Meta:
|
|
450 |
model = RoleAttribute
|
|
451 |
fields = ('name', 'kind', 'value')
|
|
452 |
|
|
453 |
|
447 |
454 |
class RoleSerializer(serializers.ModelSerializer):
|
448 |
455 |
ou = serializers.SlugRelatedField(
|
449 |
456 |
many=False,
|
... | ... | |
451 |
458 |
default=CreateOnlyDefault(get_default_ou),
|
452 |
459 |
queryset=get_ou_model().objects.all(),
|
453 |
460 |
slug_field='slug')
|
|
461 |
role_attributes = RoleAttributeSerializer(
|
|
462 |
many=True,
|
|
463 |
required=False)
|
454 |
464 |
|
455 |
465 |
@property
|
456 |
466 |
def user(self):
|
... | ... | |
466 |
476 |
# Creating roles also means being allowed to within the OU:
|
467 |
477 |
if not self.user.has_ou_perm('a2_rbac.add_role', ou):
|
468 |
478 |
raise PermissionDenied(u'User %s can\'t create role in OU %s' % (self.user, ou))
|
469 |
|
return super(RoleSerializer, self).create(validated_data)
|
|
479 |
instance = super(RoleSerializer, self).create(validated_data)
|
|
480 |
|
|
481 |
# Create additional RoleAttribute objects:
|
|
482 |
role_attributes_data = validated_data.pop('role_attributes')
|
|
483 |
for role_attribute_data in role_attributes_data:
|
|
484 |
RoleAttribute.create(role=instance, **role_attributes_data)
|
|
485 |
return instance
|
470 |
486 |
|
471 |
487 |
def update(self, instance, validated_data):
|
472 |
488 |
# Check role-updating permissions:
|
... | ... | |
484 |
500 |
|
485 |
501 |
class Meta:
|
486 |
502 |
model = get_role_model()
|
487 |
|
fields = ('uuid', 'name', 'slug', 'ou',)
|
|
503 |
fields = ('uuid', 'name', 'slug', 'ou', 'role_attributes')
|
488 |
504 |
extra_kwargs = {'uuid': {'read_only': True}}
|
489 |
505 |
|
490 |
506 |
|
491 |
|
-
|