310 |
310 |
return hash(tuple((at.name, at.required) for at in attributes))
|
311 |
311 |
|
312 |
312 |
|
|
313 |
class RoleSerializer(serializers.ModelSerializer):
|
|
314 |
ou = serializers.SlugRelatedField(
|
|
315 |
many=False,
|
|
316 |
required=False,
|
|
317 |
default=CreateOnlyDefault(get_default_ou),
|
|
318 |
queryset=get_ou_model().objects.all(),
|
|
319 |
slug_field='slug')
|
|
320 |
|
|
321 |
@property
|
|
322 |
def user(self):
|
|
323 |
return self.context['request'].user
|
|
324 |
|
|
325 |
def __init__(self, instance=None, **kwargs):
|
|
326 |
super(RoleSerializer, self).__init__(instance, **kwargs)
|
|
327 |
if self.instance:
|
|
328 |
self.fields['ou'].read_only = True
|
|
329 |
|
|
330 |
def create(self, validated_data):
|
|
331 |
ou = validated_data.get('ou')
|
|
332 |
# Creating roles also means being allowed to within the OU:
|
|
333 |
if not self.user.has_ou_perm('a2_rbac.add_role', ou):
|
|
334 |
raise PermissionDenied(u'User %s can\'t create role in OU %s' % (self.user, ou))
|
|
335 |
return super(RoleSerializer, self).create(validated_data)
|
|
336 |
|
|
337 |
def update(self, instance, validated_data):
|
|
338 |
# Check role-updating permissions:
|
|
339 |
if not self.user.has_perm('a2_rbac.change_role', obj=instance):
|
|
340 |
raise PermissionDenied(u'User %s can\'t change role %s' % (self.user, instance))
|
|
341 |
super(RoleSerializer, self).update(instance, validated_data)
|
|
342 |
return instance
|
|
343 |
|
|
344 |
def partial_update(self, instance, validated_data):
|
|
345 |
# Check role-updating permissions:
|
|
346 |
if not self.user.has_perm('a2_rbac.change_role', obj=instance):
|
|
347 |
raise PermissionDenied(u'User %s can\'t change role %s' % (self.user, instance))
|
|
348 |
super(RoleSerializer, self).partial_update(instance, validated_data)
|
|
349 |
return instance
|
|
350 |
|
|
351 |
class Meta:
|
|
352 |
model = get_role_model()
|
|
353 |
fields = ('uuid', 'name', 'slug', 'ou',)
|
|
354 |
extra_kwargs = {'uuid': {'read_only': True}}
|
|
355 |
|
|
356 |
|
|
357 |
class RoleCustomField(RoleSerializer):
|
|
358 |
class Meta(RoleSerializer.Meta):
|
|
359 |
fields = ('uuid', 'name', 'slug',)
|
|
360 |
|
|
361 |
|
313 |
362 |
class BaseUserSerializer(serializers.ModelSerializer):
|
314 |
363 |
ou = serializers.SlugRelatedField(
|
315 |
364 |
queryset=get_ou_model().objects.all(),
|
... | ... | |
324 |
373 |
default=CreateOnlyDefault(utils.generate_password),
|
325 |
374 |
required=False)
|
326 |
375 |
force_password_reset = serializers.BooleanField(write_only=True, required=False, default=False)
|
|
376 |
roles = RoleCustomField(many=True, read_only=True, source='roles_and_parents')
|
327 |
377 |
|
328 |
378 |
def __init__(self, *args, **kwargs):
|
329 |
379 |
super(BaseUserSerializer, self).__init__(*args, **kwargs)
|
... | ... | |
452 |
502 |
exclude = ('date_joined', 'user_permissions', 'groups', 'last_login')
|
453 |
503 |
|
454 |
504 |
|
455 |
|
class RoleSerializer(serializers.ModelSerializer):
|
456 |
|
ou = serializers.SlugRelatedField(
|
457 |
|
many=False,
|
458 |
|
required=False,
|
459 |
|
default=CreateOnlyDefault(get_default_ou),
|
460 |
|
queryset=get_ou_model().objects.all(),
|
461 |
|
slug_field='slug')
|
462 |
|
|
463 |
|
@property
|
464 |
|
def user(self):
|
465 |
|
return self.context['request'].user
|
466 |
|
|
467 |
|
def __init__(self, instance=None, **kwargs):
|
468 |
|
super(RoleSerializer, self).__init__(instance, **kwargs)
|
469 |
|
if self.instance:
|
470 |
|
self.fields['ou'].read_only = True
|
471 |
|
|
472 |
|
def create(self, validated_data):
|
473 |
|
ou = validated_data.get('ou')
|
474 |
|
# Creating roles also means being allowed to within the OU:
|
475 |
|
if not self.user.has_ou_perm('a2_rbac.add_role', ou):
|
476 |
|
raise PermissionDenied(u'User %s can\'t create role in OU %s' % (self.user, ou))
|
477 |
|
return super(RoleSerializer, self).create(validated_data)
|
478 |
|
|
479 |
|
def update(self, instance, validated_data):
|
480 |
|
# Check role-updating permissions:
|
481 |
|
if not self.user.has_perm('a2_rbac.change_role', obj=instance):
|
482 |
|
raise PermissionDenied(u'User %s can\'t change role %s' % (self.user, instance))
|
483 |
|
super(RoleSerializer, self).update(instance, validated_data)
|
484 |
|
return instance
|
485 |
|
|
486 |
|
def partial_update(self, instance, validated_data):
|
487 |
|
# Check role-updating permissions:
|
488 |
|
if not self.user.has_perm('a2_rbac.change_role', obj=instance):
|
489 |
|
raise PermissionDenied(u'User %s can\'t change role %s' % (self.user, instance))
|
490 |
|
super(RoleSerializer, self).partial_update(instance, validated_data)
|
491 |
|
return instance
|
492 |
|
|
493 |
|
class Meta:
|
494 |
|
model = get_role_model()
|
495 |
|
fields = ('uuid', 'name', 'slug', 'ou',)
|
496 |
|
extra_kwargs = {'uuid': {'read_only': True}}
|
497 |
|
|
498 |
|
|
499 |
505 |
class UsersFilter(FilterSet):
|
500 |
506 |
class Meta:
|
501 |
507 |
model = get_user_model()
|