321 |
321 |
return request.user.to_json()
|
322 |
322 |
|
323 |
323 |
|
|
324 |
def attributes_hash(attributes):
|
|
325 |
attributes = sorted(attributes, key=lambda at: at.name)
|
|
326 |
return hash(tuple((at.name, at.required) for at in attributes))
|
|
327 |
|
|
328 |
|
|
329 |
class RoleSerializer(serializers.ModelSerializer):
|
|
330 |
ou = serializers.SlugRelatedField(
|
|
331 |
many=False,
|
|
332 |
required=False,
|
|
333 |
default=CreateOnlyDefault(get_default_ou),
|
|
334 |
queryset=get_ou_model().objects.all(),
|
|
335 |
slug_field='slug')
|
|
336 |
|
|
337 |
@property
|
|
338 |
def user(self):
|
|
339 |
return self.context['request'].user
|
|
340 |
|
|
341 |
def __init__(self, instance=None, **kwargs):
|
|
342 |
super(RoleSerializer, self).__init__(instance, **kwargs)
|
|
343 |
if self.instance:
|
|
344 |
self.fields['ou'].read_only = True
|
|
345 |
|
|
346 |
def create(self, validated_data):
|
|
347 |
ou = validated_data.get('ou')
|
|
348 |
# Creating roles also means being allowed to within the OU:
|
|
349 |
if not self.user.has_ou_perm('a2_rbac.add_role', ou):
|
|
350 |
raise PermissionDenied(u'User %s can\'t create role in OU %s' % (self.user, ou))
|
|
351 |
return super(RoleSerializer, self).create(validated_data)
|
|
352 |
|
|
353 |
def update(self, instance, validated_data):
|
|
354 |
# Check role-updating permissions:
|
|
355 |
if not self.user.has_perm('a2_rbac.change_role', obj=instance):
|
|
356 |
raise PermissionDenied(u'User %s can\'t change role %s' % (self.user, instance))
|
|
357 |
super(RoleSerializer, self).update(instance, validated_data)
|
|
358 |
return instance
|
|
359 |
|
|
360 |
def partial_update(self, instance, validated_data):
|
|
361 |
# Check role-updating permissions:
|
|
362 |
if not self.user.has_perm('a2_rbac.change_role', obj=instance):
|
|
363 |
raise PermissionDenied(u'User %s can\'t change role %s' % (self.user, instance))
|
|
364 |
super(RoleSerializer, self).partial_update(instance, validated_data)
|
|
365 |
return instance
|
|
366 |
|
|
367 |
class Meta:
|
|
368 |
model = get_role_model()
|
|
369 |
fields = ('uuid', 'name', 'slug', 'ou',)
|
|
370 |
extra_kwargs = {'uuid': {'read_only': True}}
|
|
371 |
|
|
372 |
|
|
373 |
class BaseOrganizationalUnitSerializer(serializers.ModelSerializer):
|
|
374 |
class Meta:
|
|
375 |
model = get_ou_model()
|
|
376 |
fields = '__all__'
|
|
377 |
|
|
378 |
|
|
379 |
class OrganizationalUnitConciseSerializer(BaseOrganizationalUnitSerializer):
|
|
380 |
class Meta(BaseOrganizationalUnitSerializer.Meta):
|
|
381 |
fields = ('uuid', 'slug', 'name',)
|
|
382 |
|
|
383 |
|
|
384 |
class RoleCustomField(RoleSerializer):
|
|
385 |
ou = OrganizationalUnitConciseSerializer(
|
|
386 |
many=False,
|
|
387 |
required=False,
|
|
388 |
read_only=True)
|
|
389 |
|
|
390 |
class Meta(RoleSerializer.Meta):
|
|
391 |
fields = ('description', 'external_id', 'name', 'ou', 'service', 'slug',
|
|
392 |
'uuid',)
|
|
393 |
|
|
394 |
|
324 |
395 |
class BaseUserSerializer(serializers.ModelSerializer):
|
325 |
396 |
ou = serializers.SlugRelatedField(
|
326 |
397 |
queryset=get_ou_model().objects.all(),
|
... | ... | |
335 |
406 |
default=CreateOnlyDefault(utils.generate_password),
|
336 |
407 |
required=False)
|
337 |
408 |
force_password_reset = serializers.BooleanField(write_only=True, required=False, default=False)
|
|
409 |
roles = RoleCustomField(many=True, read_only=True)
|
338 |
410 |
|
339 |
411 |
def __init__(self, *args, **kwargs):
|
340 |
412 |
super(BaseUserSerializer, self).__init__(*args, **kwargs)
|
... | ... | |
490 |
562 |
exclude = ('date_joined', 'user_permissions', 'groups', 'last_login')
|
491 |
563 |
|
492 |
564 |
|
493 |
|
class RoleSerializer(serializers.ModelSerializer):
|
494 |
|
ou = serializers.SlugRelatedField(
|
495 |
|
many=False,
|
496 |
|
required=False,
|
497 |
|
default=CreateOnlyDefault(get_default_ou),
|
498 |
|
queryset=get_ou_model().objects.all(),
|
499 |
|
slug_field='slug')
|
500 |
|
|
501 |
|
@property
|
502 |
|
def user(self):
|
503 |
|
return self.context['request'].user
|
504 |
|
|
505 |
|
def __init__(self, instance=None, **kwargs):
|
506 |
|
super(RoleSerializer, self).__init__(instance, **kwargs)
|
507 |
|
if self.instance:
|
508 |
|
self.fields['ou'].read_only = True
|
509 |
|
|
510 |
|
def create(self, validated_data):
|
511 |
|
ou = validated_data.get('ou')
|
512 |
|
# Creating roles also means being allowed to within the OU:
|
513 |
|
if not self.user.has_ou_perm('a2_rbac.add_role', ou):
|
514 |
|
raise PermissionDenied(u'User %s can\'t create role in OU %s' % (self.user, ou))
|
515 |
|
return super(RoleSerializer, self).create(validated_data)
|
516 |
|
|
517 |
|
def update(self, instance, validated_data):
|
518 |
|
# Check role-updating permissions:
|
519 |
|
if not self.user.has_perm('a2_rbac.change_role', obj=instance):
|
520 |
|
raise PermissionDenied(u'User %s can\'t change role %s' % (self.user, instance))
|
521 |
|
super(RoleSerializer, self).update(instance, validated_data)
|
522 |
|
return instance
|
523 |
|
|
524 |
|
def partial_update(self, instance, validated_data):
|
525 |
|
# Check role-updating permissions:
|
526 |
|
if not self.user.has_perm('a2_rbac.change_role', obj=instance):
|
527 |
|
raise PermissionDenied(u'User %s can\'t change role %s' % (self.user, instance))
|
528 |
|
super(RoleSerializer, self).partial_update(instance, validated_data)
|
529 |
|
return instance
|
530 |
|
|
531 |
|
class Meta:
|
532 |
|
model = get_role_model()
|
533 |
|
fields = ('uuid', 'name', 'slug', 'ou',)
|
534 |
|
extra_kwargs = {'uuid': {'read_only': True}}
|
535 |
|
|
536 |
|
|
537 |
565 |
class UsersFilter(FilterSet):
|
538 |
566 |
class Meta:
|
539 |
567 |
model = get_user_model()
|
... | ... | |
732 |
760 |
role_memberships = RoleMembershipsAPI.as_view()
|
733 |
761 |
|
734 |
762 |
|
735 |
|
class BaseOrganizationalUnitSerializer(serializers.ModelSerializer):
|
736 |
|
class Meta:
|
737 |
|
model = get_ou_model()
|
738 |
|
fields = '__all__'
|
739 |
|
|
740 |
|
|
741 |
763 |
class OrganizationalUnitAPI(ExceptionHandlerMixin, ModelViewSet):
|
742 |
764 |
permission_classes = (DjangoPermission('a2_rbac.search_organizationalunit'),)
|
743 |
765 |
serializer_class = BaseOrganizationalUnitSerializer
|