0002-django_rbac-allow-filtering-user-roles-by-auth-level.patch

Valentin Deniaud, 28 May 2019 05:24 PM

View differences: inline side by side

Subject: [PATCH 2/8] django_rbac: allow filtering user roles by auth level
 (#33515)

Be careful about role inheritance.
A role with authentication level 2 which is inherited from a role with
auth level 1 should be given only to a user with auth level 2. This
simply means a user must not have any role that is superior to their
authentication level.
Moreover, a role with auth level 1 which is inherited from a role with
auth level 2 should be given only to a user with auth level 2. That is
why we filter roles away based on auth level before looking for parents.

 src/django_rbac/managers.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

     class RoleQuerySet(query.QuerySet):
         def for_user(self, user):
             return self.filter(members=user).parents().distinct()
         def for_user(self, user, max_auth_level=None):
             qs = self.filter(members=user)
             if max_auth_level:
                 qs = qs.filter(auth_level__lte=max_auth_level)
             qs = qs.parents()
             if max_auth_level:
                 qs = qs.filter(auth_level__lte=max_auth_level)
             return qs.distinct()
         def parents(self, include_self=True, annotate=False):
             qs = self.model.objects.filter(child_relation__child__in=self)

Project

General

Profile

Produits Entr'ouvert » Authentic 2

0002-django_rbac-allow-filtering-user-roles-by-auth-level.patch