0006-manager-handle-special-cases-of-access-control-33515.patch

Valentin Deniaud, 28 May 2019 05:24 PM

View differences: inline side by side

Subject: [PATCH 6/8] manager: handle special cases of access control (#33515)

Making use of the new could_{action} attribute previously introduced.

 src/authentic2/manager/ou_views.py   | 2 +-
 src/authentic2/manager/role_views.py | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

         def authorize(self, request, *args, **kwargs):
             super(OrganizationalUnitDetailView, self).authorize(request, *args, **kwargs)
             self.can_delete = self.can_delete and not self.object.default
             self.could_delete = self.could_delete and not self.object.default
     detail = OrganizationalUnitDetailView.as_view()

     from django.core.urlresolvers import reverse
     from django.contrib.auth import get_user_model
     from django_rbac.exceptions import InsufficientAuthLevel
     from django_rbac.utils import get_role_model, get_permission_model, get_ou_model
     from authentic2.utils import redirect
-...
         def authorize(self, request, *args, **kwargs):
             super(RolesView, self).authorize(request, *args, **kwargs)
             self.can_add = bool(request.user.ous_with_perm('a2_rbac.add_role'))
             self.could_add = bool(request.user.ous_with_perm('a2_rbac.add_role'))
     listing = RolesView.as_view()
-...
                         hooks.call_hooks('event', name='manager-remove-role-member',
                                          user=self.request.user, role=self.object, member=user)
             else:
                 if self.could_change:
                     raise InsufficientAuthLevel
                 messages.warning(self.request, _('You are not authorized'))
             return super(RoleMembersView, self).form_valid(form)
-...
         def post(self, request, *args, **kwargs):
             if not self.can_delete:
                 if self.could_delete:
                     raise InsufficientAuthLevel
                 raise PermissionDenied
             return super(RoleDeleteView, self).post(request, *args, **kwargs)
-...
                             hooks.call_hooks('event', name='manager-remove-permission',
                                              user=self.request.user, role=self.object, permission=perm)
             else:
                 if self.could_change:
                     raise InsufficientAuthLevel
                 messages.warning(self.request, _('You are not authorized'))
             return super(RolePermissionsView, self).form_valid(form)

Project

General

Profile

Produits Entr'ouvert » Authentic 2

0006-manager-handle-special-cases-of-access-control-33515.patch