0006-manager-handle-special-cases-of-access-control-33515.patch
src/authentic2/manager/ou_views.py | ||
---|---|---|
63 | 63 | |
64 | 64 |
def authorize(self, request, *args, **kwargs): |
65 | 65 |
super(OrganizationalUnitDetailView, self).authorize(request, *args, **kwargs) |
66 |
self.can_delete = self.can_delete and not self.object.default
|
|
66 |
self.could_delete = self.could_delete and not self.object.default
|
|
67 | 67 | |
68 | 68 |
detail = OrganizationalUnitDetailView.as_view() |
69 | 69 |
src/authentic2/manager/role_views.py | ||
---|---|---|
27 | 27 |
from django.core.urlresolvers import reverse |
28 | 28 |
from django.contrib.auth import get_user_model |
29 | 29 | |
30 |
from django_rbac.exceptions import InsufficientAuthLevel |
|
30 | 31 |
from django_rbac.utils import get_role_model, get_permission_model, get_ou_model |
31 | 32 | |
32 | 33 |
from authentic2.utils import redirect |
33 | 34 |
from authentic2 import hooks, data_transfer |
34 | 35 | |
35 |
from . import tables, views, resources, forms, app_settings |
|
36 |
from . import tables, views, resources, forms, app_settings, utils
|
|
36 | 37 | |
37 | 38 | |
38 | 39 |
class RolesMixin(object): |
... | ... | |
79 | 80 | |
80 | 81 |
def authorize(self, request, *args, **kwargs): |
81 | 82 |
super(RolesView, self).authorize(request, *args, **kwargs) |
82 |
self.can_add = bool(request.user.ous_with_perm('a2_rbac.add_role'))
|
|
83 |
self.could_add = bool(request.user.ous_with_perm('a2_rbac.add_role'))
|
|
83 | 84 | |
84 | 85 | |
85 | 86 |
listing = RolesView.as_view() |
... | ... | |
176 | 177 |
hooks.call_hooks('event', name='manager-remove-role-member', |
177 | 178 |
user=self.request.user, role=self.object, member=user) |
178 | 179 |
else: |
180 |
if self.could_change: |
|
181 |
return utils.increase_auth_level(self.request) |
|
179 | 182 |
messages.warning(self.request, _('You are not authorized')) |
180 | 183 |
return super(RoleMembersView, self).form_valid(form) |
181 | 184 | |
... | ... | |
205 | 208 | |
206 | 209 |
def post(self, request, *args, **kwargs): |
207 | 210 |
if not self.can_delete: |
211 |
if self.could_delete: |
|
212 |
return utils.increase_auth_level(self.request) |
|
208 | 213 |
raise PermissionDenied |
209 | 214 |
return super(RoleDeleteView, self).post(request, *args, **kwargs) |
210 | 215 | |
... | ... | |
259 | 264 |
hooks.call_hooks('event', name='manager-remove-permission', |
260 | 265 |
user=self.request.user, role=self.object, permission=perm) |
261 | 266 |
else: |
267 |
if self.could_change: |
|
268 |
return utils.increase_auth_level(self.request) |
|
262 | 269 |
messages.warning(self.request, _('You are not authorized')) |
263 | 270 |
return super(RolePermissionsView, self).form_valid(form) |
264 | 271 |
src/authentic2/manager/utils.py | ||
---|---|---|
17 | 17 |
from django_rbac.utils import get_ou_model |
18 | 18 | |
19 | 19 |
from authentic2.decorators import GlobalCache |
20 |
from authentic2.utils import login_require |
|
20 | 21 | |
21 | 22 | |
22 | 23 |
def label_from_user(user): |
... | ... | |
40 | 41 |
@GlobalCache(timeout=10) |
41 | 42 |
def get_ou_count(): |
42 | 43 |
return get_ou_model().objects.count() |
44 | ||
45 | ||
46 |
def increase_auth_level(request): |
|
47 |
current_auth_level = request.session.get('auth_level', 1) |
|
48 |
return login_require(request, params={'auth_level': current_auth_level + 1}) |
src/authentic2/manager/views.py | ||
---|---|---|
43 | 43 | |
44 | 44 |
from authentic2.data_transfer import export_site, import_site, DataImportError, ImportContext |
45 | 45 |
from authentic2.forms.profile import modelform_factory |
46 |
from authentic2.utils import redirect, batch_queryset, login_require
|
|
46 |
from authentic2.utils import redirect, batch_queryset |
|
47 | 47 |
from authentic2.decorators import json as json_view |
48 | 48 |
from authentic2 import hooks |
49 | 49 | |
... | ... | |
150 | 150 |
try: |
151 | 151 |
response = self.authorize(request, *args, **kwargs) |
152 | 152 |
except InsufficientAuthLevel: |
153 |
current_auth_level = request.session.get('auth_level', 1) |
|
154 |
return login_require(request, params={'auth_level': current_auth_level + 1}) |
|
153 |
return utils.increase_auth_level(request) |
|
155 | 154 |
if response is not None: |
156 | 155 |
return response |
157 | 156 |
return super(PermissionMixin, self).dispatch(request, *args, **kwargs) |
158 |
- |