0001-manager-always-check-role-s-name-uniqueness-33944.patch
| src/authentic2/a2_rbac/models.py | ||
|---|---|---|
| 215 | 215 | |
| 216 | 216 |
def clean(self): |
| 217 | 217 |
super(Role, self).clean() |
| 218 |
if not self.service and not self.admin_scope_ct_id: |
|
| 219 |
if not self.id and self.__class__.objects.filter( |
|
| 220 |
name=self.name, ou=self.ou): |
|
| 221 |
raise ValidationError( |
|
| 222 |
{'name': _('This name is not unique over this '
|
|
| 223 |
'organizational unit.')}) |
|
| 218 |
qs = self.__class__.objects.filter(name=self.name, ou=self.ou) |
|
| 219 |
if self.pk: |
|
| 220 |
qs = qs.exclude(pk=self.pk) |
|
| 221 |
if qs.exists(): |
|
| 222 |
raise ValidationError({'name': _('Name already used')})
|
|
| 224 | 223 | |
| 225 | 224 |
def save(self, *args, **kwargs): |
| 226 | 225 |
# Service roles can only be part of the same ou as the service |
| src/authentic2/manager/forms.py | ||
|---|---|---|
| 436 | 436 |
if utils.get_ou_count() < 2: |
| 437 | 437 |
del self.fields['ou'] |
| 438 | 438 | |
| 439 |
def save(self, *args, **kwargs):
|
|
| 439 |
def clean(self):
|
|
| 440 | 440 |
if 'ou' not in self.fields: |
| 441 | 441 |
self.instance.ou = get_default_ou() |
| 442 |
return super(HideOUFieldMixin, self).save(*args, **kwargs) |
|
| 443 | 442 | |
| 444 | 443 | |
| 445 | 444 |
class OUSearchForm(FormWithRequest): |
| ... | ... | |
| 649 | 648 |
ou = forms.ModelChoiceField(queryset=get_ou_model().objects, |
| 650 | 649 |
required=True, label=_('Organizational unit'))
|
| 651 | 650 | |
| 652 |
def clean_name(self): |
|
| 653 |
qs = get_role_model().objects.all() |
|
| 654 |
if self.instance and self.instance.pk: |
|
| 655 |
qs = qs.exclude(pk=self.instance.pk) |
|
| 656 |
ou = self.cleaned_data.get('ou')
|
|
| 657 |
# Test unicity of name for an OU and globally if no OU is present |
|
| 658 |
name = self.cleaned_data.get('name')
|
|
| 659 |
if name and ou: |
|
| 660 |
query = Q(name=name) & (Q(ou__isnull=True) | Q(ou=ou)) |
|
| 661 |
if qs.filter(query).exists(): |
|
| 662 |
raise ValidationError( |
|
| 663 |
{'name': _('This name is not unique over this organizational unit.')})
|
|
| 664 |
return name |
|
| 665 | ||
| 666 | 651 |
class Meta: |
| 667 | 652 |
model = get_role_model() |
| 668 | 653 |
fields = ('name', 'ou', 'description')
|
| src/authentic2/manager/locale/fr/LC_MESSAGES/django.po | ||
|---|---|---|
| 133 | 133 |
msgid "Free text" |
| 134 | 134 |
msgstr "Recherche libre" |
| 135 | 135 | |
| 136 |
#: src/authentic2/manager/forms.py:646 |
|
| 137 |
msgid "This name is not unique over this organizational unit." |
|
| 138 |
msgstr "Ce nom n'est pas unique pour cette collectivité" |
|
| 139 | ||
| 140 | 136 |
#: src/authentic2/manager/forms.py:657 src/authentic2/manager/tables.py:62 |
| 141 | 137 |
#: src/authentic2/manager/tables.py:86 src/authentic2/manager/tables.py:114 |
| 142 | 138 |
#: src/authentic2/manager/tables.py:132 |
| tests/test_role_manager.py | ||
|---|---|---|
| 35 | 35 |
assert export.keys() == ['roles'] |
| 36 | 36 |
assert len(export['roles']) == 1 |
| 37 | 37 |
assert export['roles'][0]['slug'] == 'role_ou1' |
| 38 | ||
| 39 | ||
| 40 |
def test_manager_role_name_uniqueness_single_ou(app, admin): |
|
| 41 |
response = login(app, admin, 'a2-manager-roles') |
|
| 42 | ||
| 43 |
response = response.click('Add')
|
|
| 44 |
response.form.set('name', 'Role1')
|
|
| 45 |
response = response.form.submit('Save').follow()
|
|
| 46 |
response = response.click('Roles')
|
|
| 47 |
assert response.pyquery('td.name').text() == 'Role1'
|
|
| 48 | ||
| 49 |
response = response.click('Add')
|
|
| 50 |
response.form.set('name', 'Role1')
|
|
| 51 |
response = response.form.submit('Save')
|
|
| 52 |
assert response.pyquery('.errorlist').eq(1).text() == 'Name already used'
|
|
| 53 | ||
| 54 | ||
| 55 |
def test_manager_role_name_uniqueness_multiple_ou(app, admin, ou1): |
|
| 56 |
response = login(app, admin, 'a2-manager-roles') |
|
| 57 | ||
| 58 |
response = response.click('Add')
|
|
| 59 |
response.form.set('ou', str(ou1.id))
|
|
| 60 |
response.form.set('name', 'Role1')
|
|
| 61 |
response = response.form.submit('Save').follow()
|
|
| 62 |
response = response.click('Roles')
|
|
| 63 |
assert response.pyquery('td.name').text() == 'Role1'
|
|
| 64 | ||
| 65 |
response = response.click('Add')
|
|
| 66 |
response.form.set('ou', str(ou1.id))
|
|
| 67 |
response.form.set('name', 'Role1')
|
|
| 68 |
response = response.form.submit('Save')
|
|
| 69 |
assert response.pyquery('.errorlist').eq(1).text() == 'Name already used'
|
|
| 38 |
- |
|