Projet

Général

Profil

0001-manager-add-manage-members-permission-for-role-admin.patch

Valentin Deniaud, 07 octobre 2019 15:53

Télécharger (5,81 ko)

Voir les différences: 

Subject: [PATCH 1/2] manager: add manage members permission for role admins
 (#20513)


 src/authentic2/a2_rbac/models.py                  |  4 +++-
 src/authentic2/a2_rbac/signal_handlers.py         |  4 +++-
 src/authentic2/manager/role_views.py              |  5 -----
 .../authentic2/manager/role_members.html          |  2 +-
 src/authentic2/settings.py                        |  1 +
 tests/test_a2_rbac.py                             |  2 +-
 tests/test_manager.py                             | 15 +++++++++++++++
 7 files changed, 24 insertions(+), 9 deletions(-)
src/authentic2/a2_rbac/models.py
221 221 
            self_administered=True,
222 222 
            update_name=True,
223 223 
            update_slug=True,
224 
            create=create)
224 
            create=create,
225 
            operation=MANAGE_MEMBERS_OP)
225 226 
        return admin_role
226 227 

  		




  227
  228
  
    
    def validate_unique(self, exclude=None):

  		




  ......




  393
  394
  
    
RESET_PASSWORD_OP = Operation(name=_('Reset password'), slug='reset_password')

  		




  394
  395
  
    
ACTIVATE_OP = Operation(name=_('Activate'), slug='activate')

  		




  395
  396
  
    
CHANGE_EMAIL_OP = Operation(name=_('Change email'), slug='change_email')

  		




  
  397
  
    
MANAGE_MEMBERS_OP = Operation(name=_('Manage role members'), slug='manage_members')

  		












  

    
      src/authentic2/a2_rbac/signal_handlers.py
    
  





  86
  86
  
    

  		




  87
  87
  
    
def create_default_permissions(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS,

  		




  88
  88
  
    
                               **kwargs):

  		




  89
  
  
    
    from .models import CHANGE_PASSWORD_OP, RESET_PASSWORD_OP, ACTIVATE_OP, CHANGE_EMAIL_OP

  		




  
  89
  
    
    from .models import (CHANGE_PASSWORD_OP, RESET_PASSWORD_OP, ACTIVATE_OP, CHANGE_EMAIL_OP,

  		




  
  90
  
    
                         MANAGE_MEMBERS_OP)

  		




  90
  91
  
    

  		




  91
  92
  
    
    if not router.allow_migrate(using, get_ou_model()):

  		




  92
  93
  
    
        return

  		




  ......




  96
  97
  
    
        get_operation(RESET_PASSWORD_OP)

  		




  97
  98
  
    
        get_operation(ACTIVATE_OP)

  		




  98
  99
  
    
        get_operation(CHANGE_EMAIL_OP)

  		




  
  100
  
    
        get_operation(MANAGE_MEMBERS_OP)

  		












  

    
      src/authentic2/manager/role_views.py
    
  





  77
  77
  
    
        kwargs['queryset'] = self.get_queryset()

  		




  78
  78
  
    
        return kwargs

  		




  79
  79
  
    

  		




  80
  
  
    
    def authorize(self, request, *args, **kwargs):

  		




  81
  
  
    
        super(RolesView, self).authorize(request, *args, **kwargs)

  		




  82
  
  
    
        self.can_add = bool(request.user.ous_with_perm('a2_rbac.add_role'))

  		




  83
  
  
    

  		




  84
  
  
    

  		




  85
  80
  
    
listing = RolesView.as_view()

  		




  86
  81
  
    

  		




  87
  82
  
    

  		












  

    
      src/authentic2/manager/templates/authentic2/manager/role_members.html
    
  





  53
  53
  
    
 {% include "authentic2/manager/export_include.html" with export_view_name="a2-manager-role-members-export" %}

  		




  54
  54
  
    

  		




  55
  55
  
    
 {% if view.can_change %}

  		




  56
  
  
    
   <form method="post" class="manager-m2m-add-form">

  		




  
  56
  
    
   <form method="post" class="manager-m2m-add-form" id="add-user">

  		




  57
  57
  
    
           {% csrf_token %}

  		




  58
  58
  
    
           {{ form }}

  		




  59
  59
  
    
           <button>{% trans "Add" %}</button>

  		












  

    
      src/authentic2/settings.py
    
  





  331
  331
  
    
    'change': ['view', 'search'],

  		




  332
  332
  
    
    'delete': ['view', 'search'],

  		




  333
  333
  
    
    'add': ['view', 'search'],

  		




  
  334
  
    
    'manage_members': ['change', 'view', 'search'],

  		




  334
  335
  
    
}

  		




  335
  336
  
    

  		




  336
  337
  
    
SILENCED_SYSTEM_CHECKS = ["auth.W004"]

  		












  

    
      tests/test_a2_rbac.py
    
  





  62
  62
  
    
    # There should be two more permissions the admin permission on the role

  		




  63
  63
  
    
    # and the admin permission on the admin role

  		




  64
  64
  
    
    admin_perm = Permission.objects.by_target(new_role) \

  		




  65
  
  
    
        .get(operation__slug='admin')

  		




  
  65
  
    
        .get(operation__slug='manage_members')

  		




  66
  66
  
    
    admin_role = Role.objects.get(

  		




  67
  67
  
    
        admin_scope_ct=ContentType.objects.get_for_model(admin_perm),

  		




  68
  68
  
    
        admin_scope_id=admin_perm.pk)

  		












  

    
      tests/test_manager.py
    
  





  896
  896
  
    

  		




  897
  897
  
    
    user = User.objects.get(id=simple_user.id)

  		




  898
  898
  
    
    assert not user.email_verified

  		




  
  899
  
    

  		




  
  900
  
    

  		




  
  901
  
    
def test_manager_role_admin_permissions(app, simple_user):

  		




  
  902
  
    
    administered_role = Role.objects.create(name='Coucou')

  		




  
  903
  
    
    admin_role = administered_role.get_admin_role()

  		




  
  904
  
    
    simple_user.roles.add(admin_role)

  		




  
  905
  
    
    login(app, simple_user, '/manage/')

  		




  
  906
  
    

  		




  
  907
  
    
    response = app.get('/manage/roles/%s/' % administered_role.pk)

  		




  
  908
  
    
    form = response.forms['add-user']

  		




  
  909
  
    
    form['user'].force_value(simple_user.pk)

  		




  
  910
  
    
    response = form.submit().follow()

  		




  
  911
  
    
    assert administered_role in simple_user.roles.all()

  		




  
  912
  
    

  		




  
  913
  
    
    response = app.get('/manage/roles/add/', status=403)

  		




  899
  
  
    
-