0003-a2_rbac-update-role-admins-using-post_migrate-signal.patch
src/authentic2/a2_rbac/apps.py | ||
---|---|---|
50 | 50 |
post_migrate.connect( |
51 | 51 |
signal_handlers.post_migrate_update_rbac, |
52 | 52 |
sender=self) |
53 |
post_migrate.connect( |
|
54 |
signal_handlers.post_migrate_update_role_admins, |
|
55 |
sender=self) |
src/authentic2/a2_rbac/management.py | ||
---|---|---|
19 | 19 |
from django.utils.text import slugify |
20 | 20 |
from django.contrib.contenttypes.models import ContentType |
21 | 21 | |
22 |
from django_rbac.models import ADMIN_OP |
|
22 | 23 |
from django_rbac.utils import get_role_model, get_ou_model |
23 | 24 | |
24 | 25 |
from ..utils import get_fk_model |
25 | 26 |
from . import utils, app_settings |
27 |
from .models import MANAGE_MEMBERS_OP |
|
26 | 28 | |
27 | 29 | |
28 | 30 |
def update_ou_admin_roles(ou): |
... | ... | |
141 | 143 |
ct_admin_role.permissions.add(view_user_perm) |
142 | 144 |
ct_admin_role.permissions.add(search_ou_perm) |
143 | 145 |
ct_admin_role.add_child(admin_role) |
146 | ||
147 | ||
148 |
def update_user_admin_roles_permission(): |
|
149 |
roles = get_role_model().objects.filter(slug__startswith='_a2-managers-of-role', |
|
150 |
permissions__operation__slug=ADMIN_OP.slug) |
|
151 |
for role in roles: |
|
152 |
old_perm = role.permissions.get(operation__slug=ADMIN_OP.slug) |
|
153 |
administered_role = old_perm.target |
|
154 |
admin_role = administered_role.get_admin_role() |
|
155 |
new_perm = admin_role.permissions.get(operation__slug=MANAGE_MEMBERS_OP.slug) |
|
156 |
role.permissions.remove(old_perm) |
|
157 |
role.permissions.add(new_perm) |
src/authentic2/a2_rbac/signal_handlers.py | ||
---|---|---|
98 | 98 |
get_operation(ACTIVATE_OP) |
99 | 99 |
get_operation(CHANGE_EMAIL_OP) |
100 | 100 |
get_operation(MANAGE_MEMBERS_OP) |
101 | ||
102 | ||
103 |
def post_migrate_update_role_admins(app_config, verbosity=2, interactive=True, |
|
104 |
using=DEFAULT_DB_ALIAS, **kwargs): |
|
105 |
from .management import update_user_admin_roles_permission |
|
106 |
update_user_admin_roles_permission() |
tests/test_a2_rbac.py | ||
---|---|---|
28 | 28 |
from django.core.management import call_command |
29 | 29 | |
30 | 30 |
from authentic2.a2_rbac.models import Role, OrganizationalUnit as OU, RoleAttribute |
31 |
from authentic2.a2_rbac.utils import get_default_ou |
|
31 |
from authentic2.a2_rbac.utils import get_default_ou, get_view_user_perm
|
|
32 | 32 |
from authentic2.a2_rbac.models import ( |
33 | 33 |
Role, |
34 | 34 |
Permission, |
... | ... | |
493 | 493 | |
494 | 494 |
# 5 global roles and 4 ou roles for both ous |
495 | 495 |
assert Role.objects.count() == 5 + 4 + 4 |
496 | ||
497 | ||
498 |
def test_update_role_admins_perm(transactional_db, simple_user): |
|
499 |
from django.core.management.sql import emit_post_migrate_signal |
|
500 | ||
501 |
role = Role.objects.create(name='hop') |
|
502 |
old_admin_role = Role.objects.get_admin_role( |
|
503 |
role, ou=role.ou, |
|
504 |
name='Managers of role "{role}"'.format( |
|
505 |
role=role), |
|
506 |
slug='_a2-managers-of-role-{role}'.format( |
|
507 |
role=role), |
|
508 |
permissions=(get_view_user_perm(),), |
|
509 |
self_administered=True, |
|
510 |
update_name=True, |
|
511 |
update_slug=True, |
|
512 |
create=True) |
|
513 |
simple_user.roles.add(old_admin_role) |
|
514 | ||
515 |
emit_post_migrate_signal(verbosity=0, interactive=False, db='default', created_models=[]) |
|
516 |
assert simple_user.get_all_permissions(role) == \ |
|
517 |
{'a2_rbac.manage_members_role', 'a2_rbac.search_role', 'a2_rbac.view_role'} |
|
496 |
- |