0002-a2_rbac-add-manage-members-permission-for-role-admin.patch
src/authentic2/a2_rbac/models.py | ||
---|---|---|
221 | 221 |
self_administered=True, |
222 | 222 |
update_name=True, |
223 | 223 |
update_slug=True, |
224 |
create=create) |
|
224 |
create=create, |
|
225 |
operation=MANAGE_MEMBERS_OP) |
|
225 | 226 |
return admin_role |
226 | 227 | |
227 | 228 |
def validate_unique(self, exclude=None): |
... | ... | |
393 | 394 |
RESET_PASSWORD_OP = Operation(name=_('Reset password'), slug='reset_password') |
394 | 395 |
ACTIVATE_OP = Operation(name=_('Activate'), slug='activate') |
395 | 396 |
CHANGE_EMAIL_OP = Operation(name=_('Change email'), slug='change_email') |
397 |
MANAGE_MEMBERS_OP = Operation(name=_('Manage role members'), slug='manage_members') |
src/authentic2/a2_rbac/signal_handlers.py | ||
---|---|---|
86 | 86 | |
87 | 87 |
def create_default_permissions(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, |
88 | 88 |
**kwargs): |
89 |
from .models import CHANGE_PASSWORD_OP, RESET_PASSWORD_OP, ACTIVATE_OP, CHANGE_EMAIL_OP |
|
89 |
from .models import (CHANGE_PASSWORD_OP, RESET_PASSWORD_OP, ACTIVATE_OP, CHANGE_EMAIL_OP, |
|
90 |
MANAGE_MEMBERS_OP) |
|
90 | 91 | |
91 | 92 |
if not router.allow_migrate(using, get_ou_model()): |
92 | 93 |
return |
... | ... | |
96 | 97 |
get_operation(RESET_PASSWORD_OP) |
97 | 98 |
get_operation(ACTIVATE_OP) |
98 | 99 |
get_operation(CHANGE_EMAIL_OP) |
100 |
get_operation(MANAGE_MEMBERS_OP) |
src/authentic2/settings.py | ||
---|---|---|
327 | 327 |
'reset_password': ['view', 'search'], |
328 | 328 |
'activate': ['view', 'search'], |
329 | 329 |
'admin': ['change', 'delete', 'add', 'view', 'change_password', 'reset_password', 'activate', |
330 |
'search', 'change_email'], |
|
331 |
'change': ['view', 'search'], |
|
330 |
'search', 'change_email', 'manage_members'],
|
|
331 |
'change': ['view', 'search', 'manage_members'],
|
|
332 | 332 |
'delete': ['view', 'search'], |
333 | 333 |
'add': ['view', 'search'], |
334 |
'manage_members': ['view', 'search'], |
|
334 | 335 |
} |
335 | 336 | |
336 | 337 |
SILENCED_SYSTEM_CHECKS = ["auth.W004"] |
tests/test_a2_rbac.py | ||
---|---|---|
62 | 62 |
# There should be two more permissions the admin permission on the role |
63 | 63 |
# and the admin permission on the admin role |
64 | 64 |
admin_perm = Permission.objects.by_target(new_role) \ |
65 |
.get(operation__slug='admin')
|
|
65 |
.get(operation__slug='manage_members')
|
|
66 | 66 |
admin_role = Role.objects.get( |
67 | 67 |
admin_scope_ct=ContentType.objects.get_for_model(admin_perm), |
68 | 68 |
admin_scope_id=admin_perm.pk) |
69 |
- |