0002-a2_rbac-add-manage-members-permission-for-role-admin.patch
src/authentic2/a2_rbac/models.py | ||
---|---|---|
243 | 243 |
self_administered=True, |
244 | 244 |
update_name=True, |
245 | 245 |
update_slug=True, |
246 |
create=create) |
|
246 |
create=create, |
|
247 |
operation=MANAGE_MEMBERS_OP) |
|
247 | 248 |
return admin_role |
248 | 249 | |
249 | 250 |
def validate_unique(self, exclude=None): |
... | ... | |
415 | 416 |
RESET_PASSWORD_OP = Operation(name=_('Reset password'), slug='reset_password') |
416 | 417 |
ACTIVATE_OP = Operation(name=_('Activate'), slug='activate') |
417 | 418 |
CHANGE_EMAIL_OP = Operation(name=_('Change email'), slug='change_email') |
419 |
MANAGE_MEMBERS_OP = Operation(name=_('Manage role members'), slug='manage_members') |
src/authentic2/a2_rbac/signal_handlers.py | ||
---|---|---|
86 | 86 | |
87 | 87 |
def create_default_permissions(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, |
88 | 88 |
**kwargs): |
89 |
from .models import CHANGE_PASSWORD_OP, RESET_PASSWORD_OP, ACTIVATE_OP, CHANGE_EMAIL_OP |
|
89 |
from .models import (CHANGE_PASSWORD_OP, RESET_PASSWORD_OP, ACTIVATE_OP, CHANGE_EMAIL_OP, |
|
90 |
MANAGE_MEMBERS_OP) |
|
90 | 91 | |
91 | 92 |
if not router.allow_migrate(using, get_ou_model()): |
92 | 93 |
return |
... | ... | |
96 | 97 |
get_operation(RESET_PASSWORD_OP) |
97 | 98 |
get_operation(ACTIVATE_OP) |
98 | 99 |
get_operation(CHANGE_EMAIL_OP) |
100 |
get_operation(MANAGE_MEMBERS_OP) |
src/authentic2/settings.py | ||
---|---|---|
328 | 328 |
'reset_password': ['view', 'search'], |
329 | 329 |
'activate': ['view', 'search'], |
330 | 330 |
'admin': ['change', 'delete', 'add', 'view', 'change_password', 'reset_password', 'activate', |
331 |
'search', 'change_email'], |
|
332 |
'change': ['view', 'search'], |
|
331 |
'search', 'change_email', 'manage_members'],
|
|
332 |
'change': ['view', 'search', 'manage_members'],
|
|
333 | 333 |
'delete': ['view', 'search'], |
334 | 334 |
'add': ['view', 'search'], |
335 |
'manage_members': ['view', 'search'], |
|
335 | 336 |
} |
336 | 337 | |
337 | 338 |
SILENCED_SYSTEM_CHECKS = ["auth.W004"] |
tests/test_a2_rbac.py | ||
---|---|---|
62 | 62 |
# There should be two more permissions the admin permission on the role |
63 | 63 |
# and the admin permission on the admin role |
64 | 64 |
admin_perm = Permission.objects.by_target(new_role) \ |
65 |
.get(operation__slug='admin')
|
|
65 |
.get(operation__slug='manage_members')
|
|
66 | 66 |
admin_role = Role.objects.get( |
67 | 67 |
admin_scope_ct=ContentType.objects.get_for_model(admin_perm), |
68 | 68 |
admin_scope_id=admin_perm.pk) |
69 |
- |