Projet

Général

Profil

0002-a2_rbac-add-manage-members-permission-for-role-admin.patch

Valentin Deniaud, 20 avril 2020 17:33

Télécharger (3,73 ko)

Voir les différences: 

Subject: [PATCH 2/4] a2_rbac: add manage members permission for role admins
 (#20513)


 src/authentic2/a2_rbac/models.py          | 4 +++-
 src/authentic2/a2_rbac/signal_handlers.py | 4 +++-
 src/authentic2/settings.py                | 5 +++--
 tests/test_a2_rbac.py                     | 2 +-
 4 files changed, 10 insertions(+), 5 deletions(-)
src/authentic2/a2_rbac/models.py
243 243 
            self_administered=True,
244 244 
            update_name=True,
245 245 
            update_slug=True,
246 
            create=create)
246 
            create=create,
247 
            operation=MANAGE_MEMBERS_OP)
247 248 
        return admin_role
248 249 

  		




  249
  250
  
    
    def validate_unique(self, exclude=None):

  		




  ......




  415
  416
  
    
RESET_PASSWORD_OP = Operation(name=_('Reset password'), slug='reset_password')

  		




  416
  417
  
    
ACTIVATE_OP = Operation(name=_('Activate'), slug='activate')

  		




  417
  418
  
    
CHANGE_EMAIL_OP = Operation(name=_('Change email'), slug='change_email')

  		




  
  419
  
    
MANAGE_MEMBERS_OP = Operation(name=_('Manage role members'), slug='manage_members')

  		












  

    
      src/authentic2/a2_rbac/signal_handlers.py
    
  





  86
  86
  
    

  		




  87
  87
  
    
def create_default_permissions(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS,

  		




  88
  88
  
    
                               **kwargs):

  		




  89
  
  
    
    from .models import CHANGE_PASSWORD_OP, RESET_PASSWORD_OP, ACTIVATE_OP, CHANGE_EMAIL_OP

  		




  
  89
  
    
    from .models import (CHANGE_PASSWORD_OP, RESET_PASSWORD_OP, ACTIVATE_OP, CHANGE_EMAIL_OP,

  		




  
  90
  
    
                         MANAGE_MEMBERS_OP)

  		




  90
  91
  
    

  		




  91
  92
  
    
    if not router.allow_migrate(using, get_ou_model()):

  		




  92
  93
  
    
        return

  		




  ......




  96
  97
  
    
        get_operation(RESET_PASSWORD_OP)

  		




  97
  98
  
    
        get_operation(ACTIVATE_OP)

  		




  98
  99
  
    
        get_operation(CHANGE_EMAIL_OP)

  		




  
  100
  
    
        get_operation(MANAGE_MEMBERS_OP)

  		












  

    
      src/authentic2/settings.py
    
  





  328
  328
  
    
    'reset_password': ['view', 'search'],

  		




  329
  329
  
    
    'activate': ['view', 'search'],

  		




  330
  330
  
    
    'admin': ['change', 'delete', 'add', 'view', 'change_password', 'reset_password', 'activate',

  		




  331
  
  
    
              'search', 'change_email'],

  		




  332
  
  
    
    'change': ['view', 'search'],

  		




  
  331
  
    
              'search', 'change_email', 'manage_members'],

  		




  
  332
  
    
    'change': ['view', 'search', 'manage_members'],

  		




  333
  333
  
    
    'delete': ['view', 'search'],

  		




  334
  334
  
    
    'add': ['view', 'search'],

  		




  
  335
  
    
    'manage_members': ['view', 'search'],

  		




  335
  336
  
    
}

  		




  336
  337
  
    

  		




  337
  338
  
    
SILENCED_SYSTEM_CHECKS = ["auth.W004"]

  		












  

    
      tests/test_a2_rbac.py
    
  





  62
  62
  
    
    # There should be two more permissions the admin permission on the role

  		




  63
  63
  
    
    # and the admin permission on the admin role

  		




  64
  64
  
    
    admin_perm = Permission.objects.by_target(new_role) \

  		




  65
  
  
    
        .get(operation__slug='admin')

  		




  
  65
  
    
        .get(operation__slug='manage_members')

  		




  66
  66
  
    
    admin_role = Role.objects.get(

  		




  67
  67
  
    
        admin_scope_ct=ContentType.objects.get_for_model(admin_perm),

  		




  68
  68
  
    
        admin_scope_id=admin_perm.pk)

  		




  69
  
  
    
-