0001-a2_rbac-do-not-break-unicity-when-get-or-creating-ad.patch
src/authentic2/a2_rbac/management.py | ||
---|---|---|
155 | 155 |
new_perm = admin_role.permissions.get(operation__slug=MANAGE_MEMBERS_OP.slug) |
156 | 156 |
admin_role.delete() |
157 | 157 |
role.admin_scope_id = new_perm.pk |
158 |
role.save() |
|
158 |
role.save(update_fields=['admin_scope_id'])
|
|
159 | 159 |
role.permissions.remove(old_perm) |
160 | 160 |
role.permissions.add(new_perm) |
161 |
assert role.pk == administered_role.get_admin_role().pk |
|
161 |
assert role.pk == administered_role.get_admin_role(create=False).pk |
src/authentic2/a2_rbac/managers.py | ||
---|---|---|
86 | 86 |
else: |
87 | 87 |
kwargs['ou__isnull'] = True |
88 | 88 |
if create: |
89 |
defaults = {'name': name, 'slug': slug} |
|
90 |
if 'ou' in kwargs: |
|
91 |
defaults['ou'] = kwargs.pop('ou') |
|
89 | 92 |
role, created = self.prefetch_related('permissions').get_or_create( |
90 | 93 |
admin_scope_ct=ct, |
91 | 94 |
admin_scope_id=instance.pk, |
92 |
defaults={ |
|
93 |
'name': name, |
|
94 |
'slug': slug, |
|
95 |
}, |
|
95 |
defaults=defaults, |
|
96 | 96 |
**kwargs) |
97 | 97 |
else: |
98 | 98 |
try: |
src/authentic2/a2_rbac/models.py | ||
---|---|---|
143 | 143 |
raise ValidationError(_('Deletion alert delay must be less than actual deletion delay.')) |
144 | 144 |
super(OrganizationalUnit, self).clean() |
145 | 145 | |
146 |
def get_admin_role(self): |
|
146 |
def get_admin_role(self, create=True):
|
|
147 | 147 |
'''Get or create the generic admin role for this organizational |
148 | 148 |
unit. |
149 | 149 |
''' |
... | ... | |
151 | 151 |
slug = '_a2-managers-of-{ou.slug}'.format(ou=self) |
152 | 152 |
return Role.objects.get_admin_role( |
153 | 153 |
instance=self, name=name, slug=slug, operation=VIEW_OP, |
154 |
update_name=True, update_slug=True) |
|
154 |
update_name=True, update_slug=True, create=create)
|
|
155 | 155 | |
156 | 156 |
def delete(self, *args, **kwargs): |
157 | 157 |
Permission.objects.filter(ou=self).delete() |
158 |
- |