Projet

Général

Profil

0001-a2_rbac-do-not-break-unicity-when-get-or-creating-ad.patch

Paul Marillonnet, 28 avril 2020 14:05

Télécharger (3,03 ko)

Voir les différences: 

Subject: [PATCH] a2_rbac: do not break unicity when get-or-creating admin role
 (#42178)


 src/authentic2/a2_rbac/management.py | 4 ++--
 src/authentic2/a2_rbac/managers.py   | 8 ++++----
 src/authentic2/a2_rbac/models.py     | 4 ++--
 3 files changed, 8 insertions(+), 8 deletions(-)
src/authentic2/a2_rbac/management.py
155 155 
        new_perm = admin_role.permissions.get(operation__slug=MANAGE_MEMBERS_OP.slug)
156 156 
        admin_role.delete()
157 157 
        role.admin_scope_id = new_perm.pk
158 
        role.save()
158 
        role.save(update_fields=['admin_scope_id'])
159 159 
        role.permissions.remove(old_perm)
160 160 
        role.permissions.add(new_perm)
161 
        assert role.pk == administered_role.get_admin_role().pk
161 
        assert role.pk == administered_role.get_admin_role(create=False).pk
src/authentic2/a2_rbac/managers.py
86 86 
        else:
87 87 
            kwargs['ou__isnull'] = True
88 88 
        if create:
89 
            defaults = {'name': name, 'slug': slug}
90 
            if 'ou' in kwargs:
91 
                defaults['ou'] = kwargs.pop('ou')
89 92 
            role, created = self.prefetch_related('permissions').get_or_create(
90 93 
                admin_scope_ct=ct,
91 94 
                admin_scope_id=instance.pk,
92 
                defaults={
93 
                    'name': name,
94 
                    'slug': slug,
95 
                },
95 
                defaults=defaults,
96 96 
                **kwargs)
97 97 
        else:
98 98 
            try:
src/authentic2/a2_rbac/models.py
143 143 
            raise ValidationError(_('Deletion alert delay must be less than actual deletion delay.'))
144 144 
        super(OrganizationalUnit, self).clean()
145 145 

  		




  146
  
  
    
    def get_admin_role(self):

  		




  
  146
  
    
    def get_admin_role(self, create=True):

  		




  147
  147
  
    
        '''Get or create the generic admin role for this organizational

  		




  148
  148
  
    
           unit.

  		




  149
  149
  
    
        '''

  		




  ......




  151
  151
  
    
        slug = '_a2-managers-of-{ou.slug}'.format(ou=self)

  		




  152
  152
  
    
        return Role.objects.get_admin_role(

  		




  153
  153
  
    
            instance=self, name=name, slug=slug, operation=VIEW_OP,

  		




  154
  
  
    
            update_name=True, update_slug=True)

  		




  
  154
  
    
            update_name=True, update_slug=True, create=create)

  		




  155
  155
  
    

  		




  156
  156
  
    
    def delete(self, *args, **kwargs):

  		




  157
  157
  
    
        Permission.objects.filter(ou=self).delete()

  		




  158
  
  
    
-