Projet

Général

Profil

0001-a2_rbac-do-not-break-unicity-when-get-or-creating-ad.patch

Paul Marillonnet, 28 avril 2020 14:33

Télécharger (3,65 ko)

Voir les différences: 

Subject: [PATCH] a2_rbac: do not break unicity when get-or-creating admin role
 (#42178)


 src/authentic2/a2_rbac/management.py |  4 ++--
 src/authentic2/a2_rbac/managers.py   | 20 ++++++++------------
 src/authentic2/a2_rbac/models.py     |  4 ++--
 3 files changed, 12 insertions(+), 16 deletions(-)
src/authentic2/a2_rbac/management.py
155 155 
        new_perm = admin_role.permissions.get(operation__slug=MANAGE_MEMBERS_OP.slug)
156 156 
        admin_role.delete()
157 157 
        role.admin_scope_id = new_perm.pk
158 
        role.save()
158 
        role.save(update_fields=['admin_scope_id'])
159 159 
        role.permissions.remove(old_perm)
160 160 
        role.permissions.add(new_perm)
161 
        assert role.pk == administered_role.get_admin_role().pk
161 
        assert role.pk == administered_role.get_admin_role(create=False).pk
src/authentic2/a2_rbac/managers.py
80 80 
           permission.
81 81 
        '''
82 82 
        ct = ContentType.objects.get_for_model(instance)
83 
        kwargs = {}
84 
        if ou or getattr(instance, 'ou', None):
85 
            kwargs['ou'] = ou or instance.ou
86 
        else:
87 
            kwargs['ou__isnull'] = True
88 83 
        if create:
84 
            defaults = {
85 
                'name': name,
86 
                'slug': slug
87 
            }
88 
            if ou or getattr(instance, 'ou', None):
89 
                defaults['ou'] = ou or instance.ou
89 90 
            role, created = self.prefetch_related('permissions').get_or_create(
90 91 
                admin_scope_ct=ct,
91 92 
                admin_scope_id=instance.pk,
92 
                defaults={
93 
                    'name': name,
94 
                    'slug': slug,
95 
                },
96 
                **kwargs)
93 
                defaults=defaults)
97 94 
        else:
98 95 
            try:
99 96 
                role = self.prefetch_related('permissions').get(
100 97 
                    admin_scope_ct=ct,
101 
                    admin_scope_id=instance.pk,
102 
                    **kwargs)
98 
                    admin_scope_id=instance.pk)
103 99 
            except self.model.DoesNotExist:
104 100 
                return None
105 101 
            created = False
src/authentic2/a2_rbac/models.py
143 143 
            raise ValidationError(_('Deletion alert delay must be less than actual deletion delay.'))
144 144 
        super(OrganizationalUnit, self).clean()
145 145 

  		




  146
  
  
    
    def get_admin_role(self):

  		




  
  146
  
    
    def get_admin_role(self, create=True):

  		




  147
  147
  
    
        '''Get or create the generic admin role for this organizational

  		




  148
  148
  
    
           unit.

  		




  149
  149
  
    
        '''

  		




  ......




  151
  151
  
    
        slug = '_a2-managers-of-{ou.slug}'.format(ou=self)

  		




  152
  152
  
    
        return Role.objects.get_admin_role(

  		




  153
  153
  
    
            instance=self, name=name, slug=slug, operation=VIEW_OP,

  		




  154
  
  
    
            update_name=True, update_slug=True)

  		




  
  154
  
    
            update_name=True, update_slug=True, create=create)

  		




  155
  155
  
    

  		




  156
  156
  
    
    def delete(self, *args, **kwargs):

  		




  157
  157
  
    
        Permission.objects.filter(ou=self).delete()

  		




  158
  
  
    
-