0001-wip.patch
| src/authentic2/a2_rbac/migrations/0023_fix_self_admin_perm.py | ||
|---|---|---|
| 1 |
# -*- coding: utf-8 -*- |
|
| 2 |
# Generated by Django 1.11.18 on 2020-05-12 08:58 |
|
| 3 |
from __future__ import unicode_literals |
|
| 4 | ||
| 5 |
from django.db import migrations |
|
| 6 |
from django.db.utils import IntegrityError |
|
| 7 | ||
| 8 |
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP |
|
| 9 |
from django_rbac.models import CHANGE_OP |
|
| 10 | ||
| 11 | ||
| 12 |
def update_self_administration_perm(apps, schema_editor): |
|
| 13 |
Role = apps.get_model('a2_rbac', 'Role')
|
|
| 14 |
Permission = apps.get_model('a2_rbac', 'Permission')
|
|
| 15 |
Operation = apps.get_model('django_rbac', 'Operation')
|
|
| 16 |
ContentType = apps.get_model('contenttypes', 'ContentType')
|
|
| 17 |
op = Operation.objects.get(slug=CHANGE_OP.slug) # TODO text_type, get_or_create |
|
| 18 |
new_op = Operation.objects.get(slug=MANAGE_MEMBERS_OP.slug) # TODO text_type, get_or_create |
|
| 19 |
ct = ContentType.objects.get_for_model(Role) |
|
| 20 |
for role in Role.objects.all(): |
|
| 21 |
try: |
|
| 22 |
perm = role.permissions.get(operation=op, target_ct=ct, target_id=role.pk) |
|
| 23 |
except Permission.DoesNotExist: |
|
| 24 |
continue |
|
| 25 | ||
| 26 |
# check if new permission already exists |
|
| 27 |
new_perm = Permission.objects.filter(operation=new_op, target_ct=ct, target_id=role.pk).first() |
|
| 28 |
if new_perm: |
|
| 29 |
role.permissions.add(new_perm) |
|
| 30 |
role.permissions.remove(perm) |
|
| 31 |
continue |
|
| 32 | ||
| 33 |
perm.operation = new_op |
|
| 34 |
perm.save() |
|
| 35 | ||
| 36 | ||
| 37 |
class Migration(migrations.Migration): |
|
| 38 | ||
| 39 |
dependencies = [ |
|
| 40 |
('a2_rbac', '0022_auto_20200402_1101'),
|
|
| 41 |
] |
|
| 42 | ||
| 43 |
operations = [ |
|
| 44 |
migrations.RunPython(update_self_administration_perm) |
|
| 45 |
] |
|
| src/authentic2/a2_rbac/models.py | ||
|---|---|---|
| 25 | 25 | |
| 26 | 26 |
from django_rbac.models import (RoleAbstractBase, PermissionAbstractBase, |
| 27 | 27 |
OrganizationalUnitAbstractBase, RoleParentingAbstractBase, VIEW_OP, |
| 28 |
CHANGE_OP, Operation)
|
|
| 28 |
Operation) |
|
| 29 | 29 |
from django_rbac import utils as rbac_utils |
| 30 | 30 | |
| 31 | 31 |
from authentic2.decorators import errorcollector |
| ... | ... | |
| 282 | 282 |
self.get_admin_role(create=False) |
| 283 | 283 |
return result |
| 284 | 284 | |
| 285 |
def has_self_administration(self, op=CHANGE_OP): |
|
| 285 |
def has_self_administration(self, op=None): |
|
| 286 |
if not op: |
|
| 287 |
op = MANAGE_MEMBERS_OP |
|
| 286 | 288 |
Permission = rbac_utils.get_permission_model() |
| 287 |
admin_op = rbac_utils.get_operation(op)
|
|
| 289 |
operation = rbac_utils.get_operation(op)
|
|
| 288 | 290 |
self_perm, created = Permission.objects.get_or_create( |
| 289 |
operation=admin_op,
|
|
| 291 |
operation=operation,
|
|
| 290 | 292 |
target_ct=ContentType.objects.get_for_model(self), |
| 291 | 293 |
target_id=self.pk) |
| 292 | 294 |
return self.permissions.filter(pk=self_perm.pk).exists() |
| 293 | 295 | |
| 294 |
def add_self_administration(self, op=CHANGE_OP):
|
|
| 296 |
def add_self_administration(self, op=None):
|
|
| 295 | 297 |
'Add permission to role so that it is self-administered' |
| 298 |
if not op: |
|
| 299 |
op = MANAGE_MEMBERS_OP |
|
| 296 | 300 |
Permission = rbac_utils.get_permission_model() |
| 297 |
admin_op = rbac_utils.get_operation(op)
|
|
| 301 |
operation = rbac_utils.get_operation(op)
|
|
| 298 | 302 |
self_perm, created = Permission.objects.get_or_create( |
| 299 |
operation=admin_op,
|
|
| 303 |
operation=operation,
|
|
| 300 | 304 |
target_ct=ContentType.objects.get_for_model(self), |
| 301 | 305 |
target_id=self.pk) |
| 302 | 306 |
self.permissions.through.objects.get_or_create(role=self, permission=self_perm) |
| 303 |
- |
|