0001-wip.patch
src/authentic2/a2_rbac/migrations/0023_fix_self_admin_perm.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
# Generated by Django 1.11.18 on 2020-05-12 08:58 |
|
3 |
from __future__ import unicode_literals |
|
4 | ||
5 |
from django.db import migrations |
|
6 |
from django.db.utils import IntegrityError |
|
7 | ||
8 |
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP |
|
9 |
from django_rbac.models import CHANGE_OP |
|
10 | ||
11 | ||
12 |
def update_self_administration_perm(apps, schema_editor): |
|
13 |
Role = apps.get_model('a2_rbac', 'Role') |
|
14 |
Permission = apps.get_model('a2_rbac', 'Permission') |
|
15 |
Operation = apps.get_model('django_rbac', 'Operation') |
|
16 |
ContentType = apps.get_model('contenttypes', 'ContentType') |
|
17 |
op = Operation.objects.get(slug=CHANGE_OP.slug) # TODO text_type, get_or_create |
|
18 |
new_op = Operation.objects.get(slug=MANAGE_MEMBERS_OP.slug) # TODO text_type, get_or_create |
|
19 |
ct = ContentType.objects.get_for_model(Role) |
|
20 |
for role in Role.objects.all(): |
|
21 |
try: |
|
22 |
perm = role.permissions.get(operation=op, target_ct=ct, target_id=role.pk) |
|
23 |
except Permission.DoesNotExist: |
|
24 |
continue |
|
25 | ||
26 |
# check if new permission already exists |
|
27 |
new_perm = Permission.objects.filter(operation=new_op, target_ct=ct, target_id=role.pk).first() |
|
28 |
if new_perm: |
|
29 |
role.permissions.add(new_perm) |
|
30 |
role.permissions.remove(perm) |
|
31 |
continue |
|
32 | ||
33 |
perm.operation = new_op |
|
34 |
perm.save() |
|
35 | ||
36 | ||
37 |
class Migration(migrations.Migration): |
|
38 | ||
39 |
dependencies = [ |
|
40 |
('a2_rbac', '0022_auto_20200402_1101'), |
|
41 |
] |
|
42 | ||
43 |
operations = [ |
|
44 |
migrations.RunPython(update_self_administration_perm) |
|
45 |
] |
src/authentic2/a2_rbac/models.py | ||
---|---|---|
25 | 25 | |
26 | 26 |
from django_rbac.models import (RoleAbstractBase, PermissionAbstractBase, |
27 | 27 |
OrganizationalUnitAbstractBase, RoleParentingAbstractBase, VIEW_OP, |
28 |
CHANGE_OP, Operation)
|
|
28 |
Operation) |
|
29 | 29 |
from django_rbac import utils as rbac_utils |
30 | 30 | |
31 | 31 |
from authentic2.decorators import errorcollector |
... | ... | |
282 | 282 |
self.get_admin_role(create=False) |
283 | 283 |
return result |
284 | 284 | |
285 |
def has_self_administration(self, op=CHANGE_OP): |
|
285 |
def has_self_administration(self, op=None): |
|
286 |
if not op: |
|
287 |
op = MANAGE_MEMBERS_OP |
|
286 | 288 |
Permission = rbac_utils.get_permission_model() |
287 |
admin_op = rbac_utils.get_operation(op)
|
|
289 |
operation = rbac_utils.get_operation(op)
|
|
288 | 290 |
self_perm, created = Permission.objects.get_or_create( |
289 |
operation=admin_op,
|
|
291 |
operation=operation,
|
|
290 | 292 |
target_ct=ContentType.objects.get_for_model(self), |
291 | 293 |
target_id=self.pk) |
292 | 294 |
return self.permissions.filter(pk=self_perm.pk).exists() |
293 | 295 | |
294 |
def add_self_administration(self, op=CHANGE_OP):
|
|
296 |
def add_self_administration(self, op=None):
|
|
295 | 297 |
'Add permission to role so that it is self-administered' |
298 |
if not op: |
|
299 |
op = MANAGE_MEMBERS_OP |
|
296 | 300 |
Permission = rbac_utils.get_permission_model() |
297 |
admin_op = rbac_utils.get_operation(op)
|
|
301 |
operation = rbac_utils.get_operation(op)
|
|
298 | 302 |
self_perm, created = Permission.objects.get_or_create( |
299 |
operation=admin_op,
|
|
303 |
operation=operation,
|
|
300 | 304 |
target_ct=ContentType.objects.get_for_model(self), |
301 | 305 |
target_id=self.pk) |
302 | 306 |
self.permissions.through.objects.get_or_create(role=self, permission=self_perm) |
303 |
- |