0001-manager-display-parent-roles-OU-on-the-role-members-.patch
| src/authentic2/manager/role_views.py | ||
|---|---|---|
| 19 | 19 |
from django.core.exceptions import PermissionDenied |
| 20 | 20 |
from django.utils.translation import ugettext_lazy as _ |
| 21 | 21 |
from django.urls import reverse |
| 22 | 22 |
from django.views.generic import FormView, TemplateView |
| 23 | 23 |
from django.views.generic.detail import SingleObjectMixin |
| 24 | 24 |
from django.contrib import messages |
| 25 | 25 |
from django.contrib.contenttypes.models import ContentType |
| 26 | 26 |
from django.db.models.query import Q, Prefetch |
| 27 |
from django.db.models import Count |
|
| 27 |
from django.db.models import Count, F
|
|
| 28 | 28 |
from django.contrib.auth import get_user_model |
| 29 | 29 | |
| 30 | 30 |
from django_rbac.utils import get_role_model, get_permission_model, get_ou_model |
| 31 | 31 | |
| 32 | 32 |
from authentic2.utils import redirect |
| 33 | 33 |
from authentic2 import hooks, data_transfer |
| 34 | 34 | |
| 35 | 35 |
from . import tables, views, resources, forms, app_settings |
| ... | ... | |
| 190 | 190 |
if app_settings.ROLE_MEMBERS_FROM_OU: |
| 191 | 191 |
kwargs['ou'] = self.object.ou |
| 192 | 192 |
return kwargs |
| 193 | 193 | |
| 194 | 194 |
def get_context_data(self, **kwargs): |
| 195 | 195 |
ctx = super(RoleMembersView, self).get_context_data(**kwargs) |
| 196 | 196 |
ctx['children'] = views.filter_view(self.request, |
| 197 | 197 |
self.object.children(include_self=False, annotate=True)) |
| 198 |
ctx['parents'] = views.filter_view(self.request, self.object.parents(include_self=False, annotate=True)) |
|
| 198 |
ctx['parents'] = views.filter_view(self.request, self.object.parents( |
|
| 199 |
include_self=False, annotate=True).order_by(F('ou').asc(nulls_first=True)))
|
|
| 200 |
ctx['has_multiple_ou'] = get_ou_model().objects.count() > 1 |
|
| 199 | 201 |
ctx['admin_roles'] = views.filter_view(self.request, |
| 200 | 202 |
self.object.get_admin_role().children(include_self=False, |
| 201 | 203 |
annotate=True)) |
| 202 | 204 |
ctx['from_ldap'] = self._can_manage_members and not self.can_manage_members |
| 203 | 205 |
return ctx |
| 204 | 206 | |
| 205 | 207 |
members = RoleMembersView.as_view() |
| 206 | 208 | |
| src/authentic2/manager/templates/authentic2/manager/role_members.html | ||
|---|---|---|
| 112 | 112 |
<a rel="popup" href="{% url "a2-manager-role-add-child" pk=object.pk %}" class="role-add icon-add-sign"></a>
|
| 113 | 113 |
{% else %}
|
| 114 | 114 |
<a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
|
| 115 | 115 |
{% endif %}
|
| 116 | 116 |
</div> |
| 117 | 117 |
<div class="role-inheritance gadjo-folding"> |
| 118 | 118 |
{% trans "Parent roles:" %}
|
| 119 | 119 |
{% for parent in parents %}
|
| 120 |
<a class="role" href="{% url "a2-manager-role-members" pk=parent.pk %}">{{ parent }}</a>
|
|
| 120 |
<a class="role" href="{% url "a2-manager-role-members" pk=parent.pk %}">
|
|
| 121 |
{% if parent.ou and has_multiple_ou %}{{ parent.ou }} - {% endif %}{{ parent }}
|
|
| 122 |
</a> |
|
| 121 | 123 |
{% if parent.direct %}
|
| 122 | 124 |
{% if not object.is_internal %}
|
| 123 | 125 |
<a rel="popup" href="{% url "a2-manager-role-remove-parent" pk=object.pk parent_pk=parent.pk %}" class="role-remove icon-minus-sign"></a>
|
| 124 | 126 |
{% else %}
|
| 125 | 127 |
<a title="{% trans "This role is technical, you cannot modify its permissions." %}" class="disabled role-add icon-minus-sign"></a>
|
| 126 | 128 |
{% endif %}
|
| 127 | 129 |
{% else %}
|
| 128 | 130 |
<a title="{% trans "Indirect parent role" %}" class="disabled role-remove icon-minus-sign"></a>
|
| tests/test_manager.py | ||
|---|---|---|
| 1029 | 1029 |
# same request from the page served for admin |
| 1030 | 1030 |
select2_json = request_select2(app, response) |
| 1031 | 1031 |
# simple_user doesn't see all roles |
| 1032 | 1032 |
assert simple_role.pk == select2_json['results'][0]['id'] |
| 1033 | 1033 | |
| 1034 | 1034 |
# anymous user receive 404 |
| 1035 | 1035 |
app.session.flush() |
| 1036 | 1036 |
select2_json = request_select2(app, response, get_kwargs={'status': 404})
|
| 1037 | ||
| 1038 | ||
| 1039 |
def test_display_parent_roles_on_role_page(app, superuser, settings): |
|
| 1040 |
ou1 = get_default_ou() |
|
| 1041 |
ou1.name = ('ou1')
|
|
| 1042 |
ou1.save() |
|
| 1043 | ||
| 1044 |
child = Role.objects.create(name='child', slug='role', ou=ou1) |
|
| 1045 |
parent1 = Role.objects.create(name='parent1', slug='role1', ou=None) |
|
| 1046 |
parent2 = Role.objects.create(name='parent2', slug='role2', ou=ou1) |
|
| 1047 |
child.add_parent(parent1) |
|
| 1048 |
child.add_parent(parent2) |
|
| 1049 |
child.save() |
|
| 1050 | ||
| 1051 |
# do not display roles if we have a single OU |
|
| 1052 |
url = reverse('a2-manager-role-members', kwargs={'pk': child.pk})
|
|
| 1053 |
login(app, superuser) |
|
| 1054 |
response = app.get(url, status=200) |
|
| 1055 |
parent_roles_html = response.html.find_all('div', {'class': 'role-inheritance'})[3]
|
|
| 1056 |
assert 'Parent roles:' in parent_roles_html.text |
|
| 1057 |
assert [x.text.strip() for x in parent_roles_html.find_all('a', {'class': 'role'})] == \
|
|
| 1058 |
['parent1', 'parent2'] |
|
| 1059 | ||
| 1060 |
# display parent roles if we have multiple OUs |
|
| 1061 |
ou2 = OU.objects.create(name='ou2') |
|
| 1062 |
response = app.get(url, status=200) |
|
| 1063 |
parent_roles_html = response.html.find_all('div', {'class': 'role-inheritance'})[3]
|
|
| 1064 |
assert 'Parent roles:' in parent_roles_html.text |
|
| 1065 |
assert [x.text.strip() for x in parent_roles_html.find_all('a', {'class': 'role'})] == \
|
|
| 1066 |
['parent1', 'ou1 - parent2'] |
|
| 1067 | ||
| 1068 |
# display parent roles sorted by OU |
|
| 1069 |
parent3 = Role.objects.create(name='parent3', slug='role3', ou=ou2) |
|
| 1070 |
child.add_parent(parent3) |
|
| 1071 |
parent4 = Role.objects.create(name='parent4', slug='role4', ou=ou1) |
|
| 1072 |
child.add_parent(parent4) |
|
| 1073 |
child.save() |
|
| 1074 |
response = app.get(url, status=200) |
|
| 1075 |
parent_roles_html = response.html.find_all('div', {'class': 'role-inheritance'})[3]
|
|
| 1076 |
assert 'Parent roles:' in parent_roles_html.text |
|
| 1077 |
assert [x.text.strip() for x in parent_roles_html.find_all('a', {'class': 'role'})] == \
|
|
| 1078 |
['parent1', 'ou1 - parent2', 'ou1 - parent4', 'ou2 - parent3'] |
|
| 1037 |
- |
|