0001-manager-display-parent-roles-OU-on-the-role-members-.patch
src/authentic2/manager/role_views.py | ||
---|---|---|
19 | 19 |
from django.core.exceptions import PermissionDenied |
20 | 20 |
from django.utils.translation import ugettext_lazy as _ |
21 | 21 |
from django.urls import reverse |
22 | 22 |
from django.views.generic import FormView, TemplateView |
23 | 23 |
from django.views.generic.detail import SingleObjectMixin |
24 | 24 |
from django.contrib import messages |
25 | 25 |
from django.contrib.contenttypes.models import ContentType |
26 | 26 |
from django.db.models.query import Q, Prefetch |
27 |
from django.db.models import Count |
|
27 |
from django.db.models import Count, F
|
|
28 | 28 |
from django.contrib.auth import get_user_model |
29 | 29 | |
30 | 30 |
from django_rbac.utils import get_role_model, get_permission_model, get_ou_model |
31 | 31 | |
32 | 32 |
from authentic2.utils import redirect |
33 | 33 |
from authentic2 import hooks, data_transfer |
34 | 34 | |
35 | 35 |
from . import tables, views, resources, forms, app_settings |
... | ... | |
190 | 190 |
if app_settings.ROLE_MEMBERS_FROM_OU: |
191 | 191 |
kwargs['ou'] = self.object.ou |
192 | 192 |
return kwargs |
193 | 193 | |
194 | 194 |
def get_context_data(self, **kwargs): |
195 | 195 |
ctx = super(RoleMembersView, self).get_context_data(**kwargs) |
196 | 196 |
ctx['children'] = views.filter_view(self.request, |
197 | 197 |
self.object.children(include_self=False, annotate=True)) |
198 |
ctx['parents'] = views.filter_view(self.request, self.object.parents(include_self=False, annotate=True)) |
|
198 |
ctx['parents'] = views.filter_view(self.request, self.object.parents( |
|
199 |
include_self=False, annotate=True).order_by(F('ou').asc(nulls_first=True))) |
|
200 |
ctx['has_multiple_ou'] = get_ou_model().objects.count() > 1 |
|
199 | 201 |
ctx['admin_roles'] = views.filter_view(self.request, |
200 | 202 |
self.object.get_admin_role().children(include_self=False, |
201 | 203 |
annotate=True)) |
202 | 204 |
ctx['from_ldap'] = self._can_manage_members and not self.can_manage_members |
203 | 205 |
return ctx |
204 | 206 | |
205 | 207 |
members = RoleMembersView.as_view() |
206 | 208 |
src/authentic2/manager/templates/authentic2/manager/role_members.html | ||
---|---|---|
112 | 112 |
<a rel="popup" href="{% url "a2-manager-role-add-child" pk=object.pk %}" class="role-add icon-add-sign"></a> |
113 | 113 |
{% else %} |
114 | 114 |
<a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a> |
115 | 115 |
{% endif %} |
116 | 116 |
</div> |
117 | 117 |
<div class="role-inheritance gadjo-folding"> |
118 | 118 |
{% trans "Parent roles:" %} |
119 | 119 |
{% for parent in parents %} |
120 |
<a class="role" href="{% url "a2-manager-role-members" pk=parent.pk %}">{{ parent }}</a> |
|
120 |
<a class="role" href="{% url "a2-manager-role-members" pk=parent.pk %}"> |
|
121 |
{% if parent.ou and has_multiple_ou %}{{ parent.ou }} - {% endif %}{{ parent }} |
|
122 |
</a> |
|
121 | 123 |
{% if parent.direct %} |
122 | 124 |
{% if not object.is_internal %} |
123 | 125 |
<a rel="popup" href="{% url "a2-manager-role-remove-parent" pk=object.pk parent_pk=parent.pk %}" class="role-remove icon-minus-sign"></a> |
124 | 126 |
{% else %} |
125 | 127 |
<a title="{% trans "This role is technical, you cannot modify its permissions." %}" class="disabled role-add icon-minus-sign"></a> |
126 | 128 |
{% endif %} |
127 | 129 |
{% else %} |
128 | 130 |
<a title="{% trans "Indirect parent role" %}" class="disabled role-remove icon-minus-sign"></a> |
tests/test_manager.py | ||
---|---|---|
1029 | 1029 |
# same request from the page served for admin |
1030 | 1030 |
select2_json = request_select2(app, response) |
1031 | 1031 |
# simple_user doesn't see all roles |
1032 | 1032 |
assert simple_role.pk == select2_json['results'][0]['id'] |
1033 | 1033 | |
1034 | 1034 |
# anymous user receive 404 |
1035 | 1035 |
app.session.flush() |
1036 | 1036 |
select2_json = request_select2(app, response, get_kwargs={'status': 404}) |
1037 | ||
1038 | ||
1039 |
def test_display_parent_roles_on_role_page(app, superuser, settings): |
|
1040 |
ou1 = get_default_ou() |
|
1041 |
ou1.name = ('ou1') |
|
1042 |
ou1.save() |
|
1043 | ||
1044 |
child = Role.objects.create(name='child', slug='role', ou=ou1) |
|
1045 |
parent1 = Role.objects.create(name='parent1', slug='role1', ou=None) |
|
1046 |
parent2 = Role.objects.create(name='parent2', slug='role2', ou=ou1) |
|
1047 |
child.add_parent(parent1) |
|
1048 |
child.add_parent(parent2) |
|
1049 |
child.save() |
|
1050 | ||
1051 |
# do not display roles if we have a single OU |
|
1052 |
url = reverse('a2-manager-role-members', kwargs={'pk': child.pk}) |
|
1053 |
login(app, superuser) |
|
1054 |
response = app.get(url, status=200) |
|
1055 |
parent_roles_html = response.html.find_all('div', {'class': 'role-inheritance'})[3] |
|
1056 |
assert 'Parent roles:' in parent_roles_html.text |
|
1057 |
assert [x.text.strip() for x in parent_roles_html.find_all('a', {'class': 'role'})] == \ |
|
1058 |
['parent1', 'parent2'] |
|
1059 | ||
1060 |
# display parent roles if we have multiple OUs |
|
1061 |
ou2 = OU.objects.create(name='ou2') |
|
1062 |
response = app.get(url, status=200) |
|
1063 |
parent_roles_html = response.html.find_all('div', {'class': 'role-inheritance'})[3] |
|
1064 |
assert 'Parent roles:' in parent_roles_html.text |
|
1065 |
assert [x.text.strip() for x in parent_roles_html.find_all('a', {'class': 'role'})] == \ |
|
1066 |
['parent1', 'ou1 - parent2'] |
|
1067 | ||
1068 |
# display parent roles sorted by OU |
|
1069 |
parent3 = Role.objects.create(name='parent3', slug='role3', ou=ou2) |
|
1070 |
child.add_parent(parent3) |
|
1071 |
parent4 = Role.objects.create(name='parent4', slug='role4', ou=ou1) |
|
1072 |
child.add_parent(parent4) |
|
1073 |
child.save() |
|
1074 |
response = app.get(url, status=200) |
|
1075 |
parent_roles_html = response.html.find_all('div', {'class': 'role-inheritance'})[3] |
|
1076 |
assert 'Parent roles:' in parent_roles_html.text |
|
1077 |
assert [x.text.strip() for x in parent_roles_html.find_all('a', {'class': 'role'})] == \ |
|
1078 |
['parent1', 'ou1 - parent2', 'ou1 - parent4', 'ou2 - parent3'] |
|
1037 |
- |