Projet

Général

Profil

0001-manager-provide-a-human-friendly-rbac-inheritance-te.patch

Paul Marillonnet, 30 septembre 2021 16:48

Télécharger (6,42 ko)

Voir les différences:

Subject: [PATCH] manager: provide a human-friendly rbac inheritance
 terminology (#56638)

 .../authentic2/manager/role_members.html      | 44 +++++++++----------
 tests/test_role_manager.py                    | 12 ++---
 2 files changed, 28 insertions(+), 28 deletions(-)
src/authentic2/manager/templates/authentic2/manager/role_members.html
73 73
 {% endif %}
74 74

  
75 75
 <div class="section">
76
   <h3>{% trans "Child roles" %}
77
     {% if view.can_manage_members %}
78
     <a href="{% url "a2-manager-role-children" pk=object.pk %}" class="button">{% trans "Edit" %}</a>
76
   <h3>{% trans "Contains permissions of roles:" %}
77
     {% if not object.is_internal %}
78
     <a href="{% url "a2-manager-role-parents" pk=object.pk %}" class="button">{% trans "Edit" %}</a>
79 79
     {% else %}
80
     <a title="{% trans "Permission denied" %}" class="button disabled">{% trans "Edit" %}</a>
80
     <a title="{% trans "This role is technical, you cannot modify its permissions." %}" class="button disabled">{% trans "Edit" %}</a>
81 81
     {% endif %}
82 82
   </h3>
83 83
   <div>
84
     {% if children %}
84
     {% if parents %}
85 85
     <ul class="objects-list single-links">
86
       {% for child in children|slice:":10" %}
86
       {% for parent in parents|slice:":10" %}
87 87
       <li>
88
         <a  class="role-inheritance-child" href="{% url "a2-manager-role-members" pk=child.pk %}">{% if child.ou and has_multiple_ou %}{{ child.ou }} - {% endif %}{{ child }}</a>
89
         {% if not child.direct %}
88
         <a class="role-inheritance-parent" href="{% url "a2-manager-role-members" pk=parent.pk %}">{% if parent.ou and has_multiple_ou %}{{ parent.ou }} - {% endif %}{{ parent }}</a>
89
         {% if not parent.direct %}
90 90
         <span class="badge">{% trans "Indirect" %}</span>
91 91
         {% endif %}
92 92
       </li>
93 93
       {% endfor %}
94
       {% if children|length > 10 %}
95
       <li><a class="role-inheritance-view-all" href="{% url "a2-manager-role-children" pk=object.pk %}">({% trans "view all roles" %})</a></li>
94
       {% if parents|length > 10 %}
95
       <li><a class="role-inheritance-view-all" href="{% url "a2-manager-role-parents" pk=object.pk %}">({% trans "view all roles" %})</a></li>
96 96
       {% endif %}
97 97
     </ul>
98 98
     {% else %}
99
     <p>{% trans "This role has no children." %}</p>
99
     <p>{% trans "This role doesn't contain permissions of any other role." %}</p>
100 100
     {% endif %}
101 101
   </div>
102 102
 </div>
103 103
 <div class="section">
104
   <h3>{% trans "Parent roles" %}
105
     {% if not object.is_internal %}
106
     <a href="{% url "a2-manager-role-parents" pk=object.pk %}" class="button">{% trans "Edit" %}</a>
104
   <h3>{% trans "Grants its permissions to roles:" %}
105
     {% if view.can_manage_members %}
106
     <a href="{% url "a2-manager-role-children" pk=object.pk %}" class="button">{% trans "Edit" %}</a>
107 107
     {% else %}
108
     <a title="{% trans "This role is technical, you cannot modify its permissions." %}" class="button disabled">{% trans "Edit" %}</a>
108
     <a title="{% trans "Permission denied" %}" class="button disabled">{% trans "Edit" %}</a>
109 109
     {% endif %}
110 110
   </h3>
111 111
   <div>
112
     {% if parents %}
112
     {% if children %}
113 113
     <ul class="objects-list single-links">
114
       {% for parent in parents|slice:":10" %}
114
       {% for child in children|slice:":10" %}
115 115
       <li>
116
         <a class="role-inheritance-parent" href="{% url "a2-manager-role-members" pk=parent.pk %}">{% if parent.ou and has_multiple_ou %}{{ parent.ou }} - {% endif %}{{ parent }}</a>
117
         {% if not parent.direct %}
116
         <a  class="role-inheritance-child" href="{% url "a2-manager-role-members" pk=child.pk %}">{% if child.ou and has_multiple_ou %}{{ child.ou }} - {% endif %}{{ child }}</a>
117
         {% if not child.direct %}
118 118
         <span class="badge">{% trans "Indirect" %}</span>
119 119
         {% endif %}
120 120
       </li>
121 121
       {% endfor %}
122
       {% if parents|length > 10 %}
123
       <li><a class="role-inheritance-view-all" href="{% url "a2-manager-role-parents" pk=object.pk %}">({% trans "view all roles" %})</a></li>
122
       {% if children|length > 10 %}
123
       <li><a class="role-inheritance-view-all" href="{% url "a2-manager-role-children" pk=object.pk %}">({% trans "view all roles" %})</a></li>
124 124
       {% endif %}
125 125
     </ul>
126 126
     {% else %}
127
     <p>{% trans "This role has no parents." %}</p>
127
     <p>{% trans "This role doesn't grant its permissions to any other role." %}</p>
128 128
     {% endif %}
129 129
   </div>
130 130
 </div>
tests/test_role_manager.py
353 353
    url = reverse('a2-manager-role-members', kwargs={'pk': simple_role.pk})
354 354

  
355 355
    resp = login(app, superuser, url)
356
    assert 'This role has no children.' in resp.text
357
    assert 'This role has no parents.' in resp.text
356
    assert "This role doesn't grant its permissions to any other role." in resp.text
357
    assert "This role doesn't contain permissions of any other role." in resp.text
358 358

  
359 359
    for i in range(10):
360 360
        role = Role.objects.create(name=f'Role {i}', ou=get_default_ou())
......
362 362

  
363 363
    resp = app.get(url)
364 364
    if relation == 'child':
365
        assert 'This role has no children.' not in resp.text
366
        assert 'This role has no parents.' in resp.text
365
        assert "This role doesn't grant its permissions to any other role." not in resp.text
366
        assert "This role doesn't contain permissions of any other role." in resp.text
367 367
    elif relation == 'parent':
368
        assert 'This role has no children.' in resp.text
369
        assert 'This role has no parents.' not in resp.text
368
        assert "This role doesn't grant its permissions to any other role." in resp.text
369
        assert "This role doesn't contain permissions of any other role." not in resp.text
370 370

  
371 371
    for i, el in enumerate(resp.pyquery.find('a.role-inheritance-%s' % relation)):
372 372
        assert el.text == f'Role {i}'
373
-