| 19 |
19 |
from django.core.exceptions import ValidationError
|
| 20 |
20 |
from django.core.management import call_command
|
| 21 |
21 |
|
| 22 |
|
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP
|
| 23 |
22 |
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
| 24 |
23 |
from authentic2.a2_rbac.models import Permission, Role, RoleAttribute
|
| 25 |
24 |
from authentic2.a2_rbac.utils import get_default_ou
|
| 26 |
25 |
from authentic2.custom_user.models import User
|
| 27 |
26 |
from authentic2.models import Service
|
| 28 |
27 |
from authentic2.utils.misc import get_hex_uuid
|
| 29 |
|
from django_rbac.models import CHANGE_OP, Operation
|
|
28 |
from django_rbac.models import Operation
|
| 30 |
29 |
|
| 31 |
30 |
from .utils import login, request_select2
|
| 32 |
31 |
|
| ... | ... | |
| 519 |
518 |
update_user_permissions()
|
| 520 |
519 |
assert simple_user.has_perm('custom_user.manage_authorizations_user')
|
| 521 |
520 |
assert [x for x in simple_user.get_all_permissions() if x == 'custom_user.manage_authorizations_user']
|
| 522 |
|
|
| 523 |
|
|
| 524 |
|
@pytest.mark.parametrize('new_perm_exists', [True, False])
|
| 525 |
|
def test_update_self_admin_perm_migration(migration, new_perm_exists):
|
| 526 |
|
old_apps = migration.before([('a2_rbac', '0022_auto_20200402_1101')])
|
| 527 |
|
Role = old_apps.get_model('a2_rbac', 'Role')
|
| 528 |
|
old_apps.get_model('a2_rbac', 'OrganizationalUnit')
|
| 529 |
|
Permission = old_apps.get_model('a2_rbac', 'Permission')
|
| 530 |
|
Operation = old_apps.get_model('django_rbac', 'Operation')
|
| 531 |
|
ContentType = old_apps.get_model('contenttypes', 'ContentType')
|
| 532 |
|
ct = ContentType.objects.get_for_model(Role)
|
| 533 |
|
change_op, _ = Operation.objects.get_or_create(slug=CHANGE_OP.slug)
|
| 534 |
|
manage_members_op, _ = Operation.objects.get_or_create(slug=MANAGE_MEMBERS_OP.slug)
|
| 535 |
|
|
| 536 |
|
# add old self administration
|
| 537 |
|
role = Role.objects.create(name='name', slug='slug')
|
| 538 |
|
self_perm, _ = Permission.objects.get_or_create(operation=change_op, target_ct=ct, target_id=role.pk)
|
| 539 |
|
role.permissions.add(self_perm)
|
| 540 |
|
|
| 541 |
|
if new_perm_exists:
|
| 542 |
|
new_self_perm, _ = Permission.objects.get_or_create(
|
| 543 |
|
operation=manage_members_op, target_ct=ct, target_id=role.pk
|
| 544 |
|
)
|
| 545 |
|
else:
|
| 546 |
|
Permission.objects.filter(operation=manage_members_op, target_ct=ct, target_id=role.pk).delete()
|
| 547 |
|
|
| 548 |
|
new_apps = migration.apply([('a2_rbac', '0024_fix_self_admin_perm')])
|
| 549 |
|
Role = new_apps.get_model('a2_rbac', 'Role')
|
| 550 |
|
Operation = old_apps.get_model('django_rbac', 'Operation')
|
| 551 |
|
|
| 552 |
|
role = Role.objects.get(slug='slug')
|
| 553 |
|
assert role.permissions.count() == 1
|
| 554 |
|
|
| 555 |
|
perm = role.permissions.first()
|
| 556 |
|
assert perm.operation.pk == manage_members_op.pk
|
| 557 |
|
assert perm.target_ct.pk == ct.pk
|
| 558 |
|
assert perm.target_id == role.pk
|
| 559 |
|
|
| 560 |
|
if new_perm_exists:
|
| 561 |
|
assert perm.pk == new_self_perm.pk
|
| 562 |
|
|
| 563 |
|
assert not Permission.objects.filter(operation=change_op, target_ct=ct, target_id=role.pk).exists()
|
| 564 |
|
-
|