19 |
19 |
from django.core.exceptions import ValidationError
|
20 |
20 |
from django.core.management import call_command
|
21 |
21 |
|
22 |
|
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP
|
23 |
22 |
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
24 |
23 |
from authentic2.a2_rbac.models import Permission, Role, RoleAttribute
|
25 |
24 |
from authentic2.a2_rbac.utils import get_default_ou
|
26 |
25 |
from authentic2.custom_user.models import User
|
27 |
26 |
from authentic2.models import Service
|
28 |
27 |
from authentic2.utils.misc import get_hex_uuid
|
29 |
|
from django_rbac.models import CHANGE_OP, Operation
|
|
28 |
from django_rbac.models import Operation
|
30 |
29 |
|
31 |
30 |
from .utils import login, request_select2
|
32 |
31 |
|
... | ... | |
519 |
518 |
update_user_permissions()
|
520 |
519 |
assert simple_user.has_perm('custom_user.manage_authorizations_user')
|
521 |
520 |
assert [x for x in simple_user.get_all_permissions() if x == 'custom_user.manage_authorizations_user']
|
522 |
|
|
523 |
|
|
524 |
|
@pytest.mark.parametrize('new_perm_exists', [True, False])
|
525 |
|
def test_update_self_admin_perm_migration(migration, new_perm_exists):
|
526 |
|
old_apps = migration.before([('a2_rbac', '0022_auto_20200402_1101')])
|
527 |
|
Role = old_apps.get_model('a2_rbac', 'Role')
|
528 |
|
old_apps.get_model('a2_rbac', 'OrganizationalUnit')
|
529 |
|
Permission = old_apps.get_model('a2_rbac', 'Permission')
|
530 |
|
Operation = old_apps.get_model('django_rbac', 'Operation')
|
531 |
|
ContentType = old_apps.get_model('contenttypes', 'ContentType')
|
532 |
|
ct = ContentType.objects.get_for_model(Role)
|
533 |
|
change_op, _ = Operation.objects.get_or_create(slug=CHANGE_OP.slug)
|
534 |
|
manage_members_op, _ = Operation.objects.get_or_create(slug=MANAGE_MEMBERS_OP.slug)
|
535 |
|
|
536 |
|
# add old self administration
|
537 |
|
role = Role.objects.create(name='name', slug='slug')
|
538 |
|
self_perm, _ = Permission.objects.get_or_create(operation=change_op, target_ct=ct, target_id=role.pk)
|
539 |
|
role.permissions.add(self_perm)
|
540 |
|
|
541 |
|
if new_perm_exists:
|
542 |
|
new_self_perm, _ = Permission.objects.get_or_create(
|
543 |
|
operation=manage_members_op, target_ct=ct, target_id=role.pk
|
544 |
|
)
|
545 |
|
else:
|
546 |
|
Permission.objects.filter(operation=manage_members_op, target_ct=ct, target_id=role.pk).delete()
|
547 |
|
|
548 |
|
new_apps = migration.apply([('a2_rbac', '0024_fix_self_admin_perm')])
|
549 |
|
Role = new_apps.get_model('a2_rbac', 'Role')
|
550 |
|
Operation = old_apps.get_model('django_rbac', 'Operation')
|
551 |
|
|
552 |
|
role = Role.objects.get(slug='slug')
|
553 |
|
assert role.permissions.count() == 1
|
554 |
|
|
555 |
|
perm = role.permissions.first()
|
556 |
|
assert perm.operation.pk == manage_members_op.pk
|
557 |
|
assert perm.target_ct.pk == ct.pk
|
558 |
|
assert perm.target_id == role.pk
|
559 |
|
|
560 |
|
if new_perm_exists:
|
561 |
|
assert perm.pk == new_self_perm.pk
|
562 |
|
|
563 |
|
assert not Permission.objects.filter(operation=change_op, target_ct=ct, target_id=role.pk).exists()
|
564 |
|
-
|