0002-manager-use-new-select2-widget-to-manage-role-s-admi.patch

Benjamin Dauvergne, 27 janvier 2022 23:26

Voir les différences: en ligne côte à côte

Subject: [PATCH 2/2] manager: use new select2 widget to manage role's
 administrators (#61196)

Also remove now unused RolesForm, UsersForm, roles' administrators views,
and ChooseManageableMemberRolesWidget

 src/authentic2/manager/forms.py               |  22 +-
 src/authentic2/manager/role_views.py          | 264 +++++++-----------
 .../static/authentic2/manager/js/manager.js   |   6 +-
 .../authentic2/manager/role_members.html      |  58 ++--
 src/authentic2/manager/urls.py                |  20 --
 src/authentic2/manager/widgets.py             |  14 -
 tests/test_manager.py                         |  33 +--
 tests/test_role_manager.py                    |  14 +-
 8 files changed, 160 insertions(+), 271 deletions(-)

         action = forms.CharField(initial='add', widget=forms.HiddenInput)
     class UsersForm(LimitQuerysetFormMixin, CssClass, forms.Form):
         users = fields.ChooseUsersField(label=_('Add some users'))
     class RolesForm(LimitQuerysetFormMixin, CssClass, forms.Form):
         roles = fields.ChooseRolesField(label=_('Add some roles'))
     class RoleParentForm(LimitQuerysetFormMixin, CssClass, forms.Form):
         role = fields.ChooseManageableMemberRoleField(label=_('Add some roles'))
         action = forms.CharField(initial='add', widget=forms.HiddenInput)
-...
+        )
     class ChooseUserOrRoleForm(FormWithRequest, forms.Form):
     class RoleAdminForm(FormWithRequest, forms.Form):
         TARGETS = [
             ('members', 'members'),
             ('admin', 'admin'),
+        ]
         ACTIONS = [
             ('add', 'add'),
             ('remove', 'remove'),
+        ]
         user_or_roles = UserOrRoleField(label=_('Add to role'))
         action = forms.CharField(initial='add', widget=forms.HiddenInput)
         target = forms.ChoiceField(choices=TARGETS, initial='members', widget=forms.HiddenInput)
         action = forms.ChoiceField(choices=ACTIONS, initial='add', widget=forms.HiddenInput)
         def __init__(self, *args, **kwargs):
             self.role = kwargs.pop('role', None)

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import json
     import operator
     from functools import reduce
     from django.contrib import messages
-...
     from django.utils.functional import cached_property
     from django.utils.translation import ugettext_lazy as _
     from django.views.generic import DetailView, FormView, TemplateView
     from django.views.generic.detail import SingleObjectMixin
     from authentic2 import data_transfer, hooks
     from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role, RoleParenting
     from authentic2.a2_rbac.utils import get_default_ou
     from authentic2.apps.journal.views import JournalViewWithContext
     from authentic2.forms.profile import modelform_factory
     from authentic2.utils.misc import redirect
     from . import forms, resources, tables, views
     from .journal_views import BaseJournalView
-...
     class RoleMembersView(views.HideOUColumnMixin, RoleViewMixin, views.BaseSubTableView):
         template_name = 'authentic2/manager/role_members.html'
         form_class = forms.ChooseUserOrRoleForm
         form_class = forms.RoleAdminForm
         success_url = '.'
         search_form_class = forms.RoleMembersSearchForm
         permissions = ['a2_rbac.view_role']
-...
         def form_valid(self, form):
             action = form.cleaned_data['action']
             if not self.can_manage_members:
             target = form.cleaned_data['target']
             if target == 'members' and not self.can_manage_members:
                 messages.warning(self.request, _('You are not authorized'))
             if action == 'add':
                 user_action = self.add_user
                 role_action = self.add_role
             elif action == 'remove':
                 user_action = self.remove_user
                 role_action = self.remove_role
                 return super().form_valid(form)
             if target == 'admin' and not self.can_change:
                 messages.warning(self.request, _('You are not authorized'))
                 return super().form_valid(form)
             user_action = getattr(self, '%s_%s_user' % (action, target))
             role_action = getattr(self, '%s_%s_role' % (action, target))
             for user in form.cleaned_data.get('users', []):
                 user_action(user)
             for role in form.cleaned_data.get('roles', []):
                 role_action(role)
             return super().form_valid(form)
         def add_user(self, user):
         def add_members_user(self, user):
             if self.object.members.filter(pk=user.pk).exists():
                 messages.warning(self.request, _('User already in this role.'))
             else:
-...
+                )
                 self.request.journal.record('manager.role.membership.grant', role=self.object, member=user)
         def remove_user(self, user):
         def remove_members_user(self, user):
             if not self.object.members.filter(pk=user.pk).exists():
                 messages.warning(self.request, _('User was not in this role.'))
             else:
-...
+                )
                 self.request.journal.record('manager.role.membership.removal', role=self.object, member=user)
         def add_role(self, role):
         def add_members_role(self, role):
             self.object.add_child(role)
             hooks.call_hooks(
                 'event', name='manager-add-child-role', user=self.request.user, parent=self.object, child=role
+            )
             self.request.journal.record('manager.role.inheritance.addition', parent=self.object, child=role)
         def remove_role(self, role):
         def remove_members_role(self, role):
             self.object.remove_child(role)
             hooks.call_hooks(
                 'event', name='manager-remove-child-role', user=self.request.user, parent=self.object, child=role
+            )
             self.request.journal.record('manager.role.inheritance.removal', parent=self.object, child=role)
         def add_admin_user(self, user):
             admin_role = self.object.get_admin_role()
             if admin_role.members.filter(id=user.id).exists():
                 return
             admin_role.members.add(user)
             hooks.call_hooks(
                 'event',
                 name='manager-add-admin-role-user',
                 user=self.request.user,
                 role=self.object,
                 admin=user,
+            )
             self.request.journal.record(
                 'manager.role.administrator.user.addition', role=self.object, admin_user=user
+            )
         def remove_admin_user(self, user):
             admin_role = self.object.get_admin_role()
             if not admin_role.members.filter(id=user.id).exists():
                 return
             admin_role.members.remove(user)
             hooks.call_hooks(
                 'event',
                 name='remove-remove-admin-role-user',
                 user=self.request.user,
                 role=self.object,
                 admin=user,
+            )
             self.request.journal.record(
                 'manager.role.administrator.user.removal', role=self.object, admin_user=user
+            )
         def add_admin_role(self, role):
             admin_role = self.object.get_admin_role()
             if admin_role.child_relation.filter(child=role).exists():
                 return
             admin_role.add_child(role)
             hooks.call_hooks(
                 'event',
                 name='manager-add-admin-role',
                 user=self.request.user,
                 role=self.object,
                 admin_role=role,
+            )
             self.request.journal.record(
                 'manager.role.administrator.role.addition', role=self.object, admin_role=role
+            )
         def remove_admin_role(self, role):
             admin_role = self.object.get_admin_role()
             if not admin_role.child_relation.filter(child=role).exists():
                 return
             admin_role.remove_child(role)
             hooks.call_hooks(
                 'event',
                 name='manager-remove-admin-role',
                 user=self.request.user,
                 role=self.object,
                 admin_role=role,
+            )
             self.request.journal.record(
                 'manager.role.administrator.role.removal', role=self.object, admin_role=role
+            )
         def get_form_kwargs(self):
             kwargs = super().get_form_kwargs()
             kwargs['role'] = self.object
-...
                 )[:11]
+            )
             ctx['has_multiple_ou'] = OrganizationalUnit.objects.count() > 1
             ctx['admin_roles'] = views.filter_view(
                 self.request, self.object.get_admin_role().children(include_self=False, annotate=True)
+            )
             ctx['from_ldap'] = self._can_manage_members and not self.can_manage_members
             admin_form = self.get_form()
             admin_form.fields['target'].initial = 'admin'
             ctx['admin_form'] = admin_form
             administrators = []
             for user in self.object.get_admin_role().all_members():
                 user.ref = 'user-%s' % user.id
                 user.type = _('User')
                 administrators.append(user)
             for role in views.filter_view(
                 self.request, self.object.get_admin_role().children(include_self=False, annotate=True)
             ):
                 role.ref = 'role-%s' % role.id
                 role.type = _('Role')
                 administrators.append(role)
             ctx['administrators'] = sorted(administrators, key=str)
             return ctx
         def is_ou_specified(self):
-...
     parents = RoleParentsView.as_view()
     class RoleAddAdminRoleView(
         views.AjaxFormViewMixin,
         views.TitleMixin,
         views.PermissionMixin,
         views.FormNeedsRequest,
         SingleObjectMixin,
         FormView,
     ):
         title = _('Add admin role')
         model = Role
         form_class = forms.RolesForm
         success_url = '..'
         template_name = 'authentic2/manager/form.html'
         permissions = ['a2_rbac.change_role']
         def dispatch(self, request, *args, **kwargs):
             self.object = self.get_object()
             return super().dispatch(request, *args, **kwargs)
         def form_valid(self, form):
             administered_role = self.get_object()
             for role in form.cleaned_data['roles']:
                 administered_role.get_admin_role().add_child(role)
                 hooks.call_hooks(
                     'event',
                     name='manager-add-admin-role',
                     user=self.request.user,
                     role=administered_role,
                     admin_role=role,
+                )
                 self.request.journal.record(
                     'manager.role.administrator.role.addition', role=administered_role, admin_role=role
+                )
             return super().form_valid(form)
     add_admin_role = RoleAddAdminRoleView.as_view()
     class RoleRemoveAdminRoleView(
         views.TitleMixin, views.AjaxFormViewMixin, SingleObjectMixin, views.PermissionMixin, TemplateView
     ):
         title = _('Remove admin role')
         model = Role
         success_url = '../..'
         template_name = 'authentic2/manager/role_remove_admin_role.html'
         permissions = ['a2_rbac.change_role']
         def dispatch(self, request, *args, **kwargs):
             self.object = self.get_object()
             self.child = self.get_queryset().get(pk=kwargs['role_pk'])
             return super().dispatch(request, *args, **kwargs)
         def get_context_data(self, **kwargs):
             ctx = super().get_context_data(**kwargs)
             ctx['child'] = self.child
             return ctx
         def post(self, request, *args, **kwargs):
             self.object.get_admin_role().remove_child(self.child)
             hooks.call_hooks(
                 'event',
                 name='manager-remove-admin-role',
                 user=self.request.user,
                 role=self.object,
                 admin_role=self.child,
+            )
             self.request.journal.record(
                 'manager.role.administrator.role.removal', role=self.object, admin_role=self.child
+            )
             return redirect(self.request, self.success_url)
     remove_admin_role = RoleRemoveAdminRoleView.as_view()
     class RoleAddAdminUserView(
         views.AjaxFormViewMixin,
         views.TitleMixin,
         views.PermissionMixin,
         views.FormNeedsRequest,
         SingleObjectMixin,
         FormView,
     ):
         title = _('Add admin user')
         model = Role
         form_class = forms.UsersForm
         success_url = '..'
         template_name = 'authentic2/manager/form.html'
         permissions = ['a2_rbac.change_role']
         def dispatch(self, request, *args, **kwargs):
             self.object = self.get_object()
             return super().dispatch(request, *args, **kwargs)
         def form_valid(self, form):
             administered_role = self.get_object()
             for user in form.cleaned_data['users']:
                 administered_role.get_admin_role().members.add(user)
                 hooks.call_hooks(
                     'event',
                     name='manager-add-admin-role-user',
                     user=self.request.user,
                     role=administered_role,
                     admin=user,
+                )
                 self.request.journal.record(
                     'manager.role.administrator.user.addition', role=administered_role, admin_user=user
+                )
             return super().form_valid(form)
     add_admin_user = RoleAddAdminUserView.as_view()
     class RoleRemoveAdminUserView(
         views.TitleMixin, views.AjaxFormViewMixin, SingleObjectMixin, views.PermissionMixin, TemplateView
     ):
         title = _('Remove admin user')
         model = Role
         success_url = '../..'
         template_name = 'authentic2/manager/role_remove_admin_user.html'
         permissions = ['a2_rbac.change_role']
         def dispatch(self, request, *args, **kwargs):
             self.object = self.get_object()
             self.user = get_user_model().objects.get(pk=kwargs['user_pk'])
             return super().dispatch(request, *args, **kwargs)
         def get_context_data(self, **kwargs):
             ctx = super().get_context_data(**kwargs)
             ctx['user'] = self.user
             return ctx
         def post(self, request, *args, **kwargs):
             self.object.get_admin_role().members.remove(self.user)
             hooks.call_hooks(
                 'event',
                 name='remove-remove-admin-role-user',
                 user=self.request.user,
                 role=self.object,
                 admin=self.user,
+            )
             self.request.journal.record(
                 'manager.role.administrator.user.removal', role=self.object, admin_user=self.user
+            )
             return redirect(self.request, self.success_url)
     remove_admin_user = RoleRemoveAdminUserView.as_view()
     class RolesImportView(
         views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest, FormView
     ):
-...
     class UserOrRoleSelect2View(DetailView):
         form_class = forms.ChooseUserOrRoleForm
         form_class = forms.RoleAdminForm
         model = Role
         def get(self, request, *args, **kwargs):

               var pk = $tr.data('pk');
               var pk_arg = $anchor.data('pk-arg');
               var post_content = {
                  'csrfmiddlewaretoken': window.csrf_token,
                 'action': 'remove'}
                 'csrfmiddlewaretoken': window.csrf_token,
                 'target': 'members',
                 'action': 'remove',
+              }
               post_content[pk_arg] = pk
               $.post('', post_content, function () {
                   update_content(window.location.href);

        </div>
      </div>
      <fieldset class="gadjo-foldable gadjo-folded" id="other-properties">
      <legend class="gadjo-foldable-widget">{% trans "Advanced parameters" %}</legend>
      <div class="role-inheritance gadjo-folding">
        {% trans "Is administered by users" %}
        {% for user in object.get_admin_role.all_members %}
          <a href="{% url "a2-manager-user-edit" pk=user.pk %}">{{ user }}</a>
          {% if user.direct %}
            <a rel="popup" href="{% url "a2-manager-role-remove-admin-user" pk=object.pk user_pk=user.pk %}" class="role-remove icon-minus-sign"></a>
          {% else %}
            <a title="{% trans "Indirect child role" %}" class="disabled role-remove icon-minus-sign"></a>
     {% if view.can_change %}
      <div class="section gadjo-foldable gadjo-folded" id="other-properties">
        <h3 class="gadjo-foldable-widget">{% trans "Administrators:" %}</h3>
        <div class="role-inheritance gadjo-folding section">
          {% if administrators %}
            <table class="main">
                <thead>
                    <th>{% trans "Name" %}</th>
                    <th>{% trans "Type" %}</th>
                    <th></th>
                </thead>
                <tbody>{% for admin in administrators %}
                    <tr>
                        <td><a href="{{ admin.get_absolute_url }}" title="{{ admin }}">{{ admin }}</a></td>
                        <td>{{ admin.type }}</td>
                        <td class="remove-admin-column">{% if admin.direct %}<form method="post">{% csrf_token %}<input type="hidden" name="target" value="admin"/><input type="hidden" name="action" value="remove"/><input type="hidden" name="user_or_roles" value="{{ admin.ref }}"/><button>{% trans "Remove" %}</button></form>{% endif %}</td>
                    </tr>{% endfor %}
                </tbody>
            </table>
          {% endif %}
        {% endfor %}
       {% if view.can_change %}
         <a rel="popup" href="{% url "a2-manager-role-add-admin-user" pk=object.pk %}" class="role-add icon-add-sign"></a>
       {% else %}
         <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
       {% endif %}
      </div>
      <div class="role-inheritance gadjo-folding">
        {% trans "Is administered by roles" %}
        {% for role in admin_roles %}
          <a href="{% url "a2-manager-role-members" pk=role.pk %}">{{ role }}</a>
          {% if role.direct %}
            <a rel="popup" href="{% url "a2-manager-role-remove-admin-role" pk=object.pk role_pk=role.pk %}" class="role-remove icon-minus-sign"></a>
          {% else %}
            <a title="{% trans "Indirect admin role" %}" class="disabled role-remove icon-minus-sign"></a>
          {% endif %}
        {% endfor %}
       {% if view.can_change %}
         <a rel="popup" href="{% url "a2-manager-role-add-admin-role" pk=object.pk %}" class="role-add icon-add-sign"></a>
       {% else %}
         <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
       {% endif %}
          <form method="post" class="manager-m2m-add-form" id="add-admin">
            {% csrf_token %}
            {{ admin_form }}
            <button>{% trans "Add" %}</button>
          </form>
        </div>
      </div>
      </fieldset>
     {% endif %}
     {% endblock %}

             url(r'^roles/journal/$', role_views.roles_journal, name='a2-manager-roles-journal'),
             url(r'^roles/(?P<pk>\d+)/$', role_views.members, name='a2-manager-role-members'),
             url(r'^roles/(?P<pk>\d+)/parents/$', role_views.parents, name='a2-manager-role-parents'),
             url(
                 r'^roles/(?P<pk>\d+)/add-admin-user/$',
                 role_views.add_admin_user,
                 name='a2-manager-role-add-admin-user',
             ),
             url(
                 r'^roles/(?P<pk>\d+)/remove-admin-user/(?P<user_pk>\d+)/$',
                 role_views.remove_admin_user,
                 name='a2-manager-role-remove-admin-user',
             ),
             url(
                 r'^roles/(?P<pk>\d+)/add-admin-role/$',
                 role_views.add_admin_role,
                 name='a2-manager-role-add-admin-role',
             ),
             url(
                 r'^roles/(?P<pk>\d+)/remove-admin-role/(?P<role_pk>\d+)/$',
                 role_views.remove_admin_role,
                 name='a2-manager-role-remove-admin-role',
             ),
             url(
                 r'^roles/(?P<pk>\d+)/export/(?P<format>csv)/$',
                 role_views.members_export,

             return utils.label_from_user(user)
     class ChooseUsersWidget(SearchUserWidgetMixin, SimpleModelSelect2MultipleWidget):
         pass
     class SearchRoleWidgetMixin(SplitTermMixin):
         model = Role
         split_term_operator = operator.__and__
-...
             return cls.model.objects.exclude(slug__startswith='_')
     class ChooseRolesWidget(SearchRoleWidgetMixin, SimpleModelSelect2MultipleWidget):
         @classmethod
         def get_initial_queryset(cls):
             return cls.model.objects.exclude(slug__startswith='_')
     class ChooseManageableMemberRolesWidget(SearchRoleWidgetMixin, SimpleModelSelect2MultipleWidget):
         perm = 'manage_members'
     class ChooseManageableMemberRoleWidget(SearchRoleWidgetMixin, SimpleModelSelect2Widget):
         perm = 'manage_members'

         q = response.pyquery.remove_namespaces()
         assert q('table tbody tr td .icon-remove-sign')
         token = str(response.context['csrf_token'])
         params = {'action': 'remove', 'user_or_roles': 'user-%s' % admin.pk, 'csrfmiddlewaretoken': token}
         params = {
             'action': 'remove',
             'target': 'members',
             'user_or_roles': 'user-%s' % admin.pk,
             'csrfmiddlewaretoken': token,
+        }
         app.post('/manage/roles/%s/' % simple_role.pk, params=params)
         assert simple_role not in admin.roles.all()
-...
         q = response.pyquery.remove_namespaces()
         assert q('table tbody tr td .icon-remove-sign')
         token = str(response.context['csrf_token'])
         params = {'action': 'remove', 'user_or_roles': 'role-%s' % role.pk, 'csrfmiddlewaretoken': token}
         params = {
             'action': 'remove',
             'target': 'members',
             'user_or_roles': 'role-%s' % role.pk,
             'csrfmiddlewaretoken': token,
+        }
         app.post('/manage/roles/%s/' % simple_role.pk, params=params)
         assert role not in simple_role.children()
-...
     def test_manager_widget_fields_validation(app, simple_user, simple_role):
         '''Verify that fields corresponding to widget implement queryset restrictions.'''
         from authentic2.manager.forms import (
             ChooseRoleForm,
             ChooseUserRoleForm,
             RoleParentForm,
             RolesForm,
             UsersForm,
+        )
         from authentic2.manager.forms import ChooseRoleForm, ChooseUserRoleForm, RoleParentForm
         error_message = 'Select a valid choice'
-...
         visible_role = Role.objects.create(name='visible_role', ou=simple_user.ou)
         visible_user = User.objects.create(username='visible_user', ou=simple_user.ou)
         forbidden_role = Role.objects.create(name='forbidden_role', ou=simple_user.ou)
         forbidden_user = User.objects.create(username='forbidden_user', ou=simple_user.ou)
         view_role_perm = Permission.objects.create(
             operation=get_operation(VIEW_OP),
-...
         form = ChooseRoleForm(request=request, data={'role': forbidden_role.pk, 'action': 'add'})
         assert error_message in form.errors['role'][0]
         form = UsersForm(request=request, data={'users': [visible_user.pk]})
         assert form.is_valid()
         form = UsersForm(request=request, data={'users': [forbidden_user.pk]})
         assert error_message in form.errors['users'][0]
         form = RolesForm(request=request, data={'roles': [visible_role.pk]})
         assert form.is_valid()
         form = RolesForm(request=request, data={'roles': [forbidden_role.pk]})
         assert error_message in form.errors['roles'][0]
         # For those we need manage_members permission
         form = RoleParentForm(request=request, data={'role': visible_role.pk, 'action': 'add'})
         assert error_message in form.errors['role'][0]

         # simulate click on Jôhn Dôe delete icon
         token = str(resp.context['csrf_token'])
         params = {'action': 'remove', 'user_or_roles': 'user-%s' % simple_user.pk, 'csrfmiddlewaretoken': token}
         params = {
             'action': 'remove',
             'target': 'members',
             'user_or_roles': 'user-%s' % simple_user.pk,
             'csrfmiddlewaretoken': token,
+        }
         resp = app.post('/manage/roles/%s/' % simple_role.pk, params=params).follow()
         assert 'Jôhn Dôe' not in resp.text
         # simulate click on role_ou1 delete icon
         token = str(resp.context['csrf_token'])
         params = {'action': 'remove', 'user_or_roles': 'role-%s' % role_ou1.pk, 'csrfmiddlewaretoken': token}
         params = {
             'action': 'remove',
             'target': 'members',
             'user_or_roles': 'role-%s' % role_ou1.pk,
             'csrfmiddlewaretoken': token,
+        }
         resp = app.post('/manage/roles/%s/' % simple_role.pk, params=params).follow()
         assert 'role_ou1' not in resp.text
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0002-manager-use-new-select2-widget-to-manage-role-s-admi.patch