Projet

Général

Profil

0007-rbac-add-helper-methods-to-add-remove-permissions-fr.patch

Benjamin Dauvergne, 13 mai 2022 17:27

Télécharger (2,68 ko)

Voir les différences: 

Subject: [PATCH 7/9] rbac: add helper methods to add/remove permissions from
 roles (#62013)


 src/authentic2/a2_rbac/models.py | 40 ++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
src/authentic2/a2_rbac/models.py
342 342 
    def is_internal(self):
343 343 
        return self.slug.startswith('_')
344 344 

  		




  
  345
  
    
    def add_permission(self, model_or_instance, operation_tpl, ou=None):

  		




  
  346
  
    
        if isinstance(operation_tpl, str):

  		




  
  347
  
    
            operation = Operation.objects.get(slug=operation_tpl)

  		




  
  348
  
    
        else:

  		




  
  349
  
    
            operation = rbac_utils.get_operation(operation_tpl)

  		




  
  350
  
    
        if isinstance(model_or_instance, models.Model):

  		




  
  351
  
    
            target_ct = ContentType.objects.get_for_model(model_or_instance)

  		




  
  352
  
    
            target_id = model_or_instance.pk

  		




  
  353
  
    
        elif issubclass(model_or_instance, models.Model):

  		




  
  354
  
    
            target_ct = ContentType.objects.get_for_model(ContentType)

  		




  
  355
  
    
            target_id = ContentType.objects.get_for_model(model_or_instance).pk

  		




  
  356
  
    
        else:

  		




  
  357
  
    
            raise ValueError('invalid model_or_instance')

  		




  
  358
  
    
        permission, _ = Permission.objects.get_or_create(

  		




  
  359
  
    
            operation=operation, target_ct=target_ct, target_id=target_id, ou=ou

  		




  
  360
  
    
        )

  		




  
  361
  
    
        self.permissions.add(permission)

  		




  
  362
  
    

  		




  
  363
  
    
    def remove_permission(self, model_or_instance, operation_tpl, ou=None):

  		




  
  364
  
    
        if isinstance(operation_tpl, str):

  		




  
  365
  
    
            operation = Operation.objects.get(slug=operation_tpl)

  		




  
  366
  
    
        else:

  		




  
  367
  
    
            operation = rbac_utils.get_operation(operation_tpl)

  		




  
  368
  
    
        if isinstance(model_or_instance, models.Model):

  		




  
  369
  
    
            target_ct = ContentType.objects.get_for_model(model_or_instance)

  		




  
  370
  
    
            target_id = model_or_instance.pk

  		




  
  371
  
    
        elif issubclass(model_or_instance, models.Model):

  		




  
  372
  
    
            target_ct = ContentType.objects.get_for_model(ContentType)

  		




  
  373
  
    
            target_id = ContentType.objects.get_for_model(model_or_instance).pk

  		




  
  374
  
    
        else:

  		




  
  375
  
    
            raise ValueError('invalid model_or_instance')

  		




  
  376
  
    
        qs = Permission.objects.filter(

  		




  
  377
  
    
            permission__target_ct=target_ct, permission__target_id=target_id, operation=operation

  		




  
  378
  
    
        )

  		




  
  379
  
    
        if ou:

  		




  
  380
  
    
            qs = qs.filter(ou=ou)

  		




  
  381
  
    
        else:

  		




  
  382
  
    
            qs = qs.filter(ou__isnull=True)

  		




  
  383
  
    
        self.permissions.through.filter(permission__in=qs).delete()

  		




  
  384
  
    

  		




  345
  385
  
    
    objects = managers.RoleManager()

  		




  346
  386
  
    

  		




  347
  387
  
    
    class Meta:

  		




  348
  
  
    
-