0004-django_rbac-remove-utils-70894.patch

             from django.db.models.signals import post_delete, post_migrate, post_save
             from authentic2.models import Service
             from django_rbac import utils
             from . import models, signal_handlers, signals
             # update role parenting when new role parenting is created
             post_save.connect(signal_handlers.role_parenting_post_save, sender=utils.get_role_parenting_model())
             post_save.connect(signal_handlers.role_parenting_post_save, sender=models.RoleParenting)
             # update role parenting when role parenting is deleted
             post_delete.connect(
                 signal_handlers.role_parenting_post_delete, sender=utils.get_role_parenting_model()
+            )
             post_delete.connect(signal_handlers.role_parenting_post_delete, sender=models.RoleParenting)
             # or soft-created
             signals.post_soft_create.connect(
                 signal_handlers.role_parenting_post_soft_delete, sender=utils.get_role_parenting_model()
                 signal_handlers.role_parenting_post_soft_delete, sender=models.RoleParenting
+            )
             # or soft-deleted
             signals.post_soft_delete.connect(
                 signal_handlers.role_parenting_post_soft_delete, sender=utils.get_role_parenting_model()
                 signal_handlers.role_parenting_post_soft_delete, sender=models.RoleParenting
+            )
             # create CRUD operations and admin
             post_migrate.connect(signal_handlers.create_base_operations, sender=self)

     from django.db.models.query import Prefetch, Q
     from django.db.transaction import atomic
     from django_rbac import utils
     from django_rbac.utils import get_operation
     from . import models as a2_models
     from . import signals
     from .utils import get_operation
     class AbstractBaseManager(models.Manager):
-...
             target_query = query.Q(target_ct=ContentType.objects.get_for_model(ContentType), target_id=ct.pk)
             if isinstance(object_or_model, models.Model):
                 target_query |= query.Q(target_ct=ct, target_id=object.pk)
             Permission = utils.get_permission_model()
             qs = Permission.objects.for_user(user)
             qs = a2_models.Permission.objects.for_user(user)
             qs = qs.filter(operation__slug=operation_slug)
             qs = qs.filter(ou_query & target_query)
             return qs.exists()
-...
         def get_by_natural_key(self, operation_slug, ou_nk, target_ct, target_nk):
             qs = self.filter(operation__slug=operation_slug)
             if ou_nk:
                 OrganizationalUnit = utils.get_ou_model()
                 try:
                     ou = OrganizationalUnit.objects.get_by_natural_key(*ou_nk)
                 except OrganizationalUnit.DoesNotExist:
                     ou = a2_models.OrganizationalUnit.objects.get_by_natural_key(*ou_nk)
                 except a2_models.OrganizationalUnit.DoesNotExist:
                     raise self.model.DoesNotExist
                 qs = qs.filter(ou=ou)
             else:
-...
             """Retrieve all permissions hold by an user through its role and
             inherited roles.
             """
             Role = utils.get_role_model()
             roles = Role.objects.for_user(user=user)
             roles = a2_models.Role.objects.for_user(user=user)
             return self.filter(roles__in=roles)
         def cleanup(self):
-...
         tls = Local()
         def get_by_natural_key(self, parent_nk, child_nk, direct):
             Role = utils.get_role_model()
             try:
                 parent = Role.objects.get_by_natural_key(*parent_nk)
             except Role.DoesNotExist:
                 parent = a2_models.Role.objects.get_by_natural_key(*parent_nk)
             except a2_models.Role.DoesNotExist:
                 raise self.model.DoesNotExist
             try:
                 child = Role.objects.get_by_natural_key(*child_nk)
             except Role.DoesNotExist:
                 child = a2_models.Role.objects.get_by_natural_key(*child_nk)
             except a2_models.Role.DoesNotExist:
                 raise self.model.DoesNotExist
             return self.get(parent=parent, child=child, direct=direct)
-...
     @contextlib.contextmanager
     def defer_update_transitive_closure():
         from . import utils
         RoleParentingManager.tls.DO_UPDATE_CLOSURE = False
         try:
             yield
             if RoleParentingManager.tls.CLOSURE_UPDATED:
                 utils.get_role_parenting_model().objects.update_transitive_closure()
                 a2_models.RoleParenting.objects.update_transitive_closure()
         finally:
             RoleParentingManager.tls.DO_UPDATE_CLOSURE = True
             RoleParentingManager.tls.CLOSURE_UPDATED = False

     from django.db import migrations, models
     import django_rbac.utils
     import authentic2.a2_rbac.utils
     class Migration(migrations.Migration):
-...
                 model_name='organizationalunit',
                 name='uuid',
                 field=models.CharField(
                     default=django_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid'
                     default=authentic2.a2_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid'
                 ),
             ),
             migrations.AlterField(
                 model_name='role',
                 name='uuid',
                 field=models.CharField(
                     default=django_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid'
                     default=authentic2.a2_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid'
                 ),
             ),
+        ]

     from authentic2.decorators import errorcollector
     from authentic2.utils.cache import GlobalCache
     from authentic2.validators import HexaColourValidator
     from django_rbac import utils as rbac_utils
     from . import app_settings, fields, managers
     from . import app_settings, fields, managers, utils
     class AbstractBase(models.Model):
-...
         slug
         """
         uuid = models.CharField(
             max_length=32, verbose_name=_('uuid'), unique=True, default=rbac_utils.get_hex_uuid
+        )
         uuid = models.CharField(max_length=32, verbose_name=_('uuid'), unique=True, default=utils.get_hex_uuid)
         name = models.CharField(max_length=256, verbose_name=_('name'))
         slug = models.SlugField(max_length=256, verbose_name=_('slug'))
         description = models.TextField(verbose_name=_('description'), blank=True)
-...
         def save(self, *args, **kwargs):
             # truncate slug and add a hash if it's too long
             if not self.slug:
                 self.slug = rbac_utils.generate_slug(self.name)
                 self.slug = utils.generate_slug(self.name)
             if len(self.slug) > 256:
                 self.slug = self.slug[:252] + hashlib.md5(self.slug).hexdigest()[:4]
             if not self.uuid:
                 self.uuid = rbac_utils.get_hex_uuid()
                 self.uuid = utils.get_hex_uuid()
             return super().save(*args, **kwargs)
         def natural_key(self):
-...
             to='a2_rbac.Operation', verbose_name=_('operation'), on_delete=models.CASCADE
+        )
         ou = models.ForeignKey(
             to=rbac_utils.get_ou_model_name(),
             to=OrganizationalUnit,
             verbose_name=_('organizational unit'),
             related_name='scoped_permission',
             null=True,
-...
     class Role(AbstractBase):
         ou = models.ForeignKey(
             to=rbac_utils.get_ou_model_name(),
             to=OrganizationalUnit,
             verbose_name=_('organizational unit'),
             swappable=True,
             blank=True,
-...
         members = models.ManyToManyField(
             to=settings.AUTH_USER_MODEL, swappable=True, blank=True, related_name='roles'
+        )
         permissions = models.ManyToManyField(
             to=rbac_utils.get_permission_model_name(), related_name='roles', blank=True
+        )
         permissions = models.ManyToManyField(to=Permission, related_name='roles', blank=True)
         name = models.TextField(verbose_name=_('name'))
         admin_scope_ct = models.ForeignKey(
             to='contenttypes.ContentType',
-...
         objects = managers.RoleQuerySet.as_manager()
         def add_child(self, child):
             RoleParenting = rbac_utils.get_role_parenting_model()
             RoleParenting.objects.soft_create(self, child)
         def remove_child(self, child):
             RoleParenting = rbac_utils.get_role_parenting_model()
             RoleParenting.objects.soft_delete(self, child)
         def add_parent(self, parent):
             RoleParenting = rbac_utils.get_role_parenting_model()
             RoleParenting.objects.soft_create(parent, self)
         def remove_parent(self, parent):
             RoleParenting = rbac_utils.get_role_parenting_model()
             RoleParenting.objects.soft_delete(parent, self)
         def parents(self, include_self=True, annotate=False, direct=None):
-...
         def has_self_administration(self, op=None):
             if not op:
                 op = MANAGE_MEMBERS_OP
             operation = rbac_utils.get_operation(op)
             operation = utils.get_operation(op)
             self_perm, dummy = Permission.objects.get_or_create(
                 operation=operation,
                 target_ct=ContentType.objects.get_for_model(self),
-...
             'Add permission to role so that it is self-administered'
             if not op:
                 op = MANAGE_MEMBERS_OP
             operation = rbac_utils.get_operation(op)
             operation = utils.get_operation(op)
             self_perm, dummy = Permission.objects.get_or_create(
                 operation=operation, target_ct=ContentType.objects.get_for_model(self), target_id=self.pk
+            )
-...
             if isinstance(operation_tpl, str):
                 operation = Operation.objects.get(slug=operation_tpl)
             else:
                 operation = rbac_utils.get_operation(operation_tpl)
                 operation = utils.get_operation(operation_tpl)
             permission, _ = Permission.objects.get_or_create(
                 operation=operation, target_ct=target_ct, target_id=target_id, ou=ou
+            )
-...
             if isinstance(operation_tpl, str):
                 operation = Operation.objects.get(slug=operation_tpl)
             else:
                 operation = rbac_utils.get_operation(operation_tpl)
                 operation = utils.get_operation(operation_tpl)
             qs = Permission.objects.filter(target_ct=target_ct, target_id=target_id, operation=operation)
             if ou:
                 qs = qs.filter(ou=ou)
-...
     class RoleParenting(models.Model):
         parent = models.ForeignKey(
             to=rbac_utils.get_role_model_name(),
             to=Role,
             swappable=True,
             related_name='child_relation',
             on_delete=models.CASCADE,
+        )
         child = models.ForeignKey(
             to=rbac_utils.get_role_model_name(),
             to=Role,
             swappable=True,
             related_name='parent_relation',
             on_delete=models.CASCADE,

     from django.utils.translation import gettext as _
     from django.utils.translation import override
     from authentic2.a2_rbac.models import OrganizationalUnit, Role
     from authentic2.a2_rbac.models import OrganizationalUnit, Role, RoleParenting
     from authentic2.utils.misc import get_fk_model
     from django_rbac.utils import get_operation, get_role_parenting_model
     from .managers import defer_update_transitive_closure
     from .utils import get_operation
     def create_default_ou(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs):
-...
     def fix_role_parenting_closure(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs):
         '''Close the role parenting relation after migrations'''
         if not router.allow_migrate(using, get_role_parenting_model()):
         if not router.allow_migrate(using, RoleParenting):
             return
         get_role_parenting_model().objects.update_transitive_closure()
         RoleParenting.objects.update_transitive_closure()

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import uuid
     from django.contrib.auth import get_user_model
     from django.contrib.contenttypes.models import ContentType
     from django.utils.text import slugify
     from django_rbac import utils as rbac_utils
     from . import models
     def get_hex_uuid():
         return uuid.uuid4().hex
     def get_operation(operation_tpl):
         operation, dummy = models.Operation.objects.get_or_create(slug=operation_tpl.slug)
         return operation
     def get_default_ou():
         try:
             return models.OrganizationalUnit.objects.get(default=True)
-...
     def get_view_user_perm(ou=None):
         User = get_user_model()
         view_user_perm, dummy = models.Permission.objects.get_or_create(
             operation=rbac_utils.get_operation(models.VIEW_OP),
             operation=get_operation(models.VIEW_OP),
             target_ct=ContentType.objects.get_for_model(ContentType),
             target_id=ContentType.objects.get_for_model(User).pk,
             ou__isnull=ou is None,
-...
     def get_search_ou_perm(ou=None):
         if ou:
             view_ou_perm, dummy = models.Permission.objects.get_or_create(
                 operation=rbac_utils.get_operation(models.SEARCH_OP),
                 operation=get_operation(models.SEARCH_OP),
                 target_ct=ContentType.objects.get_for_model(ou),
                 target_id=ou.pk,
                 ou__isnull=True,
+            )
         else:
             view_ou_perm, dummy = models.Permission.objects.get_or_create(
                 operation=rbac_utils.get_operation(models.SEARCH_OP),
                 operation=get_operation(models.SEARCH_OP),
                 target_ct=ContentType.objects.get_for_model(ContentType),
                 target_id=ContentType.objects.get_for_model(models.OrganizationalUnit).pk,
                 ou__isnull=True,
-...
     def get_manage_authorizations_user_perm(ou=None):
         User = get_user_model()
         manage_authorizations_user_perm, dummy = models.Permission.objects.get_or_create(
             operation=rbac_utils.get_operation(models.MANAGE_AUTHORIZATIONS_OP),
             operation=get_operation(models.MANAGE_AUTHORIZATIONS_OP),
             target_ct=ContentType.objects.get_for_model(ContentType),
             target_id=ContentType.objects.get_for_model(User).pk,
             ou__isnull=ou is None,

     from django.db import models
     from django.db.models.query import Q
     from django_rbac import utils
     from authentic2.a2_rbac.models import OrganizationalUnit as OU
     from authentic2.a2_rbac.models import Permission
     def get_fk_model(model, fieldname):
-...
             """
             if not hasattr(user_obj, '_rbac_perms_cache'):
                 perms_cache = {}
                 Permission = utils.get_permission_model()
                 qs = Permission.objects.for_user(user_obj)
                 ct_ct = ContentType.objects.get_for_model(ContentType)
                 qs = qs.select_related('operation')
-...
             perm_or_perms = set(perm_or_perms)
             cache = self.get_permission_cache(user_obj)
             model = qs.model
             OU = utils.get_ou_model()
             has_ou_field = get_fk_model(model, 'ou') == OU
             if perm_or_perms & cache.get('__all__', set()):
                 return True
-...
             return perm in self.get_permission_cache(user_obj).get('ou.%s' % ou.pk, ())
         def ous_with_perm(self, user_obj, perm, queryset=None):
             OU = utils.get_ou_model()
             qs = queryset or OU.objects.all()
             if user_obj.is_anonymous:

     from authentic2.a2_rbac.models import ADMIN_OP
     from authentic2.a2_rbac.models import OrganizationalUnit as OU
     from authentic2.a2_rbac.models import Permission, Role
     from authentic2.a2_rbac.utils import get_operation
     from authentic2.custom_user.models import User
     from django_rbac.utils import get_operation
     try:
         from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP  # pylint: disable=C0412

     from django.conf import settings
     from django.db import migrations, models
     import django_rbac
     import authentic2.a2_rbac
     class Migration(migrations.Migration):
-...
+                    (
                         'uuid',
                         models.CharField(
                             default=django_rbac.utils.get_hex_uuid,
                             default=authentic2.a2_rbac.utils.get_hex_uuid,
                             unique=True,
                             max_length=32,
                             verbose_name='uuid',
-...
+                    (
                         'uuid',
                         models.CharField(
                             default=django_rbac.utils.get_hex_uuid,
                             default=authentic2.a2_rbac.utils.get_hex_uuid,
                             unique=True,
                             max_length=32,
                             verbose_name='uuid',

     import uuid
     from django.apps import apps
     from django.conf import settings
     from django.utils.text import slugify
     from . import constants
     DEFAULT_MODELS = {
         constants.RBAC_OU_MODEL_SETTING: 'django_rbac.OrganizationalUnit',
         constants.RBAC_ROLE_PARENTING_MODEL_SETTING: 'django_rbac.RoleParenting',
         constants.RBAC_ROLE_MODEL_SETTING: 'django_rbac.Role',
         constants.RBAC_PERMISSION_MODEL_SETTING: 'django_rbac.Permission',
+    }
     def get_hex_uuid():
         return uuid.uuid4().hex
     def get_swapped_model_name(setting):
         """Return a model qualified name given a setting name containing the
         qualified name of the model, useful to retrieve swappable models
         name.
         """
         if not hasattr(settings, setting):
             setattr(settings, setting, DEFAULT_MODELS[setting])
         return getattr(settings, setting)
     def get_swapped_model(setting):
         """Return a model given a setting name containing the qualified name
         of the model, useful to retrieve swappable models.
         """
         app, model_name = get_swapped_model_name(setting).rsplit('.', 1)
         return apps.get_model(app, model_name)
     def get_role_model_name():
         '''Returns the currently configured role model'''
         return get_swapped_model_name(constants.RBAC_ROLE_MODEL_SETTING)
     def get_ou_model_name():
         '''Returns the currently configured organizational unit model'''
         return get_swapped_model_name(constants.RBAC_OU_MODEL_SETTING)
     def get_role_parenting_model_name():
         '''Returns the currently configured role parenting model'''
         return get_swapped_model_name(constants.RBAC_ROLE_PARENTING_MODEL_SETTING)
     def get_permission_model_name():
         '''Returns the currently configured permission model'''
         return get_swapped_model_name(constants.RBAC_PERMISSION_MODEL_SETTING)
     def get_role_model():
         '''Returns the currently configured role model'''
         return get_swapped_model(constants.RBAC_ROLE_MODEL_SETTING)
     def get_ou_model():
         '''Returns the currently configured organizational unit model'''
         return get_swapped_model(constants.RBAC_OU_MODEL_SETTING)
     def get_role_parenting_model():
         '''Returns the currently configured role parenting model'''
         return get_swapped_model(constants.RBAC_ROLE_PARENTING_MODEL_SETTING)
     def get_permission_model():
         '''Returns the currently configured permission model'''
         return get_swapped_model(constants.RBAC_PERMISSION_MODEL_SETTING)
     def get_operation(operation_tpl):
         from authentic2.a2_rbac import models
         operation, dummy = models.Operation.objects.get_or_create(slug=operation_tpl.slug)
         return operation
     def generate_slug(name, seen_slugs=None):
         slug = base_slug = slugify(name).lstrip('_')
         if seen_slugs:
             i = 1
             while slug in seen_slugs:
                 slug = '%s-%s' % (base_slug, i)
         return slug

         Permission,
         Role,
+    )
     from authentic2.a2_rbac.utils import get_default_ou
     from authentic2.a2_rbac.utils import get_default_ou, get_operation
     from authentic2.apps.journal.models import Event
     from authentic2.custom_user.models import DeletedUser
     from authentic2.models import UserExternalId
     from authentic2_auth_oidc.models import OIDCAccount, OIDCProvider
     from django_rbac.utils import get_operation
     from .utils import call_command, login

     from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP, VIEW_OP
     from authentic2.a2_rbac.models import OrganizationalUnit as OU
     from authentic2.a2_rbac.models import Permission, Role
     from authentic2.a2_rbac.utils import get_default_ou
     from authentic2.a2_rbac.utils import get_default_ou, get_operation
     from authentic2.apps.journal.models import Event
     from authentic2.models import Service
     from authentic2.validators import EmailValidator
     from django_rbac.utils import get_operation
     from .utils import assert_event, get_link_from_mail, login, request_select2, text_content

     from django.db.models import Q
     from django.test.utils import CaptureQueriesContext
     from authentic2.a2_rbac import models
     from authentic2.a2_rbac.models import Operation, OrganizationalUnit, Permission, Role, RoleParenting
     from authentic2.custom_user import backends
     from django_rbac import utils
     OU = OrganizationalUnit = utils.get_ou_model()
     Permission = utils.get_permission_model()
     RoleParenting = utils.get_role_parenting_model()
     Role = utils.get_role_model()
     User = get_user_model()
-...
     def test_role_parenting_soft_delete_children(db):
         OrganizationalUnit = utils.get_ou_model()
         Role = utils.get_role_model()
         RoleParenting = utils.get_role_parenting_model()
         ou = OrganizationalUnit.objects.create(name='ou')
         roles = []
         for i in range(10):
-...
     def test_role_parenting_soft_delete_parents(db):
         OrganizationalUnit = utils.get_ou_model()
         Role = utils.get_role_model()
         RoleParenting = utils.get_role_parenting_model()
         ou = OrganizationalUnit.objects.create(name='ou')
         roles = []
         for i in range(10):
-...
             relations.append(RoleParenting(parent=roles[i], child=roles[(i - 1) // SPAN]))
         RoleParenting.objects.bulk_create(relations)
         RoleParenting.objects.update_transitive_closure()
         operation, _ = models.Operation.objects.get_or_create(slug='admin')
         operation, _ = Operation.objects.get_or_create(slug='admin')
         perm, _ = Permission.objects.get_or_create(
             operation=operation,
             target_ct=ContentType.objects.get_for_model(ContentType),
-...
         roles[0].members.add(user)
         Role.objects.get(pk=roles[-1].pk).permissions.add(perm)
         for i in range(SIZE):
             assert models.Operation.objects.has_perm(user, 'admin', User)
             assert Operation.objects.has_perm(user, 'admin', User)
         for i in range(SIZE):
             assert list(Role.objects.for_user(user).order_by('pk')) == list(Role.objects.order_by('pk'))
     def test_rbac_backend(db):
         ou1 = OU.objects.create(name='ou1', slug='ou1')
         ou2 = OU.objects.create(name='ou2', slug='ou2')
         ou1 = OrganizationalUnit.objects.create(name='ou1', slug='ou1')
         ou2 = OrganizationalUnit.objects.create(name='ou2', slug='ou2')
         user1 = User.objects.create(username='john.doe')
         ct_ct = ContentType.objects.get_for_model(ContentType)
         role_ct = ContentType.objects.get_for_model(Role)
         change_op = models.Operation.objects.get(slug='change')
         view_op = models.Operation.objects.get(slug='view')
         delete_op = models.Operation.objects.get(slug='delete')
         add_op = models.Operation.objects.get(slug='add')
         admin_op = models.Operation.objects.get(slug='admin')
         change_op = Operation.objects.get(slug='change')
         view_op = Operation.objects.get(slug='view')
         delete_op = Operation.objects.get(slug='delete')
         add_op = Operation.objects.get(slug='add')
         admin_op = Operation.objects.get(slug='admin')
         perm1 = Permission.objects.create(operation=change_op, target_ct=ct_ct, target_id=role_ct.pk)
         perm2 = Permission.objects.create(operation=view_op, target_ct=ct_ct, target_id=role_ct.pk)
         Role.objects.all().delete()

     from authentic2.a2_rbac.models import VIEW_OP
     from authentic2.a2_rbac.models import OrganizationalUnit as OU
     from authentic2.a2_rbac.models import Permission, Role
     from authentic2.a2_rbac.utils import get_default_ou, get_view_user_perm
     from authentic2.a2_rbac.utils import get_default_ou, get_operation, get_view_user_perm
     from authentic2.apps.journal.models import Event
     from authentic2.custom_user.models import User
     from authentic2.manager import user_import
     from authentic2.models import Attribute, AttributeValue
     from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
     from django_rbac.utils import get_operation
     from .utils import get_link_from_mail, login, logout
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2