0001-a2_rbac-add-global-management-role-for-api-clients-7.patch
src/authentic2/a2_rbac/management.py | ||
---|---|---|
95 | 95 |
'name': _('Manager of authenticators'), |
96 | 96 |
'scoped_name': _('Authenticators - {ou}'), |
97 | 97 |
}, |
98 |
('authentic2', 'apiclient'): { |
|
99 |
'name': _('Manager of API clients'), |
|
100 |
'scoped_name': _('API clients - {ou}'), |
|
101 |
}, |
|
98 | 102 |
} |
99 | 103 | |
100 | 104 |
src/authentic2/manager/apiclient_views.py | ||
---|---|---|
27 | 27 | |
28 | 28 |
class APIClientsMixin(PermissionMixin, MediaMixin, TitleMixin): |
29 | 29 |
model = APIClient |
30 |
permissions = ['authentic2.admin_service']
|
|
30 |
permissions = ['authentic2.admin_apiclient']
|
|
31 | 31 |
permissions_global = True |
32 | 32 | |
33 | 33 |
def get_queryset(self): |
src/authentic2/manager/views.py | ||
---|---|---|
692 | 692 |
'label': _('API Clients'), |
693 | 693 |
'slug': 'api-clients', |
694 | 694 |
'href': reverse_lazy('a2-manager-api-clients'), |
695 |
'permissions': ['authentic2.admin_service'],
|
|
695 |
'permissions': ['authentic2.admin_apiclient'],
|
|
696 | 696 |
'place': 'sidebar', |
697 | 697 |
}, |
698 | 698 |
] |
tests/test_a2_rbac.py | ||
---|---|---|
31 | 31 | |
32 | 32 |
def test_update_rbac(db): |
33 | 33 |
# 5 content types managers and 1 global manager |
34 |
assert Role.objects.count() == 6
|
|
34 |
assert Role.objects.count() == 7
|
|
35 | 35 |
# 4 content type global permissions, 1 role administration permissions (for the main manager |
36 | 36 |
# role which is self-administered) |
37 | 37 |
# and 1 user view permission (for the role administrator) |
38 | 38 |
# and 1 user manage authorizations permission (for the role administrator) |
39 | 39 |
# and 1 ou view permission (for the user and role administrators) |
40 |
assert Permission.objects.count() == 9
|
|
40 |
assert Permission.objects.count() == 10
|
|
41 | 41 | |
42 | 42 | |
43 | 43 |
def test_delete_role(db): |
... | ... | |
423 | 423 |
from django.core.management.sql import emit_post_migrate_signal |
424 | 424 | |
425 | 425 |
call_command('flush', verbosity=0, interactive=False, database='default', reset_sequences=False) |
426 |
assert Role.objects.count() == 6
|
|
426 |
assert Role.objects.count() == 7
|
|
427 | 427 |
OU.objects.create(name='OU1', slug='ou1') |
428 | 428 |
emit_post_migrate_signal(verbosity=0, interactive=False, db='default', created_models=[]) |
429 |
assert Role.objects.count() == 6 + 5 + 5
|
|
429 |
assert Role.objects.count() == 7 + 5 + 5
|
|
430 | 430 |
settings.A2_RBAC_MANAGED_CONTENT_TYPES = () |
431 | 431 |
call_command('flush', verbosity=0, interactive=False, database='default', reset_sequences=False) |
432 | 432 |
assert Role.objects.count() == 0 |
... | ... | |
443 | 443 |
role_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-roles') |
444 | 444 |
service_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-services') |
445 | 445 |
authenticator_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-authenticators') |
446 |
apiclients_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-api-clients') |
|
446 | 447 |
assert ou_manager in manager.parents() |
447 | 448 |
assert user_manager in manager.parents() |
448 | 449 |
assert role_manager in manager.parents() |
449 | 450 |
assert service_manager in manager.parents() |
450 | 451 |
assert authenticator_manager in manager.parents() |
451 |
assert manager.parents(include_self=False).count() == 5 |
|
452 |
assert Role.objects.count() == 6 |
|
452 |
assert apiclients_manager in manager.parents() |
|
453 |
assert manager.parents(include_self=False).count() == 6 |
|
454 |
assert Role.objects.count() == 7 |
|
453 | 455 |
assert OU.objects.count() == 1 |
454 | 456 | |
455 | 457 | |
... | ... | |
460 | 462 |
role_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-roles') |
461 | 463 |
service_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-services') |
462 | 464 |
authenticator_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-authenticators') |
465 |
apiclients_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-api-clients') |
|
463 | 466 |
assert ou_manager in manager.parents() |
464 | 467 |
assert user_manager in manager.parents() |
465 | 468 |
assert role_manager in manager.parents() |
466 | 469 |
assert service_manager in manager.parents() |
467 | 470 |
assert authenticator_manager in manager.parents() |
468 |
assert manager.parents(include_self=False).count() == 5 |
|
471 |
assert apiclients_manager in manager.parents() |
|
472 |
assert manager.parents(include_self=False).count() == 6 |
|
469 | 473 | |
470 | 474 |
for ou in [get_default_ou(), ou1]: |
471 | 475 |
manager = Role.objects.get(ou__isnull=True, slug=f'_a2-managers-of-{ou.slug}') |
... | ... | |
480 | 484 |
assert authenticator_manager in manager.parents() |
481 | 485 |
assert manager.parents(include_self=False).count() == 4 |
482 | 486 | |
483 |
# 6 global roles and 5 ou roles for both ous
|
|
484 |
assert Role.objects.count() == 6 + 5 + 5
|
|
487 |
# 7 global roles and 5 ou roles for both ous (api clients aren't ou-managed yet)
|
|
488 |
assert Role.objects.count() == 7 + 5 + 5
|
|
485 | 489 | |
486 | 490 | |
487 | 491 |
@pytest.mark.parametrize( |
tests/test_manager.py | ||
---|---|---|
466 | 466 |
form.set('search-internals', True) |
467 | 467 |
response = form.submit() |
468 | 468 |
q = response.pyquery.remove_namespaces() |
469 |
assert len(q('table tbody tr')) == 7
|
|
469 |
assert len(q('table tbody tr')) == 8
|
|
470 | 470 |
# admin enroled only in the Manager role, other roles are inherited |
471 |
assert len(q('table tbody tr td.via')) == 7
|
|
471 |
assert len(q('table tbody tr td.via')) == 8
|
|
472 | 472 |
assert len(q('table tbody tr td.via:empty')) == 2 |
473 | 473 |
for elt in q('table tbody td.name a'): |
474 | 474 |
assert 'Manager' in elt.text or elt.text == 'simple role' |
... | ... | |
490 | 490 |
response.form.set('search-internals', True) |
491 | 491 |
response = response.form.submit() |
492 | 492 |
q = response.pyquery.remove_namespaces() |
493 |
assert len(q('table tbody tr')) == 7
|
|
493 |
assert len(q('table tbody tr')) == 8
|
|
494 | 494 |
for elt in q('table tbody td.name a'): |
495 | 495 |
assert 'Manager' in elt.text or elt.text == 'simple role' |
496 | 496 | |
... | ... | |
541 | 541 |
form.set('search-internals', True) |
542 | 542 |
response = form.submit() |
543 | 543 |
q = response.pyquery.remove_namespaces() |
544 |
assert len(q('table tbody tr')) == 6
|
|
544 |
assert len(q('table tbody tr')) == 7
|
|
545 | 545 |
# admin enroled only in the Manager role, other roles are inherited |
546 |
assert len(q('table tbody tr td.via')) == 6
|
|
546 |
assert len(q('table tbody tr td.via')) == 7
|
|
547 | 547 |
assert len(q('table tbody tr td.via:empty')) == 1 |
548 | 548 |
for elt in q('table tbody td.name a'): |
549 | 549 |
assert 'Manager' in elt.text |
... | ... | |
553 | 553 |
form.set('search-internals', True) |
554 | 554 |
response = form.submit() |
555 | 555 |
q = response.pyquery.remove_namespaces() |
556 |
assert len(q('table tbody tr')) == 8
|
|
556 |
assert len(q('table tbody tr')) == 9
|
|
557 | 557 |
for elt in q('table tbody td.name a'): |
558 | 558 |
assert 'Manager' in elt.text |
559 | 559 | |
... | ... | |
585 | 585 |
response.form.set('search-internals', True) |
586 | 586 |
response = response.form.submit() |
587 | 587 |
q = response.pyquery.remove_namespaces() |
588 |
assert len(q('table tbody tr')) == 18
|
|
588 |
assert len(q('table tbody tr')) == 19
|
|
589 | 589 |
for elt in q('table tbody td.name a'): |
590 | 590 |
assert ( |
591 | 591 |
'OU1' in elt.text |
... | ... | |
599 | 599 |
response.form.set('search-internals', True) |
600 | 600 |
response = response.form.submit() |
601 | 601 |
q = response.pyquery.remove_namespaces() |
602 |
assert len(q('table tbody tr')) == 8
|
|
602 |
assert len(q('table tbody tr')) == 9
|
|
603 | 603 |
for elt in q('table tbody td.name a'): |
604 | 604 |
assert 'Manager' in elt.text |
605 | 605 |
tests/test_manager_apiclient.py | ||
---|---|---|
73 | 73 | |
74 | 74 |
@pytest.fixture |
75 | 75 |
def user(self, simple_user): |
76 |
simple_user.roles.add(Role.objects.get(ou__isnull=True, slug='_a2-manager-of-services'))
|
|
76 |
simple_user.roles.add(Role.objects.get(ou__isnull=True, slug='_a2-manager-of-api-clients'))
|
|
77 | 77 |
return simple_user |
78 | 78 | |
79 | 79 |
tests/test_role_manager.py | ||
---|---|---|
524 | 524 |
assert select2_json['more'] is True |
525 | 525 | |
526 | 526 |
select2_json = request_select2(app, resp, fetch_all=True) |
527 |
assert len(select2_json['results']) == 20
|
|
527 |
assert len(select2_json['results']) == 21
|
|
528 | 528 |
choices = [x['text'] for x in select2_json['results']] |
529 | 529 |
assert choices == [ |
530 | 530 |
'Default organizational unit - Authenticators - Default organizational unit', |
... | ... | |
538 | 538 |
'OU1 - Services - OU1', |
539 | 539 |
'OU1 - Users - OU1', |
540 | 540 |
'Manager', |
541 |
'Manager of API clients', |
|
541 | 542 |
'Manager of authenticators', |
542 | 543 |
'Manager of organizational units', |
543 | 544 |
'Manager of roles', |
... | ... | |
561 | 562 |
assert select2_json['more'] is False |
562 | 563 | |
563 | 564 |
select2_json = request_select2(app, resp, term='Manager') |
564 |
assert len(select2_json['results']) == 9
|
|
565 |
assert len(select2_json['results']) == 10
|
|
565 | 566 |
select2_json = request_select2(app, resp, term='Manager of') |
566 |
assert len(select2_json['results']) == 8
|
|
567 |
assert len(select2_json['results']) == 9
|
|
567 | 568 |
select2_json = request_select2(app, resp, term='Manager of serv') |
568 | 569 |
assert len(select2_json['results']) == 1 |
569 | 570 | |
570 |
- |