Projet

Général

Profil

0001-a2_rbac-add-global-management-role-for-api-clients-7.patch

Paul Marillonnet, 14 novembre 2022 15:44

Télécharger (11,5 ko)

Voir les différences:

Subject: [PATCH] a2_rbac: add global management role for api clients (#71267)

    ou-wise api-client management roles will be added in #71275.
 src/authentic2/a2_rbac/management.py      |  4 ++++
 src/authentic2/manager/apiclient_views.py |  2 +-
 src/authentic2/manager/views.py           |  2 +-
 tests/test_a2_rbac.py                     | 26 +++++++++++++----------
 tests/test_manager.py                     | 16 +++++++-------
 tests/test_manager_apiclient.py           |  2 +-
 tests/test_role_manager.py                |  7 +++---
 7 files changed, 34 insertions(+), 25 deletions(-)
src/authentic2/a2_rbac/management.py
95 95
        'name': _('Manager of authenticators'),
96 96
        'scoped_name': _('Authenticators - {ou}'),
97 97
    },
98
    ('authentic2', 'apiclient'): {
99
        'name': _('Manager of API clients'),
100
        'scoped_name': _('API clients - {ou}'),
101
    },
98 102
}
99 103

  
100 104

  
src/authentic2/manager/apiclient_views.py
27 27

  
28 28
class APIClientsMixin(PermissionMixin, MediaMixin, TitleMixin):
29 29
    model = APIClient
30
    permissions = ['authentic2.admin_service']
30
    permissions = ['authentic2.admin_apiclient']
31 31
    permissions_global = True
32 32

  
33 33
    def get_queryset(self):
src/authentic2/manager/views.py
692 692
            'label': _('API Clients'),
693 693
            'slug': 'api-clients',
694 694
            'href': reverse_lazy('a2-manager-api-clients'),
695
            'permissions': ['authentic2.admin_service'],
695
            'permissions': ['authentic2.admin_apiclient'],
696 696
            'place': 'sidebar',
697 697
        },
698 698
    ]
tests/test_a2_rbac.py
30 30

  
31 31

  
32 32
def test_update_rbac(db):
33
    # 5 content types managers and 1 global manager
34
    assert Role.objects.count() == 6
35
    # 4 content type global permissions, 1 role administration permissions (for the main manager
33
    # 6 content types managers and 1 global manager
34
    assert Role.objects.count() == 7
35
    # 6 content type global permissions, 1 role administration permissions (for the main manager
36 36
    # role which is self-administered)
37 37
    # and 1 user view permission (for the role administrator)
38 38
    # and 1 user manage authorizations permission (for the role administrator)
39 39
    # and 1 ou view permission (for the user and role administrators)
40
    assert Permission.objects.count() == 9
40
    assert Permission.objects.count() == 10
41 41

  
42 42

  
43 43
def test_delete_role(db):
......
423 423
    from django.core.management.sql import emit_post_migrate_signal
424 424

  
425 425
    call_command('flush', verbosity=0, interactive=False, database='default', reset_sequences=False)
426
    assert Role.objects.count() == 6
426
    assert Role.objects.count() == 7
427 427
    OU.objects.create(name='OU1', slug='ou1')
428 428
    emit_post_migrate_signal(verbosity=0, interactive=False, db='default', created_models=[])
429
    assert Role.objects.count() == 6 + 5 + 5
429
    assert Role.objects.count() == 7 + 5 + 5
430 430
    settings.A2_RBAC_MANAGED_CONTENT_TYPES = ()
431 431
    call_command('flush', verbosity=0, interactive=False, database='default', reset_sequences=False)
432 432
    assert Role.objects.count() == 0
......
443 443
    role_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-roles')
444 444
    service_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-services')
445 445
    authenticator_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-authenticators')
446
    apiclients_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-api-clients')
446 447
    assert ou_manager in manager.parents()
447 448
    assert user_manager in manager.parents()
448 449
    assert role_manager in manager.parents()
449 450
    assert service_manager in manager.parents()
450 451
    assert authenticator_manager in manager.parents()
451
    assert manager.parents(include_self=False).count() == 5
452
    assert Role.objects.count() == 6
452
    assert apiclients_manager in manager.parents()
453
    assert manager.parents(include_self=False).count() == 6
454
    assert Role.objects.count() == 7
453 455
    assert OU.objects.count() == 1
454 456

  
455 457

  
......
460 462
    role_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-roles')
461 463
    service_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-services')
462 464
    authenticator_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-authenticators')
465
    apiclients_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-api-clients')
463 466
    assert ou_manager in manager.parents()
464 467
    assert user_manager in manager.parents()
465 468
    assert role_manager in manager.parents()
466 469
    assert service_manager in manager.parents()
467 470
    assert authenticator_manager in manager.parents()
468
    assert manager.parents(include_self=False).count() == 5
471
    assert apiclients_manager in manager.parents()
472
    assert manager.parents(include_self=False).count() == 6
469 473

  
470 474
    for ou in [get_default_ou(), ou1]:
471 475
        manager = Role.objects.get(ou__isnull=True, slug=f'_a2-managers-of-{ou.slug}')
......
480 484
        assert authenticator_manager in manager.parents()
481 485
        assert manager.parents(include_self=False).count() == 4
482 486

  
483
    # 6 global roles and 5 ou roles for both ous
484
    assert Role.objects.count() == 6 + 5 + 5
487
    # 7 global roles and 5 ou roles for both ous (api clients aren't ou-managed yet)
488
    assert Role.objects.count() == 7 + 5 + 5
485 489

  
486 490

  
487 491
@pytest.mark.parametrize(
tests/test_manager.py
466 466
        form.set('search-internals', True)
467 467
        response = form.submit()
468 468
        q = response.pyquery.remove_namespaces()
469
        assert len(q('table tbody tr')) == 7
469
        assert len(q('table tbody tr')) == 8
470 470
        # admin enroled only in the Manager role, other roles are inherited
471
        assert len(q('table tbody tr td.via')) == 7
471
        assert len(q('table tbody tr td.via')) == 8
472 472
        assert len(q('table tbody tr td.via:empty')) == 2
473 473
        for elt in q('table tbody td.name a'):
474 474
            assert 'Manager' in elt.text or elt.text == 'simple role'
......
490 490
        response.form.set('search-internals', True)
491 491
        response = response.form.submit()
492 492
        q = response.pyquery.remove_namespaces()
493
        assert len(q('table tbody tr')) == 7
493
        assert len(q('table tbody tr')) == 8
494 494
        for elt in q('table tbody td.name a'):
495 495
            assert 'Manager' in elt.text or elt.text == 'simple role'
496 496

  
......
541 541
        form.set('search-internals', True)
542 542
        response = form.submit()
543 543
        q = response.pyquery.remove_namespaces()
544
        assert len(q('table tbody tr')) == 6
544
        assert len(q('table tbody tr')) == 7
545 545
        # admin enroled only in the Manager role, other roles are inherited
546
        assert len(q('table tbody tr td.via')) == 6
546
        assert len(q('table tbody tr td.via')) == 7
547 547
        assert len(q('table tbody tr td.via:empty')) == 1
548 548
        for elt in q('table tbody td.name a'):
549 549
            assert 'Manager' in elt.text
......
553 553
        form.set('search-internals', True)
554 554
        response = form.submit()
555 555
        q = response.pyquery.remove_namespaces()
556
        assert len(q('table tbody tr')) == 8
556
        assert len(q('table tbody tr')) == 9
557 557
        for elt in q('table tbody td.name a'):
558 558
            assert 'Manager' in elt.text
559 559

  
......
585 585
        response.form.set('search-internals', True)
586 586
        response = response.form.submit()
587 587
        q = response.pyquery.remove_namespaces()
588
        assert len(q('table tbody tr')) == 18
588
        assert len(q('table tbody tr')) == 19
589 589
        for elt in q('table tbody td.name a'):
590 590
            assert (
591 591
                'OU1' in elt.text
......
599 599
        response.form.set('search-internals', True)
600 600
        response = response.form.submit()
601 601
        q = response.pyquery.remove_namespaces()
602
        assert len(q('table tbody tr')) == 8
602
        assert len(q('table tbody tr')) == 9
603 603
        for elt in q('table tbody td.name a'):
604 604
            assert 'Manager' in elt.text
605 605

  
tests/test_manager_apiclient.py
73 73

  
74 74
        @pytest.fixture
75 75
        def user(self, simple_user):
76
            simple_user.roles.add(Role.objects.get(ou__isnull=True, slug='_a2-manager-of-services'))
76
            simple_user.roles.add(Role.objects.get(ou__isnull=True, slug='_a2-manager-of-api-clients'))
77 77
            return simple_user
78 78

  
79 79

  
tests/test_role_manager.py
524 524
    assert select2_json['more'] is True
525 525

  
526 526
    select2_json = request_select2(app, resp, fetch_all=True)
527
    assert len(select2_json['results']) == 20
527
    assert len(select2_json['results']) == 21
528 528
    choices = [x['text'] for x in select2_json['results']]
529 529
    assert choices == [
530 530
        'Default organizational unit - Authenticators - Default organizational unit',
......
538 538
        'OU1 - Services - OU1',
539 539
        'OU1 - Users - OU1',
540 540
        'Manager',
541
        'Manager of API clients',
541 542
        'Manager of authenticators',
542 543
        'Manager of organizational units',
543 544
        'Manager of roles',
......
561 562
    assert select2_json['more'] is False
562 563

  
563 564
    select2_json = request_select2(app, resp, term='Manager')
564
    assert len(select2_json['results']) == 9
565
    assert len(select2_json['results']) == 10
565 566
    select2_json = request_select2(app, resp, term='Manager of')
566
    assert len(select2_json['results']) == 8
567
    assert len(select2_json['results']) == 9
567 568
    select2_json = request_select2(app, resp, term='Manager of serv')
568 569
    assert len(select2_json['results']) == 1
569 570

  
570
-