0001-a2_rbac-give-the-permission-to-view-all-users-to-any.patch
| src/authentic2/a2_rbac/management.py | ||
|---|---|---|
| 5 | 5 |
from django_rbac.utils import get_role_model, get_ou_model |
| 6 | 6 | |
| 7 | 7 |
from ..utils import get_fk_model |
| 8 |
from . import utils |
|
| 8 | 9 | |
| 9 | 10 | |
| 10 | 11 |
def update_ou_admin_roles(ou): |
| ... | ... | |
| 31 | 32 |
update_slug=True, |
| 32 | 33 |
update_name=True) |
| 33 | 34 |
ou_ct_admin_role.add_child(admin_role) |
| 35 |
if MANAGED_CT[key]['name'].get('must_view_user'):
|
|
| 36 |
ou_ct_admin_role.permissions.add(utils.get_view_user_perm()) |
|
| 34 | 37 | |
| 35 | 38 | |
| 36 | 39 |
def update_ous_admin_roles(): |
| ... | ... | |
| 57 | 60 |
('a2_rbac', 'role'): {
|
| 58 | 61 |
'name': _('Manager of roles'),
|
| 59 | 62 |
'scoped_name': _('Roles - {ou}'),
|
| 63 |
'must_view_user': True, |
|
| 60 | 64 |
}, |
| 61 | 65 |
('a2_rbac', 'organizationalunit'): {
|
| 62 | 66 |
'name': _('Manager of organizational units'),
|
| ... | ... | |
| 75 | 79 |
''' |
| 76 | 80 |
cts = ContentType.objects.all() |
| 77 | 81 |
Role = get_role_model() |
| 82 |
view_user_perm = utils.get_view_user_perm() |
|
| 78 | 83 | |
| 79 | 84 |
for ct in cts: |
| 80 | 85 |
ct_tuple = (ct.app_label.lower(), ct.model.lower()) |
| ... | ... | |
| 83 | 88 |
# General admin role |
| 84 | 89 |
name = MANAGED_CT[ct_tuple]['name'] |
| 85 | 90 |
slug = '_a2-' + slugify(name) |
| 86 |
Role.objects.get_admin_role(instance=ct, name=name, slug=slug, |
|
| 87 |
update_name=True) |
|
| 91 |
admin_role = Role.objects.get_admin_role(instance=ct, name=name, |
|
| 92 |
slug=slug, update_name=True) |
|
| 93 |
if MANAGED_CT[ct_tuple]['name'].get('must_view_user'):
|
|
| 94 |
admin_role.permissions.add(view_user_perm) |
|
| src/authentic2/a2_rbac/models.py | ||
|---|---|---|
| 12 | 12 |
# Django < 1.8 |
| 13 | 13 |
from django.contrib.contenttypes.generic import GenericForeignKey |
| 14 | 14 | |
| 15 |
from . import managers, fields |
|
| 15 |
from . import managers, fields, utils
|
|
| 16 | 16 | |
| 17 | 17 | |
| 18 | 18 |
class OrganizationalUnit(OrganizationalUnitAbstractBase): |
| ... | ... | |
| 93 | 93 |
db_index=True) |
| 94 | 94 | |
| 95 | 95 |
def get_admin_role(self, ou=None): |
| 96 |
return self.__class__.objects.get_admin_role(
|
|
| 96 |
admin_role = self.__class__.objects.get_admin_role(
|
|
| 97 | 97 |
self, ou=self.ou, |
| 98 |
name=_('Managers of role "{role}"').format(role=unicode(self)),
|
|
| 99 |
slug='_a2-managers-of-role-{role}'.format(role=slugify(unicode(self))))
|
|
| 98 |
name=_('Managers of role "{role}"').format(
|
|
| 99 |
role=unicode(self)), |
|
| 100 |
slug='_a2-managers-of-role-{role}'.format(
|
|
| 101 |
role=slugify(unicode(self)))) |
|
| 102 |
admin_role.permissions.add(utils.get_view_user_perm()) |
|
| 103 |
return admin_role |
|
| 100 | 104 | |
| 101 | 105 |
def clean(self): |
| 102 | 106 |
super(Role, self).clean() |
| src/authentic2/a2_rbac/utils.py | ||
|---|---|---|
| 1 |
from django.contrib.auth import get_user_model |
|
| 2 |
from django.contrib.contenttypes.models import ContentType |
|
| 3 |
from django_rbac.models import VIEW_OP |
|
| 4 | ||
| 5 |
from django_rbac import utils as rbac_utils |
|
| 6 | ||
| 1 | 7 |
from . import models |
| 2 | 8 | |
| 9 | ||
| 3 | 10 |
def get_default_ou(): |
| 4 | 11 |
return models.OrganizationalUnit.objects.get(default=True) |
| 12 | ||
| 13 | ||
| 14 |
def get_view_user_perm(): |
|
| 15 |
User = get_user_model() |
|
| 16 |
Permission = rbac_utils.get_permission_model() |
|
| 17 |
view_user_perm, created = Permission.objects.get_or_create( |
|
| 18 |
operation=rbac_utils.get_operation(VIEW_OP), |
|
| 19 |
target_ct=ContentType.objects.get_for_model(ContentType), |
|
| 20 |
target_id=ContentType.objects.get_for_model(User).pk, |
|
| 21 |
ou__isnull=True) |
|
| 5 |
- |
|