0001-a2_rbac-give-the-permission-to-view-all-users-to-any.patch
src/authentic2/a2_rbac/management.py | ||
---|---|---|
5 | 5 |
from django_rbac.utils import get_role_model, get_ou_model |
6 | 6 | |
7 | 7 |
from ..utils import get_fk_model |
8 |
from . import utils |
|
8 | 9 | |
9 | 10 | |
10 | 11 |
def update_ou_admin_roles(ou): |
... | ... | |
31 | 32 |
update_slug=True, |
32 | 33 |
update_name=True) |
33 | 34 |
ou_ct_admin_role.add_child(admin_role) |
35 |
if MANAGED_CT[key]['name'].get('must_view_user'): |
|
36 |
ou_ct_admin_role.permissions.add(utils.get_view_user_perm()) |
|
34 | 37 | |
35 | 38 | |
36 | 39 |
def update_ous_admin_roles(): |
... | ... | |
57 | 60 |
('a2_rbac', 'role'): { |
58 | 61 |
'name': _('Manager of roles'), |
59 | 62 |
'scoped_name': _('Roles - {ou}'), |
63 |
'must_view_user': True, |
|
60 | 64 |
}, |
61 | 65 |
('a2_rbac', 'organizationalunit'): { |
62 | 66 |
'name': _('Manager of organizational units'), |
... | ... | |
75 | 79 |
''' |
76 | 80 |
cts = ContentType.objects.all() |
77 | 81 |
Role = get_role_model() |
82 |
view_user_perm = utils.get_view_user_perm() |
|
78 | 83 | |
79 | 84 |
for ct in cts: |
80 | 85 |
ct_tuple = (ct.app_label.lower(), ct.model.lower()) |
... | ... | |
83 | 88 |
# General admin role |
84 | 89 |
name = MANAGED_CT[ct_tuple]['name'] |
85 | 90 |
slug = '_a2-' + slugify(name) |
86 |
Role.objects.get_admin_role(instance=ct, name=name, slug=slug, |
|
87 |
update_name=True) |
|
91 |
admin_role = Role.objects.get_admin_role(instance=ct, name=name, |
|
92 |
slug=slug, update_name=True) |
|
93 |
if MANAGED_CT[ct_tuple]['name'].get('must_view_user'): |
|
94 |
admin_role.permissions.add(view_user_perm) |
src/authentic2/a2_rbac/models.py | ||
---|---|---|
12 | 12 |
# Django < 1.8 |
13 | 13 |
from django.contrib.contenttypes.generic import GenericForeignKey |
14 | 14 | |
15 |
from . import managers, fields |
|
15 |
from . import managers, fields, utils
|
|
16 | 16 | |
17 | 17 | |
18 | 18 |
class OrganizationalUnit(OrganizationalUnitAbstractBase): |
... | ... | |
93 | 93 |
db_index=True) |
94 | 94 | |
95 | 95 |
def get_admin_role(self, ou=None): |
96 |
return self.__class__.objects.get_admin_role(
|
|
96 |
admin_role = self.__class__.objects.get_admin_role(
|
|
97 | 97 |
self, ou=self.ou, |
98 |
name=_('Managers of role "{role}"').format(role=unicode(self)), |
|
99 |
slug='_a2-managers-of-role-{role}'.format(role=slugify(unicode(self)))) |
|
98 |
name=_('Managers of role "{role}"').format( |
|
99 |
role=unicode(self)), |
|
100 |
slug='_a2-managers-of-role-{role}'.format( |
|
101 |
role=slugify(unicode(self)))) |
|
102 |
admin_role.permissions.add(utils.get_view_user_perm()) |
|
103 |
return admin_role |
|
100 | 104 | |
101 | 105 |
def clean(self): |
102 | 106 |
super(Role, self).clean() |
src/authentic2/a2_rbac/utils.py | ||
---|---|---|
1 |
from django.contrib.auth import get_user_model |
|
2 |
from django.contrib.contenttypes.models import ContentType |
|
3 |
from django_rbac.models import VIEW_OP |
|
4 | ||
5 |
from django_rbac import utils as rbac_utils |
|
6 | ||
1 | 7 |
from . import models |
2 | 8 | |
9 | ||
3 | 10 |
def get_default_ou(): |
4 | 11 |
return models.OrganizationalUnit.objects.get(default=True) |
12 | ||
13 | ||
14 |
def get_view_user_perm(): |
|
15 |
User = get_user_model() |
|
16 |
Permission = rbac_utils.get_permission_model() |
|
17 |
view_user_perm, created = Permission.objects.get_or_create( |
|
18 |
operation=rbac_utils.get_operation(VIEW_OP), |
|
19 |
target_ct=ContentType.objects.get_for_model(ContentType), |
|
20 |
target_id=ContentType.objects.get_for_model(User).pk, |
|
21 |
ou__isnull=True) |
|
5 |
- |