0001-roles-api-add_remove-members-8234.patch
src/authentic2/api_views.py | ||
---|---|---|
334 | 334 | |
335 | 335 |
def initial(self, request, *args, **kwargs): |
336 | 336 |
super(RolesAPI, self).initial(request, *args, **kwargs) |
337 |
perm = 'a2_rbac.change_role' |
|
338 |
authorized = request.user.has_perm(perm, obj=self.role) |
|
339 |
if not authorized: |
|
340 |
raise PermissionDenied(u'User not allowed to change role') |
|
341 | ||
342 |
def dispatch(self, request, *args, **kwargs): |
|
343 | 337 |
Role = get_role_model() |
344 | 338 |
User = get_user_model() |
345 | 339 |
self.role = get_object_or_404(Role, uuid=kwargs['role_uuid']) |
346 | 340 |
self.member = get_object_or_404(User, uuid=kwargs['member_uuid']) |
347 |
return super(RolesAPI, self).dispatch(request, *args, **kwargs) |
|
341 | ||
342 |
perm = 'a2_rbac.change_role' |
|
343 |
authorized = request.user.has_perm(perm, obj=self.role) |
|
344 |
if not authorized: |
|
345 |
raise PermissionDenied(u'User not allowed to change role') |
|
348 | 346 | |
349 | 347 |
def post(self, request, *args, **kwargs): |
350 | 348 |
self.role.members.add(self.member) |
tests/test_api.py | ||
---|---|---|
77 | 77 |
'role_member': member.uuid |
78 | 78 |
} |
79 | 79 | |
80 |
authorized = user.is_superuser or user.has_perm('a2_rbac.change_role', role)
|
|
80 |
authorized = user.has_perm('a2_rbac.change_role', role) |
|
81 | 81 | |
82 | 82 |
if member.username == 'fake' or role.name == 'fake': |
83 | 83 |
status = 404 |
84 |
- |