From c9c578dad7b5789128982931ec5349d4921f1b37 Mon Sep 17 00:00:00 2001
From: Josue Kouka <jkouka@entrouvert.com>
Date: Wed, 19 Apr 2017 10:25:42 +0200
Subject: [PATCH 1/6] add authorized roles and unauthorized url field to
 Service

---
 .../migrations/0017_auto_20170421_1017.py          | 26 ++++++++++++++++++++++
 src/authentic2/models.py                           | 16 +++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 src/authentic2/migrations/0017_auto_20170421_1017.py

diff --git a/src/authentic2/migrations/0017_auto_20170421_1017.py b/src/authentic2/migrations/0017_auto_20170421_1017.py
new file mode 100644
index 00000000..56e97550
--- /dev/null
+++ b/src/authentic2/migrations/0017_auto_20170421_1017.py
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+from django.conf import settings
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.RBAC_ROLE_MODEL),
+        ('authentic2', '0016_attribute_disabled'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='service',
+            name='authorized_roles',
+            field=models.ManyToManyField(related_name='_service_authorized_roles_+', verbose_name='authorized roles', to=settings.RBAC_ROLE_MODEL),
+        ),
+        migrations.AddField(
+            model_name='service',
+            name='unauthorized_url',
+            field=models.URLField(max_length=256, null=True, verbose_name='callback url when unathorized'),
+        ),
+    ]
diff --git a/src/authentic2/models.py b/src/authentic2/models.py
index 3e716720..8b4c447b 100644
--- a/src/authentic2/models.py
+++ b/src/authentic2/models.py
@@ -14,6 +14,7 @@ from model_utils.managers import QueryManager
 from . import attribute_kinds
 from authentic2.a2_rbac.models import Role
 from authentic2.a2_rbac.utils import get_default_ou
+from django_rbac.utils import get_role_model_name
 
 try:
     from django.contrib.contenttypes.fields import GenericForeignKey
@@ -313,6 +314,12 @@ class Service(models.Model):
         null=True,
         blank=True,
         swappable=False)
+    authorized_roles = models.ManyToManyField(
+        get_role_model_name(), verbose_name=_('authorized roles'),
+        related_name='authorized_roles+')
+    unauthorized_url = models.URLField(
+        verbose_name=_('callback url when unathorized'),
+        max_length=256, null=True)
 
     objects = managers.ServiceManager()
 
@@ -348,6 +355,15 @@ class Service(models.Model):
     def __repr__(self):
         return '<%s %r>' % (self.__class__.__name__, unicode(self))
 
+    def authorize(self, request):
+        if not self.authorized_roles.exists():
+            return True
+        for role in self.authorized_roles.all():
+            if request.user.roles.filter(uuid=role.uuid).exists():
+                return True
+        else:
+            return False
+
     def to_json(self, roles=None):
         if not roles:
             roles = Role.objects.all()
-- 
2.11.0