From 1e5a3591b7fd32edc6a8290c5ef7f78c055393d3 Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Thu, 4 Apr 2019 16:32:13 +0200 Subject: [PATCH 11/13] django_rbac: add max authentication level --- src/authentic2/settings.py | 2 ++ .../migrations/0007_auto_20190404_1632.py | 26 +++++++++++++++++++ src/django_rbac/models.py | 16 ++++++++---- 3 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 src/django_rbac/migrations/0007_auto_20190404_1632.py diff --git a/src/authentic2/settings.py b/src/authentic2/settings.py index 80902b50..a1efdc05 100644 --- a/src/authentic2/settings.py +++ b/src/authentic2/settings.py @@ -324,6 +324,8 @@ DJANGO_RBAC_PERMISSIONS_HIERARCHY = { 'add': ['view', 'search'], } +DJANGO_RBAC_MAX_AUTH_LEVEL = 5 + SILENCED_SYSTEM_CHECKS = ["auth.W004"] # Get select2 from local copy. diff --git a/src/django_rbac/migrations/0007_auto_20190404_1632.py b/src/django_rbac/migrations/0007_auto_20190404_1632.py new file mode 100644 index 00000000..7ffa161e --- /dev/null +++ b/src/django_rbac/migrations/0007_auto_20190404_1632.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.11.18 on 2019-04-04 14:32 +from __future__ import unicode_literals + +import django.core.validators +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('django_rbac', '0006_auto_20190404_1527'), + ] + + operations = [ + migrations.AlterField( + model_name='permission', + name='auth_level', + field=models.PositiveSmallIntegerField(default=1, validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(5)], verbose_name='required authentication level'), + ), + migrations.AlterField( + model_name='role', + name='auth_level', + field=models.PositiveSmallIntegerField(default=1, validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(5)], verbose_name='required authentication level'), + ), + ] diff --git a/src/django_rbac/models.py b/src/django_rbac/models.py index 9d7ad588..4ddf24f0 100644 --- a/src/django_rbac/models.py +++ b/src/django_rbac/models.py @@ -19,10 +19,12 @@ from django.contrib.auth import get_user_model from django.contrib.auth.models import Group, _user_get_all_permissions, \ _user_has_perm, _user_has_module_perms, Permission as AuthPermission from django.contrib import auth -from django.core.validators import MinValueValidator +from django.core.validators import MinValueValidator, MaxValueValidator from . import utils, constants, managers, backends +DEFAULT_MAX_AUTH_LEVEL = 5 + class AbstractBase(models.Model): '''Abstract base model for all models having a name and uuid and a @@ -142,9 +144,11 @@ class PermissionAbstractBase(models.Model): 'target_ct', 'target_id') auth_level = models.PositiveSmallIntegerField( - verbose_name=_('required authentication level'), - default=1, - validators=(MinValueValidator(1),)) + verbose_name=_('required authentication level'), + default=1, + validators=(MinValueValidator(1), MaxValueValidator( + getattr(settings, 'DJANGO_RBAC_MAX_AUTH_LEVEL', + DEFAULT_MAX_AUTH_LEVEL)))) objects = managers.PermissionManager() @@ -203,7 +207,9 @@ class RoleAbstractBase(AbstractOrganizationalUnitScopedBase, AbstractBase): auth_level = models.PositiveSmallIntegerField( verbose_name=_('required authentication level'), default=1, - validators=(MinValueValidator(1),)) + validators=(MinValueValidator(1), MaxValueValidator( + getattr(settings, 'DJANGO_RBAC_MAX_AUTH_LEVEL', + DEFAULT_MAX_AUTH_LEVEL)))) objects = managers.RoleQuerySet.as_manager() -- 2.20.1