From 63a6d9a0b60ad535a5f85cf662f618c7b81a1d16 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Thu, 4 Apr 2019 15:30:52 +0200
Subject: [PATCH 02/13] manager: display and configure permission and role
 levels

---
 src/authentic2/manager/forms.py      | 5 ++++-
 src/authentic2/manager/role_views.py | 4 ++++
 src/authentic2/manager/tables.py     | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/authentic2/manager/forms.py b/src/authentic2/manager/forms.py
index 1708290f..652fd659 100644
--- a/src/authentic2/manager/forms.py
+++ b/src/authentic2/manager/forms.py
@@ -163,6 +163,9 @@ class ChoosePermissionForm(CssClass, forms.Form):
         queryset=get_permission_model().objects,
         required=False,
         widget=forms.HiddenInput)
+    auth_level = forms.IntegerField(
+        initial=1,
+        required=False)
 
 
 class UserEditForm(LimitQuerysetFormMixin, CssClass, BaseUserForm):
@@ -649,7 +652,7 @@ class RoleEditForm(SlugMixin, HideOUFieldMixin, LimitQuerysetFormMixin, CssClass
 
     class Meta:
         model = get_role_model()
-        fields = ('name', 'ou', 'description')
+        fields = ('name', 'ou', 'description', 'auth_level')
 
 
 class OUEditForm(SlugMixin, CssClass, forms.ModelForm):
diff --git a/src/authentic2/manager/role_views.py b/src/authentic2/manager/role_views.py
index 30d65d39..43fb626d 100644
--- a/src/authentic2/manager/role_views.py
+++ b/src/authentic2/manager/role_views.py
@@ -228,6 +228,7 @@ class RolePermissionsView(RoleViewMixin, views.BaseSubTableView):
             ou = form.cleaned_data.get('ou')
             target = form.cleaned_data.get('target')
             action = form.cleaned_data.get('action')
+            auth_level = form.cleaned_data.get('auth_level')
             Permission = get_permission_model()
             if action == 'add' and operation and target:
                 perm, created = Permission.objects \
@@ -235,6 +236,9 @@ class RolePermissionsView(RoleViewMixin, views.BaseSubTableView):
                                    target_ct=ContentType.objects.get_for_model(
                                        target),
                                    target_id=target.pk)
+                if created:
+                    perm.auth_level = auth_level
+                    perm.save()
                 self.object.permissions.add(perm)
                 hooks.call_hooks('event', name='manager-add-permission', user=self.request.user,
                                  role=self.object, permission=perm)
diff --git a/src/authentic2/manager/tables.py b/src/authentic2/manager/tables.py
index 189d09e2..4e12ed0e 100644
--- a/src/authentic2/manager/tables.py
+++ b/src/authentic2/manager/tables.py
@@ -78,7 +78,7 @@ class PermissionTable(tables.Table):
     class Meta:
         model = get_permission_model()
         attrs = {'class': 'main', 'id': 'role-table'}
-        fields = ('operation', 'scope', 'target')
+        fields = ('operation', 'scope', 'target', 'auth_level')
         empty_text = _('None')
 
 
-- 
2.20.1