From da3f772726e45fac9168a1b484280a07d9b7550e Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Mon, 27 Apr 2020 15:03:07 +0200 Subject: [PATCH] wip --- .../migrations/0023_fix_self_admin_perm.py | 45 +++++++++++++++++++ src/authentic2/a2_rbac/models.py | 18 +++++--- 2 files changed, 56 insertions(+), 7 deletions(-) create mode 100644 src/authentic2/a2_rbac/migrations/0023_fix_self_admin_perm.py diff --git a/src/authentic2/a2_rbac/migrations/0023_fix_self_admin_perm.py b/src/authentic2/a2_rbac/migrations/0023_fix_self_admin_perm.py new file mode 100644 index 00000000..b2654176 --- /dev/null +++ b/src/authentic2/a2_rbac/migrations/0023_fix_self_admin_perm.py @@ -0,0 +1,45 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.11.18 on 2020-05-12 08:58 +from __future__ import unicode_literals + +from django.db import migrations +from django.db.utils import IntegrityError + +from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP +from django_rbac.models import CHANGE_OP + + +def update_self_administration_perm(apps, schema_editor): + Role = apps.get_model('a2_rbac', 'Role') + Permission = apps.get_model('a2_rbac', 'Permission') + Operation = apps.get_model('django_rbac', 'Operation') + ContentType = apps.get_model('contenttypes', 'ContentType') + op = Operation.objects.get(slug=CHANGE_OP.slug) # TODO text_type, get_or_create + new_op = Operation.objects.get(slug=MANAGE_MEMBERS_OP.slug) # TODO text_type, get_or_create + ct = ContentType.objects.get_for_model(Role) + for role in Role.objects.all(): + try: + perm = role.permissions.get(operation=op, target_ct=ct, target_id=role.pk) + except Permission.DoesNotExist: + continue + + # check if new permission already exists + new_perm = Permission.objects.filter(operation=new_op, target_ct=ct, target_id=role.pk).first() + if new_perm: + role.permissions.add(new_perm) + role.permissions.remove(perm) + continue + + perm.operation = new_op + perm.save() + + +class Migration(migrations.Migration): + + dependencies = [ + ('a2_rbac', '0022_auto_20200402_1101'), + ] + + operations = [ + migrations.RunPython(update_self_administration_perm) + ] diff --git a/src/authentic2/a2_rbac/models.py b/src/authentic2/a2_rbac/models.py index b78a2963..c3ba6d4a 100644 --- a/src/authentic2/a2_rbac/models.py +++ b/src/authentic2/a2_rbac/models.py @@ -25,7 +25,7 @@ from django.contrib.contenttypes.models import ContentType from django_rbac.models import (RoleAbstractBase, PermissionAbstractBase, OrganizationalUnitAbstractBase, RoleParentingAbstractBase, VIEW_OP, - CHANGE_OP, Operation) + Operation) from django_rbac import utils as rbac_utils from authentic2.decorators import errorcollector @@ -282,21 +282,25 @@ class Role(RoleAbstractBase): self.get_admin_role(create=False) return result - def has_self_administration(self, op=CHANGE_OP): + def has_self_administration(self, op=None): + if not op: + op = MANAGE_MEMBERS_OP Permission = rbac_utils.get_permission_model() - admin_op = rbac_utils.get_operation(op) + operation = rbac_utils.get_operation(op) self_perm, created = Permission.objects.get_or_create( - operation=admin_op, + operation=operation, target_ct=ContentType.objects.get_for_model(self), target_id=self.pk) return self.permissions.filter(pk=self_perm.pk).exists() - def add_self_administration(self, op=CHANGE_OP): + def add_self_administration(self, op=None): 'Add permission to role so that it is self-administered' + if not op: + op = MANAGE_MEMBERS_OP Permission = rbac_utils.get_permission_model() - admin_op = rbac_utils.get_operation(op) + operation = rbac_utils.get_operation(op) self_perm, created = Permission.objects.get_or_create( - operation=admin_op, + operation=operation, target_ct=ContentType.objects.get_for_model(self), target_id=self.pk) self.permissions.through.objects.get_or_create(role=self, permission=self_perm) -- 2.20.1