From 2c22358145b43218f0baea92d9e98d23058ced52 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Wed, 8 Dec 2021 14:49:21 +0100
Subject: [PATCH 1/2] import_site: allow creating roles in default ou (#51464)

---
 src/authentic2/data_transfer.py                   |  6 ++++++
 src/authentic2/management/commands/import_site.py |  2 ++
 tests/test_import_export_site_cmd.py              | 11 +++++++++++
 3 files changed, 19 insertions(+)

diff --git a/src/authentic2/data_transfer.py b/src/authentic2/data_transfer.py
index af1825c1..102bb6f6 100644
--- a/src/authentic2/data_transfer.py
+++ b/src/authentic2/data_transfer.py
@@ -25,6 +25,7 @@ from django.utils.text import format_lazy
 from django.utils.translation import ugettext_lazy as _
 
 from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role, RoleAttribute, RoleParenting
+from authentic2.a2_rbac.utils import get_default_ou
 from authentic2.decorators import errorcollector
 from authentic2.utils.lazy import lazy_join
 from django_rbac.models import Operation
@@ -159,6 +160,7 @@ class ImportContext:
         ou_delete_orphans=False,
         set_ou=None,
         allowed_ous=None,
+        set_absent_ou_to_default=None,
     ):
         self.import_roles = import_roles
         self.import_ous = import_ous
@@ -169,6 +171,7 @@ class ImportContext:
         self.role_attributes_update = role_attributes_update
         self.set_ou = set_ou
         self.allowed_ous = allowed_ous
+        self.set_absent_ou_to_default = set_absent_ou_to_default
 
 
 def wraps_validationerror(func):
@@ -222,6 +225,9 @@ class RoleDeserializer:
                 raise ValidationError(
                     _("Can't import role because missing permissions on Organizational Unit: %s") % ou_d
                 )
+        elif self._import_context.set_absent_ou_to_default:
+            ou = get_default_ou()
+            has_ou = True
         else:
             name = self._role_d.get('name') or self._role_d.get('slug') or self._role_d.get('uuid')
             raise ValidationError(_("Missing Organizational Unit for role: %s") % name)
diff --git a/src/authentic2/management/commands/import_site.py b/src/authentic2/management/commands/import_site.py
index 011f07ac..31d4f393 100644
--- a/src/authentic2/management/commands/import_site.py
+++ b/src/authentic2/management/commands/import_site.py
@@ -60,6 +60,8 @@ class Command(BaseCommand):
                 'no-role-permissions-update',
                 'no-role-attributes-update',
                 'no-role-parentings-update',
+                'no-role-parentings-update',
+                'set-absent-ou-to-default',
             ],
         )
 
diff --git a/tests/test_import_export_site_cmd.py b/tests/test_import_export_site_cmd.py
index ff9bc1b0..e2cf50cf 100644
--- a/tests/test_import_export_site_cmd.py
+++ b/tests/test_import_export_site_cmd.py
@@ -24,6 +24,7 @@ from django.core import management
 from django.core.exceptions import ValidationError
 
 from authentic2.a2_rbac.models import Role
+from authentic2.a2_rbac.utils import get_default_ou
 
 
 @pytest.fixture
@@ -214,3 +215,13 @@ def test_import_site_empty_uuids(db, monkeypatch, json_fixture):
                 }
             ),
         )
+
+
+def test_import_site_cmd_set_absent_ou_to_default(db, json_fixture):
+    minimal_json_export = {'roles': [{'name': 'first'}, {'name': 'second'}]}
+
+    management.call_command(
+        'import_site', '-o', 'set-absent-ou-to-default', json_fixture(minimal_json_export)
+    )
+    assert Role.objects.get(name='first', ou=get_default_ou())
+    assert Role.objects.get(name='second', ou=get_default_ou())
-- 
2.30.2