From 99ad1586672693bbf9aa66f9a8d0959071459b58 Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Thu, 3 Nov 2022 11:29:54 +0100 Subject: [PATCH 4/4] django_rbac: remove utils (#70894) --- src/authentic2/a2_rbac/apps.py | 11 +-- src/authentic2/a2_rbac/managers.py | 28 ++---- .../migrations/0021_auto_20200317_1514.py | 6 +- src/authentic2/a2_rbac/models.py | 35 +++---- src/authentic2/a2_rbac/signal_handlers.py | 8 +- src/authentic2/a2_rbac/utils.py | 21 +++-- src/authentic2/custom_user/backends.py | 6 +- .../management/commands/check-and-repair.py | 2 +- ...ionalunit_permission_role_roleparenting.py | 6 +- src/django_rbac/utils.py | 92 ------------------- tests/test_commands.py | 3 +- tests/test_manager.py | 3 +- tests/test_rbac.py | 33 ++----- tests/test_user_manager.py | 3 +- 14 files changed, 68 insertions(+), 189 deletions(-) delete mode 100644 src/django_rbac/utils.py diff --git a/src/authentic2/a2_rbac/apps.py b/src/authentic2/a2_rbac/apps.py index a5fcc1c4b..00b795907 100644 --- a/src/authentic2/a2_rbac/apps.py +++ b/src/authentic2/a2_rbac/apps.py @@ -25,23 +25,20 @@ class Authentic2RBACConfig(AppConfig): from django.db.models.signals import post_delete, post_migrate, post_save from authentic2.models import Service - from django_rbac import utils from . import models, signal_handlers, signals # update role parenting when new role parenting is created - post_save.connect(signal_handlers.role_parenting_post_save, sender=utils.get_role_parenting_model()) + post_save.connect(signal_handlers.role_parenting_post_save, sender=models.RoleParenting) # update role parenting when role parenting is deleted - post_delete.connect( - signal_handlers.role_parenting_post_delete, sender=utils.get_role_parenting_model() - ) + post_delete.connect(signal_handlers.role_parenting_post_delete, sender=models.RoleParenting) # or soft-created signals.post_soft_create.connect( - signal_handlers.role_parenting_post_soft_delete, sender=utils.get_role_parenting_model() + signal_handlers.role_parenting_post_soft_delete, sender=models.RoleParenting ) # or soft-deleted signals.post_soft_delete.connect( - signal_handlers.role_parenting_post_soft_delete, sender=utils.get_role_parenting_model() + signal_handlers.role_parenting_post_soft_delete, sender=models.RoleParenting ) # create CRUD operations and admin post_migrate.connect(signal_handlers.create_base_operations, sender=self) diff --git a/src/authentic2/a2_rbac/managers.py b/src/authentic2/a2_rbac/managers.py index 07574e9f4..4107c15f1 100644 --- a/src/authentic2/a2_rbac/managers.py +++ b/src/authentic2/a2_rbac/managers.py @@ -25,11 +25,9 @@ from django.db.models import query from django.db.models.query import Prefetch, Q from django.db.transaction import atomic -from django_rbac import utils -from django_rbac.utils import get_operation - from . import models as a2_models from . import signals +from .utils import get_operation class AbstractBaseManager(models.Manager): @@ -55,8 +53,7 @@ class OperationManager(models.Manager): target_query = query.Q(target_ct=ContentType.objects.get_for_model(ContentType), target_id=ct.pk) if isinstance(object_or_model, models.Model): target_query |= query.Q(target_ct=ct, target_id=object.pk) - Permission = utils.get_permission_model() - qs = Permission.objects.for_user(user) + qs = a2_models.Permission.objects.for_user(user) qs = qs.filter(operation__slug=operation_slug) qs = qs.filter(ou_query & target_query) return qs.exists() @@ -66,10 +63,9 @@ class PermissionManagerBase(models.Manager): def get_by_natural_key(self, operation_slug, ou_nk, target_ct, target_nk): qs = self.filter(operation__slug=operation_slug) if ou_nk: - OrganizationalUnit = utils.get_ou_model() try: - ou = OrganizationalUnit.objects.get_by_natural_key(*ou_nk) - except OrganizationalUnit.DoesNotExist: + ou = a2_models.OrganizationalUnit.objects.get_by_natural_key(*ou_nk) + except a2_models.OrganizationalUnit.DoesNotExist: raise self.model.DoesNotExist qs = qs.filter(ou=ou) else: @@ -102,8 +98,7 @@ class PermissionQueryset(query.QuerySet): """Retrieve all permissions hold by an user through its role and inherited roles. """ - Role = utils.get_role_model() - roles = Role.objects.for_user(user=user) + roles = a2_models.Role.objects.for_user(user=user) return self.filter(roles__in=roles) def cleanup(self): @@ -207,14 +202,13 @@ class RoleParentingManager(models.Manager): tls = Local() def get_by_natural_key(self, parent_nk, child_nk, direct): - Role = utils.get_role_model() try: - parent = Role.objects.get_by_natural_key(*parent_nk) - except Role.DoesNotExist: + parent = a2_models.Role.objects.get_by_natural_key(*parent_nk) + except a2_models.Role.DoesNotExist: raise self.model.DoesNotExist try: - child = Role.objects.get_by_natural_key(*child_nk) - except Role.DoesNotExist: + child = a2_models.Role.objects.get_by_natural_key(*child_nk) + except a2_models.Role.DoesNotExist: raise self.model.DoesNotExist return self.get(parent=parent, child=child, direct=direct) @@ -298,13 +292,11 @@ ON CONFLICT (parent_id, child_id, direct) DO UPDATE SET created = EXCLUDED.creat @contextlib.contextmanager def defer_update_transitive_closure(): - from . import utils - RoleParentingManager.tls.DO_UPDATE_CLOSURE = False try: yield if RoleParentingManager.tls.CLOSURE_UPDATED: - utils.get_role_parenting_model().objects.update_transitive_closure() + a2_models.RoleParenting.objects.update_transitive_closure() finally: RoleParentingManager.tls.DO_UPDATE_CLOSURE = True RoleParentingManager.tls.CLOSURE_UPDATED = False diff --git a/src/authentic2/a2_rbac/migrations/0021_auto_20200317_1514.py b/src/authentic2/a2_rbac/migrations/0021_auto_20200317_1514.py index 656602358..02b05e850 100644 --- a/src/authentic2/a2_rbac/migrations/0021_auto_20200317_1514.py +++ b/src/authentic2/a2_rbac/migrations/0021_auto_20200317_1514.py @@ -2,7 +2,7 @@ from django.db import migrations, models -import django_rbac.utils +import authentic2.a2_rbac.utils class Migration(migrations.Migration): @@ -16,14 +16,14 @@ class Migration(migrations.Migration): model_name='organizationalunit', name='uuid', field=models.CharField( - default=django_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid' + default=authentic2.a2_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid' ), ), migrations.AlterField( model_name='role', name='uuid', field=models.CharField( - default=django_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid' + default=authentic2.a2_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid' ), ), ] diff --git a/src/authentic2/a2_rbac/models.py b/src/authentic2/a2_rbac/models.py index fee21195e..394394fd5 100644 --- a/src/authentic2/a2_rbac/models.py +++ b/src/authentic2/a2_rbac/models.py @@ -37,9 +37,8 @@ from model_utils.managers import QueryManager from authentic2.decorators import errorcollector from authentic2.utils.cache import GlobalCache from authentic2.validators import HexaColourValidator -from django_rbac import utils as rbac_utils -from . import app_settings, fields, managers +from . import app_settings, fields, managers, utils class AbstractBase(models.Model): @@ -47,9 +46,7 @@ class AbstractBase(models.Model): slug """ - uuid = models.CharField( - max_length=32, verbose_name=_('uuid'), unique=True, default=rbac_utils.get_hex_uuid - ) + uuid = models.CharField(max_length=32, verbose_name=_('uuid'), unique=True, default=utils.get_hex_uuid) name = models.CharField(max_length=256, verbose_name=_('name')) slug = models.SlugField(max_length=256, verbose_name=_('slug')) description = models.TextField(verbose_name=_('description'), blank=True) @@ -65,11 +62,11 @@ class AbstractBase(models.Model): def save(self, *args, **kwargs): # truncate slug and add a hash if it's too long if not self.slug: - self.slug = rbac_utils.generate_slug(self.name) + self.slug = utils.generate_slug(self.name) if len(self.slug) > 256: self.slug = self.slug[:252] + hashlib.md5(self.slug).hexdigest()[:4] if not self.uuid: - self.uuid = rbac_utils.get_hex_uuid() + self.uuid = utils.get_hex_uuid() return super().save(*args, **kwargs) def natural_key(self): @@ -269,7 +266,7 @@ class Permission(models.Model): to='a2_rbac.Operation', verbose_name=_('operation'), on_delete=models.CASCADE ) ou = models.ForeignKey( - to=rbac_utils.get_ou_model_name(), + to=OrganizationalUnit, verbose_name=_('organizational unit'), related_name='scoped_permission', null=True, @@ -370,7 +367,7 @@ Permission._meta.natural_key = [ class Role(AbstractBase): ou = models.ForeignKey( - to=rbac_utils.get_ou_model_name(), + to=OrganizationalUnit, verbose_name=_('organizational unit'), swappable=True, blank=True, @@ -380,9 +377,7 @@ class Role(AbstractBase): members = models.ManyToManyField( to=settings.AUTH_USER_MODEL, swappable=True, blank=True, related_name='roles' ) - permissions = models.ManyToManyField( - to=rbac_utils.get_permission_model_name(), related_name='roles', blank=True - ) + permissions = models.ManyToManyField(to=Permission, related_name='roles', blank=True) name = models.TextField(verbose_name=_('name')) admin_scope_ct = models.ForeignKey( to='contenttypes.ContentType', @@ -414,19 +409,15 @@ class Role(AbstractBase): objects = managers.RoleQuerySet.as_manager() def add_child(self, child): - RoleParenting = rbac_utils.get_role_parenting_model() RoleParenting.objects.soft_create(self, child) def remove_child(self, child): - RoleParenting = rbac_utils.get_role_parenting_model() RoleParenting.objects.soft_delete(self, child) def add_parent(self, parent): - RoleParenting = rbac_utils.get_role_parenting_model() RoleParenting.objects.soft_create(parent, self) def remove_parent(self, parent): - RoleParenting = rbac_utils.get_role_parenting_model() RoleParenting.objects.soft_delete(parent, self) def parents(self, include_self=True, annotate=False, direct=None): @@ -518,7 +509,7 @@ class Role(AbstractBase): def has_self_administration(self, op=None): if not op: op = MANAGE_MEMBERS_OP - operation = rbac_utils.get_operation(op) + operation = utils.get_operation(op) self_perm, dummy = Permission.objects.get_or_create( operation=operation, target_ct=ContentType.objects.get_for_model(self), @@ -531,7 +522,7 @@ class Role(AbstractBase): 'Add permission to role so that it is self-administered' if not op: op = MANAGE_MEMBERS_OP - operation = rbac_utils.get_operation(op) + operation = utils.get_operation(op) self_perm, dummy = Permission.objects.get_or_create( operation=operation, target_ct=ContentType.objects.get_for_model(self), target_id=self.pk ) @@ -553,7 +544,7 @@ class Role(AbstractBase): if isinstance(operation_tpl, str): operation = Operation.objects.get(slug=operation_tpl) else: - operation = rbac_utils.get_operation(operation_tpl) + operation = utils.get_operation(operation_tpl) permission, _ = Permission.objects.get_or_create( operation=operation, target_ct=target_ct, target_id=target_id, ou=ou ) @@ -571,7 +562,7 @@ class Role(AbstractBase): if isinstance(operation_tpl, str): operation = Operation.objects.get(slug=operation_tpl) else: - operation = rbac_utils.get_operation(operation_tpl) + operation = utils.get_operation(operation_tpl) qs = Permission.objects.filter(target_ct=target_ct, target_id=target_id, operation=operation) if ou: qs = qs.filter(ou=ou) @@ -704,13 +695,13 @@ Role._meta.natural_key = [ class RoleParenting(models.Model): parent = models.ForeignKey( - to=rbac_utils.get_role_model_name(), + to=Role, swappable=True, related_name='child_relation', on_delete=models.CASCADE, ) child = models.ForeignKey( - to=rbac_utils.get_role_model_name(), + to=Role, swappable=True, related_name='parent_relation', on_delete=models.CASCADE, diff --git a/src/authentic2/a2_rbac/signal_handlers.py b/src/authentic2/a2_rbac/signal_handlers.py index 3d2a71a96..f2d21a384 100644 --- a/src/authentic2/a2_rbac/signal_handlers.py +++ b/src/authentic2/a2_rbac/signal_handlers.py @@ -20,11 +20,11 @@ from django.db import DEFAULT_DB_ALIAS, router, transaction from django.utils.translation import gettext as _ from django.utils.translation import override -from authentic2.a2_rbac.models import OrganizationalUnit, Role +from authentic2.a2_rbac.models import OrganizationalUnit, Role, RoleParenting from authentic2.utils.misc import get_fk_model -from django_rbac.utils import get_operation, get_role_parenting_model from .managers import defer_update_transitive_closure +from .utils import get_operation def create_default_ou(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs): @@ -144,6 +144,6 @@ def create_base_operations(app_config, verbosity=2, interactive=True, using=DEFA def fix_role_parenting_closure(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs): '''Close the role parenting relation after migrations''' - if not router.allow_migrate(using, get_role_parenting_model()): + if not router.allow_migrate(using, RoleParenting): return - get_role_parenting_model().objects.update_transitive_closure() + RoleParenting.objects.update_transitive_closure() diff --git a/src/authentic2/a2_rbac/utils.py b/src/authentic2/a2_rbac/utils.py index 5c62cbe0d..6aa0f0b58 100644 --- a/src/authentic2/a2_rbac/utils.py +++ b/src/authentic2/a2_rbac/utils.py @@ -14,15 +14,24 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +import uuid + from django.contrib.auth import get_user_model from django.contrib.contenttypes.models import ContentType from django.utils.text import slugify -from django_rbac import utils as rbac_utils - from . import models +def get_hex_uuid(): + return uuid.uuid4().hex + + +def get_operation(operation_tpl): + operation, dummy = models.Operation.objects.get_or_create(slug=operation_tpl.slug) + return operation + + def get_default_ou(): try: return models.OrganizationalUnit.objects.get(default=True) @@ -37,7 +46,7 @@ def get_default_ou_pk(): def get_view_user_perm(ou=None): User = get_user_model() view_user_perm, dummy = models.Permission.objects.get_or_create( - operation=rbac_utils.get_operation(models.VIEW_OP), + operation=get_operation(models.VIEW_OP), target_ct=ContentType.objects.get_for_model(ContentType), target_id=ContentType.objects.get_for_model(User).pk, ou__isnull=ou is None, @@ -49,14 +58,14 @@ def get_view_user_perm(ou=None): def get_search_ou_perm(ou=None): if ou: view_ou_perm, dummy = models.Permission.objects.get_or_create( - operation=rbac_utils.get_operation(models.SEARCH_OP), + operation=get_operation(models.SEARCH_OP), target_ct=ContentType.objects.get_for_model(ou), target_id=ou.pk, ou__isnull=True, ) else: view_ou_perm, dummy = models.Permission.objects.get_or_create( - operation=rbac_utils.get_operation(models.SEARCH_OP), + operation=get_operation(models.SEARCH_OP), target_ct=ContentType.objects.get_for_model(ContentType), target_id=ContentType.objects.get_for_model(models.OrganizationalUnit).pk, ou__isnull=True, @@ -67,7 +76,7 @@ def get_search_ou_perm(ou=None): def get_manage_authorizations_user_perm(ou=None): User = get_user_model() manage_authorizations_user_perm, dummy = models.Permission.objects.get_or_create( - operation=rbac_utils.get_operation(models.MANAGE_AUTHORIZATIONS_OP), + operation=get_operation(models.MANAGE_AUTHORIZATIONS_OP), target_ct=ContentType.objects.get_for_model(ContentType), target_id=ContentType.objects.get_for_model(User).pk, ou__isnull=ou is None, diff --git a/src/authentic2/custom_user/backends.py b/src/authentic2/custom_user/backends.py index 6941deca0..d37a6c8e6 100644 --- a/src/authentic2/custom_user/backends.py +++ b/src/authentic2/custom_user/backends.py @@ -8,7 +8,8 @@ from django.core.exceptions import FieldDoesNotExist from django.db import models from django.db.models.query import Q -from django_rbac import utils +from authentic2.a2_rbac.models import OrganizationalUnit as OU +from authentic2.a2_rbac.models import Permission def get_fk_model(model, fieldname): @@ -83,7 +84,6 @@ class DjangoRBACBackend: """ if not hasattr(user_obj, '_rbac_perms_cache'): perms_cache = {} - Permission = utils.get_permission_model() qs = Permission.objects.for_user(user_obj) ct_ct = ContentType.objects.get_for_model(ContentType) qs = qs.select_related('operation') @@ -236,7 +236,6 @@ class DjangoRBACBackend: perm_or_perms = set(perm_or_perms) cache = self.get_permission_cache(user_obj) model = qs.model - OU = utils.get_ou_model() has_ou_field = get_fk_model(model, 'ou') == OU if perm_or_perms & cache.get('__all__', set()): return True @@ -282,7 +281,6 @@ class DjangoRBACBackend: return perm in self.get_permission_cache(user_obj).get('ou.%s' % ou.pk, ()) def ous_with_perm(self, user_obj, perm, queryset=None): - OU = utils.get_ou_model() qs = queryset or OU.objects.all() if user_obj.is_anonymous: diff --git a/src/authentic2/management/commands/check-and-repair.py b/src/authentic2/management/commands/check-and-repair.py index a44dcfbad..c71b460b9 100644 --- a/src/authentic2/management/commands/check-and-repair.py +++ b/src/authentic2/management/commands/check-and-repair.py @@ -32,8 +32,8 @@ from authentic2 import app_settings from authentic2.a2_rbac.models import ADMIN_OP from authentic2.a2_rbac.models import OrganizationalUnit as OU from authentic2.a2_rbac.models import Permission, Role +from authentic2.a2_rbac.utils import get_operation from authentic2.custom_user.models import User -from django_rbac.utils import get_operation try: from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP # pylint: disable=C0412 diff --git a/src/django_rbac/migrations/0002_organizationalunit_permission_role_roleparenting.py b/src/django_rbac/migrations/0002_organizationalunit_permission_role_roleparenting.py index 1761f6c2c..b11f362ea 100644 --- a/src/django_rbac/migrations/0002_organizationalunit_permission_role_roleparenting.py +++ b/src/django_rbac/migrations/0002_organizationalunit_permission_role_roleparenting.py @@ -1,7 +1,7 @@ from django.conf import settings from django.db import migrations, models -import django_rbac +import authentic2.a2_rbac class Migration(migrations.Migration): @@ -27,7 +27,7 @@ class Migration(migrations.Migration): ( 'uuid', models.CharField( - default=django_rbac.utils.get_hex_uuid, + default=authentic2.a2_rbac.utils.get_hex_uuid, unique=True, max_length=32, verbose_name='uuid', @@ -92,7 +92,7 @@ class Migration(migrations.Migration): ( 'uuid', models.CharField( - default=django_rbac.utils.get_hex_uuid, + default=authentic2.a2_rbac.utils.get_hex_uuid, unique=True, max_length=32, verbose_name='uuid', diff --git a/src/django_rbac/utils.py b/src/django_rbac/utils.py deleted file mode 100644 index 478690360..000000000 --- a/src/django_rbac/utils.py +++ /dev/null @@ -1,92 +0,0 @@ -import uuid - -from django.apps import apps -from django.conf import settings -from django.utils.text import slugify - -from . import constants - -DEFAULT_MODELS = { - constants.RBAC_OU_MODEL_SETTING: 'django_rbac.OrganizationalUnit', - constants.RBAC_ROLE_PARENTING_MODEL_SETTING: 'django_rbac.RoleParenting', - constants.RBAC_ROLE_MODEL_SETTING: 'django_rbac.Role', - constants.RBAC_PERMISSION_MODEL_SETTING: 'django_rbac.Permission', -} - - -def get_hex_uuid(): - return uuid.uuid4().hex - - -def get_swapped_model_name(setting): - """Return a model qualified name given a setting name containing the - qualified name of the model, useful to retrieve swappable models - name. - """ - if not hasattr(settings, setting): - setattr(settings, setting, DEFAULT_MODELS[setting]) - return getattr(settings, setting) - - -def get_swapped_model(setting): - """Return a model given a setting name containing the qualified name - of the model, useful to retrieve swappable models. - """ - app, model_name = get_swapped_model_name(setting).rsplit('.', 1) - return apps.get_model(app, model_name) - - -def get_role_model_name(): - '''Returns the currently configured role model''' - return get_swapped_model_name(constants.RBAC_ROLE_MODEL_SETTING) - - -def get_ou_model_name(): - '''Returns the currently configured organizational unit model''' - return get_swapped_model_name(constants.RBAC_OU_MODEL_SETTING) - - -def get_role_parenting_model_name(): - '''Returns the currently configured role parenting model''' - return get_swapped_model_name(constants.RBAC_ROLE_PARENTING_MODEL_SETTING) - - -def get_permission_model_name(): - '''Returns the currently configured permission model''' - return get_swapped_model_name(constants.RBAC_PERMISSION_MODEL_SETTING) - - -def get_role_model(): - '''Returns the currently configured role model''' - return get_swapped_model(constants.RBAC_ROLE_MODEL_SETTING) - - -def get_ou_model(): - '''Returns the currently configured organizational unit model''' - return get_swapped_model(constants.RBAC_OU_MODEL_SETTING) - - -def get_role_parenting_model(): - '''Returns the currently configured role parenting model''' - return get_swapped_model(constants.RBAC_ROLE_PARENTING_MODEL_SETTING) - - -def get_permission_model(): - '''Returns the currently configured permission model''' - return get_swapped_model(constants.RBAC_PERMISSION_MODEL_SETTING) - - -def get_operation(operation_tpl): - from authentic2.a2_rbac import models - - operation, dummy = models.Operation.objects.get_or_create(slug=operation_tpl.slug) - return operation - - -def generate_slug(name, seen_slugs=None): - slug = base_slug = slugify(name).lstrip('_') - if seen_slugs: - i = 1 - while slug in seen_slugs: - slug = '%s-%s' % (base_slug, i) - return slug diff --git a/tests/test_commands.py b/tests/test_commands.py index 6868ac578..0c0e451bc 100644 --- a/tests/test_commands.py +++ b/tests/test_commands.py @@ -36,12 +36,11 @@ from authentic2.a2_rbac.models import ( Permission, Role, ) -from authentic2.a2_rbac.utils import get_default_ou +from authentic2.a2_rbac.utils import get_default_ou, get_operation from authentic2.apps.journal.models import Event from authentic2.custom_user.models import DeletedUser from authentic2.models import UserExternalId from authentic2_auth_oidc.models import OIDCAccount, OIDCProvider -from django_rbac.utils import get_operation from .utils import call_command, login diff --git a/tests/test_manager.py b/tests/test_manager.py index 3cba65b68..525d9e144 100644 --- a/tests/test_manager.py +++ b/tests/test_manager.py @@ -31,11 +31,10 @@ from webtest import Upload from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP, VIEW_OP from authentic2.a2_rbac.models import OrganizationalUnit as OU from authentic2.a2_rbac.models import Permission, Role -from authentic2.a2_rbac.utils import get_default_ou +from authentic2.a2_rbac.utils import get_default_ou, get_operation from authentic2.apps.journal.models import Event from authentic2.models import Service from authentic2.validators import EmailValidator -from django_rbac.utils import get_operation from .utils import assert_event, get_link_from_mail, login, request_select2, text_content diff --git a/tests/test_rbac.py b/tests/test_rbac.py index 423d1d98f..702e09d7f 100644 --- a/tests/test_rbac.py +++ b/tests/test_rbac.py @@ -21,14 +21,9 @@ from django.db import connection from django.db.models import Q from django.test.utils import CaptureQueriesContext -from authentic2.a2_rbac import models +from authentic2.a2_rbac.models import Operation, OrganizationalUnit, Permission, Role, RoleParenting from authentic2.custom_user import backends -from django_rbac import utils -OU = OrganizationalUnit = utils.get_ou_model() -Permission = utils.get_permission_model() -RoleParenting = utils.get_role_parenting_model() -Role = utils.get_role_model() User = get_user_model() @@ -95,10 +90,6 @@ def test_role_parenting(db): def test_role_parenting_soft_delete_children(db): - OrganizationalUnit = utils.get_ou_model() - Role = utils.get_role_model() - RoleParenting = utils.get_role_parenting_model() - ou = OrganizationalUnit.objects.create(name='ou') roles = [] for i in range(10): @@ -121,10 +112,6 @@ def test_role_parenting_soft_delete_children(db): def test_role_parenting_soft_delete_parents(db): - OrganizationalUnit = utils.get_ou_model() - Role = utils.get_role_model() - RoleParenting = utils.get_role_parenting_model() - ou = OrganizationalUnit.objects.create(name='ou') roles = [] for i in range(10): @@ -167,7 +154,7 @@ def test_massive_role_parenting(db): relations.append(RoleParenting(parent=roles[i], child=roles[(i - 1) // SPAN])) RoleParenting.objects.bulk_create(relations) RoleParenting.objects.update_transitive_closure() - operation, _ = models.Operation.objects.get_or_create(slug='admin') + operation, _ = Operation.objects.get_or_create(slug='admin') perm, _ = Permission.objects.get_or_create( operation=operation, target_ct=ContentType.objects.get_for_model(ContentType), @@ -176,22 +163,22 @@ def test_massive_role_parenting(db): roles[0].members.add(user) Role.objects.get(pk=roles[-1].pk).permissions.add(perm) for i in range(SIZE): - assert models.Operation.objects.has_perm(user, 'admin', User) + assert Operation.objects.has_perm(user, 'admin', User) for i in range(SIZE): assert list(Role.objects.for_user(user).order_by('pk')) == list(Role.objects.order_by('pk')) def test_rbac_backend(db): - ou1 = OU.objects.create(name='ou1', slug='ou1') - ou2 = OU.objects.create(name='ou2', slug='ou2') + ou1 = OrganizationalUnit.objects.create(name='ou1', slug='ou1') + ou2 = OrganizationalUnit.objects.create(name='ou2', slug='ou2') user1 = User.objects.create(username='john.doe') ct_ct = ContentType.objects.get_for_model(ContentType) role_ct = ContentType.objects.get_for_model(Role) - change_op = models.Operation.objects.get(slug='change') - view_op = models.Operation.objects.get(slug='view') - delete_op = models.Operation.objects.get(slug='delete') - add_op = models.Operation.objects.get(slug='add') - admin_op = models.Operation.objects.get(slug='admin') + change_op = Operation.objects.get(slug='change') + view_op = Operation.objects.get(slug='view') + delete_op = Operation.objects.get(slug='delete') + add_op = Operation.objects.get(slug='add') + admin_op = Operation.objects.get(slug='admin') perm1 = Permission.objects.create(operation=change_op, target_ct=ct_ct, target_id=role_ct.pk) perm2 = Permission.objects.create(operation=view_op, target_ct=ct_ct, target_id=role_ct.pk) Role.objects.all().delete() diff --git a/tests/test_user_manager.py b/tests/test_user_manager.py index 7363dff66..06b965c30 100644 --- a/tests/test_user_manager.py +++ b/tests/test_user_manager.py @@ -30,13 +30,12 @@ from webtest import Upload from authentic2.a2_rbac.models import VIEW_OP from authentic2.a2_rbac.models import OrganizationalUnit as OU from authentic2.a2_rbac.models import Permission, Role -from authentic2.a2_rbac.utils import get_default_ou, get_view_user_perm +from authentic2.a2_rbac.utils import get_default_ou, get_operation, get_view_user_perm from authentic2.apps.journal.models import Event from authentic2.custom_user.models import User from authentic2.manager import user_import from authentic2.models import Attribute, AttributeValue from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient -from django_rbac.utils import get_operation from .utils import get_link_from_mail, login, logout -- 2.35.1