From 4fde5d84093d7e96b06b6dd5f1f91cd49c469473 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Thu, 3 Nov 2022 15:46:13 +0100
Subject: [PATCH] add command to create authenticator admin role

---
 .../create_authenticators_admin_role.py       | 35 +++++++++++++++++++
 tests/test_commands.py                        | 21 +++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 src/authentic2/management/commands/create_authenticators_admin_role.py

diff --git a/src/authentic2/management/commands/create_authenticators_admin_role.py b/src/authentic2/management/commands/create_authenticators_admin_role.py
new file mode 100644
index 000000000..b99d79369
--- /dev/null
+++ b/src/authentic2/management/commands/create_authenticators_admin_role.py
@@ -0,0 +1,35 @@
+import logging
+
+from django.conf import settings
+from django.contrib.contenttypes.models import ContentType
+from django.core.management.base import BaseCommand
+from django.utils import translation
+from django.utils.translation import gettext_lazy as _
+
+from authentic2.a2_rbac.models import Role
+from authentic2.apps.authenticators.models import BaseAuthenticator
+
+logger = logging.getLogger(__name__)
+
+
+class Command(BaseCommand):
+    help = 'Create authenticators admin role'
+
+    def handle(self, *args, **options):
+        translation.activate(settings.LANGUAGE_CODE)
+
+        try:
+            admin_role = Role.objects.get(slug='_a2-manager')
+        except Role.DoesNotExist:
+            logger.warning('No admin role.')
+
+        content_type = ContentType.objects.get_for_model(BaseAuthenticator)
+        role = Role.objects.get_admin_role(
+            instance=content_type,
+            slug='_a2-manager-of-authenticators',
+            name=_('Manager of authenticators'),
+            update_name=True,
+            update_slug=True,
+            create=True,
+        )
+        role.add_child(admin_role)
diff --git a/tests/test_commands.py b/tests/test_commands.py
index 6868ac578..ec077c64a 100644
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@@ -476,3 +476,24 @@ def test_clean_user_exports(settings, app, superuser, freezer):
     call_command('clean-user-exports')
     with pytest.raises(webtest.app.AppError):
         resp.click('Download CSV')
+
+
+def test_create_authenticators_admin_role(db):
+    from django.core.management.sql import emit_post_migrate_signal
+
+    role = Role.objects.get(slug='_a2-manager-of-authenticators')
+
+    # remove role created at test database setup
+    Role.objects.get(slug='_a2-manager-of-authenticators').delete()
+
+    # create role through command
+    call_command('create_authenticators_admin_role')
+    role = Role.objects.get(slug='_a2-manager-of-authenticators')
+    assert role.permissions.count() == 1
+
+    # check post_migrate update role
+    emit_post_migrate_signal(verbosity=0, interactive=False, db='default', created_models=[])
+    role_after_migrate = Role.objects.get(slug='_a2-manager-of-authenticators')
+    assert role.pk == role_after_migrate.pk
+    assert role.uuid == role_after_migrate.uuid
+    assert role.permissions.count() == 2
-- 
2.35.1