From ee16a504801fd31204f3017123a603c81b4ff8b7 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Tue, 26 Jan 2016 18:44:26 +0100
Subject: [PATCH 13/14] refactor role's user and role managers views (fixes
 #9731)

---
 src/authentic2/manager/role_views.py               | 123 ++++++++++++++++-----
 src/authentic2/manager/service_views.py            |  44 --------
 .../authentic2/manager/role_children.html          |  43 -------
 .../authentic2/manager/role_managers.html          |  34 ------
 .../authentic2/manager/role_managers_roles.html    |  36 ------
 .../authentic2/manager/role_managers_table.html    |   1 -
 .../templates/authentic2/manager/role_members.html |  49 +++++++-
 .../authentic2/manager/role_permissions.html       |   2 -
 .../authentic2/manager/role_remove_admin_role.html |  23 ++++
 .../authentic2/manager/role_remove_admin_user.html |  23 ++++
 .../authentic2/manager/service_role_children.html  |  34 ------
 .../authentic2/manager/service_role_managers.html  |  33 ------
 .../manager/service_role_managers_roles.html       |  32 ------
 .../authentic2/manager/service_role_members.html   |  36 ------
 .../authentic2/service_role_managers.html          |  38 -------
 .../templates/authentic2/service_role_members.html |  36 ------
 src/authentic2/manager/urls.py                     |  30 ++---
 17 files changed, 196 insertions(+), 421 deletions(-)
 delete mode 100644 src/authentic2/manager/templates/authentic2/manager/role_children.html
 delete mode 100644 src/authentic2/manager/templates/authentic2/manager/role_managers.html
 delete mode 100644 src/authentic2/manager/templates/authentic2/manager/role_managers_roles.html
 delete mode 100644 src/authentic2/manager/templates/authentic2/manager/role_managers_table.html
 create mode 100644 src/authentic2/manager/templates/authentic2/manager/role_remove_admin_role.html
 create mode 100644 src/authentic2/manager/templates/authentic2/manager/role_remove_admin_user.html
 delete mode 100644 src/authentic2/manager/templates/authentic2/manager/service_role_children.html
 delete mode 100644 src/authentic2/manager/templates/authentic2/manager/service_role_managers.html
 delete mode 100644 src/authentic2/manager/templates/authentic2/manager/service_role_managers_roles.html
 delete mode 100644 src/authentic2/manager/templates/authentic2/manager/service_role_members.html
 delete mode 100644 src/authentic2/manager/templates/authentic2/service_role_managers.html
 delete mode 100644 src/authentic2/manager/templates/authentic2/service_role_members.html

diff --git a/src/authentic2/manager/role_views.py b/src/authentic2/manager/role_views.py
index 2b16b1a..a172314 100644
--- a/src/authentic2/manager/role_views.py
+++ b/src/authentic2/manager/role_views.py
@@ -9,6 +9,7 @@ from django.db.models.query import Q
 from django.db.models import Count
 from django.core.urlresolvers import reverse
 from django.http import Http404
+from django.contrib.auth import get_user_model
 
 from django_rbac.utils import get_role_model, get_permission_model, \
     get_role_parenting_model, get_ou_model
@@ -135,6 +136,9 @@ class RoleMembersView(views.HideOUColumnMixin, RoleViewMixin, views.BaseSubTable
         ctx['parents'] = views.filter_view(self.request,
                                            self.object.parents(include_self=False,
                                            annotate=True))
+        ctx['admin_roles'] = views.filter_view(self.request,
+                                               self.object.get_admin_role().children(
+                                                   include_self=False, annotate=True))
         return ctx
 
 members = RoleMembersView.as_view()
@@ -226,33 +230,6 @@ class RoleMembersExportView(views.ExportMixin, RoleMembersView):
 members_export = RoleMembersExportView.as_view()
 
 
-class RoleManagerViewMixin(RoleViewMixin):
-    model = get_role_model()
-
-    def get_object(self):
-        self.role_object = super(RoleManagerViewMixin, self).get_object()
-        if self.role_object.has_self_administration():
-            raise Http404
-        return self.role_object.get_admin_role()
-
-    def get_context_data(self, **kwargs):
-        ctx = super(RoleManagerViewMixin, self).get_context_data(**kwargs)
-        ctx['role'] = self.role_object
-        return ctx
-
-
-class RoleManagersView(RoleManagerViewMixin, RoleMembersView):
-    template_name = 'authentic2/manager/role_managers.html'
-
-managers = RoleManagersView.as_view()
-
-
-class RoleManagersRolesView(RoleManagerViewMixin, RoleChildrenView):
-    template_name = 'authentic2/manager/role_managers_roles.html'
-
-managers_roles = RoleManagersRolesView.as_view()
-
-
 class RoleAddChildView(views.AjaxFormViewMixin, views.TitleMixin,
                        views.PermissionMixin, SingleObjectMixin, FormView):
     title = _('Add child role')
@@ -343,3 +320,95 @@ class RoleRemoveParentView(views.AjaxFormViewMixin, SingleObjectMixin,
         return redirect(self.request, self.success_url)
 
 remove_parent = RoleRemoveParentView.as_view()
+
+
+class RoleAddAdminRoleView(views.AjaxFormViewMixin, views.TitleMixin,
+                       views.PermissionMixin, SingleObjectMixin, FormView):
+    title = _('Add admin role')
+    model = get_role_model()
+    form_class = forms.RolesForm
+    success_url = '..'
+    template_name = 'authentic2/manager/form.html'
+    permissions = 'a2_rbac.change_role'
+
+    def dispatch(self, request, *args, **kwargs):
+        self.object = self.get_object()
+        return super(RoleAddAdminRoleView, self).dispatch(request, *args, **kwargs)
+
+    def form_valid(self, form):
+        for role in form.cleaned_data['roles']:
+            self.get_object().get_admin_role().add_child(role)
+        return super(RoleAddAdminRoleView, self).form_valid(form)
+
+add_admin_role = RoleAddAdminRoleView.as_view()
+
+
+class RoleRemoveAdminRoleView(views.TitleMixin, views.AjaxFormViewMixin, SingleObjectMixin,
+                          views.PermissionMixin, TemplateView):
+    title = _('Remove admin role')
+    model = get_role_model()
+    success_url = '../..'
+    template_name = 'authentic2/manager/role_remove_admin_role.html'
+    permissions = 'a2_rbac.change_role'
+
+    def dispatch(self, request, *args, **kwargs):
+        self.object = self.get_object()
+        self.child = self.get_queryset().get(pk=kwargs['role_pk'])
+        return super(RoleRemoveAdminRoleView, self).dispatch(request, *args, **kwargs)
+
+    def get_context_data(self, **kwargs):
+        ctx = super(RoleRemoveAdminRoleView, self).get_context_data(**kwargs)
+        ctx['child'] = self.child
+        return ctx
+
+    def post(self, request, *args, **kwargs):
+        self.object.get_admin_role().remove_child(self.child)
+        return redirect(self.request, self.success_url)
+
+remove_admin_role = RoleRemoveAdminRoleView.as_view()
+
+
+class RoleAddAdminUserView(views.AjaxFormViewMixin, views.TitleMixin,
+                       views.PermissionMixin, SingleObjectMixin, FormView):
+    title = _('Add admin user')
+    model = get_role_model()
+    form_class = forms.UsersForm
+    success_url = '..'
+    template_name = 'authentic2/manager/form.html'
+    permissions = 'a2_rbac.change_role'
+
+    def dispatch(self, request, *args, **kwargs):
+        self.object = self.get_object()
+        return super(RoleAddAdminUserView, self).dispatch(request, *args, **kwargs)
+
+    def form_valid(self, form):
+        for user in form.cleaned_data['users']:
+            self.get_object().get_admin_role().members.add(user)
+        return super(RoleAddAdminUserView, self).form_valid(form)
+
+add_admin_user = RoleAddAdminUserView.as_view()
+
+
+class RoleRemoveAdminUserView(views.TitleMixin, views.AjaxFormViewMixin, SingleObjectMixin,
+                          views.PermissionMixin, TemplateView):
+    title = _('Remove admin user')
+    model = get_role_model()
+    success_url = '../..'
+    template_name = 'authentic2/manager/role_remove_admin_user.html'
+    permissions = 'a2_rbac.change_role'
+
+    def dispatch(self, request, *args, **kwargs):
+        self.object = self.get_object()
+        self.user = get_user_model().objects.get(pk=kwargs['user_pk'])
+        return super(RoleRemoveAdminUserView, self).dispatch(request, *args, **kwargs)
+
+    def get_context_data(self, **kwargs):
+        ctx = super(RoleRemoveAdminUserView, self).get_context_data(**kwargs)
+        ctx['user'] = self.user
+        return ctx
+
+    def post(self, request, *args, **kwargs):
+        self.object.get_admin_role().members.remove(self.user)
+        return redirect(self.request, self.success_url)
+
+remove_admin_user = RoleRemoveAdminUserView.as_view()
diff --git a/src/authentic2/manager/service_views.py b/src/authentic2/manager/service_views.py
index ff6f46e..12c5d3b 100644
--- a/src/authentic2/manager/service_views.py
+++ b/src/authentic2/manager/service_views.py
@@ -45,47 +45,3 @@ class ServiceEditView(views.BaseEditView):
     success_url = '..'
 
 edit = ServiceEditView.as_view()
-
-
-class ServiceRoleMixin(object):
-    service_roles = True
-
-    def dispatch(self, request, *args, **kwargs):
-        self.service = get_object_or_404(Service, pk=kwargs['service_pk'])
-        return super(ServiceRoleMixin, self).dispatch(request, *args, **kwargs)
-
-    def get_queryset(self):
-        return super(ServiceRoleMixin, self).get_queryset() \
-            .filter(service_id=self.kwargs['service_pk'])
-
-
-class ServiceRoleMembersView(ServiceRoleMixin,
-                             role_views.RoleMembersView):
-    template_name = 'authentic2/manager/service_role_members.html'
-    permissions = ['authentic2.view_service']
-
-role_members = ServiceRoleMembersView.as_view()
-
-
-class ServiceRoleChildrenView(ServiceRoleMixin,
-                              role_views.RoleChildrenView):
-    template_name = 'authentic2/manager/service_role_children.html'
-    permissions = ['authentic2.view_service']
-
-role_children = ServiceRoleChildrenView.as_view()
-
-
-class ServiceRoleManagersView(ServiceRoleMixin,
-                              role_views.RoleManagersView):
-    template_name = 'authentic2/manager/service_role_managers.html'
-    permissions = ['authentic2.view_service']
-
-role_managers = ServiceRoleManagersView.as_view()
-
-
-class ServiceRoleManagerRolesView(ServiceRoleMixin,
-                                  role_views.RoleManagersRolesView):
-    template_name = 'authentic2/manager/service_role_managers_roles.html'
-    permissions = ['authentic2.view_service']
-
-role_managers_roles = ServiceRoleManagerRolesView.as_view()
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_children.html b/src/authentic2/manager/templates/authentic2/manager/role_children.html
deleted file mode 100644
index 9092e8d..0000000
--- a/src/authentic2/manager/templates/authentic2/manager/role_children.html
+++ /dev/null
@@ -1,43 +0,0 @@
-{% extends "authentic2/manager/role_common.html" %}
-{% load i18n staticfiles django_tables2 %}
-
-{% block breadcrumb %}
-  {{ block.super }}
-  <a href="..">{{ object }}</a>
-  <a href="#">{% trans "Children roles" %}</a>
-{% endblock %}
-
-{% block appbar %}
-  {{ block.super }}
-  {% if not object.is_internal and view.can_delete %}
-    <a rel="popup" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
-  {% endif %}
-  {% if view.can_change and not object.is_internal %}
-    <a rel="popup" href="{% url "a2-manager-role-edit" pk=object.pk %}">{% trans "Edit" %}</a>
-    {% if ROLES_SHOW_PERMISSIONS %}
-      <a href="{% url "a2-manager-role-permissions" pk=object.pk %}">{% trans "Permissions" %}</a>
-    {% endif %}
-    <a href="{% url "a2-manager-role-managers" pk=object.pk %}">{% trans "Managers" %}</a>
-  {% endif %}
-  <a href="{% url "a2-manager-role-members" pk=object.pk %}">{% trans "Members" %}</a>
-{% endblock %}
-
-
-{% block extra_scripts %}
-  {{ block.super }}
-  {{ choose_user_form.media }}
-{% endblock %}
-
-{% block main %}
- {% with row_link=1 url_name="a2-manager-role-members" %}
-   {% render_table table "authentic2/manager/role_children_table.html" %}
- {% endwith %}
-
- {% if view.can_change %}
-   <form method="post" class="manager-m2m-add-form">
-           {% csrf_token %}
-           {{ form }}
-           <button>{% trans "Add" %}</button>
-   </form>
- {% endif %}
-{% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_managers.html b/src/authentic2/manager/templates/authentic2/manager/role_managers.html
deleted file mode 100644
index 4032d66..0000000
--- a/src/authentic2/manager/templates/authentic2/manager/role_managers.html
+++ /dev/null
@@ -1,34 +0,0 @@
-{% extends "authentic2/manager/role_common.html" %}
-{% load i18n staticfiles django_tables2 %}
-
-{% block breadcrumb %}
-  {{ block.super }}
-  <a href="{% url "a2-manager-role-members" pk=role.pk %}">{{ role }}</a>
-  <a href="#">{% trans "Managers" %}</a>
-{% endblock %}
-
-{% block appbar %}
-  {{ block.super }}
-  <a href="{% url "a2-manager-role-manager-roles" pk=role.pk %}">{% trans "Manager roles" %}</a>
-{% endblock %}
-
-
-{% block extra_scripts %}
-  {{ block.super }}
-  {{ choose_user_form.media }}
-{% endblock %}
-
-{% block main %}
- {% with row_link=1 url_name="a2-manager-user-edit" %}
-   {% render_table table "authentic2/manager/role_managers_table.html" %}
- {% endwith %}
-
- {% if view.can_change %}
-   <form method="post" class="manager-m2m-add-form">
-           {% csrf_token %}
-           {{ form }}
-           <button>{% trans "Add" %}</button>
-   </form>
- {% endif %}
-</div>
-{% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_managers_roles.html b/src/authentic2/manager/templates/authentic2/manager/role_managers_roles.html
deleted file mode 100644
index 3c9bc0c..0000000
--- a/src/authentic2/manager/templates/authentic2/manager/role_managers_roles.html
+++ /dev/null
@@ -1,36 +0,0 @@
-{% extends "authentic2/manager/role_common.html" %}
-{% load i18n staticfiles django_tables2 %}
-
-{% block breadcrumb %}
-  {{ block.super }}
-  <a href="{% url "a2-manager-role-members" pk=role.pk %}">{{ role }}</a>
-  <a href="#">{% trans "Manager roles" %}</a>
-{% endblock %}
-
-{% block appbar %}
-  {{ block.super }}
-  {% if view.can_view %}
-    <a href="{% url "a2-manager-role-managers" pk=role.pk %}">{% trans "Managers" %}</a>
-  {% endif %}
-{% endblock %}
-
-
-{% block extra_scripts %}
-  {{ block.super }}
-  {{ choose_user_form.media }}
-{% endblock %}
-
-{% block main %}
- {% with row_link=1 url_name="a2-manager-role-members" %}
-   {% render_table table "authentic2/manager/role_children_table.html" %}
- {% endwith %}
-
- {% if view.can_change %}
-   <form method="post" class="manager-m2m-add-form">
-           {% csrf_token %}
-           {{ form }}
-           <button>{% trans "Add" %}</button>
-   </form>
- {% endif %}
-</div>
-{% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_managers_table.html b/src/authentic2/manager/templates/authentic2/manager/role_managers_table.html
deleted file mode 100644
index f66d377..0000000
--- a/src/authentic2/manager/templates/authentic2/manager/role_managers_table.html
+++ /dev/null
@@ -1 +0,0 @@
-{% extends "authentic2/manager/role_members_table.html" %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_members.html b/src/authentic2/manager/templates/authentic2/manager/role_members.html
index 4b6b04e..7a5ec1e 100644
--- a/src/authentic2/manager/templates/authentic2/manager/role_members.html
+++ b/src/authentic2/manager/templates/authentic2/manager/role_members.html
@@ -6,6 +6,12 @@
   <a href="#">{{ object }}</a>
 {% endblock %}
 
+{% block page_title %}{% trans "Role" %}&nbsp;-&nbsp;{{ title }}{% endblock %}
+
+{% block sidebar %}
+<p>{{ object.description }}</p>
+{% endblock %}
+
 {% block appbar %}
   {{ block.super }}
   {% if not object.is_internal and view.can_delete %}
@@ -31,9 +37,6 @@
       {% endif %}
     {% endif %}
   {% endif %}
-  {% if not object.has_self_administration %}
-    <a href="{% url "a2-manager-role-managers" pk=object.pk %}">{% trans "Managers" %}</a>
-  {% endif %}
 {% endblock %}
 
 
@@ -56,8 +59,41 @@
            <button>{% trans "Add" %}</button>
    </form>
  {% endif %}
- <h2>{% trans "Inheritance" %}</h2>
- <div class=role-inheritance">
+ <fieldset class="gadjo-foldable gadjo-folded" id="other-properties">
+ <legend class="gadjo-foldable-widget">{% trans "Advanced parameters" %}</legend>
+ <div class="role-inheritance gadjo-folding">
+   {% trans "Is administered by users" %}
+   {% for user in object.get_admin_role.all_members %}
+     <a href="{% url "a2-manager-user-edit" pk=user.pk %}">{{ user.get_full_name }}</a>
+     {% if user.direct %}
+       <a rel="popup" href="{% url "a2-manager-role-remove-admin-user" pk=object.pk user_pk=user.pk %}" class="role-remove icon-minus-sign"></a>
+     {% else %}
+       <a title="{% trans "Indirect child role" %}" class="disabled role-remove icon-minus-sign"></a>
+     {% endif %}
+   {% endfor %}
+  {% if view.can_change %}
+    <a rel="popup" href="{% url "a2-manager-role-add-admin-user" pk=object.pk %}" class="role-add icon-add-sign"></a>
+  {% else %}
+    <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
+  {% endif %}
+ </div>
+ <div class="role-inheritance gadjo-folding">
+   {% trans "Is administered by roles" %}
+   {% for role in admin_roles %}
+     <a href="{% url "a2-manager-role-members" pk=role.pk %}">{{ role }}</a>
+     {% if role.direct %}
+       <a rel="popup" href="{% url "a2-manager-role-remove-admin-role" pk=object.pk role_pk=role.pk %}" class="role-remove icon-minus-sign"></a>
+     {% else %}
+       <a title="{% trans "Indirect admin role" %}" class="disabled role-remove icon-minus-sign"></a>
+     {% endif %}
+   {% endfor %}
+  {% if view.can_change %}
+    <a rel="popup" href="{% url "a2-manager-role-add-admin-role" pk=object.pk %}" class="role-add icon-add-sign"></a>
+  {% else %}
+    <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
+  {% endif %}
+ </div>
+ <div class="role-inheritance gadjo-folding">
    {% trans "Child roles:" %}
    {% for child in children %}
      <a href="{% url "a2-manager-role-members" pk=child.pk %}">{{ child }}</a>
@@ -73,7 +109,7 @@
     <a title="{% trans "Permission denied" %}" class="disabled role-add icon-add-sign"></a>
   {% endif %}
  </div>
- <div class="role-inheritance">
+ <div class="role-inheritance gadjo-folding">
    {% trans "Parent roles:" %}
    {% for parent in parents %}
      <a class="role" href="{% url "a2-manager-role-members" pk=parent.pk %}">{{ parent }}</a>
@@ -89,5 +125,6 @@
      <a title="{% trans "This role is technical, you cannot modify its permissions." %}" class="disabled role-add icon-add-sign"></a>
    {% endif %}
  </div>
+ </fieldset>
 </div>
 {% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_permissions.html b/src/authentic2/manager/templates/authentic2/manager/role_permissions.html
index 0bb39c3..8f3aca7 100644
--- a/src/authentic2/manager/templates/authentic2/manager/role_permissions.html
+++ b/src/authentic2/manager/templates/authentic2/manager/role_permissions.html
@@ -14,9 +14,7 @@
   {% endif %}
   {% if view.can_change and not object.is_internal %}
     <a rel="popup" href="{% url "a2-manager-role-edit" pk=object.pk %}">{% trans "Edit" %}</a>
-    <a href="{% url "a2-manager-role-managers" pk=object.pk %}">{% trans "Managers" %}</a>
   {% endif %}
-  <a href="{% url "a2-manager-role-children" pk=object.pk %}">{% trans "Children roles" %}</a>
   <a href="{% url "a2-manager-role-members" pk=object.pk %}">{% trans "Members" %}</a>
 {% endblock %}
 
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_remove_admin_role.html b/src/authentic2/manager/templates/authentic2/manager/role_remove_admin_role.html
new file mode 100644
index 0000000..d8e6768
--- /dev/null
+++ b/src/authentic2/manager/templates/authentic2/manager/role_remove_admin_role.html
@@ -0,0 +1,23 @@
+{% extends "authentic2/manager/sidebar.html" %}
+{% load i18n %}
+
+{% block messages %}
+{% endblock %}
+
+{% block main %}
+  {% if title %}
+    <div id="appbar"><h2>{{ title }}</h2></div>
+  {% endif %}
+  <form method="post">
+    {% csrf_token %}
+    <div class="form-inner-container">
+      {% block caption %}
+      <p>{% blocktrans %}Do you want to remove admin role {{ child }} ?{% endblocktrans %}</p>
+      {% endblock %}
+      <div class="buttons">
+        <button>{% trans "Remove" %}</button>
+        <a class="cancel" href="..">{% trans "Cancel" %}</a>
+      </div>
+    </div>
+  </form>
+{% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_remove_admin_user.html b/src/authentic2/manager/templates/authentic2/manager/role_remove_admin_user.html
new file mode 100644
index 0000000..2cc69b8
--- /dev/null
+++ b/src/authentic2/manager/templates/authentic2/manager/role_remove_admin_user.html
@@ -0,0 +1,23 @@
+{% extends "authentic2/manager/sidebar.html" %}
+{% load i18n %}
+
+{% block messages %}
+{% endblock %}
+
+{% block main %}
+  {% if title %}
+    <div id="appbar"><h2>{{ title }}</h2></div>
+  {% endif %}
+  <form method="post">
+    {% csrf_token %}
+    <div class="form-inner-container">
+      {% block caption %}
+      <p>{% blocktrans with user=user.get_full_name %}Do you want to remove admin user {{ user }} ?{% endblocktrans %}</p>
+      {% endblock %}
+      <div class="buttons">
+        <button>{% trans "Remove" %}</button>
+        <a class="cancel" href="..">{% trans "Cancel" %}</a>
+      </div>
+    </div>
+  </form>
+{% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/service_role_children.html b/src/authentic2/manager/templates/authentic2/manager/service_role_children.html
deleted file mode 100644
index 3ba136c..0000000
--- a/src/authentic2/manager/templates/authentic2/manager/service_role_children.html
+++ /dev/null
@@ -1,34 +0,0 @@
-{% extends "authentic2/manager/service.html" %}
-{% load i18n staticfiles django_tables2 %}
-
-{% block breadcrumb %}
-  {{ block.super }}
-  <a href="{% url 'a2-manager-service-role-members' service_pk=view.kwargs.service_pk pk=object.pk %}">{{ object.name }}</a>
-  <a href="#">{% trans "Children roles" %}</a>
-{% endblock %}
-
-{% block appbar %}
-  {{ block.super }}
-  {% if view.can_change and not object.is_internal %}
-    <a href="{% url "a2-manager-service-role-managers" service_pk=view.kwargs.service_pk pk=object.pk %}">{% trans "Managers" %}</a>
-  {% endif %}
-  <a href="{% url "a2-manager-service-role-members" service_pk=view.kwargs.service_pk pk=object.pk %}">{% trans "Members" %}</a>
-{% endblock %}
-
-{% block sidebar %}
-   {% include "authentic2/manager/search_form.html" %}
-{% endblock %}
-
-{% block main %}
- {% with row_link=1 url_name="a2-manager-role-members" %}
-   {% render_table table "authentic2/manager/role_children_table.html" %}
- {% endwith %}
-
- {% if view.can_change %}
-   <form method="post" class="manager-m2m-add-form">
-           {% csrf_token %}
-           {{ form }}
-           <button>{% trans "Add" %}</button>
-   </form>
- {% endif %}
-{% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/service_role_managers.html b/src/authentic2/manager/templates/authentic2/manager/service_role_managers.html
deleted file mode 100644
index cf25534..0000000
--- a/src/authentic2/manager/templates/authentic2/manager/service_role_managers.html
+++ /dev/null
@@ -1,33 +0,0 @@
-{% extends "authentic2/manager/service.html" %}
-{% load i18n staticfiles django_tables2 %}
-
-{% block breadcrumb %}
-  {{ block.super }}
-  <a href="{% url "a2-manager-service-role-members" service_pk=view.kwargs.service_pk pk=role.pk %}">{{ role }}</a>
-  <a href="#">{% trans "Managers" %}</a>
-{% endblock %}
-
-{% block appbar %}
-  {{ block.super }}
-  <a href="{% url "a2-manager-service-role-managers-roles" service_pk=view.kwargs.service_pk pk=role.pk %}">{% trans "Manager roles" %}</a>
-{% endblock %}
-
-
-{% block sidebar %}
-   {% include "authentic2/manager/search_form.html" %}
-{% endblock %}
-
-{% block main %}
- {% with row_link=1 url_name="a2-manager-user-edit" %}
-   {% render_table table "authentic2/manager/role_managers_table.html" %}
- {% endwith %}
-
- {% if view.can_change %}
-   <form method="post" class="manager-m2m-add-form">
-           {% csrf_token %}
-           {{ form }}
-           <button>{% trans "Add" %}</button>
-   </form>
- {% endif %}
-</div>
-{% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/service_role_managers_roles.html b/src/authentic2/manager/templates/authentic2/manager/service_role_managers_roles.html
deleted file mode 100644
index 38c7bd1..0000000
--- a/src/authentic2/manager/templates/authentic2/manager/service_role_managers_roles.html
+++ /dev/null
@@ -1,32 +0,0 @@
-{% extends "authentic2/manager/service.html" %}
-{% load i18n staticfiles django_tables2 %}
-
-{% block breadcrumb %}
-  {{ block.super }}
-  <a href="{% url "a2-manager-service-role-members" service_pk=view.kwargs.service_pk pk=role.pk %}">{{ role }}</a>
-  <a href="#">{% trans "Manager roles" %}</a>
-{% endblock %}
-
-{% block appbar %}
-  {{ block.super }}
-  <a href="{% url "a2-manager-role-managers" pk=role.pk %}">{% trans "Managers" %}</a>
-{% endblock %}
-
-{% block sidebar %}
-   {% include "authentic2/manager/search_form.html" %}
-{% endblock %}
-
-{% block main %}
- {% with row_link=1 url_name="a2-manager-role-members" %}
-   {% render_table table "authentic2/manager/role_children_table.html" %}
- {% endwith %}
-
- {% if view.can_change %}
-   <form method="post" class="manager-m2m-add-form">
-           {% csrf_token %}
-           {{ form }}
-           <button>{% trans "Add" %}</button>
-   </form>
- {% endif %}
-</div>
-{% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/manager/service_role_members.html b/src/authentic2/manager/templates/authentic2/manager/service_role_members.html
deleted file mode 100644
index a5db48a..0000000
--- a/src/authentic2/manager/templates/authentic2/manager/service_role_members.html
+++ /dev/null
@@ -1,36 +0,0 @@
-{% extends "authentic2/manager/service.html" %}
-{% load i18n staticfiles django_tables2 %}
-
-{% block breadcrumb %}
-  {{ block.super }}
-  <a href="#">{{ object }}</a>
-{% endblock %}
-
-{% block appbar %}
-  {{ block.super }}
-  {% if view.can_change and not object.is_internal %}
-    <a href="{% url "a2-manager-service-role-managers" service_pk=view.kwargs.service_pk pk=object.pk %}">{% trans "Managers" %}</a>
-  {% endif %}
-  <a href="{% url "a2-manager-service-role-children" service_pk=view.kwargs.service_pk pk=object.pk %}">{% trans "Children roles" %}</a>
-{% endblock %}
-
-{% block sidebar %}
-   {% include "authentic2/manager/search_form.html" %}
-{% endblock %}
-
-{% block main %}
- {% with row_link=1 url_name="a2-manager-user-edit" %}
-   {% render_table table "authentic2/manager/role_members_table.html" %}
- {% endwith %}
-
- {% include "authentic2/manager/export_include.html" with export_view_name="a2-manager-role-members-export" %}
-
- {% if view.can_change %}
-   <form method="post" class="manager-m2m-add-form">
-           {% csrf_token %}
-           {{ form }}
-           <button>{% trans "Add" %}</button>
-   </form>
- {% endif %}
-</div>
-{% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/service_role_managers.html b/src/authentic2/manager/templates/authentic2/service_role_managers.html
deleted file mode 100644
index 4c99e30..0000000
--- a/src/authentic2/manager/templates/authentic2/service_role_managers.html
+++ /dev/null
@@ -1,38 +0,0 @@
-{% extends "authentic2/manager/service.html" %}
-{% load i18n staticfiles django_tables2 %}
-
-{% block breadcrumb %}
-  {{ block.super }}
-  <a href="{% url 'a2-manager-service-role-members' service_pk=view.kwargs.service_pk pk=object.pk %}">{{ object.name }}</a>
-  <a href="#">{% trans "Managers" %}</a>
-{% endblock %}
-
-{% block page_title %}
-  {% trans "Managers" %}
-{% endblock %}
-
-{% block appbar %}
-  {{ block.super }}
-  <a href="{% url "a2-manager-role-manager-roles" pk=role.pk %}">{% trans "Manager roles" %}</a>
-{% endblock %}
-
-
-{% block extra_scripts %}
-  {{ block.super }}
-  {{ choose_user_form.media }}
-{% endblock %}
-
-{% block main %}
- {% with row_link=1 url_name="a2-manager-user-edit" %}
-   {% render_table table "authentic2/manager/role_managers_table.html" %}
- {% endwith %}
-
- {% if view.can_change %}
-   <form method="post" class="manager-m2m-add-form">
-           {% csrf_token %}
-           {{ form }}
-           <button>{% trans "Add" %}</button>
-   </form>
- {% endif %}
-</div>
-{% endblock %}
diff --git a/src/authentic2/manager/templates/authentic2/service_role_members.html b/src/authentic2/manager/templates/authentic2/service_role_members.html
deleted file mode 100644
index 7a62fd8..0000000
--- a/src/authentic2/manager/templates/authentic2/service_role_members.html
+++ /dev/null
@@ -1,36 +0,0 @@
-{% extends "authentic2/manager/service.html" %}
-{% load i18n staticfiles django_tables2 %}
-
-{% block breadcrumb %}
-  {{ block.super }}
-  <a href="{% url 'a2-manager-service-role-members' service_pk=view.kwargs.service_pk pk=object.pk %}">{{ object.name }}</a>
-{% endblock %}
-
-{% block appbar %}
-  {% if view.can_change and not object.admin_scope_ct_id %}
-    <a href="{% url "a2-manager-service-role-managers" pk=object.pk %}">{% trans "Managers" %}</a>
-  {% endif %}
-  <a href="{% url "a2-manager-service-role-children" pk=object.pk %}">{% trans "Children roles" %}</a>
-{% endblock %}
-
-
-{% block extra_scripts %}
-  {{ block.super }}
-  {{ choose_user_form.media }}
-{% endblock %}
-
-{% block main %}
- {% with row_link=1 url_name="a2-manager-user-edit" %}
-   {% render_table table "authentic2/manager/role_members_table.html" %}
- {% endwith %}
-
- {% include "authentic2/manager/export_include.html" with export_view_name="a2-manager-role-members-export" %}
-
- {% if view.can_change %}
-   <form method="post" class="manager-m2m-add-form">
-           {% csrf_token %}
-           {{ form }}
-           <button>{% trans "Add" %}</button>
-   </form>
- {% endif %}
-{% endblock %}
diff --git a/src/authentic2/manager/urls.py b/src/authentic2/manager/urls.py
index a846761..9779680 100644
--- a/src/authentic2/manager/urls.py
+++ b/src/authentic2/manager/urls.py
@@ -35,8 +35,6 @@ urlpatterns = required(
             role_views.export, name='a2-manager-roles-export'),
         url(r'^roles/(?P<pk>\d+)/$', role_views.members,
             name='a2-manager-role-members'),
-        url(r'^roles/(?P<pk>\d+)/children/$', role_views.children,
-            name='a2-manager-role-children'),
         url(r'^roles/(?P<pk>\d+)/add-child/$', role_views.add_child,
             name='a2-manager-role-add-child'),
         url(r'^roles/(?P<pk>\d+)/add-parent/$', role_views.add_parent,
@@ -45,6 +43,17 @@ urlpatterns = required(
             role_views.remove_child, name='a2-manager-role-remove-child'),
         url(r'^roles/(?P<pk>\d+)/remove-parent/(?P<parent_pk>\d+)/$',
             role_views.remove_parent, name='a2-manager-role-remove-parent'),
+
+        url(r'^roles/(?P<pk>\d+)/add-admin-user/$', role_views.add_admin_user,
+            name='a2-manager-role-add-admin-user'),
+        url(r'^roles/(?P<pk>\d+)/remove-admin-user/(?P<user_pk>\d+)/$',
+            role_views.remove_admin_user, name='a2-manager-role-remove-admin-user'),
+
+        url(r'^roles/(?P<pk>\d+)/add-admin-role/$', role_views.add_admin_role,
+            name='a2-manager-role-add-admin-role'),
+        url(r'^roles/(?P<pk>\d+)/remove-admin-role/(?P<role_pk>\d+)/$',
+            role_views.remove_admin_role, name='a2-manager-role-remove-admin-role'),
+
         url(r'^roles/(?P<pk>\d+)/export/(?P<format>csv|json|html|ods)/$',
             role_views.members_export,
             name='a2-manager-role-members-export'),
@@ -55,11 +64,6 @@ urlpatterns = required(
         url(r'^roles/(?P<pk>\d+)/permissions/$', role_views.permissions,
             name='a2-manager-role-permissions'),
 
-        url(r'^roles/(?P<pk>\d+)/managers/roles/$', role_views.managers_roles,
-            name='a2-manager-role-manager-roles'),
-        url(r'^roles/(?P<pk>\d+)/managers/$', role_views.managers,
-            name='a2-manager-role-managers'),
-
 
         # Authentic2 organizational units
         url(r'^organizational-units/$', ou_views.listing,
@@ -78,18 +82,6 @@ urlpatterns = required(
             name='a2-manager-service'),
         url(r'^services/(?P<service_pk>\d+)/edit/$', service_views.edit,
             name='a2-manager-service-edit'),
-        url(r'^services/(?P<service_pk>\d+)/(?P<pk>\d+)/$',
-            service_views.role_members,
-            name='a2-manager-service-role-members'),
-        url(r'^services/(?P<service_pk>\d+)/(?P<pk>\d+)/children/$',
-            service_views.role_children,
-            name='a2-manager-service-role-children'),
-        url(r'^services/(?P<service_pk>\d+)/(?P<pk>\d+)/managers/$',
-            service_views.role_managers,
-            name='a2-manager-service-role-managers'),
-        url(r'^services/(?P<service_pk>\d+)/(?P<pk>\d+)/managers/roles/$',
-            service_views.role_managers_roles,
-            name='a2-manager-service-role-managers-roles'),
 
         # backoffice menu as json
         url(r'^menu.json$', views.menu_json),
-- 
2.1.4