Project

General

Profile

Développement #70152

Lors de la génération des permissions d'un utilisateur, prendre en compte l'héritage entre modèles

Added by Benjamin Dauvergne over 2 years ago. Updated over 2 years ago.

Status:
Fermé
Priority:
Normal
Category:
-
Target version:
-
Start date:
12 October 2022
Due date:
% Done:

0%

Estimated time:
Patch proposed:
Yes
Planning:
No

Description

Dans django_rbac.backends.DjangoRBACBackend.get_permission_cache() si on trouver '<app1>.<perm>_<model1>' mais que <app2>.<model2> hérite de '<app1>.<model1>', ajouter '<app2>.<perm>_<model2>'.

Exemple réel: la permission authentic2.admin_service donnera automatiquement les permissions authentic2_idp_oidc.admin_oidcclient, saml.admin_libertyprovider et authentic2_idp_cas.admin_service.


Files


Related issues

Related to Authentic 2 - Développement #69902: django_rbac, rapatrier le modèle OperationFermé05 October 2022

Actions
Related to Authentic 2 - Développement #70135: django_rbac, rapatrier PermissionMixinFermé11 October 2022

Actions

Associated revisions

Revision 626ab8aa (diff)
Added by Benjamin Dauvergne over 2 years ago

a2_rbac: add helper method to build permissions (#70152)

Revision 772a3f6f (diff)
Added by Benjamin Dauvergne over 2 years ago

rbac: handle inheritance between model in get_all_permissions (#70152)

For global and ou scoped permissions, equivalent permissions on the child
classes are added, i.e. if you have authentic2.admin_service
permission then you also have authentic2_idp_oidc.admin_oidcclient
permission (globally or scoped by an organizational unit).

For instance scoped permissions, equivalent permissions on the parent
classes are added, i.e. if you have permission
authentic2_idp_oidc.admin_oidcclient on OIDCClient(pk=1), you also have
authentic2.admin_service on the same object.

History

#1

Updated by Benjamin Dauvergne over 2 years ago

Début du truc, mais je vais relire les tickets de Valentin sur django_rbac d'abord pour ne pas perdre de temps pour rien.

#2

Updated by Benjamin Dauvergne over 2 years ago

  • Status changed from Nouveau to En cours
#3

Updated by Benjamin Dauvergne over 2 years ago

#4

Updated by Benjamin Dauvergne over 2 years ago

#8

Updated by Serghei Mihai over 2 years ago

  • Status changed from Solution proposée to Solution validée
#9

Updated by Benjamin Dauvergne over 2 years ago

  • Status changed from Solution validée to Résolu (à déployer)
commit 772a3f6f6d09a9d3a10f1fe2cc2c56d75a79d860
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date:   Wed Oct 12 10:52:43 2022 +0200

    rbac: handle inheritance between model in get_all_permissions (#70152)

    For global and ou scoped permissions, equivalent permissions on the child
    classes are added, i.e. if you have authentic2.admin_service
    permission then you also have authentic2_idp_oidc.admin_oidcclient
    permission (globally or scoped by an organizational unit).

    For instance scoped permissions, equivalent permissions on the parent
    classes are added, i.e. if you have permission
    authentic2_idp_oidc.admin_oidcclient on OIDCClient(pk=1), you also have
    authentic2.admin_service on the same object.

commit 626ab8aab713e04b6d8c413e9c3bda7ad4cc1700
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date:   Thu Oct 13 19:21:59 2022 +0200

    a2_rbac: add helper method to build permissions (#70152)
#10

Updated by Transition automatique over 2 years ago

  • Status changed from Résolu (à déployer) to Solution déployée
#11

Updated by Transition automatique about 2 years ago

Automatic expiration

Also available in: Atom PDF