manager: show only roles user is a member of (#55542)

2021-07-13 15:10:54 +02:00 · 2021-07-13 15:10:54 +02:00 · 426705531e
parent 9b6e2e465f
commit 426705531e
2 changed files with 18 additions and 3 deletions
--- a/src/authentic2/manager/forms.py
+++ b/src/authentic2/manager/forms.py
@ -531,17 +531,20 @@ class RoleSearchForm(ServiceRoleSearchForm, OUSearchForm):

 class UserRoleSearchForm(OUSearchForm, ServiceRoleSearchForm):
    ou_permission = 'a2_rbac.change_role'
+    field_order = ['text', 'internals', 'limit_to_user', 'ou']
+
+    limit_to_user = forms.BooleanField(initial=False, label=_('Show only direct user roles'), required=False)

    def __init__(self, *args, **kwargs):
        request = kwargs['request']
-        user = kwargs.pop('user')
+        self.user = kwargs.pop('user')
        role_members_from_ou = kwargs.pop('role_members_from_ou')

        if role_members_from_ou:
-            assert user
+            assert self.user
            # limit ou to target user ou
            ou_qs = request.user.ous_with_perm(self.ou_permission).order_by('name')
-            if user.ou_id:
+            if self.user.ou_id:
                ou_qs = ou_qs.filter(id=user.ou_id)
            else:
                ou_qs = ou_qs.none()
@ -551,6 +554,12 @@ class UserRoleSearchForm(OUSearchForm, ServiceRoleSearchForm):
    def filter_no_ou(self, qs):
        return qs

+    def filter(self, qs):
+        qs = super().filter(qs)
+        if self.cleaned_data['limit_to_user']:
+            qs = qs.filter(members=self.user)
+        return qs
+

 class UserSearchForm(OUSearchForm, CssClass, PrefixFormMixin, FormWithRequest):
    ou_permission = 'custom_user.search_user'
--- a/tests/test_manager.py
+++ b/tests/test_manager.py
@ -389,6 +389,12 @@ def test_manager_one_ou(app, superuser, admin, simple_role, settings):
        for elt in q('table tbody td.name a'):
            assert 'Manager' in elt.text or elt.text == 'simple role'

+        form.set('search-limit_to_user', True)
+        response = form.submit()
+        q = response.pyquery.remove_namespaces()
+        assert len(q('table tbody tr')) == 1
+        assert q('table tbody tr').text() == 'Manager'
+
        # test role listing
        response = app.get('/manage/roles/')
        assert [x.text for x in response.pyquery('td.slug')] == ['simple-role']