entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 35 Releases Activity

discard django_rbac generic getters in main a2 code (#58695)

This commit is contained in:
Paul Marillonnet 2021-11-22 14:03:40 +01:00
parent 6505904505
commit 50e48b760a
48 changed files with 211 additions and 301 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/authentic2/a2_rbac/management.py
View File

@ -19,15 +19,13 @@ from django.utils.text import slugify
from django.utils.translation import ugettext
from django.utils.translation import ugettext_lazy as _
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.utils.misc import get_fk_model
from django_rbac.utils import get_ou_model, get_role_model
from . import app_settings, utils
def update_ou_admin_roles(ou):
Role = get_role_model()
if app_settings.MANAGED_CONTENT_TYPES == ():
Role.objects.filter(slug=f'a2-managers-of-{ou.slug}').delete()
else:
@ -65,8 +63,7 @@ def update_ous_admin_roles():
they give general administrative rights to all mamanged content types
scoped to the given organizational unit.
"""
OU = get_ou_model()
ou_all = OU.objects.all()
ou_all = OrganizationalUnit.objects.all()
if len(ou_all) < 2:
# If there is no ou or less than two, only generate global management
# roles
@ -102,7 +99,6 @@ def update_content_types_roles():
types.
"""
cts = ContentType.objects.all()
Role = get_role_model()
view_user_perm = utils.get_view_user_perm()
search_ou_perm = utils.get_search_ou_perm()
manage_authorizations_user_perm = utils.get_manage_authorizations_user_perm()

14
src/authentic2/a2_rbac/managers.py
View File

@ -16,7 +16,7 @@
from django.contrib.contenttypes.models import ContentType
from django_rbac import utils as rbac_utils
from authentic2.a2_rbac import models
from django_rbac.managers import AbstractBaseManager
from django_rbac.managers import RoleManager as BaseRoleManager
from django_rbac.models import ADMIN_OP
@ -65,9 +65,8 @@ class RoleManager(BaseRoleManager):
defaults['ou'] = None
# find an operation matching the template
op = get_operation(operation)
Permission = rbac_utils.get_permission_model()
if create:
perm, _ = Permission.objects.update_or_create(
perm, _ = models.Permission.objects.update_or_create(
operation=op,
target_ct=ContentType.objects.get_for_model(instance),
target_id=instance.pk,
@ -76,13 +75,13 @@ class RoleManager(BaseRoleManager):
)
else:
try:
perm = Permission.objects.get(
perm = models.Permission.objects.get(
operation=op,
target_ct=ContentType.objects.get_for_model(instance),
target_id=instance.pk,
**kwargs,
)
except Permission.DoesNotExist:
except models.Permission.DoesNotExist:
return None
# in which ou do we put the role ?
@ -153,10 +152,9 @@ class RoleManager(BaseRoleManager):
if ou_natural_key is None:
kwargs['ou__isnull'] = True
else:
OU = rbac_utils.get_ou_model()
try:
ou = OU.objects.get_by_natural_key(*ou_natural_key)
except OU.DoesNotExist:
ou = models.OrganizationalUnit.objects.get_by_natural_key(*ou_natural_key)
except models.OrganizationalUnit.DoesNotExist:
raise self.model.DoesNotExist
kwargs['ou'] = ou
if service_natural_key is None:

13
src/authentic2/a2_rbac/models.py
View File

@ -73,9 +73,7 @@ class OrganizationalUnit(OrganizationalUnitAbstractBase):
show_username = models.BooleanField(blank=True, default=True, verbose_name=_('Show username'))
admin_perms = GenericRelation(
rbac_utils.get_permission_model_name(), content_type_field='target_ct', object_id_field='target_id'
)
admin_perms = GenericRelation('Permission', content_type_field='target_ct', object_id_field='target_id')
user_can_reset_password = models.NullBooleanField(
verbose_name=_('Users can reset password'), choices=USER_CAN_RESET_PASSWD_CHOICES
@ -195,7 +193,7 @@ class Permission(PermissionAbstractBase):
verbose_name_plural = _('permissions')
mirror_roles = GenericRelation(
rbac_utils.get_role_model_name(),
'Role',
content_type_field='admin_scope_ct',
object_id_field='admin_scope_id',
)
@ -229,9 +227,7 @@ class Role(RoleAbstractBase):
)
external_id = models.TextField(verbose_name=_('external id'), blank=True, db_index=True)
admin_perms = GenericRelation(
rbac_utils.get_permission_model_name(), content_type_field='target_ct', object_id_field='target_id'
)
admin_perms = GenericRelation('Permission', content_type_field='target_ct', object_id_field='target_id')
can_manage_members = models.BooleanField(
default=True, verbose_name=_('Allow adding or deleting role members')
@ -294,7 +290,6 @@ class Role(RoleAbstractBase):
def has_self_administration(self, op=None):
if not op:
op = MANAGE_MEMBERS_OP
Permission = rbac_utils.get_permission_model()
operation = rbac_utils.get_operation(op)
self_perm, dummy = Permission.objects.get_or_create(
operation=operation,
@ -308,7 +303,6 @@ class Role(RoleAbstractBase):
'Add permission to role so that it is self-administered'
if not op:
op = MANAGE_MEMBERS_OP
Permission = rbac_utils.get_permission_model()
operation = rbac_utils.get_operation(op)
self_perm, dummy = Permission.objects.get_or_create(
operation=operation, target_ct=ContentType.objects.get_for_model(self), target_id=self.pk
@ -366,7 +360,6 @@ class Role(RoleAbstractBase):
d.setdefault('attributes', []).append(attribute.to_json())
if parents:
RoleParenting = rbac_utils.get_role_parenting_model()
for parenting in RoleParenting.objects.filter(child_id=self.id, direct=True):
d.setdefault('parents', []).append(parenting.parent.natural_key_json())

16
src/authentic2/a2_rbac/signal_handlers.py
View File

@ -20,17 +20,17 @@ from django.db import DEFAULT_DB_ALIAS, router, transaction
from django.utils.translation import override
from django.utils.translation import ugettext as _
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.utils.misc import get_fk_model
from django_rbac.managers import defer_update_transitive_closure
from django_rbac.utils import get_operation, get_ou_model, get_role_model
from django_rbac.utils import get_operation
def create_default_ou(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs):
if not router.allow_migrate(using, get_ou_model()):
if not router.allow_migrate(using, OrganizationalUnit):
return
# be sure new objects names are localized using the default locale
with override(settings.LANGUAGE_CODE):
OrganizationalUnit = get_ou_model()
if OrganizationalUnit.objects.exists():
return
# Create a default OU if none exists currently
@ -54,7 +54,7 @@ def post_migrate_update_rbac(app_config, verbosity=2, interactive=True, using=DE
# be sure new objects names are localized using the default locale
from .management import update_content_types_roles, update_ous_admin_roles
if not router.allow_migrate(using, get_role_model()):
if not router.allow_migrate(using, Role):
return
with override(settings.LANGUAGE_CODE):
with transaction.atomic():
@ -66,7 +66,7 @@ def post_migrate_update_rbac(app_config, verbosity=2, interactive=True, using=DE
def update_rbac_on_ou_post_save(sender, instance, created, raw, **kwargs):
from .management import update_ou_admin_roles, update_ous_admin_roles
if get_ou_model().objects.count() < 3 and created:
if OrganizationalUnit.objects.count() < 3 and created:
update_ous_admin_roles()
else:
update_ou_admin_roles(instance)
@ -75,12 +75,12 @@ def update_rbac_on_ou_post_save(sender, instance, created, raw, **kwargs):
def update_rbac_on_ou_post_delete(sender, instance, **kwargs):
from .management import update_ous_admin_roles
if get_ou_model().objects.count() < 2:
if OrganizationalUnit.objects.count() < 2:
update_ous_admin_roles()
def update_service_role_ou(sender, instance, created, raw, **kwargs):
get_role_model().objects.filter(service=instance).update(ou=instance.ou)
Role.objects.filter(service=instance).update(ou=instance.ou)
def create_default_permissions(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs):
@ -93,7 +93,7 @@ def create_default_permissions(app_config, verbosity=2, interactive=True, using=
RESET_PASSWORD_OP,
)
if not router.allow_migrate(using, get_ou_model()):
if not router.allow_migrate(using, OrganizationalUnit):
return
with override(settings.LANGUAGE_CODE):

25
src/authentic2/a2_rbac/utils.py
View File

@ -16,6 +16,7 @@
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.utils.text import slugify
from django_rbac import utils as rbac_utils
from django_rbac.models import SEARCH_OP, VIEW_OP
@ -32,8 +33,7 @@ def get_default_ou():
def get_view_user_perm(ou=None):
User = get_user_model()
Permission = rbac_utils.get_permission_model()
view_user_perm, dummy = Permission.objects.get_or_create(
view_user_perm, dummy = models.Permission.objects.get_or_create(
operation=rbac_utils.get_operation(VIEW_OP),
target_ct=ContentType.objects.get_for_model(ContentType),
target_id=ContentType.objects.get_for_model(User).pk,
@ -45,20 +45,17 @@ def get_view_user_perm(ou=None):
def get_search_ou_perm(ou=None):
if ou:
Permission = rbac_utils.get_permission_model()
view_ou_perm, dummy = Permission.objects.get_or_create(
view_ou_perm, dummy = models.Permission.objects.get_or_create(
operation=rbac_utils.get_operation(SEARCH_OP),
target_ct=ContentType.objects.get_for_model(ou),
target_id=ou.pk,
ou__isnull=True,
)
else:
OU = rbac_utils.get_ou_model()
Permission = rbac_utils.get_permission_model()
view_ou_perm, dummy = Permission.objects.get_or_create(
view_ou_perm, dummy = models.Permission.objects.get_or_create(
operation=rbac_utils.get_operation(SEARCH_OP),
target_ct=ContentType.objects.get_for_model(ContentType),
target_id=ContentType.objects.get_for_model(OU).pk,
target_id=ContentType.objects.get_for_model(models.OrganizationalUnit).pk,
ou__isnull=True,
)
return view_ou_perm
@ -66,8 +63,7 @@ def get_search_ou_perm(ou=None):
def get_manage_authorizations_user_perm(ou=None):
User = get_user_model()
Permission = rbac_utils.get_permission_model()
manage_authorizations_user_perm, dummy = Permission.objects.get_or_create(
manage_authorizations_user_perm, dummy = models.Permission.objects.get_or_create(
operation=rbac_utils.get_operation(models.MANAGE_AUTHORIZATIONS_OP),
target_ct=ContentType.objects.get_for_model(ContentType),
target_id=ContentType.objects.get_for_model(User).pk,
@ -75,3 +71,12 @@ def get_manage_authorizations_user_perm(ou=None):
ou=ou,
)
return manage_authorizations_user_perm
def generate_slug(name, seen_slugs=None):
slug = base_slug = slugify(name).lstrip('_')
if seen_slugs:
i = 1
while slug in seen_slugs:
slug = '%s-%s' % (base_slug, i)
return slug

41
src/authentic2/api_views.py
View File

@ -54,9 +54,9 @@ from rest_framework.views import APIView
from rest_framework.viewsets import ModelViewSet, ViewSet
from authentic2.compat.drf import action
from django_rbac.utils import get_ou_model, get_role_model
from . import api_mixins, app_settings, decorators, hooks
from .a2_rbac.models import OrganizationalUnit, Role
from .a2_rbac.utils import get_default_ou
from .custom_user.models import User
from .journal_event_types import UserLogin, UserRegistration
@ -129,7 +129,7 @@ class RegistrationSerializer(serializers.Serializer):
email = serializers.EmailField(required=False, allow_blank=True)
ou = serializers.SlugRelatedField(
queryset=get_ou_model().objects.all(),
queryset=OrganizationalUnit.objects.all(),
slug_field='slug',
default=get_default_ou,
required=False,
@ -314,7 +314,7 @@ class PasswordChangeSerializer(serializers.Serializer):
email = serializers.EmailField()
ou = serializers.SlugRelatedField(
queryset=get_ou_model().objects.all(), slug_field='slug', required=False, allow_null=True
queryset=OrganizationalUnit.objects.all(), slug_field='slug', required=False, allow_null=True
)
old_password = serializers.CharField(required=True, allow_null=True)
new_password = serializers.CharField(required=True, allow_null=True)
@ -360,7 +360,7 @@ def user(request):
class BaseUserSerializer(serializers.ModelSerializer):
ou = serializers.SlugRelatedField(
queryset=get_ou_model().objects.all(), slug_field='slug', required=False, default=get_default_ou
queryset=OrganizationalUnit.objects.all(), slug_field='slug', required=False, default=get_default_ou
)
date_joined = serializers.DateTimeField(read_only=True)
last_login = serializers.DateTimeField(read_only=True)
@ -569,7 +569,7 @@ class RoleSerializer(serializers.ModelSerializer):
many=False,
required=False,
default=CreateOnlyDefault(get_default_ou),
queryset=get_ou_model().objects.all(),
queryset=OrganizationalUnit.objects.all(),
slug_field='slug',
)
slug = serializers.SlugField(
@ -607,7 +607,7 @@ class RoleSerializer(serializers.ModelSerializer):
return instance
class Meta:
model = get_role_model()
model = Role
fields = (
'uuid',
'name',
@ -616,8 +616,8 @@ class RoleSerializer(serializers.ModelSerializer):
)
extra_kwargs = {'uuid': {'read_only': True}}
validators = [
UniqueTogetherValidator(queryset=get_role_model().objects.all(), fields=['name', 'ou']),
UniqueTogetherValidator(queryset=get_role_model().objects.all(), fields=['slug', 'ou']),
UniqueTogetherValidator(queryset=Role.objects.all(), fields=['name', 'ou']),
UniqueTogetherValidator(queryset=Role.objects.all(), fields=['slug', 'ou']),
]
@ -905,7 +905,7 @@ class UsersAPI(api_mixins.GetOrCreateMixinView, HookMixin, ExceptionHandlerMixin
class RolesFilter(FilterSet):
class Meta:
model = get_role_model()
model = Role
fields = {
'uuid': ['exact'],
'name': ['exact', 'iexact', 'icontains', 'startswith'],
@ -921,7 +921,7 @@ class RolesAPI(api_mixins.GetOrCreateMixinView, ExceptionHandlerMixin, ModelView
lookup_field = 'uuid'
def get_queryset(self):
return self.request.user.filter_by_perm('a2_rbac.view_role', get_role_model().objects.all())
return self.request.user.filter_by_perm('a2_rbac.view_role', Role.objects.all())
def perform_destroy(self, instance):
if not self.request.user.has_perm(perm='a2_rbac.delete_role', obj=instance):
@ -941,7 +941,6 @@ class RolesAPI(api_mixins.GetOrCreateMixinView, ExceptionHandlerMixin, ModelView
class RolesMembersAPI(UsersAPI):
def initial(self, request, *args, **kwargs):
super().initial(request, *args, **kwargs)
Role = get_role_model()
self.role = get_object_or_404(Role, uuid=kwargs['role_uuid'])
def get_queryset(self):
@ -960,7 +959,6 @@ class RoleMembershipAPI(ExceptionHandlerMixin, APIView):
def initial(self, request, *args, **kwargs):
super().initial(request, *args, **kwargs)
Role = get_role_model()
User = get_user_model()
self.role = get_object_or_404(Role, uuid=kwargs['role_uuid'])
self.member = get_object_or_404(User, uuid=kwargs['member_uuid'])
@ -1005,7 +1003,6 @@ class RoleMembershipsAPI(ExceptionHandlerMixin, APIView):
def initial(self, request, *args, **kwargs):
super().initial(request, *args, **kwargs)
Role = get_role_model()
User = get_user_model()
self.role = get_object_or_404(Role, uuid=kwargs['role_uuid'])
self.members = set()
@ -1079,7 +1076,7 @@ class BaseOrganizationalUnitSerializer(serializers.ModelSerializer):
)
class Meta:
model = get_ou_model()
model = OrganizationalUnit
fields = '__all__'
@ -1089,7 +1086,7 @@ class OrganizationalUnitAPI(api_mixins.GetOrCreateMixinView, ExceptionHandlerMix
lookup_field = 'uuid'
def get_queryset(self):
return get_ou_model().objects.all()
return OrganizationalUnit.objects.all()
router = SimpleRouter()
@ -1224,9 +1221,13 @@ class StatisticsAPI(ViewSet):
def list(self, request):
statistics = []
OU = get_ou_model()
services_ous = [{'id': ou.slug, 'label': ou.name} for ou in OU.objects.exclude(service__isnull=True)]
users_ous = [{'id': ou.slug, 'label': ou.name} for ou in OU.objects.exclude(user__isnull=True)]
services_ous = [
{'id': ou.slug, 'label': ou.name}
for ou in OrganizationalUnit.objects.exclude(service__isnull=True)
]
users_ous = [
{'id': ou.slug, 'label': ou.name} for ou in OrganizationalUnit.objects.exclude(user__isnull=True)
]
services = [
{'id': '%s %s' % (service['slug'], service['ou__slug']), 'label': service['name']}
for service in Service.objects.values('slug', 'name', 'ou__slug')
@ -1294,10 +1295,10 @@ class StatisticsAPI(ViewSet):
service_slug, ou_slug = service
kwargs['service'] = get_object_or_404(Service, slug=service_slug, ou__slug=ou_slug)
elif services_ou and 'services_ou' in allowed_filters:
kwargs['services_ou'] = get_object_or_404(get_ou_model(), slug=services_ou)
kwargs['services_ou'] = get_object_or_404(OrganizationalUnit, slug=services_ou)
if users_ou and 'users_ou' in allowed_filters:
kwargs['users_ou'] = get_object_or_404(get_ou_model(), slug=users_ou)
kwargs['users_ou'] = get_object_or_404(OrganizationalUnit, slug=users_ou)
return Response(
{

3
src/authentic2/attributes_ng/sources/django_user.py
View File

@ -17,7 +17,7 @@
from django.contrib.auth import get_user_model
from django.utils.translation import ugettext_lazy as _
from django_rbac.utils import get_role_model
from authentic2.a2_rbac.models import Role
from ...decorators import to_list
from ...models import Attribute, AttributeValue
@ -96,7 +96,6 @@ def get_attributes(instance, ctx):
ctx['django_user_domain'] = splitted[1] if '@' in user.username else ''
ctx['django_user_identifier'] = splitted[0]
ctx['django_user_full_name'] = user.get_full_name()
Role = get_role_model()
roles = Role.objects.for_user(user)
ctx['a2_role_slugs'] = roles.values_list('slug', flat=True)
ctx['a2_role_names'] = roles.values_list('name', flat=True)

8
src/authentic2/backends/ldap_backend.py
View File

@ -43,7 +43,7 @@ from ldap.filter import filter_format
from ldap.ldapobject import ReconnectLDAPObject as NativeLDAPObject
from authentic2 import app_settings, crypto
from authentic2.a2_rbac.models import Role
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.backends import is_user_authenticable
from authentic2.compat_lasso import lasso
@ -52,7 +52,6 @@ from authentic2.middleware import StoreRequestMiddleware
from authentic2.models import UserExternalId
from authentic2.user_login_failure import user_login_failure, user_login_success
from authentic2.utils.misc import PasswordChangeError, to_list
from django_rbac.utils import get_ou_model
# code originaly copied from by now merely inspired by
# http://www.amherst.k12.oh.us/django-ldap.html
@ -1034,12 +1033,11 @@ class LDAPBackend:
None"""
ou_slug = block['ou_slug']
OU = get_ou_model()
if ou_slug:
ou_slug = force_text(ou_slug)
try:
ou = OU.objects.get(slug=ou_slug)
except OU.DoesNotExist:
ou = OrganizationalUnit.objects.get(slug=ou_slug)
except OrganizationalUnit.DoesNotExist:
raise ImproperlyConfigured('ou_slug value is wrong for ldap %r' % block['url'])
else:
ou = get_default_ou()

4
src/authentic2/csv_import.py
View File

@ -30,14 +30,12 @@ from django.utils.encoding import force_bytes, force_text
from django.utils.translation import ugettext as _
from authentic2 import app_settings
from authentic2.a2_rbac.models import Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.custom_user.models import User
from authentic2.forms.profile import BaseUserForm, modelform_factory
from authentic2.models import Attribute, AttributeValue, UserExternalId
from authentic2.utils.misc import send_password_reset_mail
from django_rbac.utils import get_role_model
Role = get_role_model()
# http://www.attrs.org/en/stable/changelog.html :

3
src/authentic2/custom_user/models.py
View File

@ -34,12 +34,12 @@ from django.contrib.auth.models import AbstractBaseUser
from django.contrib.postgres.fields import JSONField
from authentic2 import app_settings
from authentic2.a2_rbac.models import RoleParenting
from authentic2.decorators import RequestCache, errorcollector
from authentic2.models import Attribute, AttributeValue, Service
from authentic2.utils import misc as utils_misc
from authentic2.validators import email_validator
from django_rbac.models import PermissionMixin
from django_rbac.utils import get_role_parenting_model
from .managers import UserManager, UserQuerySet
@ -221,7 +221,6 @@ class User(AbstractBaseUser, PermissionMixin):
qs1 = self.roles.all()
qs2 = qs1.model.objects.filter(child_relation__child__in=qs1)
qs = (qs1 | qs2).order_by('name').distinct()
RoleParenting = get_role_parenting_model()
rp_qs = RoleParenting.objects.filter(child__in=qs1)
qs = qs.prefetch_related(models.Prefetch('child_relation', queryset=rp_qs), 'child_relation__parent')
qs = qs.prefetch_related(

25
src/authentic2/data_transfer.py
View File

@ -24,11 +24,10 @@ from django.core.validators import validate_slug
from django.utils.text import format_lazy
from django.utils.translation import ugettext_lazy as _
from authentic2.a2_rbac.models import RoleAttribute
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role, RoleAttribute, RoleParenting
from authentic2.decorators import errorcollector
from authentic2.utils.lazy import lazy_join
from django_rbac.models import Operation
from django_rbac.utils import get_ou_model, get_permission_model, get_role_model, get_role_parenting_model
def update_model(obj, d):
@ -81,11 +80,11 @@ class ExportContext:
@property
def role_qs(self):
return self._role_qs or get_role_model().objects.all()
return self._role_qs or Role.objects.all()
@property
def ou_qs(self):
return self._ou_qs or get_ou_model().objects.all()
return self._ou_qs or OrganizationalUnit.objects.all()
def export_site(context=None):
@ -109,14 +108,13 @@ def export_roles(context):
def search_ou(ou_d):
try:
OU = get_ou_model()
OU = OrganizationalUnit
return OU.objects.get_by_natural_key_json(ou_d)
except OU.DoesNotExist:
return None
def search_role(role_d, ou=None):
Role = get_role_model()
try:
role = Role.objects.get_by_natural_key_json(role_d)
except Role.DoesNotExist:
@ -250,7 +248,7 @@ class RoleDeserializer:
else: # Create role
if 'uuid' in kwargs and not kwargs['uuid']:
raise ValidationError(_("Cannot import role '%s' with empty uuid") % kwargs.get('name'))
self._obj = get_role_model().objects.create(**kwargs)
self._obj = Role.objects.create(**kwargs)
status = 'created'
# Ensure admin role is created.
@ -279,8 +277,7 @@ class RoleDeserializer:
def parentings(self):
"""Update parentings (delete everything then create)"""
created, deleted = [], []
Parenting = get_role_parenting_model()
for parenting in Parenting.objects.filter(child=self._obj, direct=True):
for parenting in RoleParenting.objects.filter(child=self._obj, direct=True):
parenting.delete()
deleted.append(parenting)
@ -289,7 +286,7 @@ class RoleDeserializer:
parent = search_role(parent_d)
if not parent:
raise ValidationError(_("Could not find parent role: %s") % parent_d)
created.append(Parenting.objects.create(child=self._obj, direct=True, parent=parent))
created.append(RoleParenting.objects.create(child=self._obj, direct=True, parent=parent))
return created, deleted
@ -304,12 +301,10 @@ class RoleDeserializer:
if self._permissions:
for perm in self._permissions:
op = Operation.objects.get_by_natural_key_json(perm['operation'])
ou = get_ou_model().objects.get_by_natural_key_json(perm['ou']) if perm['ou'] else None
ou = OrganizationalUnit.objects.get_by_natural_key_json(perm['ou']) if perm['ou'] else None
ct = ContentType.objects.get_by_natural_key_json(perm['target_ct'])
target = ct.model_class().objects.get_by_natural_key_json(perm['target'])
perm = get_permission_model().objects.create(
operation=op, ou=ou, target_ct=ct, target_id=target.pk
)
perm = Permission.objects.create(operation=op, ou=ou, target_ct=ct, target_id=target.pk)
self._obj.permissions.add(perm)
created.append(perm)
@ -356,7 +351,7 @@ class ImportResult:
def import_ou(ou_d):
OU = get_ou_model()
OU = OrganizationalUnit
ou = search_ou(ou_d)
if ou is None:
ou = OU.objects.create(**ou_d)

4
src/authentic2/management/commands/clean-unused-accounts.py
View File

@ -27,10 +27,10 @@ from django.db.models import F
from django.utils import timezone, translation
from authentic2 import app_settings
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.backends import get_user_queryset
from authentic2.backends.ldap_backend import LDAPBackend
from authentic2.utils.misc import send_templated_mail
from django_rbac.utils import get_ou_model
logger = logging.getLogger(__name__)
@ -77,7 +77,7 @@ class Command(BaseCommand):
def clean_unused_accounts(self):
count = app_settings.A2_CLEAN_UNUSED_ACCOUNTS_MAX_MAIL_PER_PERIOD
for ou in get_ou_model().objects.filter(clean_unused_accounts_alert__isnull=False):
for ou in OrganizationalUnit.objects.filter(clean_unused_accounts_alert__isnull=False):
alert_delay = timedelta(days=ou.clean_unused_accounts_alert)
deletion_delay = timedelta(days=ou.clean_unused_accounts_deletion)
ou_users = self.user_qs.filter(ou=ou)

4
src/authentic2/manager/apps.py
View File

@ -24,9 +24,9 @@ class AppConfig(BaseAppConfig):
def ready(self):
from django.db.models.signals import post_save
from django_rbac.utils import get_ou_model
from authentic2.a2_rbac.models import OrganizationalUnit
post_save.connect(self.post_save_ou, sender=get_ou_model())
post_save.connect(self.post_save_ou, sender=OrganizationalUnit)
def post_save_ou(self, *args, **kwargs):
from . import utils

41
src/authentic2/manager/forms.py
View File

@ -30,7 +30,8 @@ from django.utils.text import slugify
from django.utils.translation import pgettext, ugettext
from django.utils.translation import ugettext_lazy as _
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role
from authentic2.a2_rbac.utils import generate_slug, get_default_ou
from authentic2.forms.fields import CheckPasswordField, NewPasswordField, ValidatedEmailField
from authentic2.forms.profile import BaseUserForm
from authentic2.models import PasswordReset
@ -43,14 +44,10 @@ from authentic2.utils.misc import (
)
from django_rbac.backends import DjangoRBACBackend
from django_rbac.models import Operation
from django_rbac.utils import generate_slug, get_ou_model, get_permission_model, get_role_model
from . import app_settings, fields, utils
User = get_user_model()
OU = get_ou_model()
Role = get_role_model()
logger = logging.getLogger(__name__)
@ -162,13 +159,11 @@ class ChooseUserAuthorizationsForm(CssClass, forms.Form):
class ChoosePermissionForm(CssClass, forms.Form):
operation = forms.ModelChoiceField(required=False, label=_('Operation'), queryset=Operation.objects)
ou = forms.ModelChoiceField(
label=_('Organizational unit'), queryset=get_ou_model().objects, required=False
label=_('Organizational unit'), queryset=OrganizationalUnit.objects, required=False
)
target = forms.ModelChoiceField(label=_('Target object'), required=False, queryset=ContentType.objects)
action = forms.CharField(initial='add', required=False, widget=forms.HiddenInput)
permission = forms.ModelChoiceField(
queryset=get_permission_model().objects, required=False, widget=forms.HiddenInput
)
permission = forms.ModelChoiceField(queryset=Permission.objects, required=False, widget=forms.HiddenInput)
class UserEditForm(LimitQuerysetFormMixin, CssClass, BaseUserForm):
@ -423,7 +418,7 @@ class OUSearchForm(FormWithRequest):
if 'ou_queryset' in kwargs:
self.ou_qs = kwargs.pop('ou_queryset')
elif self.search_all_ous:
self.ou_qs = get_ou_model().objects.all()
self.ou_qs = OrganizationalUnit.objects.all()
else:
self.ou_qs = request.user.ous_with_perm(self.ou_permission)
@ -431,9 +426,9 @@ class OUSearchForm(FormWithRequest):
# we were passed an explicit list of objects linked to OUs by a field named 'ou',
# get possible OUs from this list
related_query_name = self.queryset.model._meta.get_field('ou').related_query_name()
objects_ou_qs = (
get_ou_model().objects.filter(**{"%s__in" % related_query_name: self.queryset}).distinct()
)
objects_ou_qs = OrganizationalUnit.objects.filter(
**{"%s__in" % related_query_name: self.queryset}
).distinct()
# to combine queryset with distinct, each queryset must have the distinct flag
self.ou_qs = self.ou_qs.distinct() | objects_ou_qs
@ -611,11 +606,11 @@ class ServiceSearchForm(OUSearchForm, NameSearchForm):
class RoleEditForm(SlugMixin, HideOUFieldMixin, LimitQuerysetFormMixin, CssClass, forms.ModelForm):
ou = forms.ModelChoiceField(
queryset=get_ou_model().objects, required=True, label=_('Organizational unit')
queryset=OrganizationalUnit.objects, required=True, label=_('Organizational unit')
)
class Meta:
model = get_role_model()
model = Role
fields = ('name', 'slug', 'ou', 'description')
@ -625,7 +620,7 @@ class OUEditForm(SlugMixin, CssClass, forms.ModelForm):
self.fields['name'].label = _('label').title()
class Meta:
model = get_ou_model()
model = OrganizationalUnit
fields = (
'name',
'slug',
@ -702,7 +697,9 @@ class RolesImportForm(LimitQuerysetFormMixin, SiteImportForm):
self.fields['ou'].widget = forms.HiddenInput()
ou = forms.ModelChoiceField(
label=_('Organizational unit'), queryset=get_ou_model().objects, initial=lambda: get_default_ou().pk
label=_('Organizational unit'),
queryset=OrganizationalUnit.objects,
initial=lambda: get_default_ou().pk,
)
@ -716,7 +713,7 @@ ENCODINGS = [
class UserImportForm(forms.Form):
import_file = forms.FileField(label=_('Import file'), help_text=_('A CSV file'))
encoding = forms.ChoiceField(label=_('Encoding'), choices=ENCODINGS)
ou = forms.ModelChoiceField(label=_('Organizational Unit'), queryset=OU.objects.all())
ou = forms.ModelChoiceField(label=_('Organizational Unit'), queryset=OrganizationalUnit.objects.all())
@staticmethod
def raise_validation_error(error_message):
@ -760,7 +757,9 @@ class RolesCsvImportForm(LimitQuerysetFormMixin, forms.Form):
)
ou = forms.ModelChoiceField(
label=_('Organizational unit'), queryset=get_ou_model().objects, initial=lambda: get_default_ou().pk
label=_('Organizational unit'),
queryset=OrganizationalUnit.objects,
initial=lambda: get_default_ou().pk,
)
def __init__(self, *args, **kwargs):
@ -821,8 +820,8 @@ class RolesCsvImportForm(LimitQuerysetFormMixin, forms.Form):
ou = self.cleaned_data['ou']
if len(csvline) > 2 and csvline[2]:
try:
ou = OU.objects.get(slug=csvline[2])
except OU.DoesNotExist:
ou = OrganizationalUnit.objects.get(slug=csvline[2])
except OrganizationalUnit.DoesNotExist:
self.add_line_error(_('Organizational Unit %s does not exist.') % csvline[2], i)
continue

3
src/authentic2/manager/journal_event_types.py
View File

@ -17,6 +17,7 @@
from django.contrib.auth import get_user_model
from django.utils.translation import ugettext_lazy as _
from authentic2.a2_rbac.models import Role
from authentic2.apps.journal.models import EventTypeDefinition
from authentic2.apps.journal.utils import form_to_old_new
from authentic2.backends.ldap_backend import (
@ -25,10 +26,8 @@ from authentic2.backends.ldap_backend import (
)
from authentic2.custom_user.models import DeletedUser
from authentic2.journal_event_types import EventTypeWithService, get_attributes_label
from django_rbac.utils import get_role_model
User = get_user_model()
Role = get_role_model()
def user_to_str(user):

14
src/authentic2/manager/ou_views.py
View File

@ -25,14 +25,14 @@ from django.utils.translation import ugettext as _
from django.views.generic import FormView
from authentic2 import data_transfer
from django_rbac.utils import get_ou_model
from authentic2.a2_rbac.models import OrganizationalUnit
from . import forms, tables, views
class OrganizationalUnitView(views.BaseTableView):
template_name = 'authentic2/manager/ous.html'
model = get_ou_model()
model = OrganizationalUnit
table_class = tables.OUTable
search_form_class = forms.NameSearchForm
permissions = ['a2_rbac.search_organizationalunit']
@ -43,7 +43,7 @@ listing = OrganizationalUnitView.as_view()
class OrganizationalUnitAddView(views.BaseAddView):
model = get_ou_model()
model = OrganizationalUnit
permissions = ['a2_rbac.add_organizationalunit']
form_class = forms.OUEditForm
title = _('Add organizational unit')
@ -60,7 +60,7 @@ add = OrganizationalUnitAddView.as_view()
class OrganizationalUnitDetailView(views.BaseDetailView):
model = get_ou_model()
model = OrganizationalUnit
permissions = ['a2_rbac.view_organizationalunit']
form_class = forms.OUEditForm
template_name = 'authentic2/manager/ou_detail.html'
@ -78,7 +78,7 @@ detail = OrganizationalUnitDetailView.as_view()
class OrganizationalUnitEditView(views.BaseEditView):
model = get_ou_model()
model = OrganizationalUnit
permissions = ['a2_rbac.change_organizationalunit']
form_class = forms.OUEditForm
template_name = 'authentic2/manager/ou_edit.html'
@ -89,7 +89,7 @@ edit = OrganizationalUnitEditView.as_view()
class OrganizationalUnitDeleteView(views.BaseDeleteView):
model = get_ou_model()
model = OrganizationalUnit
template_name = 'authentic2/manager/ou_delete.html'
permissions = ['a2_rbac.delete_organizationalunit']
title = _('Delete organizational unit')
@ -127,7 +127,7 @@ class OusImportView(
views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest, FormView
):
form_class = forms.OusImportForm
model = get_ou_model()
model = OrganizationalUnit
template_name = 'authentic2/manager/import_form.html'
title = _('Organizational Units Import')

40
src/authentic2/manager/role_views.py
View File

@ -31,18 +31,16 @@ from django.views.generic import FormView, TemplateView
from django.views.generic.detail import SingleObjectMixin
from authentic2 import data_transfer, hooks
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role, RoleParenting
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.apps.journal.views import JournalViewWithContext
from authentic2.forms.profile import modelform_factory
from authentic2.utils.misc import redirect
from django_rbac.utils import get_ou_model, get_permission_model, get_role_model, get_role_parenting_model
from . import app_settings, forms, resources, tables, views
from .journal_views import BaseJournalView
from .utils import has_show_username
OU = get_ou_model()
class RolesMixin:
service_roles = True
@ -51,10 +49,9 @@ class RolesMixin:
def get_queryset(self):
qs = super().get_queryset()
qs = qs.select_related('ou')
Permission = get_permission_model()
permission_ct = ContentType.objects.get_for_model(Permission)
ct_ct = ContentType.objects.get_for_model(ContentType)
ou_ct = ContentType.objects.get_for_model(OU)
ou_ct = ContentType.objects.get_for_model(OrganizationalUnit)
permission_qs = Permission.objects.filter(target_ct_id__in=[ct_ct.id, ou_ct.id]).values_list(
'id', flat=True
)
@ -72,7 +69,7 @@ class RolesMixin:
class RolesView(views.SearchOUMixin, views.HideOUColumnMixin, RolesMixin, views.BaseTableView):
template_name = 'authentic2/manager/roles.html'
model = get_role_model()
model = Role
table_class = tables.RoleTable
search_form_class = forms.RoleSearchForm
permissions = ['a2_rbac.search_role']
@ -94,7 +91,7 @@ listing = RolesView.as_view()
class RoleAddView(views.BaseAddView):
template_name = 'authentic2/manager/role_add.html'
model = get_role_model()
model = Role
title = _('Add role')
success_view_name = 'a2-manager-role-members'
exclude_fields = ('slug',)
@ -142,7 +139,7 @@ export = RolesExportView.as_view()
class RoleViewMixin(RolesMixin):
model = get_role_model()
model = Role
def get_context_data(self, **kwargs):
ctx = super().get_context_data(**kwargs)
@ -257,7 +254,7 @@ class RoleMembersView(views.HideOUColumnMixin, RoleViewMixin, views.BaseSubTable
),
)[:11]
)
ctx['has_multiple_ou'] = OU.objects.count() > 1
ctx['has_multiple_ou'] = OrganizationalUnit.objects.count() > 1
ctx['admin_roles'] = views.filter_view(
self.request, self.object.get_admin_role().children(include_self=False, annotate=True)
)
@ -321,7 +318,6 @@ class RolePermissionsView(RoleViewMixin, views.BaseSubTableView):
ou = form.cleaned_data.get('ou')
target = form.cleaned_data.get('target')
action = form.cleaned_data.get('action')
Permission = get_permission_model()
if action == 'add' and operation and target:
perm, dummy = Permission.objects.get_or_create(
operation=operation,
@ -395,7 +391,6 @@ class RoleChildrenView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTabl
Q(pk__in=children.filter(is_direct=False)), output_field=BooleanField()
)
)
RoleParenting = get_role_parenting_model()
rp_qs = RoleParenting.objects.filter(parent__in=children).annotate(name=F('parent__name'))
qs = qs.prefetch_related(Prefetch('parent_relation', queryset=rp_qs, to_attr='via'))
return qs
@ -423,9 +418,7 @@ class RoleChildrenView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTabl
def get_search_form_kwargs(self):
kwargs = super().get_search_form_kwargs()
kwargs['queryset'] = self.request.user.filter_by_perm(
'a2_rbac.view_role', get_role_model().objects.all()
)
kwargs['queryset'] = self.request.user.filter_by_perm('a2_rbac.view_role', Role.objects.all())
return kwargs
@ -460,7 +453,6 @@ class RoleParentsView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTable
Q(pk__in=parents.filter(is_direct=False)), output_field=BooleanField()
)
)
RoleParenting = get_role_parenting_model()
rp_qs = RoleParenting.objects.filter(child__in=parents).annotate(name=F('child__name'))
qs = qs.prefetch_related(Prefetch('child_relation', queryset=rp_qs, to_attr='via'))
return qs
@ -489,7 +481,7 @@ class RoleParentsView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTable
def get_search_form_kwargs(self):
kwargs = super().get_search_form_kwargs()
kwargs['queryset'] = self.request.user.filter_by_perm(
'a2_rbac.manage_members_role', get_role_model().objects.all()
'a2_rbac.manage_members_role', Role.objects.all()
)
return kwargs
@ -506,7 +498,7 @@ class RoleAddAdminRoleView(
FormView,
):
title = _('Add admin role')
model = get_role_model()
model = Role
form_class = forms.RolesForm
success_url = '..'
template_name = 'authentic2/manager/form.html'
@ -540,7 +532,7 @@ class RoleRemoveAdminRoleView(
views.TitleMixin, views.AjaxFormViewMixin, SingleObjectMixin, views.PermissionMixin, TemplateView
):
title = _('Remove admin role')
model = get_role_model()
model = Role
success_url = '../..'
template_name = 'authentic2/manager/role_remove_admin_role.html'
permissions = ['a2_rbac.change_role']
@ -582,7 +574,7 @@ class RoleAddAdminUserView(
FormView,
):
title = _('Add admin user')
model = get_role_model()
model = Role
form_class = forms.UsersForm
success_url = '..'
template_name = 'authentic2/manager/form.html'
@ -616,7 +608,7 @@ class RoleRemoveAdminUserView(
views.TitleMixin, views.AjaxFormViewMixin, SingleObjectMixin, views.PermissionMixin, TemplateView
):
title = _('Remove admin user')
model = get_role_model()
model = Role
success_url = '../..'
template_name = 'authentic2/manager/role_remove_admin_user.html'
permissions = ['a2_rbac.change_role']
@ -653,7 +645,7 @@ class RolesImportView(
views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest, FormView
):
form_class = forms.RolesImportForm
model = get_role_model()
model = Role
template_name = 'authentic2/manager/import_form.html'
title = _('Roles Import')
@ -696,7 +688,7 @@ class RolesCsvImportView(
views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest, FormView
):
form_class = forms.RolesCsvImportForm
model = get_role_model()
model = Role
template_name = 'authentic2/manager/roles_csv_import_form.html'
title = _('Roles CSV Import')
@ -744,7 +736,7 @@ class RoleJournal(views.PermissionMixin, JournalViewWithContext, BaseJournalView
@cached_property
def context(self):
return get_object_or_404(get_role_model(), pk=self.kwargs['pk'])
return get_object_or_404(Role, pk=self.kwargs['pk'])
def get_context_data(self, **kwargs):
ctx = super().get_context_data(**kwargs)
@ -763,7 +755,7 @@ class RolesJournal(views.SearchOUMixin, views.PermissionMixin, JournalViewWithCo
@cached_property
def context(self):
return get_role_model()
return Role
roles_journal = RolesJournal.as_view()

16
src/authentic2/manager/tables.py
View File

@ -22,10 +22,10 @@ from django.utils.translation import ugettext_lazy as _
from django.utils.translation import ugettext_noop
from django_tables2.utils import A
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role
from authentic2.middleware import StoreRequestMiddleware
from authentic2.models import Service
from authentic2_idp_oidc.models import OIDCAuthorization
from django_rbac.utils import get_ou_model, get_permission_model, get_role_model
User = get_user_model()
@ -112,7 +112,7 @@ class RoleTable(tables.Table):
return content
class Meta:
model = get_role_model()
model = Role
attrs = {'class': 'main', 'id': 'role-table'}
fields = ('name', 'slug', 'ou', 'member_count')
@ -123,7 +123,7 @@ class PermissionTable(tables.Table):
target = tables.Column()
class Meta:
model = get_permission_model()
model = Permission
attrs = {'class': 'main', 'id': 'role-table'}
fields = ('operation', 'scope', 'target')
empty_text = _('None')
@ -134,7 +134,7 @@ class OUTable(tables.Table):
default = tables.BooleanColumn()
class Meta:
model = get_ou_model()
model = OrganizationalUnit
attrs = {'class': 'main', 'id': 'ou-table'}
fields = ('name', 'slug', 'default')
empty_text = _('None')
@ -169,7 +169,7 @@ class OuUserRolesTable(tables.Table):
return content
class Meta:
model = get_role_model()
model = Role
attrs = {'class': 'main plaintable', 'id': 'role-table'}
fields = ('name', 'ou')
empty_text = _('None')
@ -195,7 +195,7 @@ class UserRolesTable(tables.Table):
return content
class Meta:
model = get_role_model()
model = Role
attrs = {'class': 'main', 'id': 'role-table'}
fields = ('name', 'ou')
empty_text = _('None')
@ -219,7 +219,7 @@ class ServiceRolesTable(tables.Table):
name = tables.Column(accessor='name', verbose_name=_('name'))
class Meta:
model = get_role_model()
model = Role
attrs = {'class': 'main', 'id': 'service-role-table'}
fields = ('name',)
empty_text = _('No access restriction. All users are allowed to connect to this service.')
@ -253,7 +253,7 @@ class InheritanceRolesTable(tables.Table):
)
class Meta:
model = get_role_model()
model = Role
attrs = {'class': 'main plaintable', 'id': 'inheritance-role-table'}
fields = ('name', 'ou')
empty_text = _('None')

17
src/authentic2/manager/user_views.py
View File

@ -37,13 +37,13 @@ from django.views.generic.detail import SingleObjectMixin
from django.views.generic.edit import BaseFormView
from authentic2 import hooks
from authentic2.a2_rbac.models import OrganizationalUnit, Role, RoleParenting
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.apps.journal.views import JournalViewWithContext
from authentic2.models import Attribute, PasswordReset
from authentic2.utils import spooler, switch_user
from authentic2.utils.misc import make_url, redirect, select_next_url, send_password_reset_mail
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
from django_rbac.utils import get_ou_model, get_role_model, get_role_parenting_model
from . import app_settings
from .forms import (
@ -82,7 +82,6 @@ from .views import (
)
User = get_user_model()
OU = get_ou_model()
class UsersView(HideOUColumnMixin, BaseTableView):
@ -180,7 +179,7 @@ class UserAddView(ActionMixin, BaseAddView):
qs = request.user.ous_with_perm('custom_user.add_user')
try:
self.ou = qs.get(pk=self.kwargs['ou_pk'])
except OU.DoesNotExist:
except OrganizationalUnit.DoesNotExist:
raise PermissionDenied
return super().dispatch(request, *args, **kwargs)
@ -248,7 +247,7 @@ class UserAddView(ActionMixin, BaseAddView):
return initial
def get_user_add_policies(self, *args, **kwargs):
ou = OU.objects.get(pk=self.kwargs['ou_pk'])
ou = OrganizationalUnit.objects.get(pk=self.kwargs['ou_pk'])
value = ou.user_add_password_policy
return ou.USER_ADD_PASSWD_POLICY_VALUES[value]._asdict()
@ -412,7 +411,7 @@ class UserDetailView(OtherActionsMixin, BaseDetailView):
@classmethod
def has_perm_on_roles(cls, user, instance):
role_qs = get_role_model().objects.all()
role_qs = Role.objects.all()
if app_settings.ROLE_MEMBERS_FROM_OU and instance.ou:
role_qs = role_qs.filter(ou=instance.ou)
return user.filter_by_perm('a2_rbac.manage_members_role', role_qs).exists()
@ -420,7 +419,7 @@ class UserDetailView(OtherActionsMixin, BaseDetailView):
def get_context_data(self, **kwargs):
kwargs['default_ou'] = get_default_ou
roles = self.object.roles_and_parents().order_by('ou__name', 'name')
role_qs = get_role_model().objects.all()
role_qs = Role.objects.all()
if app_settings.ROLE_MEMBERS_FROM_OU and self.object.ou:
role_qs = role_qs.filter(ou=self.object.ou)
visible_roles = self.request.user.filter_by_perm('a2_rbac.view_role', role_qs)
@ -641,8 +640,6 @@ class UserRolesView(HideOUColumnMixin, BaseSubTableView):
if self.is_ou_specified():
roles = self.object.roles.all()
User = get_user_model()
Role = get_role_model()
RoleParenting = get_role_parenting_model()
rp_qs = RoleParenting.objects.filter(child__in=roles)
qs = Role.objects.all()
qs = qs.prefetch_related(models.Prefetch('child_relation', queryset=rp_qs, to_attr='via'))
@ -699,9 +696,7 @@ class UserRolesView(HideOUColumnMixin, BaseSubTableView):
kwargs['all_ou_label'] = ''
kwargs['user'] = self.object
kwargs['role_members_from_ou'] = app_settings.ROLE_MEMBERS_FROM_OU
kwargs['queryset'] = self.request.user.filter_by_perm(
'a2_rbac.view_role', get_role_model().objects.all()
)
kwargs['queryset'] = self.request.user.filter_by_perm('a2_rbac.view_role', Role.objects.all())
if self.object.ou_id:
initial = kwargs.setdefault('initial', {})
initial['ou'] = str(self.object.ou_id)

8
src/authentic2/manager/utils.py
View File

@ -14,10 +14,8 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.decorators import GlobalCache
from django_rbac.utils import get_ou_model
OU = get_ou_model()
def label_from_user(user):
@ -40,9 +38,9 @@ def label_from_user(user):
@GlobalCache(timeout=10)
def get_ou_count():
return OU.objects.count()
return OrganizationalUnit.objects.count()
@GlobalCache(timeout=10)
def has_show_username():
return not OU.objects.filter(show_username=False).exists()
return not OrganizationalUnit.objects.filter(show_username=False).exists()

8
src/authentic2/manager/views.py
View File

@ -40,12 +40,11 @@ from django_tables2 import SingleTableMixin, SingleTableView
from gadjo.templatetags.gadjo import xstatic
from authentic2 import hooks
from authentic2.a2_rbac.models import OrganizationalUnit as OU
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.data_transfer import ImportContext, export_site, import_site
from authentic2.decorators import json as json_view
from authentic2.forms.profile import modelform_factory
from authentic2.utils.misc import batch_queryset, redirect
from django_rbac.utils import get_ou_model
from . import app_settings, forms, utils, widgets
@ -685,7 +684,6 @@ class HideOUColumnMixin:
'''Helper class for table views, hiding the OU column from tables if an OU filter exists'''
def get_table(self, **kwargs):
OU = get_ou_model()
exclude_ou = False
if (
hasattr(self, 'search_form')
@ -693,7 +691,7 @@ class HideOUColumnMixin:
and self.search_form.cleaned_data.get('ou') is not None
):
exclude_ou = True
if OU.objects.count() < 2:
if OrganizationalUnit.objects.count() < 2:
exclude_ou = True
if exclude_ou:
exclude = kwargs.setdefault('exclude', [])
@ -777,7 +775,7 @@ class SearchOUMixin:
except (ValueError, KeyError):
return None
else:
return OU.objects.filter(pk=ou_id).first()
return OrganizationalUnit.objects.filter(pk=ou_id).first()
def get_context_data(self, **kwargs):
return super().get_context_data(ou=self.ou, **kwargs)

4
src/authentic2/manager/widgets.py
View File

@ -24,8 +24,8 @@ from django.core import signing
from django.utils.encoding import force_text
from django_select2.forms import ModelSelect2MultipleWidget, ModelSelect2Widget
from authentic2.a2_rbac.models import Role
from authentic2_idp_oidc.models import OIDCAuthorization
from django_rbac.utils import get_role_model
from . import utils
@ -95,7 +95,7 @@ class ChooseUsersWidget(SearchUserWidgetMixin, SimpleModelSelect2MultipleWidget)
class SearchRoleWidgetMixin(SplitTermMixin):
model = get_role_model()
model = Role
split_term_operator = operator.__and__
search_fields = [
'name__icontains',

7
src/authentic2/managers.py
View File

@ -24,7 +24,7 @@ from django.db.models.query import QuerySet
from django.utils.timezone import now
from model_utils import managers
from django_rbac.utils import get_ou_model
from authentic2.a2_rbac.models import OrganizationalUnit
logger = logging.getLogger(__name__)
@ -96,12 +96,11 @@ class ServiceQuerySet(managers.InheritanceQuerySetMixin, GetBySlugQuerySet):
class BaseServiceManager(models.Manager):
def get_by_natural_key(self, ou_natural_key, slug):
OU = get_ou_model()
kwargs = {'slug': slug}
if ou_natural_key:
try:
ou = OU.objects.get_by_natural_key(*ou_natural_key)
except OU.DoesNotExist:
ou = OrganizationalUnit.objects.get_by_natural_key(*ou_natural_key)
except OrganizationalUnit.DoesNotExist:
raise self.model.DoesNotExist
kwargs['ou'] = ou
else:

5
src/authentic2/models.py
View File

@ -36,7 +36,6 @@ from model_utils.managers import QueryManager
from authentic2.a2_rbac.models import Role
from authentic2.crypto import base64url_decode, base64url_encode
from django_rbac.utils import get_role_model_name
# install our natural_key implementation
from . import managers
@ -371,7 +370,7 @@ class Service(models.Model):
on_delete=models.CASCADE,
)
authorized_roles = models.ManyToManyField(
get_role_model_name(),
'a2_rbac.Role',
verbose_name=_('authorized services'),
through='AuthorizedRole',
through_fields=('service', 'role'),
@ -454,7 +453,7 @@ Service._meta.natural_key = [['slug', 'ou']]
class AuthorizedRole(models.Model):
service = models.ForeignKey(Service, on_delete=models.CASCADE)
role = models.ForeignKey(get_role_model_name(), on_delete=models.CASCADE)
role = models.ForeignKey('a2_rbac.Role', on_delete=models.CASCADE)
class Token(models.Model):

4
src/authentic2/saml/forms.py
View File

@ -22,9 +22,9 @@ from django.core.exceptions import ValidationError
from django.utils.encoding import force_text
from django.utils.translation import ugettext_lazy as _
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.compat_lasso import lasso
from django_rbac.utils import get_ou_model
from .models import LibertyProvider, LibertyServiceProvider
@ -36,7 +36,7 @@ class AddLibertyProviderFromUrlForm(forms.Form):
)
url = forms.URLField(label=_("Metadata's URL"))
ou = forms.ModelChoiceField(
queryset=get_ou_model().objects, initial=get_default_ou, label=_('Organizational unit')
queryset=OrganizationalUnit.objects, initial=get_default_ou, label=_('Organizational unit')
)
def clean(self):

4
src/authentic2_auth_oidc/backends.py
View File

@ -25,9 +25,9 @@ from jwcrypto.jwk import JWK
from jwcrypto.jwt import JWT
from authentic2 import app_settings, hooks
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.crypto import base64url_encode
from authentic2.utils.template import Template
from django_rbac.utils import get_ou_model
from . import models, utils
@ -209,7 +209,7 @@ class OIDCBackend(ModelBackend):
# map claims to attributes or user fields
# mapping is done before eventual creation of user as EMAIL_IS_UNIQUE needs to know if the
# mapping will provide some mail to us
ou_map = {ou.slug: ou for ou in get_ou_model().cached()}
ou_map = {ou.slug: ou for ou in OrganizationalUnit.cached()}
user_ou = provider.ou
save_user = False
mappings = []

5
src/authentic2_auth_oidc/management/commands/oidc-register-issuer.py
View File

@ -22,9 +22,9 @@ from django.core.exceptions import ValidationError
from django.core.management.base import BaseCommand, CommandError
from django.db.transaction import atomic
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2_auth_oidc.models import OIDCClaimMapping, OIDCProvider
from authentic2_auth_oidc.utils import register_issuer
from django_rbac.utils import get_ou_model
class Command(BaseCommand):
@ -67,8 +67,7 @@ class Command(BaseCommand):
try:
ou = None
if options.get('ou_slug'):
OU = get_ou_model()
ou = OU.objects.get(slug=options['ou_slug'])
ou = OrganizationalUnit.objects.get(slug=options['ou_slug'])
provider = register_issuer(
name,
issuer=issuer,

4
src/authentic2_auth_oidc/models.py
View File

@ -24,8 +24,8 @@ from django.db import models
from django.utils.translation import ugettext_lazy as _
from jwcrypto.jwk import InvalidJWKValue, JWKSet
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.utils.template import validate_template
from django_rbac.utils import get_ou_model_name
from . import managers
@ -90,7 +90,7 @@ class OIDCProvider(models.Model):
# ou where new users should be created
strategy = models.CharField(max_length=32, choices=STRATEGIES, verbose_name=_('strategy'))
ou = models.ForeignKey(
to=get_ou_model_name(), verbose_name=_('organizational unit'), on_delete=models.CASCADE
to=OrganizationalUnit, verbose_name=_('organizational unit'), on_delete=models.CASCADE
)
# policy

3
src/authentic2_idp_oidc/views.py
View File

@ -45,12 +45,12 @@ from ratelimit.utils import is_ratelimited
from authentic2 import app_settings as a2_app_settings
from authentic2 import hooks
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.decorators import setting_enabled
from authentic2.exponential_retry_timeout import ExponentialRetryTimeout
from authentic2.utils.misc import last_authentication_event, login_require, make_url, redirect
from authentic2.utils.view_decorators import check_view_restriction
from authentic2.views import logout as a2_logout
from django_rbac.utils import get_ou_model
from . import app_settings, models, utils
@ -598,7 +598,6 @@ def idtoken_from_user_credential(request):
)
username = request.POST.get('username')
scope = request.POST.get('scope')
OrganizationalUnit = get_ou_model()
# scope is ignored, we used the configured scope

19
tests/conftest.py
View File

@ -28,6 +28,7 @@ from django.db import connection
from django.db.migrations.executor import MigrationExecutor
from authentic2 import hooks as a2_hooks
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.authentication import OIDCUser
from authentic2.manager.utils import get_ou_count
@ -35,7 +36,6 @@ from authentic2.models import Attribute, Service
from authentic2.utils.evaluate import BaseExpressionValidator
from authentic2_auth_oidc.utils import get_provider_by_issuer, get_providers, has_providers
from authentic2_idp_oidc.models import OIDCClient
from django_rbac.utils import get_ou_model, get_role_model
from . import utils
@ -63,9 +63,6 @@ def pytest_runtest_setup(item):
pytest.skip('not slow tests must not run')
Role = get_role_model()
@pytest.fixture
def settings(settings, request):
# our post_migrate handlers depends upon some values of the settings (like
@ -102,20 +99,17 @@ def app(app_factory):
@pytest.fixture
def ou1(db):
OU = get_ou_model()
return OU.objects.create(name='OU1', slug='ou1')
return OrganizationalUnit.objects.create(name='OU1', slug='ou1')
@pytest.fixture
def ou2(db):
OU = get_ou_model()
return OU.objects.create(name='OU2', slug='ou2')
return OrganizationalUnit.objects.create(name='OU2', slug='ou2')
@pytest.fixture
def ou_rando(db):
OU = get_ou_model()
return OU.objects.create(name='ou_rando', slug='ou_rando')
return OrganizationalUnit.objects.create(name='ou_rando', slug='ou_rando')
def create_user(**kwargs):
@ -159,7 +153,6 @@ def admin(db):
is_active=True,
ou=get_default_ou(),
)
Role = get_role_model()
user.roles.add(Role.objects.get(slug='_a2-manager'))
return user
@ -337,12 +330,10 @@ def api_user(
@pytest.fixture(autouse=True)
def clear_cache():
OU = get_ou_model()
cache.clear()
BaseExpressionValidator.__call__.cache_clear()
for cached_el in (
OU.cached,
OrganizationalUnit.cached,
a2_hooks.get_hooks,
get_providers,
get_provider_by_issuer,

11
tests/idp_oidc/test_misc.py
View File

@ -33,13 +33,13 @@ from django.utils.timezone import now
from jwcrypto.jwk import JWK, JWKSet
from jwcrypto.jwt import JWT
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.models import Attribute, AuthorizedRole
from authentic2.utils.misc import good_next_url, make_url
from authentic2_auth_oidc.utils import parse_timestamp
from authentic2_idp_oidc.models import OIDCAccessToken, OIDCAuthorization, OIDCClaim, OIDCClient, OIDCCode
from authentic2_idp_oidc.utils import base64url, get_first_ec_sig_key, get_first_rsa_sig_key, make_sub
from django_rbac.utils import get_ou_model, get_role_model
from .. import utils
from .conftest import bearer_authentication_headers, client_authentication_headers
@ -293,9 +293,7 @@ def test_authorization_code_sso(
OIDCClaim.objects.create(
client=oidc_client, name='date_joined', value='django_user_date_joined', scopes='profile'
)
simple_user.roles.add(
get_role_model().objects.create(name='Whatever', slug='whatever', ou=get_default_ou())
)
simple_user.roles.add(Role.objects.create(name='Whatever', slug='whatever', ou=get_default_ou()))
response = app.get(user_info_url, headers=bearer_authentication_headers(access_token))
assert response.json['ou'] == simple_user.ou.name
assert response.json['roles'][0] == 'Whatever'
@ -886,7 +884,7 @@ def test_client_secret_post_authentication(oidc_settings, app, simple_oidc_clien
@pytest.mark.parametrize('login_first', [(True,), (False,)])
def test_role_control_access(login_first, oidc_settings, oidc_client, simple_user, app):
# authorized_role
role_authorized = get_role_model().objects.create(name='Goth Kids', slug='goth-kids', ou=get_default_ou())
role_authorized = Role.objects.create(name='Goth Kids', slug='goth-kids', ou=get_default_ou())
oidc_client.add_authorized_role(role_authorized)
redirect_uri = oidc_client.redirect_uris.split()[0]
@ -1592,8 +1590,7 @@ def test_consents_view(app, oidc_client, simple_user):
assert "You have not given any authorization to access your account profile data." in response.text
# create an ou authz
OU = get_ou_model()
ou1 = OU.objects.create(name='Orgunit1', slug='orgunit1')
ou1 = OrganizationalUnit.objects.create(name='Orgunit1', slug='orgunit1')
OIDCAuthorization.objects.create(
client=ou1,
user=simple_user,

2
tests/test_a2_rbac.py
View File

@ -27,7 +27,6 @@ from authentic2.custom_user.models import User
from authentic2.models import Service
from authentic2.utils.misc import get_hex_uuid
from django_rbac.models import CHANGE_OP, Operation
from django_rbac.utils import get_permission_model
from .utils import login, request_select2
@ -242,7 +241,6 @@ def test_role_with_permission_export_json(db):
name='other role name', slug='other-role-slug', uuid=get_hex_uuid(), ou=some_ou
)
ou = OU.objects.create(name='basic ou', slug='basic-ou', description='basic ou description')
Permission = get_permission_model()
op = Operation.objects.get(slug='add')
perm_saml = Permission.objects.create(
operation=op,

8
tests/test_all.py
View File

@ -33,9 +33,9 @@ from django.utils.translation import ugettext as _
from rest_framework import status, test
from authentic2 import attribute_kinds, models
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.utils import misc as utils_misc
from authentic2.utils.misc import continue_to_next_url, login_require, make_url, redirect, redirect_to_login
from django_rbac.utils import get_ou_model, get_role_model
from .utils import Authentic2TestCase, assert_event, get_link_from_mail, get_response_form
@ -382,12 +382,12 @@ class AttributeKindsTest(TestCase):
class APITest(TestCase):
def setUp(self):
User = get_user_model()
Role = get_role_model()
OU = get_ou_model()
ct_user = ContentType.objects.get_for_model(User)
self.ou = OU.objects.create(slug='ou', name='OU', email_is_unique=True, username_is_unique=True)
self.ou = OrganizationalUnit.objects.create(
slug='ou', name='OU', email_is_unique=True, username_is_unique=True
)
self.reguser1 = User.objects.create(username='reguser1')
self.reguser1.set_password('password')
self.reguser1.save()

11
tests/test_api.py
View File

@ -33,13 +33,13 @@ from django.utils.text import slugify
from requests.models import Response
from rest_framework import VERSION as drf_version
from authentic2.a2_rbac.models import OrganizationalUnit as OU
from authentic2.a2_rbac.models import Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.apps.journal.models import Event, EventType
from authentic2.models import Attribute, AttributeValue, AuthorizedRole, PasswordReset, Service
from authentic2.utils.misc import good_next_url
from django_rbac.models import SEARCH_OP
from django_rbac.utils import get_ou_model, get_role_model
from .utils import assert_event, basic_authorization_header, get_link_from_mail, login
@ -578,7 +578,6 @@ def test_api_users_create(settings, app, api_user):
def test_api_users_create_email_is_unique(settings, app, superuser):
OU = get_ou_model()
ou1 = OU.objects.create(name='OU1', slug='ou1')
ou2 = OU.objects.create(name='OU2', slug='ou2', email_is_unique=True)
@ -1403,7 +1402,7 @@ def test_api_post_role(app, admin_ou1, ou1):
assert set(role_data.items()) < set(resp.json.items())
# Check attributes values against the DB:
role = get_role_model().objects.get(uuid=uuid)
role = Role.objects.get(uuid=uuid)
assert role.slug == role_data['slug']
assert role.name == role_data['name']
assert role.ou.slug == role_data['ou']
@ -1450,8 +1449,6 @@ def test_api_post_role_no_slug(app, superuser):
def test_api_post_ou_no_slug(app, superuser):
app.authorization = ('Basic', (superuser.username, superuser.username))
OU = get_ou_model()
ou_data = {
'name': 'Some Organizational Unit',
}
@ -1480,7 +1477,6 @@ def test_api_post_ou_no_slug(app, superuser):
def test_api_post_ou_get_or_create(app, superuser):
app.authorization = ('Basic', (superuser.username, superuser.username))
OU = get_ou_model()
# first get-or-create? -> create
ou_data = {
'name': 'Some Organizational Unit',
@ -1743,7 +1739,6 @@ def test_api_users_get_or_create_email_is_unique(settings, app, admin):
def test_api_users_get_or_create_email_not_unique(settings, app, admin):
settings.A2_EMAIL_IS_UNIQUE = False
OU = get_ou_model()
ou1 = OU.objects.create(name='OU1', slug='ou1', email_is_unique=True)
ou2 = OU.objects.create(name='OU2', slug='ou2', email_is_unique=False)
@ -2384,7 +2379,6 @@ def test_api_users_delete(settings, app, admin, simple_user):
@pytest.mark.skipif(drf_version.startswith('3.4'), reason='no support for old django rest framework')
def test_api_statistics_list(app, admin):
OU = get_ou_model()
headers = basic_authorization_header(admin)
resp = app.get('/api/statistics/', headers=headers)
assert len(resp.json['data']) == 6
@ -2478,7 +2472,6 @@ def test_api_statistics_list(app, admin):
'event_type_name,event_name', [('user.login', 'login'), ('user.registration', 'registration')]
)
def test_api_statistics(app, admin, freezer, event_type_name, event_name):
OU = get_ou_model()
headers = basic_authorization_header(admin)
resp = app.get('/api/statistics/login/?time_interval=month', headers=headers)

5
tests/test_auth_oidc.py
View File

@ -35,6 +35,7 @@ from jwcrypto.jwk import JWK, JWKSet
from jwcrypto.jws import JWS, InvalidJWSObject
from jwcrypto.jwt import JWT
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.custom_user.models import DeletedUser
from authentic2.models import Attribute, AttributeValue
@ -48,7 +49,6 @@ from authentic2_auth_oidc.utils import (
parse_id_token,
register_issuer,
)
from django_rbac.utils import get_ou_model
from . import utils
@ -455,8 +455,7 @@ def test_login_autorun(oidc_provider, app, settings):
def test_sso(app, caplog, code, oidc_provider, oidc_provider_jwkset, hooks):
OU = get_ou_model()
cassis = OU.objects.create(name='Cassis', slug='cassis')
cassis = OrganizationalUnit.objects.create(name='Cassis', slug='cassis')
response = app.get('/admin/').maybe_follow()
assert oidc_provider.name in response.text

16
tests/test_commands.py
View File

@ -26,13 +26,13 @@ from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.utils.timezone import now
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP, VIEW_OP
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP, VIEW_OP, OrganizationalUnit, Permission, Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.custom_user.models import DeletedUser
from authentic2.models import UserExternalId
from authentic2_auth_oidc.models import OIDCAccount, OIDCProvider
from django_rbac.models import ADMIN_OP, Operation
from django_rbac.utils import get_operation, get_ou_model, get_permission_model, get_role_model
from django_rbac.utils import get_operation
from .utils import call_command, login
@ -242,8 +242,7 @@ def test_oidc_register_issuer(db, tmpdir, monkeypatch):
oidc_conf = json.load(f)
def register_issuer(name, issuer=None, openid_configuration=None, verify=True, timeout=None, ou=None):
OU = get_ou_model()
ou = OU.objects.get(default=True)
ou = OrganizationalUnit.objects.get(default=True)
return OIDCProvider.objects.create(
name=name,
ou=ou,
@ -280,12 +279,10 @@ def test_sync_metadata(db):
def test_check_and_repair_managers_of_roles(db, capsys):
Role = get_role_model()
Permission = get_permission_model()
default_ou = get_default_ou()
admin_op = get_operation(ADMIN_OP)
get_ou_model().objects.create(name='Orgunit1', slug='orgunit1')
OrganizationalUnit.objects.create(name='Orgunit1', slug='orgunit1')
role1 = Role.objects.create(name='Role 1', slug='role-1', ou=default_ou)
perm1 = Permission.objects.create(
operation=admin_op,
@ -337,11 +334,10 @@ def test_check_and_repair_managers_of_roles(db, capsys):
def test_check_and_delete_unused_permissions(db, capsys, simple_user):
Permission = get_permission_model()
role1 = get_role_model().objects.create(name='Role1', slug='role1')
role1 = Role.objects.create(name='Role1', slug='role1')
op1 = Operation.objects.create(slug='operation-1')
used_perm = Permission.objects.create(
operation=op1, target_id=role1.id, target_ct=ContentType.objects.get_for_model(get_role_model())
operation=op1, target_id=role1.id, target_ct=ContentType.objects.get_for_model(Role)
)
role1.admin_scope = used_perm
role1.save()

4
tests/test_csv_import.py
View File

@ -23,13 +23,11 @@ from django.contrib.auth.hashers import check_password, make_password
from django.core import mail
from authentic2.a2_rbac.models import OrganizationalUnit as OU
from authentic2.a2_rbac.models import Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.csv_import import CsvHeader, CsvImporter, Error, LineError, UserCsvImporter
from authentic2.custom_user.models import User
from authentic2.models import Attribute
from django_rbac.utils import get_role_model
Role = get_role_model()
ENCODINGS = [
'iso-8859-1',

5
tests/test_custom_user.py
View File

@ -18,12 +18,9 @@ from datetime import date
import pytest
from authentic2.a2_rbac.models import Role
from authentic2.custom_user.models import DeletedUser, User
from authentic2.models import Attribute
from django_rbac.utils import get_permission_model, get_role_model
Permission = get_permission_model()
Role = get_role_model()
def test_roles_and_parents(db):

7
tests/test_data_transfer.py
View File

@ -17,7 +17,8 @@
import pytest
from django.core.exceptions import ValidationError
from authentic2.a2_rbac.models import RoleParenting
from authentic2.a2_rbac.models import OrganizationalUnit as OU
from authentic2.a2_rbac.models import Role, RoleParenting
from authentic2.data_transfer import (
ExportContext,
ImportContext,
@ -30,10 +31,6 @@ from authentic2.data_transfer import (
search_role,
)
from authentic2.utils.misc import get_hex_uuid
from django_rbac.utils import get_ou_model, get_role_model
Role = get_role_model()
OU = get_ou_model()
def test_export_basic_role(db):

3
tests/test_idp_cas.py
View File

@ -21,11 +21,11 @@ from django.test.client import Client, RequestFactory
from django.test.utils import override_settings
from django.utils.encoding import force_text
from authentic2.a2_rbac.models import Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.constants import AUTHENTICATION_EVENTS_SESSION_KEY, NONCE_FIELD_NAME
from authentic2_idp_cas import constants
from authentic2_idp_cas.models import Attribute, Service, Ticket
from django_rbac.utils import get_role_model
from .utils import Authentic2TestCase
@ -34,7 +34,6 @@ CAS_NAMESPACES = {
}
User = get_user_model()
Role = get_role_model()
@override_settings(A2_IDP_CAS_ENABLE=True)

4
tests/test_import_export_site_cmd.py
View File

@ -23,9 +23,7 @@ from django import VERSION
from django.core import management
from django.core.exceptions import ValidationError
from django_rbac.utils import get_role_model
Role = get_role_model()
from authentic2.a2_rbac.models import Role
@pytest.fixture

11
tests/test_ldap.py
View File

@ -32,13 +32,12 @@ from ldap.dn import escape_dn_chars
from ldaptools.slapd import Slapd, has_slapd
from authentic2 import crypto, models
from authentic2.a2_rbac.models import Role
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.backends import ldap_backend
from authentic2.models import Service
from authentic2.utils import switch_user
from authentic2.utils.misc import PasswordChangeError, authenticate
from django_rbac.utils import get_ou_model
from . import utils
@ -503,8 +502,7 @@ def test_keep_password_true_or_false(slapd, settings, db):
@pytest.mark.django_db
def test_custom_ou(slapd, settings, client):
OU = get_ou_model()
ou = OU.objects.create(name='test', slug='test')
ou = OrganizationalUnit.objects.create(name='test', slug='test')
settings.LDAP_AUTH_SETTINGS = [
{
'url': [slapd.ldap_url],
@ -903,9 +901,8 @@ def test_multiple_slug_set_mandatory_roles(slapd, settings, db):
def test_multiple_name_set_mandatory_roles(slapd, settings, db):
OU = get_ou_model()
ou1 = OU.objects.create(name='test1', slug='test1')
ou2 = OU.objects.create(name='test2', slug='test2')
ou1 = OrganizationalUnit.objects.create(name='test1', slug='test1')
ou2 = OrganizationalUnit.objects.create(name='test2', slug='test2')
Role.objects.create(name='tech', slug='foo', ou=ou1)
Role.objects.create(name='tech', slug='bar', ou=ou2)
settings.LDAP_AUTH_SETTINGS = [

16
tests/test_manager.py
View File

@ -28,20 +28,20 @@ from django.utils.encoding import force_bytes, force_str
from webtest import Upload
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP
from authentic2.a2_rbac.models import OrganizationalUnit as OU
from authentic2.a2_rbac.models import Permission, Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.apps.journal.models import Event
from authentic2.models import Service
from authentic2.validators import EmailValidator
from django_rbac.models import VIEW_OP
from django_rbac.utils import get_operation, get_ou_model, get_permission_model, get_role_model
from django_rbac.utils import get_operation
from .utils import assert_event, get_link_from_mail, login, request_select2
pytestmark = pytest.mark.django_db
OU = get_ou_model()
User = get_user_model()
Role = get_role_model()
def test_manager_login(superuser_or_admin, app):
@ -952,7 +952,7 @@ def test_manager_role_admin_permissions(app, simple_user, admin, simple_role):
# user can act on role inheritance
role = Role.objects.create(name='test_role')
view_role_perm = get_permission_model().objects.create(
view_role_perm = Permission.objects.create(
operation=get_operation(VIEW_OP), target_ct=ContentType.objects.get_for_model(Role), target_id=role.pk
)
simple_role.permissions.add(view_role_perm)
@ -1026,12 +1026,12 @@ def test_manager_widget_fields_validation(app, simple_user, simple_role):
forbidden_role = Role.objects.create(name='forbidden_role', ou=simple_user.ou)
forbidden_user = User.objects.create(username='forbidden_user', ou=simple_user.ou)
view_role_perm = get_permission_model().objects.create(
view_role_perm = Permission.objects.create(
operation=get_operation(VIEW_OP),
target_ct=ContentType.objects.get_for_model(Role),
target_id=visible_role.pk,
)
view_user_perm = get_permission_model().objects.create(
view_user_perm = Permission.objects.create(
operation=get_operation(VIEW_OP),
target_ct=ContentType.objects.get_for_model(User),
target_id=visible_user.pk,
@ -1067,7 +1067,7 @@ def test_manager_widget_fields_validation(app, simple_user, simple_role):
form = ChooseUserRoleForm(request=request, data={'role': visible_role.pk, 'action': 'add'})
assert error_message in form.errors['role'][0]
change_role_perm = get_permission_model().objects.create(
change_role_perm = Permission.objects.create(
operation=get_operation(MANAGE_MEMBERS_OP),
target_ct=ContentType.objects.get_for_model(Role),
target_id=visible_role.pk,
@ -1141,7 +1141,7 @@ def test_manager_role_inheritance_list_search_permission(app, admin, simple_user
admin_of_simple_role.members.add(simple_user)
for role in (visible_role, visible_role_2):
view_role_perm = get_permission_model().objects.create(
view_role_perm = Permission.objects.create(
operation=get_operation(VIEW_OP),
target_ct=ContentType.objects.get_for_model(Role),
target_id=role.pk,

4
tests/test_models.py
View File

@ -17,10 +17,10 @@
import pytest
from authentic2.a2_rbac.models import Role
from authentic2.custom_user.models import User
from authentic2.models import Attribute, Service
from authentic2.utils.misc import ServiceAccessDenied
from django_rbac.utils import get_role_model
def test_attribute_disabled(db):
@ -42,7 +42,7 @@ def test_attribute_disabled(db):
def test_service_authorize(db):
service = Service.objects.create(name='foo', slug='foo')
role = get_role_model().objects.create(name='foo')
role = Role.objects.create(name='foo')
service.authorized_roles.add(role)
user = User.objects.create()

9
tests/test_ou_manager.py
View File

@ -18,13 +18,10 @@ import json
from webtest import Upload
from django_rbac.utils import get_ou_model, get_role_model
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from .utils import login
OU = get_ou_model()
Role = get_role_model()
def test_manager_ou_export(app, admin, ou1, role_ou1, ou2, role_ou2):
response = login(app, admin, 'a2-manager-ous')
@ -63,8 +60,8 @@ def test_manager_ou_import(app, admin, ou1, role_ou1, ou2, role_ou2):
resp.form['site_json'] = Upload('export.json', json.dumps(export).encode(), 'application/json')
resp = resp.form.submit().follow()
assert OU.objects.filter(name=ou1.name).exists()
assert OU.objects.filter(name=ou2.name).exists()
assert OrganizationalUnit.objects.filter(name=ou1.name).exists()
assert OrganizationalUnit.objects.filter(name=ou2.name).exists()
export_response = response.click('Export')
new_export = export_response.json

6
tests/test_role_manager.py
View File

@ -24,13 +24,9 @@ from webtest import Upload
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.custom_user.models import User
from django_rbac.utils import get_ou_model, get_role_model
from .utils import login, text_content
OU = get_ou_model()
Role = get_role_model()
def test_manager_role_export(app, admin, ou1, role_ou1, ou2, role_ou2):
import csv
@ -382,7 +378,7 @@ def test_role_members_display_inheritance_info(app, superuser, settings, simple_
assert 'Role a' in resp.text
# display OU if there are more than one
ou1 = OU.objects.create(name='ou1')
ou1 = OrganizationalUnit.objects.create(name='ou1')
resp = app.get(url)
for i, el in enumerate(resp.pyquery.find('a.role-inheritance-%s' % relation)):
assert el.text == f'Default organizational unit - Role {i}'

16
tests/test_user_manager.py
View File

@ -27,6 +27,8 @@ from django.contrib.contenttypes.models import ContentType
from django.urls import reverse
from webtest import Upload
from authentic2.a2_rbac.models import OrganizationalUnit as OU
from authentic2.a2_rbac.models import Permission, Role
from authentic2.a2_rbac.utils import get_default_ou, get_view_user_perm
from authentic2.apps.journal.models import Event
from authentic2.custom_user.models import User
@ -34,12 +36,10 @@ from authentic2.manager import user_import
from authentic2.models import Attribute, AttributeValue
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
from django_rbac.models import VIEW_OP
from django_rbac.utils import get_operation, get_ou_model, get_permission_model, get_role_model
from django_rbac.utils import get_operation
from .utils import get_link_from_mail, login, logout
OU = get_ou_model()
def visible_users(response):
return {elt.text for elt in response.pyquery('td.username')}
@ -208,7 +208,7 @@ def test_create_user_choose_ou(app, superuser, simple_user, ou1, ou2):
assert str(ou1.pk) in response.url
logout(app)
view_user_role = get_role_model().objects.create(name='view_user', ou=simple_user.ou)
view_user_role = Role.objects.create(name='view_user', ou=simple_user.ou)
view_user_role.permissions.add(get_view_user_perm())
simple_user.roles.add(view_user_role)
response = login(app, simple_user, '/manage/users/')
@ -1028,7 +1028,6 @@ def test_manager_user_address_autocomplete_field(app, superuser, simple_user):
def test_manager_user_roles_visibility(app, simple_user, admin, ou1, ou2):
Role = get_role_model()
role1 = Role.objects.create(name='Role 1', slug='role1', ou=ou1)
role2 = Role.objects.create(name='Role 2', slug='role2', ou=ou2)
simple_user.roles.add(role1)
@ -1048,7 +1047,7 @@ def test_manager_user_roles_visibility(app, simple_user, admin, ou1, ou2):
other_user = get_user_model().objects.create(username='other_user', ou=ou1)
other_user.set_password('auietsrn')
other_role = Role.objects.create(name='Other role', slug='other-role', ou=ou1)
view_role1_perm = get_permission_model().objects.create(
view_role1_perm = Permission.objects.create(
operation=get_operation(VIEW_OP),
target_ct=ContentType.objects.get_for_model(Role),
target_id=role1.pk,
@ -1078,7 +1077,6 @@ def test_manager_user_authorizations(app, superuser, simple_user):
from authentic2.a2_rbac.models import MANAGE_AUTHORIZATIONS_OP
from tests.conftest import create_user
Role = get_role_model()
user_detail_url = reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id})
user_authorizations_url = reverse('a2-manager-user-authorizations', kwargs={'pk': simple_user.id})
@ -1103,7 +1101,7 @@ def test_manager_user_authorizations(app, superuser, simple_user):
)
assert OIDCAuthorization.objects.count() == 1
view_user_perm = get_permission_model().objects.create(
view_user_perm = Permission.objects.create(
operation=get_operation(VIEW_OP),
target_ct=ContentType.objects.get_for_model(User),
target_id=simple_user.pk,
@ -1111,7 +1109,7 @@ def test_manager_user_authorizations(app, superuser, simple_user):
view_user_role = Role.objects.create(name='view_user', ou=simple_user.ou)
view_user_role.permissions.add(view_user_perm)
manage_auth_perm = get_permission_model().objects.create(
manage_auth_perm = Permission.objects.create(
operation=get_operation(MANAGE_AUTHORIZATIONS_OP),
target_ct=ContentType.objects.get_for_model(User),
target_id=simple_user.pk,

4
tests/test_utils.py
View File

@ -21,6 +21,7 @@ from django.contrib.sessions.middleware import SessionMiddleware
from django.core import mail
from django.utils.functional import lazy
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.journal import Journal
from authentic2.utils.lazy import lazy_join
from authentic2.utils.misc import (
@ -35,7 +36,6 @@ from authentic2.utils.misc import (
send_templated_mail,
user_can_change_password,
)
from django_rbac.utils import get_ou_model
def test_good_next_url(db, rf, settings):
@ -135,7 +135,7 @@ def test_remember_cookie(rf):
def test_send_templated_mail_template_selection(simple_user):
ou = get_ou_model().objects.create(slug='ou_name')
ou = OrganizationalUnit.objects.create(slug='ou_name')
simple_user.ou = ou
default_template = 'default_mail_template'
specific_template = 'custom_mail_template'