discard django_rbac generic getters in main a2 code (#58695)
This commit is contained in:
parent
6505904505
commit
50e48b760a
|
@ -19,15 +19,13 @@ from django.utils.text import slugify
|
|||
from django.utils.translation import ugettext
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.utils.misc import get_fk_model
|
||||
from django_rbac.utils import get_ou_model, get_role_model
|
||||
|
||||
from . import app_settings, utils
|
||||
|
||||
|
||||
def update_ou_admin_roles(ou):
|
||||
Role = get_role_model()
|
||||
|
||||
if app_settings.MANAGED_CONTENT_TYPES == ():
|
||||
Role.objects.filter(slug=f'a2-managers-of-{ou.slug}').delete()
|
||||
else:
|
||||
|
@ -65,8 +63,7 @@ def update_ous_admin_roles():
|
|||
they give general administrative rights to all mamanged content types
|
||||
scoped to the given organizational unit.
|
||||
"""
|
||||
OU = get_ou_model()
|
||||
ou_all = OU.objects.all()
|
||||
ou_all = OrganizationalUnit.objects.all()
|
||||
if len(ou_all) < 2:
|
||||
# If there is no ou or less than two, only generate global management
|
||||
# roles
|
||||
|
@ -102,7 +99,6 @@ def update_content_types_roles():
|
|||
types.
|
||||
"""
|
||||
cts = ContentType.objects.all()
|
||||
Role = get_role_model()
|
||||
view_user_perm = utils.get_view_user_perm()
|
||||
search_ou_perm = utils.get_search_ou_perm()
|
||||
manage_authorizations_user_perm = utils.get_manage_authorizations_user_perm()
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
|
||||
from django_rbac import utils as rbac_utils
|
||||
from authentic2.a2_rbac import models
|
||||
from django_rbac.managers import AbstractBaseManager
|
||||
from django_rbac.managers import RoleManager as BaseRoleManager
|
||||
from django_rbac.models import ADMIN_OP
|
||||
|
@ -65,9 +65,8 @@ class RoleManager(BaseRoleManager):
|
|||
defaults['ou'] = None
|
||||
# find an operation matching the template
|
||||
op = get_operation(operation)
|
||||
Permission = rbac_utils.get_permission_model()
|
||||
if create:
|
||||
perm, _ = Permission.objects.update_or_create(
|
||||
perm, _ = models.Permission.objects.update_or_create(
|
||||
operation=op,
|
||||
target_ct=ContentType.objects.get_for_model(instance),
|
||||
target_id=instance.pk,
|
||||
|
@ -76,13 +75,13 @@ class RoleManager(BaseRoleManager):
|
|||
)
|
||||
else:
|
||||
try:
|
||||
perm = Permission.objects.get(
|
||||
perm = models.Permission.objects.get(
|
||||
operation=op,
|
||||
target_ct=ContentType.objects.get_for_model(instance),
|
||||
target_id=instance.pk,
|
||||
**kwargs,
|
||||
)
|
||||
except Permission.DoesNotExist:
|
||||
except models.Permission.DoesNotExist:
|
||||
return None
|
||||
|
||||
# in which ou do we put the role ?
|
||||
|
@ -153,10 +152,9 @@ class RoleManager(BaseRoleManager):
|
|||
if ou_natural_key is None:
|
||||
kwargs['ou__isnull'] = True
|
||||
else:
|
||||
OU = rbac_utils.get_ou_model()
|
||||
try:
|
||||
ou = OU.objects.get_by_natural_key(*ou_natural_key)
|
||||
except OU.DoesNotExist:
|
||||
ou = models.OrganizationalUnit.objects.get_by_natural_key(*ou_natural_key)
|
||||
except models.OrganizationalUnit.DoesNotExist:
|
||||
raise self.model.DoesNotExist
|
||||
kwargs['ou'] = ou
|
||||
if service_natural_key is None:
|
||||
|
|
|
@ -73,9 +73,7 @@ class OrganizationalUnit(OrganizationalUnitAbstractBase):
|
|||
|
||||
show_username = models.BooleanField(blank=True, default=True, verbose_name=_('Show username'))
|
||||
|
||||
admin_perms = GenericRelation(
|
||||
rbac_utils.get_permission_model_name(), content_type_field='target_ct', object_id_field='target_id'
|
||||
)
|
||||
admin_perms = GenericRelation('Permission', content_type_field='target_ct', object_id_field='target_id')
|
||||
|
||||
user_can_reset_password = models.NullBooleanField(
|
||||
verbose_name=_('Users can reset password'), choices=USER_CAN_RESET_PASSWD_CHOICES
|
||||
|
@ -195,7 +193,7 @@ class Permission(PermissionAbstractBase):
|
|||
verbose_name_plural = _('permissions')
|
||||
|
||||
mirror_roles = GenericRelation(
|
||||
rbac_utils.get_role_model_name(),
|
||||
'Role',
|
||||
content_type_field='admin_scope_ct',
|
||||
object_id_field='admin_scope_id',
|
||||
)
|
||||
|
@ -229,9 +227,7 @@ class Role(RoleAbstractBase):
|
|||
)
|
||||
external_id = models.TextField(verbose_name=_('external id'), blank=True, db_index=True)
|
||||
|
||||
admin_perms = GenericRelation(
|
||||
rbac_utils.get_permission_model_name(), content_type_field='target_ct', object_id_field='target_id'
|
||||
)
|
||||
admin_perms = GenericRelation('Permission', content_type_field='target_ct', object_id_field='target_id')
|
||||
|
||||
can_manage_members = models.BooleanField(
|
||||
default=True, verbose_name=_('Allow adding or deleting role members')
|
||||
|
@ -294,7 +290,6 @@ class Role(RoleAbstractBase):
|
|||
def has_self_administration(self, op=None):
|
||||
if not op:
|
||||
op = MANAGE_MEMBERS_OP
|
||||
Permission = rbac_utils.get_permission_model()
|
||||
operation = rbac_utils.get_operation(op)
|
||||
self_perm, dummy = Permission.objects.get_or_create(
|
||||
operation=operation,
|
||||
|
@ -308,7 +303,6 @@ class Role(RoleAbstractBase):
|
|||
'Add permission to role so that it is self-administered'
|
||||
if not op:
|
||||
op = MANAGE_MEMBERS_OP
|
||||
Permission = rbac_utils.get_permission_model()
|
||||
operation = rbac_utils.get_operation(op)
|
||||
self_perm, dummy = Permission.objects.get_or_create(
|
||||
operation=operation, target_ct=ContentType.objects.get_for_model(self), target_id=self.pk
|
||||
|
@ -366,7 +360,6 @@ class Role(RoleAbstractBase):
|
|||
d.setdefault('attributes', []).append(attribute.to_json())
|
||||
|
||||
if parents:
|
||||
RoleParenting = rbac_utils.get_role_parenting_model()
|
||||
for parenting in RoleParenting.objects.filter(child_id=self.id, direct=True):
|
||||
d.setdefault('parents', []).append(parenting.parent.natural_key_json())
|
||||
|
||||
|
|
|
@ -20,17 +20,17 @@ from django.db import DEFAULT_DB_ALIAS, router, transaction
|
|||
from django.utils.translation import override
|
||||
from django.utils.translation import ugettext as _
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.utils.misc import get_fk_model
|
||||
from django_rbac.managers import defer_update_transitive_closure
|
||||
from django_rbac.utils import get_operation, get_ou_model, get_role_model
|
||||
from django_rbac.utils import get_operation
|
||||
|
||||
|
||||
def create_default_ou(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs):
|
||||
if not router.allow_migrate(using, get_ou_model()):
|
||||
if not router.allow_migrate(using, OrganizationalUnit):
|
||||
return
|
||||
# be sure new objects names are localized using the default locale
|
||||
with override(settings.LANGUAGE_CODE):
|
||||
OrganizationalUnit = get_ou_model()
|
||||
if OrganizationalUnit.objects.exists():
|
||||
return
|
||||
# Create a default OU if none exists currently
|
||||
|
@ -54,7 +54,7 @@ def post_migrate_update_rbac(app_config, verbosity=2, interactive=True, using=DE
|
|||
# be sure new objects names are localized using the default locale
|
||||
from .management import update_content_types_roles, update_ous_admin_roles
|
||||
|
||||
if not router.allow_migrate(using, get_role_model()):
|
||||
if not router.allow_migrate(using, Role):
|
||||
return
|
||||
with override(settings.LANGUAGE_CODE):
|
||||
with transaction.atomic():
|
||||
|
@ -66,7 +66,7 @@ def post_migrate_update_rbac(app_config, verbosity=2, interactive=True, using=DE
|
|||
def update_rbac_on_ou_post_save(sender, instance, created, raw, **kwargs):
|
||||
from .management import update_ou_admin_roles, update_ous_admin_roles
|
||||
|
||||
if get_ou_model().objects.count() < 3 and created:
|
||||
if OrganizationalUnit.objects.count() < 3 and created:
|
||||
update_ous_admin_roles()
|
||||
else:
|
||||
update_ou_admin_roles(instance)
|
||||
|
@ -75,12 +75,12 @@ def update_rbac_on_ou_post_save(sender, instance, created, raw, **kwargs):
|
|||
def update_rbac_on_ou_post_delete(sender, instance, **kwargs):
|
||||
from .management import update_ous_admin_roles
|
||||
|
||||
if get_ou_model().objects.count() < 2:
|
||||
if OrganizationalUnit.objects.count() < 2:
|
||||
update_ous_admin_roles()
|
||||
|
||||
|
||||
def update_service_role_ou(sender, instance, created, raw, **kwargs):
|
||||
get_role_model().objects.filter(service=instance).update(ou=instance.ou)
|
||||
Role.objects.filter(service=instance).update(ou=instance.ou)
|
||||
|
||||
|
||||
def create_default_permissions(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs):
|
||||
|
@ -93,7 +93,7 @@ def create_default_permissions(app_config, verbosity=2, interactive=True, using=
|
|||
RESET_PASSWORD_OP,
|
||||
)
|
||||
|
||||
if not router.allow_migrate(using, get_ou_model()):
|
||||
if not router.allow_migrate(using, OrganizationalUnit):
|
||||
return
|
||||
|
||||
with override(settings.LANGUAGE_CODE):
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.utils.text import slugify
|
||||
|
||||
from django_rbac import utils as rbac_utils
|
||||
from django_rbac.models import SEARCH_OP, VIEW_OP
|
||||
|
@ -32,8 +33,7 @@ def get_default_ou():
|
|||
|
||||
def get_view_user_perm(ou=None):
|
||||
User = get_user_model()
|
||||
Permission = rbac_utils.get_permission_model()
|
||||
view_user_perm, dummy = Permission.objects.get_or_create(
|
||||
view_user_perm, dummy = models.Permission.objects.get_or_create(
|
||||
operation=rbac_utils.get_operation(VIEW_OP),
|
||||
target_ct=ContentType.objects.get_for_model(ContentType),
|
||||
target_id=ContentType.objects.get_for_model(User).pk,
|
||||
|
@ -45,20 +45,17 @@ def get_view_user_perm(ou=None):
|
|||
|
||||
def get_search_ou_perm(ou=None):
|
||||
if ou:
|
||||
Permission = rbac_utils.get_permission_model()
|
||||
view_ou_perm, dummy = Permission.objects.get_or_create(
|
||||
view_ou_perm, dummy = models.Permission.objects.get_or_create(
|
||||
operation=rbac_utils.get_operation(SEARCH_OP),
|
||||
target_ct=ContentType.objects.get_for_model(ou),
|
||||
target_id=ou.pk,
|
||||
ou__isnull=True,
|
||||
)
|
||||
else:
|
||||
OU = rbac_utils.get_ou_model()
|
||||
Permission = rbac_utils.get_permission_model()
|
||||
view_ou_perm, dummy = Permission.objects.get_or_create(
|
||||
view_ou_perm, dummy = models.Permission.objects.get_or_create(
|
||||
operation=rbac_utils.get_operation(SEARCH_OP),
|
||||
target_ct=ContentType.objects.get_for_model(ContentType),
|
||||
target_id=ContentType.objects.get_for_model(OU).pk,
|
||||
target_id=ContentType.objects.get_for_model(models.OrganizationalUnit).pk,
|
||||
ou__isnull=True,
|
||||
)
|
||||
return view_ou_perm
|
||||
|
@ -66,8 +63,7 @@ def get_search_ou_perm(ou=None):
|
|||
|
||||
def get_manage_authorizations_user_perm(ou=None):
|
||||
User = get_user_model()
|
||||
Permission = rbac_utils.get_permission_model()
|
||||
manage_authorizations_user_perm, dummy = Permission.objects.get_or_create(
|
||||
manage_authorizations_user_perm, dummy = models.Permission.objects.get_or_create(
|
||||
operation=rbac_utils.get_operation(models.MANAGE_AUTHORIZATIONS_OP),
|
||||
target_ct=ContentType.objects.get_for_model(ContentType),
|
||||
target_id=ContentType.objects.get_for_model(User).pk,
|
||||
|
@ -75,3 +71,12 @@ def get_manage_authorizations_user_perm(ou=None):
|
|||
ou=ou,
|
||||
)
|
||||
return manage_authorizations_user_perm
|
||||
|
||||
|
||||
def generate_slug(name, seen_slugs=None):
|
||||
slug = base_slug = slugify(name).lstrip('_')
|
||||
if seen_slugs:
|
||||
i = 1
|
||||
while slug in seen_slugs:
|
||||
slug = '%s-%s' % (base_slug, i)
|
||||
return slug
|
||||
|
|
|
@ -54,9 +54,9 @@ from rest_framework.views import APIView
|
|||
from rest_framework.viewsets import ModelViewSet, ViewSet
|
||||
|
||||
from authentic2.compat.drf import action
|
||||
from django_rbac.utils import get_ou_model, get_role_model
|
||||
|
||||
from . import api_mixins, app_settings, decorators, hooks
|
||||
from .a2_rbac.models import OrganizationalUnit, Role
|
||||
from .a2_rbac.utils import get_default_ou
|
||||
from .custom_user.models import User
|
||||
from .journal_event_types import UserLogin, UserRegistration
|
||||
|
@ -129,7 +129,7 @@ class RegistrationSerializer(serializers.Serializer):
|
|||
|
||||
email = serializers.EmailField(required=False, allow_blank=True)
|
||||
ou = serializers.SlugRelatedField(
|
||||
queryset=get_ou_model().objects.all(),
|
||||
queryset=OrganizationalUnit.objects.all(),
|
||||
slug_field='slug',
|
||||
default=get_default_ou,
|
||||
required=False,
|
||||
|
@ -314,7 +314,7 @@ class PasswordChangeSerializer(serializers.Serializer):
|
|||
|
||||
email = serializers.EmailField()
|
||||
ou = serializers.SlugRelatedField(
|
||||
queryset=get_ou_model().objects.all(), slug_field='slug', required=False, allow_null=True
|
||||
queryset=OrganizationalUnit.objects.all(), slug_field='slug', required=False, allow_null=True
|
||||
)
|
||||
old_password = serializers.CharField(required=True, allow_null=True)
|
||||
new_password = serializers.CharField(required=True, allow_null=True)
|
||||
|
@ -360,7 +360,7 @@ def user(request):
|
|||
|
||||
class BaseUserSerializer(serializers.ModelSerializer):
|
||||
ou = serializers.SlugRelatedField(
|
||||
queryset=get_ou_model().objects.all(), slug_field='slug', required=False, default=get_default_ou
|
||||
queryset=OrganizationalUnit.objects.all(), slug_field='slug', required=False, default=get_default_ou
|
||||
)
|
||||
date_joined = serializers.DateTimeField(read_only=True)
|
||||
last_login = serializers.DateTimeField(read_only=True)
|
||||
|
@ -569,7 +569,7 @@ class RoleSerializer(serializers.ModelSerializer):
|
|||
many=False,
|
||||
required=False,
|
||||
default=CreateOnlyDefault(get_default_ou),
|
||||
queryset=get_ou_model().objects.all(),
|
||||
queryset=OrganizationalUnit.objects.all(),
|
||||
slug_field='slug',
|
||||
)
|
||||
slug = serializers.SlugField(
|
||||
|
@ -607,7 +607,7 @@ class RoleSerializer(serializers.ModelSerializer):
|
|||
return instance
|
||||
|
||||
class Meta:
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
fields = (
|
||||
'uuid',
|
||||
'name',
|
||||
|
@ -616,8 +616,8 @@ class RoleSerializer(serializers.ModelSerializer):
|
|||
)
|
||||
extra_kwargs = {'uuid': {'read_only': True}}
|
||||
validators = [
|
||||
UniqueTogetherValidator(queryset=get_role_model().objects.all(), fields=['name', 'ou']),
|
||||
UniqueTogetherValidator(queryset=get_role_model().objects.all(), fields=['slug', 'ou']),
|
||||
UniqueTogetherValidator(queryset=Role.objects.all(), fields=['name', 'ou']),
|
||||
UniqueTogetherValidator(queryset=Role.objects.all(), fields=['slug', 'ou']),
|
||||
]
|
||||
|
||||
|
||||
|
@ -905,7 +905,7 @@ class UsersAPI(api_mixins.GetOrCreateMixinView, HookMixin, ExceptionHandlerMixin
|
|||
|
||||
class RolesFilter(FilterSet):
|
||||
class Meta:
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
fields = {
|
||||
'uuid': ['exact'],
|
||||
'name': ['exact', 'iexact', 'icontains', 'startswith'],
|
||||
|
@ -921,7 +921,7 @@ class RolesAPI(api_mixins.GetOrCreateMixinView, ExceptionHandlerMixin, ModelView
|
|||
lookup_field = 'uuid'
|
||||
|
||||
def get_queryset(self):
|
||||
return self.request.user.filter_by_perm('a2_rbac.view_role', get_role_model().objects.all())
|
||||
return self.request.user.filter_by_perm('a2_rbac.view_role', Role.objects.all())
|
||||
|
||||
def perform_destroy(self, instance):
|
||||
if not self.request.user.has_perm(perm='a2_rbac.delete_role', obj=instance):
|
||||
|
@ -941,7 +941,6 @@ class RolesAPI(api_mixins.GetOrCreateMixinView, ExceptionHandlerMixin, ModelView
|
|||
class RolesMembersAPI(UsersAPI):
|
||||
def initial(self, request, *args, **kwargs):
|
||||
super().initial(request, *args, **kwargs)
|
||||
Role = get_role_model()
|
||||
self.role = get_object_or_404(Role, uuid=kwargs['role_uuid'])
|
||||
|
||||
def get_queryset(self):
|
||||
|
@ -960,7 +959,6 @@ class RoleMembershipAPI(ExceptionHandlerMixin, APIView):
|
|||
|
||||
def initial(self, request, *args, **kwargs):
|
||||
super().initial(request, *args, **kwargs)
|
||||
Role = get_role_model()
|
||||
User = get_user_model()
|
||||
self.role = get_object_or_404(Role, uuid=kwargs['role_uuid'])
|
||||
self.member = get_object_or_404(User, uuid=kwargs['member_uuid'])
|
||||
|
@ -1005,7 +1003,6 @@ class RoleMembershipsAPI(ExceptionHandlerMixin, APIView):
|
|||
|
||||
def initial(self, request, *args, **kwargs):
|
||||
super().initial(request, *args, **kwargs)
|
||||
Role = get_role_model()
|
||||
User = get_user_model()
|
||||
self.role = get_object_or_404(Role, uuid=kwargs['role_uuid'])
|
||||
self.members = set()
|
||||
|
@ -1079,7 +1076,7 @@ class BaseOrganizationalUnitSerializer(serializers.ModelSerializer):
|
|||
)
|
||||
|
||||
class Meta:
|
||||
model = get_ou_model()
|
||||
model = OrganizationalUnit
|
||||
fields = '__all__'
|
||||
|
||||
|
||||
|
@ -1089,7 +1086,7 @@ class OrganizationalUnitAPI(api_mixins.GetOrCreateMixinView, ExceptionHandlerMix
|
|||
lookup_field = 'uuid'
|
||||
|
||||
def get_queryset(self):
|
||||
return get_ou_model().objects.all()
|
||||
return OrganizationalUnit.objects.all()
|
||||
|
||||
|
||||
router = SimpleRouter()
|
||||
|
@ -1224,9 +1221,13 @@ class StatisticsAPI(ViewSet):
|
|||
|
||||
def list(self, request):
|
||||
statistics = []
|
||||
OU = get_ou_model()
|
||||
services_ous = [{'id': ou.slug, 'label': ou.name} for ou in OU.objects.exclude(service__isnull=True)]
|
||||
users_ous = [{'id': ou.slug, 'label': ou.name} for ou in OU.objects.exclude(user__isnull=True)]
|
||||
services_ous = [
|
||||
{'id': ou.slug, 'label': ou.name}
|
||||
for ou in OrganizationalUnit.objects.exclude(service__isnull=True)
|
||||
]
|
||||
users_ous = [
|
||||
{'id': ou.slug, 'label': ou.name} for ou in OrganizationalUnit.objects.exclude(user__isnull=True)
|
||||
]
|
||||
services = [
|
||||
{'id': '%s %s' % (service['slug'], service['ou__slug']), 'label': service['name']}
|
||||
for service in Service.objects.values('slug', 'name', 'ou__slug')
|
||||
|
@ -1294,10 +1295,10 @@ class StatisticsAPI(ViewSet):
|
|||
service_slug, ou_slug = service
|
||||
kwargs['service'] = get_object_or_404(Service, slug=service_slug, ou__slug=ou_slug)
|
||||
elif services_ou and 'services_ou' in allowed_filters:
|
||||
kwargs['services_ou'] = get_object_or_404(get_ou_model(), slug=services_ou)
|
||||
kwargs['services_ou'] = get_object_or_404(OrganizationalUnit, slug=services_ou)
|
||||
|
||||
if users_ou and 'users_ou' in allowed_filters:
|
||||
kwargs['users_ou'] = get_object_or_404(get_ou_model(), slug=users_ou)
|
||||
kwargs['users_ou'] = get_object_or_404(OrganizationalUnit, slug=users_ou)
|
||||
|
||||
return Response(
|
||||
{
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
from django.contrib.auth import get_user_model
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from django_rbac.utils import get_role_model
|
||||
from authentic2.a2_rbac.models import Role
|
||||
|
||||
from ...decorators import to_list
|
||||
from ...models import Attribute, AttributeValue
|
||||
|
@ -96,7 +96,6 @@ def get_attributes(instance, ctx):
|
|||
ctx['django_user_domain'] = splitted[1] if '@' in user.username else ''
|
||||
ctx['django_user_identifier'] = splitted[0]
|
||||
ctx['django_user_full_name'] = user.get_full_name()
|
||||
Role = get_role_model()
|
||||
roles = Role.objects.for_user(user)
|
||||
ctx['a2_role_slugs'] = roles.values_list('slug', flat=True)
|
||||
ctx['a2_role_names'] = roles.values_list('name', flat=True)
|
||||
|
|
|
@ -43,7 +43,7 @@ from ldap.filter import filter_format
|
|||
from ldap.ldapobject import ReconnectLDAPObject as NativeLDAPObject
|
||||
|
||||
from authentic2 import app_settings, crypto
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.backends import is_user_authenticable
|
||||
from authentic2.compat_lasso import lasso
|
||||
|
@ -52,7 +52,6 @@ from authentic2.middleware import StoreRequestMiddleware
|
|||
from authentic2.models import UserExternalId
|
||||
from authentic2.user_login_failure import user_login_failure, user_login_success
|
||||
from authentic2.utils.misc import PasswordChangeError, to_list
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
# code originaly copied from by now merely inspired by
|
||||
# http://www.amherst.k12.oh.us/django-ldap.html
|
||||
|
@ -1034,12 +1033,11 @@ class LDAPBackend:
|
|||
None"""
|
||||
|
||||
ou_slug = block['ou_slug']
|
||||
OU = get_ou_model()
|
||||
if ou_slug:
|
||||
ou_slug = force_text(ou_slug)
|
||||
try:
|
||||
ou = OU.objects.get(slug=ou_slug)
|
||||
except OU.DoesNotExist:
|
||||
ou = OrganizationalUnit.objects.get(slug=ou_slug)
|
||||
except OrganizationalUnit.DoesNotExist:
|
||||
raise ImproperlyConfigured('ou_slug value is wrong for ldap %r' % block['url'])
|
||||
else:
|
||||
ou = get_default_ou()
|
||||
|
|
|
@ -30,14 +30,12 @@ from django.utils.encoding import force_bytes, force_text
|
|||
from django.utils.translation import ugettext as _
|
||||
|
||||
from authentic2 import app_settings
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.custom_user.models import User
|
||||
from authentic2.forms.profile import BaseUserForm, modelform_factory
|
||||
from authentic2.models import Attribute, AttributeValue, UserExternalId
|
||||
from authentic2.utils.misc import send_password_reset_mail
|
||||
from django_rbac.utils import get_role_model
|
||||
|
||||
Role = get_role_model()
|
||||
|
||||
|
||||
# http://www.attrs.org/en/stable/changelog.html :
|
||||
|
|
|
@ -34,12 +34,12 @@ from django.contrib.auth.models import AbstractBaseUser
|
|||
from django.contrib.postgres.fields import JSONField
|
||||
|
||||
from authentic2 import app_settings
|
||||
from authentic2.a2_rbac.models import RoleParenting
|
||||
from authentic2.decorators import RequestCache, errorcollector
|
||||
from authentic2.models import Attribute, AttributeValue, Service
|
||||
from authentic2.utils import misc as utils_misc
|
||||
from authentic2.validators import email_validator
|
||||
from django_rbac.models import PermissionMixin
|
||||
from django_rbac.utils import get_role_parenting_model
|
||||
|
||||
from .managers import UserManager, UserQuerySet
|
||||
|
||||
|
@ -221,7 +221,6 @@ class User(AbstractBaseUser, PermissionMixin):
|
|||
qs1 = self.roles.all()
|
||||
qs2 = qs1.model.objects.filter(child_relation__child__in=qs1)
|
||||
qs = (qs1 | qs2).order_by('name').distinct()
|
||||
RoleParenting = get_role_parenting_model()
|
||||
rp_qs = RoleParenting.objects.filter(child__in=qs1)
|
||||
qs = qs.prefetch_related(models.Prefetch('child_relation', queryset=rp_qs), 'child_relation__parent')
|
||||
qs = qs.prefetch_related(
|
||||
|
|
|
@ -24,11 +24,10 @@ from django.core.validators import validate_slug
|
|||
from django.utils.text import format_lazy
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from authentic2.a2_rbac.models import RoleAttribute
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role, RoleAttribute, RoleParenting
|
||||
from authentic2.decorators import errorcollector
|
||||
from authentic2.utils.lazy import lazy_join
|
||||
from django_rbac.models import Operation
|
||||
from django_rbac.utils import get_ou_model, get_permission_model, get_role_model, get_role_parenting_model
|
||||
|
||||
|
||||
def update_model(obj, d):
|
||||
|
@ -81,11 +80,11 @@ class ExportContext:
|
|||
|
||||
@property
|
||||
def role_qs(self):
|
||||
return self._role_qs or get_role_model().objects.all()
|
||||
return self._role_qs or Role.objects.all()
|
||||
|
||||
@property
|
||||
def ou_qs(self):
|
||||
return self._ou_qs or get_ou_model().objects.all()
|
||||
return self._ou_qs or OrganizationalUnit.objects.all()
|
||||
|
||||
|
||||
def export_site(context=None):
|
||||
|
@ -109,14 +108,13 @@ def export_roles(context):
|
|||
|
||||
def search_ou(ou_d):
|
||||
try:
|
||||
OU = get_ou_model()
|
||||
OU = OrganizationalUnit
|
||||
return OU.objects.get_by_natural_key_json(ou_d)
|
||||
except OU.DoesNotExist:
|
||||
return None
|
||||
|
||||
|
||||
def search_role(role_d, ou=None):
|
||||
Role = get_role_model()
|
||||
try:
|
||||
role = Role.objects.get_by_natural_key_json(role_d)
|
||||
except Role.DoesNotExist:
|
||||
|
@ -250,7 +248,7 @@ class RoleDeserializer:
|
|||
else: # Create role
|
||||
if 'uuid' in kwargs and not kwargs['uuid']:
|
||||
raise ValidationError(_("Cannot import role '%s' with empty uuid") % kwargs.get('name'))
|
||||
self._obj = get_role_model().objects.create(**kwargs)
|
||||
self._obj = Role.objects.create(**kwargs)
|
||||
status = 'created'
|
||||
|
||||
# Ensure admin role is created.
|
||||
|
@ -279,8 +277,7 @@ class RoleDeserializer:
|
|||
def parentings(self):
|
||||
"""Update parentings (delete everything then create)"""
|
||||
created, deleted = [], []
|
||||
Parenting = get_role_parenting_model()
|
||||
for parenting in Parenting.objects.filter(child=self._obj, direct=True):
|
||||
for parenting in RoleParenting.objects.filter(child=self._obj, direct=True):
|
||||
parenting.delete()
|
||||
deleted.append(parenting)
|
||||
|
||||
|
@ -289,7 +286,7 @@ class RoleDeserializer:
|
|||
parent = search_role(parent_d)
|
||||
if not parent:
|
||||
raise ValidationError(_("Could not find parent role: %s") % parent_d)
|
||||
created.append(Parenting.objects.create(child=self._obj, direct=True, parent=parent))
|
||||
created.append(RoleParenting.objects.create(child=self._obj, direct=True, parent=parent))
|
||||
|
||||
return created, deleted
|
||||
|
||||
|
@ -304,12 +301,10 @@ class RoleDeserializer:
|
|||
if self._permissions:
|
||||
for perm in self._permissions:
|
||||
op = Operation.objects.get_by_natural_key_json(perm['operation'])
|
||||
ou = get_ou_model().objects.get_by_natural_key_json(perm['ou']) if perm['ou'] else None
|
||||
ou = OrganizationalUnit.objects.get_by_natural_key_json(perm['ou']) if perm['ou'] else None
|
||||
ct = ContentType.objects.get_by_natural_key_json(perm['target_ct'])
|
||||
target = ct.model_class().objects.get_by_natural_key_json(perm['target'])
|
||||
perm = get_permission_model().objects.create(
|
||||
operation=op, ou=ou, target_ct=ct, target_id=target.pk
|
||||
)
|
||||
perm = Permission.objects.create(operation=op, ou=ou, target_ct=ct, target_id=target.pk)
|
||||
self._obj.permissions.add(perm)
|
||||
created.append(perm)
|
||||
|
||||
|
@ -356,7 +351,7 @@ class ImportResult:
|
|||
|
||||
|
||||
def import_ou(ou_d):
|
||||
OU = get_ou_model()
|
||||
OU = OrganizationalUnit
|
||||
ou = search_ou(ou_d)
|
||||
if ou is None:
|
||||
ou = OU.objects.create(**ou_d)
|
||||
|
|
|
@ -27,10 +27,10 @@ from django.db.models import F
|
|||
from django.utils import timezone, translation
|
||||
|
||||
from authentic2 import app_settings
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2.backends import get_user_queryset
|
||||
from authentic2.backends.ldap_backend import LDAPBackend
|
||||
from authentic2.utils.misc import send_templated_mail
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -77,7 +77,7 @@ class Command(BaseCommand):
|
|||
|
||||
def clean_unused_accounts(self):
|
||||
count = app_settings.A2_CLEAN_UNUSED_ACCOUNTS_MAX_MAIL_PER_PERIOD
|
||||
for ou in get_ou_model().objects.filter(clean_unused_accounts_alert__isnull=False):
|
||||
for ou in OrganizationalUnit.objects.filter(clean_unused_accounts_alert__isnull=False):
|
||||
alert_delay = timedelta(days=ou.clean_unused_accounts_alert)
|
||||
deletion_delay = timedelta(days=ou.clean_unused_accounts_deletion)
|
||||
ou_users = self.user_qs.filter(ou=ou)
|
||||
|
|
|
@ -24,9 +24,9 @@ class AppConfig(BaseAppConfig):
|
|||
def ready(self):
|
||||
from django.db.models.signals import post_save
|
||||
|
||||
from django_rbac.utils import get_ou_model
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
|
||||
post_save.connect(self.post_save_ou, sender=get_ou_model())
|
||||
post_save.connect(self.post_save_ou, sender=OrganizationalUnit)
|
||||
|
||||
def post_save_ou(self, *args, **kwargs):
|
||||
from . import utils
|
||||
|
|
|
@ -30,7 +30,8 @@ from django.utils.text import slugify
|
|||
from django.utils.translation import pgettext, ugettext
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role
|
||||
from authentic2.a2_rbac.utils import generate_slug, get_default_ou
|
||||
from authentic2.forms.fields import CheckPasswordField, NewPasswordField, ValidatedEmailField
|
||||
from authentic2.forms.profile import BaseUserForm
|
||||
from authentic2.models import PasswordReset
|
||||
|
@ -43,14 +44,10 @@ from authentic2.utils.misc import (
|
|||
)
|
||||
from django_rbac.backends import DjangoRBACBackend
|
||||
from django_rbac.models import Operation
|
||||
from django_rbac.utils import generate_slug, get_ou_model, get_permission_model, get_role_model
|
||||
|
||||
from . import app_settings, fields, utils
|
||||
|
||||
User = get_user_model()
|
||||
OU = get_ou_model()
|
||||
Role = get_role_model()
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
|
@ -162,13 +159,11 @@ class ChooseUserAuthorizationsForm(CssClass, forms.Form):
|
|||
class ChoosePermissionForm(CssClass, forms.Form):
|
||||
operation = forms.ModelChoiceField(required=False, label=_('Operation'), queryset=Operation.objects)
|
||||
ou = forms.ModelChoiceField(
|
||||
label=_('Organizational unit'), queryset=get_ou_model().objects, required=False
|
||||
label=_('Organizational unit'), queryset=OrganizationalUnit.objects, required=False
|
||||
)
|
||||
target = forms.ModelChoiceField(label=_('Target object'), required=False, queryset=ContentType.objects)
|
||||
action = forms.CharField(initial='add', required=False, widget=forms.HiddenInput)
|
||||
permission = forms.ModelChoiceField(
|
||||
queryset=get_permission_model().objects, required=False, widget=forms.HiddenInput
|
||||
)
|
||||
permission = forms.ModelChoiceField(queryset=Permission.objects, required=False, widget=forms.HiddenInput)
|
||||
|
||||
|
||||
class UserEditForm(LimitQuerysetFormMixin, CssClass, BaseUserForm):
|
||||
|
@ -423,7 +418,7 @@ class OUSearchForm(FormWithRequest):
|
|||
if 'ou_queryset' in kwargs:
|
||||
self.ou_qs = kwargs.pop('ou_queryset')
|
||||
elif self.search_all_ous:
|
||||
self.ou_qs = get_ou_model().objects.all()
|
||||
self.ou_qs = OrganizationalUnit.objects.all()
|
||||
else:
|
||||
self.ou_qs = request.user.ous_with_perm(self.ou_permission)
|
||||
|
||||
|
@ -431,9 +426,9 @@ class OUSearchForm(FormWithRequest):
|
|||
# we were passed an explicit list of objects linked to OUs by a field named 'ou',
|
||||
# get possible OUs from this list
|
||||
related_query_name = self.queryset.model._meta.get_field('ou').related_query_name()
|
||||
objects_ou_qs = (
|
||||
get_ou_model().objects.filter(**{"%s__in" % related_query_name: self.queryset}).distinct()
|
||||
)
|
||||
objects_ou_qs = OrganizationalUnit.objects.filter(
|
||||
**{"%s__in" % related_query_name: self.queryset}
|
||||
).distinct()
|
||||
# to combine queryset with distinct, each queryset must have the distinct flag
|
||||
self.ou_qs = self.ou_qs.distinct() | objects_ou_qs
|
||||
|
||||
|
@ -611,11 +606,11 @@ class ServiceSearchForm(OUSearchForm, NameSearchForm):
|
|||
|
||||
class RoleEditForm(SlugMixin, HideOUFieldMixin, LimitQuerysetFormMixin, CssClass, forms.ModelForm):
|
||||
ou = forms.ModelChoiceField(
|
||||
queryset=get_ou_model().objects, required=True, label=_('Organizational unit')
|
||||
queryset=OrganizationalUnit.objects, required=True, label=_('Organizational unit')
|
||||
)
|
||||
|
||||
class Meta:
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
fields = ('name', 'slug', 'ou', 'description')
|
||||
|
||||
|
||||
|
@ -625,7 +620,7 @@ class OUEditForm(SlugMixin, CssClass, forms.ModelForm):
|
|||
self.fields['name'].label = _('label').title()
|
||||
|
||||
class Meta:
|
||||
model = get_ou_model()
|
||||
model = OrganizationalUnit
|
||||
fields = (
|
||||
'name',
|
||||
'slug',
|
||||
|
@ -702,7 +697,9 @@ class RolesImportForm(LimitQuerysetFormMixin, SiteImportForm):
|
|||
self.fields['ou'].widget = forms.HiddenInput()
|
||||
|
||||
ou = forms.ModelChoiceField(
|
||||
label=_('Organizational unit'), queryset=get_ou_model().objects, initial=lambda: get_default_ou().pk
|
||||
label=_('Organizational unit'),
|
||||
queryset=OrganizationalUnit.objects,
|
||||
initial=lambda: get_default_ou().pk,
|
||||
)
|
||||
|
||||
|
||||
|
@ -716,7 +713,7 @@ ENCODINGS = [
|
|||
class UserImportForm(forms.Form):
|
||||
import_file = forms.FileField(label=_('Import file'), help_text=_('A CSV file'))
|
||||
encoding = forms.ChoiceField(label=_('Encoding'), choices=ENCODINGS)
|
||||
ou = forms.ModelChoiceField(label=_('Organizational Unit'), queryset=OU.objects.all())
|
||||
ou = forms.ModelChoiceField(label=_('Organizational Unit'), queryset=OrganizationalUnit.objects.all())
|
||||
|
||||
@staticmethod
|
||||
def raise_validation_error(error_message):
|
||||
|
@ -760,7 +757,9 @@ class RolesCsvImportForm(LimitQuerysetFormMixin, forms.Form):
|
|||
)
|
||||
|
||||
ou = forms.ModelChoiceField(
|
||||
label=_('Organizational unit'), queryset=get_ou_model().objects, initial=lambda: get_default_ou().pk
|
||||
label=_('Organizational unit'),
|
||||
queryset=OrganizationalUnit.objects,
|
||||
initial=lambda: get_default_ou().pk,
|
||||
)
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
|
@ -821,8 +820,8 @@ class RolesCsvImportForm(LimitQuerysetFormMixin, forms.Form):
|
|||
ou = self.cleaned_data['ou']
|
||||
if len(csvline) > 2 and csvline[2]:
|
||||
try:
|
||||
ou = OU.objects.get(slug=csvline[2])
|
||||
except OU.DoesNotExist:
|
||||
ou = OrganizationalUnit.objects.get(slug=csvline[2])
|
||||
except OrganizationalUnit.DoesNotExist:
|
||||
self.add_line_error(_('Organizational Unit %s does not exist.') % csvline[2], i)
|
||||
continue
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
from django.contrib.auth import get_user_model
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.apps.journal.models import EventTypeDefinition
|
||||
from authentic2.apps.journal.utils import form_to_old_new
|
||||
from authentic2.backends.ldap_backend import (
|
||||
|
@ -25,10 +26,8 @@ from authentic2.backends.ldap_backend import (
|
|||
)
|
||||
from authentic2.custom_user.models import DeletedUser
|
||||
from authentic2.journal_event_types import EventTypeWithService, get_attributes_label
|
||||
from django_rbac.utils import get_role_model
|
||||
|
||||
User = get_user_model()
|
||||
Role = get_role_model()
|
||||
|
||||
|
||||
def user_to_str(user):
|
||||
|
|
|
@ -25,14 +25,14 @@ from django.utils.translation import ugettext as _
|
|||
from django.views.generic import FormView
|
||||
|
||||
from authentic2 import data_transfer
|
||||
from django_rbac.utils import get_ou_model
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
|
||||
from . import forms, tables, views
|
||||
|
||||
|
||||
class OrganizationalUnitView(views.BaseTableView):
|
||||
template_name = 'authentic2/manager/ous.html'
|
||||
model = get_ou_model()
|
||||
model = OrganizationalUnit
|
||||
table_class = tables.OUTable
|
||||
search_form_class = forms.NameSearchForm
|
||||
permissions = ['a2_rbac.search_organizationalunit']
|
||||
|
@ -43,7 +43,7 @@ listing = OrganizationalUnitView.as_view()
|
|||
|
||||
|
||||
class OrganizationalUnitAddView(views.BaseAddView):
|
||||
model = get_ou_model()
|
||||
model = OrganizationalUnit
|
||||
permissions = ['a2_rbac.add_organizationalunit']
|
||||
form_class = forms.OUEditForm
|
||||
title = _('Add organizational unit')
|
||||
|
@ -60,7 +60,7 @@ add = OrganizationalUnitAddView.as_view()
|
|||
|
||||
|
||||
class OrganizationalUnitDetailView(views.BaseDetailView):
|
||||
model = get_ou_model()
|
||||
model = OrganizationalUnit
|
||||
permissions = ['a2_rbac.view_organizationalunit']
|
||||
form_class = forms.OUEditForm
|
||||
template_name = 'authentic2/manager/ou_detail.html'
|
||||
|
@ -78,7 +78,7 @@ detail = OrganizationalUnitDetailView.as_view()
|
|||
|
||||
|
||||
class OrganizationalUnitEditView(views.BaseEditView):
|
||||
model = get_ou_model()
|
||||
model = OrganizationalUnit
|
||||
permissions = ['a2_rbac.change_organizationalunit']
|
||||
form_class = forms.OUEditForm
|
||||
template_name = 'authentic2/manager/ou_edit.html'
|
||||
|
@ -89,7 +89,7 @@ edit = OrganizationalUnitEditView.as_view()
|
|||
|
||||
|
||||
class OrganizationalUnitDeleteView(views.BaseDeleteView):
|
||||
model = get_ou_model()
|
||||
model = OrganizationalUnit
|
||||
template_name = 'authentic2/manager/ou_delete.html'
|
||||
permissions = ['a2_rbac.delete_organizationalunit']
|
||||
title = _('Delete organizational unit')
|
||||
|
@ -127,7 +127,7 @@ class OusImportView(
|
|||
views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest, FormView
|
||||
):
|
||||
form_class = forms.OusImportForm
|
||||
model = get_ou_model()
|
||||
model = OrganizationalUnit
|
||||
template_name = 'authentic2/manager/import_form.html'
|
||||
title = _('Organizational Units Import')
|
||||
|
||||
|
|
|
@ -31,18 +31,16 @@ from django.views.generic import FormView, TemplateView
|
|||
from django.views.generic.detail import SingleObjectMixin
|
||||
|
||||
from authentic2 import data_transfer, hooks
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role, RoleParenting
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.apps.journal.views import JournalViewWithContext
|
||||
from authentic2.forms.profile import modelform_factory
|
||||
from authentic2.utils.misc import redirect
|
||||
from django_rbac.utils import get_ou_model, get_permission_model, get_role_model, get_role_parenting_model
|
||||
|
||||
from . import app_settings, forms, resources, tables, views
|
||||
from .journal_views import BaseJournalView
|
||||
from .utils import has_show_username
|
||||
|
||||
OU = get_ou_model()
|
||||
|
||||
|
||||
class RolesMixin:
|
||||
service_roles = True
|
||||
|
@ -51,10 +49,9 @@ class RolesMixin:
|
|||
def get_queryset(self):
|
||||
qs = super().get_queryset()
|
||||
qs = qs.select_related('ou')
|
||||
Permission = get_permission_model()
|
||||
permission_ct = ContentType.objects.get_for_model(Permission)
|
||||
ct_ct = ContentType.objects.get_for_model(ContentType)
|
||||
ou_ct = ContentType.objects.get_for_model(OU)
|
||||
ou_ct = ContentType.objects.get_for_model(OrganizationalUnit)
|
||||
permission_qs = Permission.objects.filter(target_ct_id__in=[ct_ct.id, ou_ct.id]).values_list(
|
||||
'id', flat=True
|
||||
)
|
||||
|
@ -72,7 +69,7 @@ class RolesMixin:
|
|||
|
||||
class RolesView(views.SearchOUMixin, views.HideOUColumnMixin, RolesMixin, views.BaseTableView):
|
||||
template_name = 'authentic2/manager/roles.html'
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
table_class = tables.RoleTable
|
||||
search_form_class = forms.RoleSearchForm
|
||||
permissions = ['a2_rbac.search_role']
|
||||
|
@ -94,7 +91,7 @@ listing = RolesView.as_view()
|
|||
|
||||
class RoleAddView(views.BaseAddView):
|
||||
template_name = 'authentic2/manager/role_add.html'
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
title = _('Add role')
|
||||
success_view_name = 'a2-manager-role-members'
|
||||
exclude_fields = ('slug',)
|
||||
|
@ -142,7 +139,7 @@ export = RolesExportView.as_view()
|
|||
|
||||
|
||||
class RoleViewMixin(RolesMixin):
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
ctx = super().get_context_data(**kwargs)
|
||||
|
@ -257,7 +254,7 @@ class RoleMembersView(views.HideOUColumnMixin, RoleViewMixin, views.BaseSubTable
|
|||
),
|
||||
)[:11]
|
||||
)
|
||||
ctx['has_multiple_ou'] = OU.objects.count() > 1
|
||||
ctx['has_multiple_ou'] = OrganizationalUnit.objects.count() > 1
|
||||
ctx['admin_roles'] = views.filter_view(
|
||||
self.request, self.object.get_admin_role().children(include_self=False, annotate=True)
|
||||
)
|
||||
|
@ -321,7 +318,6 @@ class RolePermissionsView(RoleViewMixin, views.BaseSubTableView):
|
|||
ou = form.cleaned_data.get('ou')
|
||||
target = form.cleaned_data.get('target')
|
||||
action = form.cleaned_data.get('action')
|
||||
Permission = get_permission_model()
|
||||
if action == 'add' and operation and target:
|
||||
perm, dummy = Permission.objects.get_or_create(
|
||||
operation=operation,
|
||||
|
@ -395,7 +391,6 @@ class RoleChildrenView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTabl
|
|||
Q(pk__in=children.filter(is_direct=False)), output_field=BooleanField()
|
||||
)
|
||||
)
|
||||
RoleParenting = get_role_parenting_model()
|
||||
rp_qs = RoleParenting.objects.filter(parent__in=children).annotate(name=F('parent__name'))
|
||||
qs = qs.prefetch_related(Prefetch('parent_relation', queryset=rp_qs, to_attr='via'))
|
||||
return qs
|
||||
|
@ -423,9 +418,7 @@ class RoleChildrenView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTabl
|
|||
|
||||
def get_search_form_kwargs(self):
|
||||
kwargs = super().get_search_form_kwargs()
|
||||
kwargs['queryset'] = self.request.user.filter_by_perm(
|
||||
'a2_rbac.view_role', get_role_model().objects.all()
|
||||
)
|
||||
kwargs['queryset'] = self.request.user.filter_by_perm('a2_rbac.view_role', Role.objects.all())
|
||||
return kwargs
|
||||
|
||||
|
||||
|
@ -460,7 +453,6 @@ class RoleParentsView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTable
|
|||
Q(pk__in=parents.filter(is_direct=False)), output_field=BooleanField()
|
||||
)
|
||||
)
|
||||
RoleParenting = get_role_parenting_model()
|
||||
rp_qs = RoleParenting.objects.filter(child__in=parents).annotate(name=F('child__name'))
|
||||
qs = qs.prefetch_related(Prefetch('child_relation', queryset=rp_qs, to_attr='via'))
|
||||
return qs
|
||||
|
@ -489,7 +481,7 @@ class RoleParentsView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTable
|
|||
def get_search_form_kwargs(self):
|
||||
kwargs = super().get_search_form_kwargs()
|
||||
kwargs['queryset'] = self.request.user.filter_by_perm(
|
||||
'a2_rbac.manage_members_role', get_role_model().objects.all()
|
||||
'a2_rbac.manage_members_role', Role.objects.all()
|
||||
)
|
||||
return kwargs
|
||||
|
||||
|
@ -506,7 +498,7 @@ class RoleAddAdminRoleView(
|
|||
FormView,
|
||||
):
|
||||
title = _('Add admin role')
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
form_class = forms.RolesForm
|
||||
success_url = '..'
|
||||
template_name = 'authentic2/manager/form.html'
|
||||
|
@ -540,7 +532,7 @@ class RoleRemoveAdminRoleView(
|
|||
views.TitleMixin, views.AjaxFormViewMixin, SingleObjectMixin, views.PermissionMixin, TemplateView
|
||||
):
|
||||
title = _('Remove admin role')
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
success_url = '../..'
|
||||
template_name = 'authentic2/manager/role_remove_admin_role.html'
|
||||
permissions = ['a2_rbac.change_role']
|
||||
|
@ -582,7 +574,7 @@ class RoleAddAdminUserView(
|
|||
FormView,
|
||||
):
|
||||
title = _('Add admin user')
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
form_class = forms.UsersForm
|
||||
success_url = '..'
|
||||
template_name = 'authentic2/manager/form.html'
|
||||
|
@ -616,7 +608,7 @@ class RoleRemoveAdminUserView(
|
|||
views.TitleMixin, views.AjaxFormViewMixin, SingleObjectMixin, views.PermissionMixin, TemplateView
|
||||
):
|
||||
title = _('Remove admin user')
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
success_url = '../..'
|
||||
template_name = 'authentic2/manager/role_remove_admin_user.html'
|
||||
permissions = ['a2_rbac.change_role']
|
||||
|
@ -653,7 +645,7 @@ class RolesImportView(
|
|||
views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest, FormView
|
||||
):
|
||||
form_class = forms.RolesImportForm
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
template_name = 'authentic2/manager/import_form.html'
|
||||
title = _('Roles Import')
|
||||
|
||||
|
@ -696,7 +688,7 @@ class RolesCsvImportView(
|
|||
views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest, FormView
|
||||
):
|
||||
form_class = forms.RolesCsvImportForm
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
template_name = 'authentic2/manager/roles_csv_import_form.html'
|
||||
title = _('Roles CSV Import')
|
||||
|
||||
|
@ -744,7 +736,7 @@ class RoleJournal(views.PermissionMixin, JournalViewWithContext, BaseJournalView
|
|||
|
||||
@cached_property
|
||||
def context(self):
|
||||
return get_object_or_404(get_role_model(), pk=self.kwargs['pk'])
|
||||
return get_object_or_404(Role, pk=self.kwargs['pk'])
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
ctx = super().get_context_data(**kwargs)
|
||||
|
@ -763,7 +755,7 @@ class RolesJournal(views.SearchOUMixin, views.PermissionMixin, JournalViewWithCo
|
|||
|
||||
@cached_property
|
||||
def context(self):
|
||||
return get_role_model()
|
||||
return Role
|
||||
|
||||
|
||||
roles_journal = RolesJournal.as_view()
|
||||
|
|
|
@ -22,10 +22,10 @@ from django.utils.translation import ugettext_lazy as _
|
|||
from django.utils.translation import ugettext_noop
|
||||
from django_tables2.utils import A
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role
|
||||
from authentic2.middleware import StoreRequestMiddleware
|
||||
from authentic2.models import Service
|
||||
from authentic2_idp_oidc.models import OIDCAuthorization
|
||||
from django_rbac.utils import get_ou_model, get_permission_model, get_role_model
|
||||
|
||||
User = get_user_model()
|
||||
|
||||
|
@ -112,7 +112,7 @@ class RoleTable(tables.Table):
|
|||
return content
|
||||
|
||||
class Meta:
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
attrs = {'class': 'main', 'id': 'role-table'}
|
||||
fields = ('name', 'slug', 'ou', 'member_count')
|
||||
|
||||
|
@ -123,7 +123,7 @@ class PermissionTable(tables.Table):
|
|||
target = tables.Column()
|
||||
|
||||
class Meta:
|
||||
model = get_permission_model()
|
||||
model = Permission
|
||||
attrs = {'class': 'main', 'id': 'role-table'}
|
||||
fields = ('operation', 'scope', 'target')
|
||||
empty_text = _('None')
|
||||
|
@ -134,7 +134,7 @@ class OUTable(tables.Table):
|
|||
default = tables.BooleanColumn()
|
||||
|
||||
class Meta:
|
||||
model = get_ou_model()
|
||||
model = OrganizationalUnit
|
||||
attrs = {'class': 'main', 'id': 'ou-table'}
|
||||
fields = ('name', 'slug', 'default')
|
||||
empty_text = _('None')
|
||||
|
@ -169,7 +169,7 @@ class OuUserRolesTable(tables.Table):
|
|||
return content
|
||||
|
||||
class Meta:
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
attrs = {'class': 'main plaintable', 'id': 'role-table'}
|
||||
fields = ('name', 'ou')
|
||||
empty_text = _('None')
|
||||
|
@ -195,7 +195,7 @@ class UserRolesTable(tables.Table):
|
|||
return content
|
||||
|
||||
class Meta:
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
attrs = {'class': 'main', 'id': 'role-table'}
|
||||
fields = ('name', 'ou')
|
||||
empty_text = _('None')
|
||||
|
@ -219,7 +219,7 @@ class ServiceRolesTable(tables.Table):
|
|||
name = tables.Column(accessor='name', verbose_name=_('name'))
|
||||
|
||||
class Meta:
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
attrs = {'class': 'main', 'id': 'service-role-table'}
|
||||
fields = ('name',)
|
||||
empty_text = _('No access restriction. All users are allowed to connect to this service.')
|
||||
|
@ -253,7 +253,7 @@ class InheritanceRolesTable(tables.Table):
|
|||
)
|
||||
|
||||
class Meta:
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
attrs = {'class': 'main plaintable', 'id': 'inheritance-role-table'}
|
||||
fields = ('name', 'ou')
|
||||
empty_text = _('None')
|
||||
|
|
|
@ -37,13 +37,13 @@ from django.views.generic.detail import SingleObjectMixin
|
|||
from django.views.generic.edit import BaseFormView
|
||||
|
||||
from authentic2 import hooks
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role, RoleParenting
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.apps.journal.views import JournalViewWithContext
|
||||
from authentic2.models import Attribute, PasswordReset
|
||||
from authentic2.utils import spooler, switch_user
|
||||
from authentic2.utils.misc import make_url, redirect, select_next_url, send_password_reset_mail
|
||||
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
|
||||
from django_rbac.utils import get_ou_model, get_role_model, get_role_parenting_model
|
||||
|
||||
from . import app_settings
|
||||
from .forms import (
|
||||
|
@ -82,7 +82,6 @@ from .views import (
|
|||
)
|
||||
|
||||
User = get_user_model()
|
||||
OU = get_ou_model()
|
||||
|
||||
|
||||
class UsersView(HideOUColumnMixin, BaseTableView):
|
||||
|
@ -180,7 +179,7 @@ class UserAddView(ActionMixin, BaseAddView):
|
|||
qs = request.user.ous_with_perm('custom_user.add_user')
|
||||
try:
|
||||
self.ou = qs.get(pk=self.kwargs['ou_pk'])
|
||||
except OU.DoesNotExist:
|
||||
except OrganizationalUnit.DoesNotExist:
|
||||
raise PermissionDenied
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
|
@ -248,7 +247,7 @@ class UserAddView(ActionMixin, BaseAddView):
|
|||
return initial
|
||||
|
||||
def get_user_add_policies(self, *args, **kwargs):
|
||||
ou = OU.objects.get(pk=self.kwargs['ou_pk'])
|
||||
ou = OrganizationalUnit.objects.get(pk=self.kwargs['ou_pk'])
|
||||
value = ou.user_add_password_policy
|
||||
return ou.USER_ADD_PASSWD_POLICY_VALUES[value]._asdict()
|
||||
|
||||
|
@ -412,7 +411,7 @@ class UserDetailView(OtherActionsMixin, BaseDetailView):
|
|||
|
||||
@classmethod
|
||||
def has_perm_on_roles(cls, user, instance):
|
||||
role_qs = get_role_model().objects.all()
|
||||
role_qs = Role.objects.all()
|
||||
if app_settings.ROLE_MEMBERS_FROM_OU and instance.ou:
|
||||
role_qs = role_qs.filter(ou=instance.ou)
|
||||
return user.filter_by_perm('a2_rbac.manage_members_role', role_qs).exists()
|
||||
|
@ -420,7 +419,7 @@ class UserDetailView(OtherActionsMixin, BaseDetailView):
|
|||
def get_context_data(self, **kwargs):
|
||||
kwargs['default_ou'] = get_default_ou
|
||||
roles = self.object.roles_and_parents().order_by('ou__name', 'name')
|
||||
role_qs = get_role_model().objects.all()
|
||||
role_qs = Role.objects.all()
|
||||
if app_settings.ROLE_MEMBERS_FROM_OU and self.object.ou:
|
||||
role_qs = role_qs.filter(ou=self.object.ou)
|
||||
visible_roles = self.request.user.filter_by_perm('a2_rbac.view_role', role_qs)
|
||||
|
@ -641,8 +640,6 @@ class UserRolesView(HideOUColumnMixin, BaseSubTableView):
|
|||
if self.is_ou_specified():
|
||||
roles = self.object.roles.all()
|
||||
User = get_user_model()
|
||||
Role = get_role_model()
|
||||
RoleParenting = get_role_parenting_model()
|
||||
rp_qs = RoleParenting.objects.filter(child__in=roles)
|
||||
qs = Role.objects.all()
|
||||
qs = qs.prefetch_related(models.Prefetch('child_relation', queryset=rp_qs, to_attr='via'))
|
||||
|
@ -699,9 +696,7 @@ class UserRolesView(HideOUColumnMixin, BaseSubTableView):
|
|||
kwargs['all_ou_label'] = ''
|
||||
kwargs['user'] = self.object
|
||||
kwargs['role_members_from_ou'] = app_settings.ROLE_MEMBERS_FROM_OU
|
||||
kwargs['queryset'] = self.request.user.filter_by_perm(
|
||||
'a2_rbac.view_role', get_role_model().objects.all()
|
||||
)
|
||||
kwargs['queryset'] = self.request.user.filter_by_perm('a2_rbac.view_role', Role.objects.all())
|
||||
if self.object.ou_id:
|
||||
initial = kwargs.setdefault('initial', {})
|
||||
initial['ou'] = str(self.object.ou_id)
|
||||
|
|
|
@ -14,10 +14,8 @@
|
|||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2.decorators import GlobalCache
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
OU = get_ou_model()
|
||||
|
||||
|
||||
def label_from_user(user):
|
||||
|
@ -40,9 +38,9 @@ def label_from_user(user):
|
|||
|
||||
@GlobalCache(timeout=10)
|
||||
def get_ou_count():
|
||||
return OU.objects.count()
|
||||
return OrganizationalUnit.objects.count()
|
||||
|
||||
|
||||
@GlobalCache(timeout=10)
|
||||
def has_show_username():
|
||||
return not OU.objects.filter(show_username=False).exists()
|
||||
return not OrganizationalUnit.objects.filter(show_username=False).exists()
|
||||
|
|
|
@ -40,12 +40,11 @@ from django_tables2 import SingleTableMixin, SingleTableView
|
|||
from gadjo.templatetags.gadjo import xstatic
|
||||
|
||||
from authentic2 import hooks
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2.data_transfer import ImportContext, export_site, import_site
|
||||
from authentic2.decorators import json as json_view
|
||||
from authentic2.forms.profile import modelform_factory
|
||||
from authentic2.utils.misc import batch_queryset, redirect
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
from . import app_settings, forms, utils, widgets
|
||||
|
||||
|
@ -685,7 +684,6 @@ class HideOUColumnMixin:
|
|||
'''Helper class for table views, hiding the OU column from tables if an OU filter exists'''
|
||||
|
||||
def get_table(self, **kwargs):
|
||||
OU = get_ou_model()
|
||||
exclude_ou = False
|
||||
if (
|
||||
hasattr(self, 'search_form')
|
||||
|
@ -693,7 +691,7 @@ class HideOUColumnMixin:
|
|||
and self.search_form.cleaned_data.get('ou') is not None
|
||||
):
|
||||
exclude_ou = True
|
||||
if OU.objects.count() < 2:
|
||||
if OrganizationalUnit.objects.count() < 2:
|
||||
exclude_ou = True
|
||||
if exclude_ou:
|
||||
exclude = kwargs.setdefault('exclude', [])
|
||||
|
@ -777,7 +775,7 @@ class SearchOUMixin:
|
|||
except (ValueError, KeyError):
|
||||
return None
|
||||
else:
|
||||
return OU.objects.filter(pk=ou_id).first()
|
||||
return OrganizationalUnit.objects.filter(pk=ou_id).first()
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
return super().get_context_data(ou=self.ou, **kwargs)
|
||||
|
|
|
@ -24,8 +24,8 @@ from django.core import signing
|
|||
from django.utils.encoding import force_text
|
||||
from django_select2.forms import ModelSelect2MultipleWidget, ModelSelect2Widget
|
||||
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2_idp_oidc.models import OIDCAuthorization
|
||||
from django_rbac.utils import get_role_model
|
||||
|
||||
from . import utils
|
||||
|
||||
|
@ -95,7 +95,7 @@ class ChooseUsersWidget(SearchUserWidgetMixin, SimpleModelSelect2MultipleWidget)
|
|||
|
||||
|
||||
class SearchRoleWidgetMixin(SplitTermMixin):
|
||||
model = get_role_model()
|
||||
model = Role
|
||||
split_term_operator = operator.__and__
|
||||
search_fields = [
|
||||
'name__icontains',
|
||||
|
|
|
@ -24,7 +24,7 @@ from django.db.models.query import QuerySet
|
|||
from django.utils.timezone import now
|
||||
from model_utils import managers
|
||||
|
||||
from django_rbac.utils import get_ou_model
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -96,12 +96,11 @@ class ServiceQuerySet(managers.InheritanceQuerySetMixin, GetBySlugQuerySet):
|
|||
|
||||
class BaseServiceManager(models.Manager):
|
||||
def get_by_natural_key(self, ou_natural_key, slug):
|
||||
OU = get_ou_model()
|
||||
kwargs = {'slug': slug}
|
||||
if ou_natural_key:
|
||||
try:
|
||||
ou = OU.objects.get_by_natural_key(*ou_natural_key)
|
||||
except OU.DoesNotExist:
|
||||
ou = OrganizationalUnit.objects.get_by_natural_key(*ou_natural_key)
|
||||
except OrganizationalUnit.DoesNotExist:
|
||||
raise self.model.DoesNotExist
|
||||
kwargs['ou'] = ou
|
||||
else:
|
||||
|
|
|
@ -36,7 +36,6 @@ from model_utils.managers import QueryManager
|
|||
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.crypto import base64url_decode, base64url_encode
|
||||
from django_rbac.utils import get_role_model_name
|
||||
|
||||
# install our natural_key implementation
|
||||
from . import managers
|
||||
|
@ -371,7 +370,7 @@ class Service(models.Model):
|
|||
on_delete=models.CASCADE,
|
||||
)
|
||||
authorized_roles = models.ManyToManyField(
|
||||
get_role_model_name(),
|
||||
'a2_rbac.Role',
|
||||
verbose_name=_('authorized services'),
|
||||
through='AuthorizedRole',
|
||||
through_fields=('service', 'role'),
|
||||
|
@ -454,7 +453,7 @@ Service._meta.natural_key = [['slug', 'ou']]
|
|||
|
||||
class AuthorizedRole(models.Model):
|
||||
service = models.ForeignKey(Service, on_delete=models.CASCADE)
|
||||
role = models.ForeignKey(get_role_model_name(), on_delete=models.CASCADE)
|
||||
role = models.ForeignKey('a2_rbac.Role', on_delete=models.CASCADE)
|
||||
|
||||
|
||||
class Token(models.Model):
|
||||
|
|
|
@ -22,9 +22,9 @@ from django.core.exceptions import ValidationError
|
|||
from django.utils.encoding import force_text
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.compat_lasso import lasso
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
from .models import LibertyProvider, LibertyServiceProvider
|
||||
|
||||
|
@ -36,7 +36,7 @@ class AddLibertyProviderFromUrlForm(forms.Form):
|
|||
)
|
||||
url = forms.URLField(label=_("Metadata's URL"))
|
||||
ou = forms.ModelChoiceField(
|
||||
queryset=get_ou_model().objects, initial=get_default_ou, label=_('Organizational unit')
|
||||
queryset=OrganizationalUnit.objects, initial=get_default_ou, label=_('Organizational unit')
|
||||
)
|
||||
|
||||
def clean(self):
|
||||
|
|
|
@ -25,9 +25,9 @@ from jwcrypto.jwk import JWK
|
|||
from jwcrypto.jwt import JWT
|
||||
|
||||
from authentic2 import app_settings, hooks
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2.crypto import base64url_encode
|
||||
from authentic2.utils.template import Template
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
from . import models, utils
|
||||
|
||||
|
@ -209,7 +209,7 @@ class OIDCBackend(ModelBackend):
|
|||
# map claims to attributes or user fields
|
||||
# mapping is done before eventual creation of user as EMAIL_IS_UNIQUE needs to know if the
|
||||
# mapping will provide some mail to us
|
||||
ou_map = {ou.slug: ou for ou in get_ou_model().cached()}
|
||||
ou_map = {ou.slug: ou for ou in OrganizationalUnit.cached()}
|
||||
user_ou = provider.ou
|
||||
save_user = False
|
||||
mappings = []
|
||||
|
|
|
@ -22,9 +22,9 @@ from django.core.exceptions import ValidationError
|
|||
from django.core.management.base import BaseCommand, CommandError
|
||||
from django.db.transaction import atomic
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2_auth_oidc.models import OIDCClaimMapping, OIDCProvider
|
||||
from authentic2_auth_oidc.utils import register_issuer
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
|
||||
class Command(BaseCommand):
|
||||
|
@ -67,8 +67,7 @@ class Command(BaseCommand):
|
|||
try:
|
||||
ou = None
|
||||
if options.get('ou_slug'):
|
||||
OU = get_ou_model()
|
||||
ou = OU.objects.get(slug=options['ou_slug'])
|
||||
ou = OrganizationalUnit.objects.get(slug=options['ou_slug'])
|
||||
provider = register_issuer(
|
||||
name,
|
||||
issuer=issuer,
|
||||
|
|
|
@ -24,8 +24,8 @@ from django.db import models
|
|||
from django.utils.translation import ugettext_lazy as _
|
||||
from jwcrypto.jwk import InvalidJWKValue, JWKSet
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2.utils.template import validate_template
|
||||
from django_rbac.utils import get_ou_model_name
|
||||
|
||||
from . import managers
|
||||
|
||||
|
@ -90,7 +90,7 @@ class OIDCProvider(models.Model):
|
|||
# ou where new users should be created
|
||||
strategy = models.CharField(max_length=32, choices=STRATEGIES, verbose_name=_('strategy'))
|
||||
ou = models.ForeignKey(
|
||||
to=get_ou_model_name(), verbose_name=_('organizational unit'), on_delete=models.CASCADE
|
||||
to=OrganizationalUnit, verbose_name=_('organizational unit'), on_delete=models.CASCADE
|
||||
)
|
||||
|
||||
# policy
|
||||
|
|
|
@ -45,12 +45,12 @@ from ratelimit.utils import is_ratelimited
|
|||
|
||||
from authentic2 import app_settings as a2_app_settings
|
||||
from authentic2 import hooks
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2.decorators import setting_enabled
|
||||
from authentic2.exponential_retry_timeout import ExponentialRetryTimeout
|
||||
from authentic2.utils.misc import last_authentication_event, login_require, make_url, redirect
|
||||
from authentic2.utils.view_decorators import check_view_restriction
|
||||
from authentic2.views import logout as a2_logout
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
from . import app_settings, models, utils
|
||||
|
||||
|
@ -598,7 +598,6 @@ def idtoken_from_user_credential(request):
|
|||
)
|
||||
username = request.POST.get('username')
|
||||
scope = request.POST.get('scope')
|
||||
OrganizationalUnit = get_ou_model()
|
||||
|
||||
# scope is ignored, we used the configured scope
|
||||
|
||||
|
|
|
@ -28,6 +28,7 @@ from django.db import connection
|
|||
from django.db.migrations.executor import MigrationExecutor
|
||||
|
||||
from authentic2 import hooks as a2_hooks
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.authentication import OIDCUser
|
||||
from authentic2.manager.utils import get_ou_count
|
||||
|
@ -35,7 +36,6 @@ from authentic2.models import Attribute, Service
|
|||
from authentic2.utils.evaluate import BaseExpressionValidator
|
||||
from authentic2_auth_oidc.utils import get_provider_by_issuer, get_providers, has_providers
|
||||
from authentic2_idp_oidc.models import OIDCClient
|
||||
from django_rbac.utils import get_ou_model, get_role_model
|
||||
|
||||
from . import utils
|
||||
|
||||
|
@ -63,9 +63,6 @@ def pytest_runtest_setup(item):
|
|||
pytest.skip('not slow tests must not run')
|
||||
|
||||
|
||||
Role = get_role_model()
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def settings(settings, request):
|
||||
# our post_migrate handlers depends upon some values of the settings (like
|
||||
|
@ -102,20 +99,17 @@ def app(app_factory):
|
|||
|
||||
@pytest.fixture
|
||||
def ou1(db):
|
||||
OU = get_ou_model()
|
||||
return OU.objects.create(name='OU1', slug='ou1')
|
||||
return OrganizationalUnit.objects.create(name='OU1', slug='ou1')
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def ou2(db):
|
||||
OU = get_ou_model()
|
||||
return OU.objects.create(name='OU2', slug='ou2')
|
||||
return OrganizationalUnit.objects.create(name='OU2', slug='ou2')
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def ou_rando(db):
|
||||
OU = get_ou_model()
|
||||
return OU.objects.create(name='ou_rando', slug='ou_rando')
|
||||
return OrganizationalUnit.objects.create(name='ou_rando', slug='ou_rando')
|
||||
|
||||
|
||||
def create_user(**kwargs):
|
||||
|
@ -159,7 +153,6 @@ def admin(db):
|
|||
is_active=True,
|
||||
ou=get_default_ou(),
|
||||
)
|
||||
Role = get_role_model()
|
||||
user.roles.add(Role.objects.get(slug='_a2-manager'))
|
||||
return user
|
||||
|
||||
|
@ -337,12 +330,10 @@ def api_user(
|
|||
|
||||
@pytest.fixture(autouse=True)
|
||||
def clear_cache():
|
||||
OU = get_ou_model()
|
||||
|
||||
cache.clear()
|
||||
BaseExpressionValidator.__call__.cache_clear()
|
||||
for cached_el in (
|
||||
OU.cached,
|
||||
OrganizationalUnit.cached,
|
||||
a2_hooks.get_hooks,
|
||||
get_providers,
|
||||
get_provider_by_issuer,
|
||||
|
|
|
@ -33,13 +33,13 @@ from django.utils.timezone import now
|
|||
from jwcrypto.jwk import JWK, JWKSet
|
||||
from jwcrypto.jwt import JWT
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.models import Attribute, AuthorizedRole
|
||||
from authentic2.utils.misc import good_next_url, make_url
|
||||
from authentic2_auth_oidc.utils import parse_timestamp
|
||||
from authentic2_idp_oidc.models import OIDCAccessToken, OIDCAuthorization, OIDCClaim, OIDCClient, OIDCCode
|
||||
from authentic2_idp_oidc.utils import base64url, get_first_ec_sig_key, get_first_rsa_sig_key, make_sub
|
||||
from django_rbac.utils import get_ou_model, get_role_model
|
||||
|
||||
from .. import utils
|
||||
from .conftest import bearer_authentication_headers, client_authentication_headers
|
||||
|
@ -293,9 +293,7 @@ def test_authorization_code_sso(
|
|||
OIDCClaim.objects.create(
|
||||
client=oidc_client, name='date_joined', value='django_user_date_joined', scopes='profile'
|
||||
)
|
||||
simple_user.roles.add(
|
||||
get_role_model().objects.create(name='Whatever', slug='whatever', ou=get_default_ou())
|
||||
)
|
||||
simple_user.roles.add(Role.objects.create(name='Whatever', slug='whatever', ou=get_default_ou()))
|
||||
response = app.get(user_info_url, headers=bearer_authentication_headers(access_token))
|
||||
assert response.json['ou'] == simple_user.ou.name
|
||||
assert response.json['roles'][0] == 'Whatever'
|
||||
|
@ -886,7 +884,7 @@ def test_client_secret_post_authentication(oidc_settings, app, simple_oidc_clien
|
|||
@pytest.mark.parametrize('login_first', [(True,), (False,)])
|
||||
def test_role_control_access(login_first, oidc_settings, oidc_client, simple_user, app):
|
||||
# authorized_role
|
||||
role_authorized = get_role_model().objects.create(name='Goth Kids', slug='goth-kids', ou=get_default_ou())
|
||||
role_authorized = Role.objects.create(name='Goth Kids', slug='goth-kids', ou=get_default_ou())
|
||||
oidc_client.add_authorized_role(role_authorized)
|
||||
|
||||
redirect_uri = oidc_client.redirect_uris.split()[0]
|
||||
|
@ -1592,8 +1590,7 @@ def test_consents_view(app, oidc_client, simple_user):
|
|||
assert "You have not given any authorization to access your account profile data." in response.text
|
||||
|
||||
# create an ou authz
|
||||
OU = get_ou_model()
|
||||
ou1 = OU.objects.create(name='Orgunit1', slug='orgunit1')
|
||||
ou1 = OrganizationalUnit.objects.create(name='Orgunit1', slug='orgunit1')
|
||||
OIDCAuthorization.objects.create(
|
||||
client=ou1,
|
||||
user=simple_user,
|
||||
|
|
|
@ -27,7 +27,6 @@ from authentic2.custom_user.models import User
|
|||
from authentic2.models import Service
|
||||
from authentic2.utils.misc import get_hex_uuid
|
||||
from django_rbac.models import CHANGE_OP, Operation
|
||||
from django_rbac.utils import get_permission_model
|
||||
|
||||
from .utils import login, request_select2
|
||||
|
||||
|
@ -242,7 +241,6 @@ def test_role_with_permission_export_json(db):
|
|||
name='other role name', slug='other-role-slug', uuid=get_hex_uuid(), ou=some_ou
|
||||
)
|
||||
ou = OU.objects.create(name='basic ou', slug='basic-ou', description='basic ou description')
|
||||
Permission = get_permission_model()
|
||||
op = Operation.objects.get(slug='add')
|
||||
perm_saml = Permission.objects.create(
|
||||
operation=op,
|
||||
|
|
|
@ -33,9 +33,9 @@ from django.utils.translation import ugettext as _
|
|||
from rest_framework import status, test
|
||||
|
||||
from authentic2 import attribute_kinds, models
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.utils import misc as utils_misc
|
||||
from authentic2.utils.misc import continue_to_next_url, login_require, make_url, redirect, redirect_to_login
|
||||
from django_rbac.utils import get_ou_model, get_role_model
|
||||
|
||||
from .utils import Authentic2TestCase, assert_event, get_link_from_mail, get_response_form
|
||||
|
||||
|
@ -382,12 +382,12 @@ class AttributeKindsTest(TestCase):
|
|||
class APITest(TestCase):
|
||||
def setUp(self):
|
||||
User = get_user_model()
|
||||
Role = get_role_model()
|
||||
OU = get_ou_model()
|
||||
|
||||
ct_user = ContentType.objects.get_for_model(User)
|
||||
|
||||
self.ou = OU.objects.create(slug='ou', name='OU', email_is_unique=True, username_is_unique=True)
|
||||
self.ou = OrganizationalUnit.objects.create(
|
||||
slug='ou', name='OU', email_is_unique=True, username_is_unique=True
|
||||
)
|
||||
self.reguser1 = User.objects.create(username='reguser1')
|
||||
self.reguser1.set_password('password')
|
||||
self.reguser1.save()
|
||||
|
|
|
@ -33,13 +33,13 @@ from django.utils.text import slugify
|
|||
from requests.models import Response
|
||||
from rest_framework import VERSION as drf_version
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.apps.journal.models import Event, EventType
|
||||
from authentic2.models import Attribute, AttributeValue, AuthorizedRole, PasswordReset, Service
|
||||
from authentic2.utils.misc import good_next_url
|
||||
from django_rbac.models import SEARCH_OP
|
||||
from django_rbac.utils import get_ou_model, get_role_model
|
||||
|
||||
from .utils import assert_event, basic_authorization_header, get_link_from_mail, login
|
||||
|
||||
|
@ -578,7 +578,6 @@ def test_api_users_create(settings, app, api_user):
|
|||
|
||||
|
||||
def test_api_users_create_email_is_unique(settings, app, superuser):
|
||||
OU = get_ou_model()
|
||||
ou1 = OU.objects.create(name='OU1', slug='ou1')
|
||||
ou2 = OU.objects.create(name='OU2', slug='ou2', email_is_unique=True)
|
||||
|
||||
|
@ -1403,7 +1402,7 @@ def test_api_post_role(app, admin_ou1, ou1):
|
|||
assert set(role_data.items()) < set(resp.json.items())
|
||||
|
||||
# Check attributes values against the DB:
|
||||
role = get_role_model().objects.get(uuid=uuid)
|
||||
role = Role.objects.get(uuid=uuid)
|
||||
assert role.slug == role_data['slug']
|
||||
assert role.name == role_data['name']
|
||||
assert role.ou.slug == role_data['ou']
|
||||
|
@ -1450,8 +1449,6 @@ def test_api_post_role_no_slug(app, superuser):
|
|||
|
||||
def test_api_post_ou_no_slug(app, superuser):
|
||||
app.authorization = ('Basic', (superuser.username, superuser.username))
|
||||
OU = get_ou_model()
|
||||
|
||||
ou_data = {
|
||||
'name': 'Some Organizational Unit',
|
||||
}
|
||||
|
@ -1480,7 +1477,6 @@ def test_api_post_ou_no_slug(app, superuser):
|
|||
|
||||
def test_api_post_ou_get_or_create(app, superuser):
|
||||
app.authorization = ('Basic', (superuser.username, superuser.username))
|
||||
OU = get_ou_model()
|
||||
# first get-or-create? -> create
|
||||
ou_data = {
|
||||
'name': 'Some Organizational Unit',
|
||||
|
@ -1743,7 +1739,6 @@ def test_api_users_get_or_create_email_is_unique(settings, app, admin):
|
|||
|
||||
def test_api_users_get_or_create_email_not_unique(settings, app, admin):
|
||||
settings.A2_EMAIL_IS_UNIQUE = False
|
||||
OU = get_ou_model()
|
||||
ou1 = OU.objects.create(name='OU1', slug='ou1', email_is_unique=True)
|
||||
ou2 = OU.objects.create(name='OU2', slug='ou2', email_is_unique=False)
|
||||
|
||||
|
@ -2384,7 +2379,6 @@ def test_api_users_delete(settings, app, admin, simple_user):
|
|||
|
||||
@pytest.mark.skipif(drf_version.startswith('3.4'), reason='no support for old django rest framework')
|
||||
def test_api_statistics_list(app, admin):
|
||||
OU = get_ou_model()
|
||||
headers = basic_authorization_header(admin)
|
||||
resp = app.get('/api/statistics/', headers=headers)
|
||||
assert len(resp.json['data']) == 6
|
||||
|
@ -2478,7 +2472,6 @@ def test_api_statistics_list(app, admin):
|
|||
'event_type_name,event_name', [('user.login', 'login'), ('user.registration', 'registration')]
|
||||
)
|
||||
def test_api_statistics(app, admin, freezer, event_type_name, event_name):
|
||||
OU = get_ou_model()
|
||||
headers = basic_authorization_header(admin)
|
||||
|
||||
resp = app.get('/api/statistics/login/?time_interval=month', headers=headers)
|
||||
|
|
|
@ -35,6 +35,7 @@ from jwcrypto.jwk import JWK, JWKSet
|
|||
from jwcrypto.jws import JWS, InvalidJWSObject
|
||||
from jwcrypto.jwt import JWT
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.custom_user.models import DeletedUser
|
||||
from authentic2.models import Attribute, AttributeValue
|
||||
|
@ -48,7 +49,6 @@ from authentic2_auth_oidc.utils import (
|
|||
parse_id_token,
|
||||
register_issuer,
|
||||
)
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
from . import utils
|
||||
|
||||
|
@ -455,8 +455,7 @@ def test_login_autorun(oidc_provider, app, settings):
|
|||
|
||||
|
||||
def test_sso(app, caplog, code, oidc_provider, oidc_provider_jwkset, hooks):
|
||||
OU = get_ou_model()
|
||||
cassis = OU.objects.create(name='Cassis', slug='cassis')
|
||||
cassis = OrganizationalUnit.objects.create(name='Cassis', slug='cassis')
|
||||
|
||||
response = app.get('/admin/').maybe_follow()
|
||||
assert oidc_provider.name in response.text
|
||||
|
|
|
@ -26,13 +26,13 @@ from django.contrib.auth import get_user_model
|
|||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.utils.timezone import now
|
||||
|
||||
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP, VIEW_OP
|
||||
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP, VIEW_OP, OrganizationalUnit, Permission, Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.custom_user.models import DeletedUser
|
||||
from authentic2.models import UserExternalId
|
||||
from authentic2_auth_oidc.models import OIDCAccount, OIDCProvider
|
||||
from django_rbac.models import ADMIN_OP, Operation
|
||||
from django_rbac.utils import get_operation, get_ou_model, get_permission_model, get_role_model
|
||||
from django_rbac.utils import get_operation
|
||||
|
||||
from .utils import call_command, login
|
||||
|
||||
|
@ -242,8 +242,7 @@ def test_oidc_register_issuer(db, tmpdir, monkeypatch):
|
|||
oidc_conf = json.load(f)
|
||||
|
||||
def register_issuer(name, issuer=None, openid_configuration=None, verify=True, timeout=None, ou=None):
|
||||
OU = get_ou_model()
|
||||
ou = OU.objects.get(default=True)
|
||||
ou = OrganizationalUnit.objects.get(default=True)
|
||||
return OIDCProvider.objects.create(
|
||||
name=name,
|
||||
ou=ou,
|
||||
|
@ -280,12 +279,10 @@ def test_sync_metadata(db):
|
|||
|
||||
|
||||
def test_check_and_repair_managers_of_roles(db, capsys):
|
||||
Role = get_role_model()
|
||||
Permission = get_permission_model()
|
||||
default_ou = get_default_ou()
|
||||
admin_op = get_operation(ADMIN_OP)
|
||||
|
||||
get_ou_model().objects.create(name='Orgunit1', slug='orgunit1')
|
||||
OrganizationalUnit.objects.create(name='Orgunit1', slug='orgunit1')
|
||||
role1 = Role.objects.create(name='Role 1', slug='role-1', ou=default_ou)
|
||||
perm1 = Permission.objects.create(
|
||||
operation=admin_op,
|
||||
|
@ -337,11 +334,10 @@ def test_check_and_repair_managers_of_roles(db, capsys):
|
|||
|
||||
|
||||
def test_check_and_delete_unused_permissions(db, capsys, simple_user):
|
||||
Permission = get_permission_model()
|
||||
role1 = get_role_model().objects.create(name='Role1', slug='role1')
|
||||
role1 = Role.objects.create(name='Role1', slug='role1')
|
||||
op1 = Operation.objects.create(slug='operation-1')
|
||||
used_perm = Permission.objects.create(
|
||||
operation=op1, target_id=role1.id, target_ct=ContentType.objects.get_for_model(get_role_model())
|
||||
operation=op1, target_id=role1.id, target_ct=ContentType.objects.get_for_model(Role)
|
||||
)
|
||||
role1.admin_scope = used_perm
|
||||
role1.save()
|
||||
|
|
|
@ -23,13 +23,11 @@ from django.contrib.auth.hashers import check_password, make_password
|
|||
from django.core import mail
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.csv_import import CsvHeader, CsvImporter, Error, LineError, UserCsvImporter
|
||||
from authentic2.custom_user.models import User
|
||||
from authentic2.models import Attribute
|
||||
from django_rbac.utils import get_role_model
|
||||
|
||||
Role = get_role_model()
|
||||
|
||||
ENCODINGS = [
|
||||
'iso-8859-1',
|
||||
|
|
|
@ -18,12 +18,9 @@ from datetime import date
|
|||
|
||||
import pytest
|
||||
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.custom_user.models import DeletedUser, User
|
||||
from authentic2.models import Attribute
|
||||
from django_rbac.utils import get_permission_model, get_role_model
|
||||
|
||||
Permission = get_permission_model()
|
||||
Role = get_role_model()
|
||||
|
||||
|
||||
def test_roles_and_parents(db):
|
||||
|
|
|
@ -17,7 +17,8 @@
|
|||
import pytest
|
||||
from django.core.exceptions import ValidationError
|
||||
|
||||
from authentic2.a2_rbac.models import RoleParenting
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
||||
from authentic2.a2_rbac.models import Role, RoleParenting
|
||||
from authentic2.data_transfer import (
|
||||
ExportContext,
|
||||
ImportContext,
|
||||
|
@ -30,10 +31,6 @@ from authentic2.data_transfer import (
|
|||
search_role,
|
||||
)
|
||||
from authentic2.utils.misc import get_hex_uuid
|
||||
from django_rbac.utils import get_ou_model, get_role_model
|
||||
|
||||
Role = get_role_model()
|
||||
OU = get_ou_model()
|
||||
|
||||
|
||||
def test_export_basic_role(db):
|
||||
|
|
|
@ -21,11 +21,11 @@ from django.test.client import Client, RequestFactory
|
|||
from django.test.utils import override_settings
|
||||
from django.utils.encoding import force_text
|
||||
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.constants import AUTHENTICATION_EVENTS_SESSION_KEY, NONCE_FIELD_NAME
|
||||
from authentic2_idp_cas import constants
|
||||
from authentic2_idp_cas.models import Attribute, Service, Ticket
|
||||
from django_rbac.utils import get_role_model
|
||||
|
||||
from .utils import Authentic2TestCase
|
||||
|
||||
|
@ -34,7 +34,6 @@ CAS_NAMESPACES = {
|
|||
}
|
||||
|
||||
User = get_user_model()
|
||||
Role = get_role_model()
|
||||
|
||||
|
||||
@override_settings(A2_IDP_CAS_ENABLE=True)
|
||||
|
|
|
@ -23,9 +23,7 @@ from django import VERSION
|
|||
from django.core import management
|
||||
from django.core.exceptions import ValidationError
|
||||
|
||||
from django_rbac.utils import get_role_model
|
||||
|
||||
Role = get_role_model()
|
||||
from authentic2.a2_rbac.models import Role
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
|
|
|
@ -32,13 +32,12 @@ from ldap.dn import escape_dn_chars
|
|||
from ldaptools.slapd import Slapd, has_slapd
|
||||
|
||||
from authentic2 import crypto, models
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.backends import ldap_backend
|
||||
from authentic2.models import Service
|
||||
from authentic2.utils import switch_user
|
||||
from authentic2.utils.misc import PasswordChangeError, authenticate
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
from . import utils
|
||||
|
||||
|
@ -503,8 +502,7 @@ def test_keep_password_true_or_false(slapd, settings, db):
|
|||
|
||||
@pytest.mark.django_db
|
||||
def test_custom_ou(slapd, settings, client):
|
||||
OU = get_ou_model()
|
||||
ou = OU.objects.create(name='test', slug='test')
|
||||
ou = OrganizationalUnit.objects.create(name='test', slug='test')
|
||||
settings.LDAP_AUTH_SETTINGS = [
|
||||
{
|
||||
'url': [slapd.ldap_url],
|
||||
|
@ -903,9 +901,8 @@ def test_multiple_slug_set_mandatory_roles(slapd, settings, db):
|
|||
|
||||
|
||||
def test_multiple_name_set_mandatory_roles(slapd, settings, db):
|
||||
OU = get_ou_model()
|
||||
ou1 = OU.objects.create(name='test1', slug='test1')
|
||||
ou2 = OU.objects.create(name='test2', slug='test2')
|
||||
ou1 = OrganizationalUnit.objects.create(name='test1', slug='test1')
|
||||
ou2 = OrganizationalUnit.objects.create(name='test2', slug='test2')
|
||||
Role.objects.create(name='tech', slug='foo', ou=ou1)
|
||||
Role.objects.create(name='tech', slug='bar', ou=ou2)
|
||||
settings.LDAP_AUTH_SETTINGS = [
|
||||
|
|
|
@ -28,20 +28,20 @@ from django.utils.encoding import force_bytes, force_str
|
|||
from webtest import Upload
|
||||
|
||||
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
||||
from authentic2.a2_rbac.models import Permission, Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.apps.journal.models import Event
|
||||
from authentic2.models import Service
|
||||
from authentic2.validators import EmailValidator
|
||||
from django_rbac.models import VIEW_OP
|
||||
from django_rbac.utils import get_operation, get_ou_model, get_permission_model, get_role_model
|
||||
from django_rbac.utils import get_operation
|
||||
|
||||
from .utils import assert_event, get_link_from_mail, login, request_select2
|
||||
|
||||
pytestmark = pytest.mark.django_db
|
||||
|
||||
OU = get_ou_model()
|
||||
User = get_user_model()
|
||||
Role = get_role_model()
|
||||
|
||||
|
||||
def test_manager_login(superuser_or_admin, app):
|
||||
|
@ -952,7 +952,7 @@ def test_manager_role_admin_permissions(app, simple_user, admin, simple_role):
|
|||
|
||||
# user can act on role inheritance
|
||||
role = Role.objects.create(name='test_role')
|
||||
view_role_perm = get_permission_model().objects.create(
|
||||
view_role_perm = Permission.objects.create(
|
||||
operation=get_operation(VIEW_OP), target_ct=ContentType.objects.get_for_model(Role), target_id=role.pk
|
||||
)
|
||||
simple_role.permissions.add(view_role_perm)
|
||||
|
@ -1026,12 +1026,12 @@ def test_manager_widget_fields_validation(app, simple_user, simple_role):
|
|||
forbidden_role = Role.objects.create(name='forbidden_role', ou=simple_user.ou)
|
||||
forbidden_user = User.objects.create(username='forbidden_user', ou=simple_user.ou)
|
||||
|
||||
view_role_perm = get_permission_model().objects.create(
|
||||
view_role_perm = Permission.objects.create(
|
||||
operation=get_operation(VIEW_OP),
|
||||
target_ct=ContentType.objects.get_for_model(Role),
|
||||
target_id=visible_role.pk,
|
||||
)
|
||||
view_user_perm = get_permission_model().objects.create(
|
||||
view_user_perm = Permission.objects.create(
|
||||
operation=get_operation(VIEW_OP),
|
||||
target_ct=ContentType.objects.get_for_model(User),
|
||||
target_id=visible_user.pk,
|
||||
|
@ -1067,7 +1067,7 @@ def test_manager_widget_fields_validation(app, simple_user, simple_role):
|
|||
form = ChooseUserRoleForm(request=request, data={'role': visible_role.pk, 'action': 'add'})
|
||||
assert error_message in form.errors['role'][0]
|
||||
|
||||
change_role_perm = get_permission_model().objects.create(
|
||||
change_role_perm = Permission.objects.create(
|
||||
operation=get_operation(MANAGE_MEMBERS_OP),
|
||||
target_ct=ContentType.objects.get_for_model(Role),
|
||||
target_id=visible_role.pk,
|
||||
|
@ -1141,7 +1141,7 @@ def test_manager_role_inheritance_list_search_permission(app, admin, simple_user
|
|||
|
||||
admin_of_simple_role.members.add(simple_user)
|
||||
for role in (visible_role, visible_role_2):
|
||||
view_role_perm = get_permission_model().objects.create(
|
||||
view_role_perm = Permission.objects.create(
|
||||
operation=get_operation(VIEW_OP),
|
||||
target_ct=ContentType.objects.get_for_model(Role),
|
||||
target_id=role.pk,
|
||||
|
|
|
@ -17,10 +17,10 @@
|
|||
|
||||
import pytest
|
||||
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.custom_user.models import User
|
||||
from authentic2.models import Attribute, Service
|
||||
from authentic2.utils.misc import ServiceAccessDenied
|
||||
from django_rbac.utils import get_role_model
|
||||
|
||||
|
||||
def test_attribute_disabled(db):
|
||||
|
@ -42,7 +42,7 @@ def test_attribute_disabled(db):
|
|||
|
||||
def test_service_authorize(db):
|
||||
service = Service.objects.create(name='foo', slug='foo')
|
||||
role = get_role_model().objects.create(name='foo')
|
||||
role = Role.objects.create(name='foo')
|
||||
service.authorized_roles.add(role)
|
||||
|
||||
user = User.objects.create()
|
||||
|
|
|
@ -18,13 +18,10 @@ import json
|
|||
|
||||
from webtest import Upload
|
||||
|
||||
from django_rbac.utils import get_ou_model, get_role_model
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
|
||||
from .utils import login
|
||||
|
||||
OU = get_ou_model()
|
||||
Role = get_role_model()
|
||||
|
||||
|
||||
def test_manager_ou_export(app, admin, ou1, role_ou1, ou2, role_ou2):
|
||||
response = login(app, admin, 'a2-manager-ous')
|
||||
|
@ -63,8 +60,8 @@ def test_manager_ou_import(app, admin, ou1, role_ou1, ou2, role_ou2):
|
|||
resp.form['site_json'] = Upload('export.json', json.dumps(export).encode(), 'application/json')
|
||||
resp = resp.form.submit().follow()
|
||||
|
||||
assert OU.objects.filter(name=ou1.name).exists()
|
||||
assert OU.objects.filter(name=ou2.name).exists()
|
||||
assert OrganizationalUnit.objects.filter(name=ou1.name).exists()
|
||||
assert OrganizationalUnit.objects.filter(name=ou2.name).exists()
|
||||
|
||||
export_response = response.click('Export')
|
||||
new_export = export_response.json
|
||||
|
|
|
@ -24,13 +24,9 @@ from webtest import Upload
|
|||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.custom_user.models import User
|
||||
from django_rbac.utils import get_ou_model, get_role_model
|
||||
|
||||
from .utils import login, text_content
|
||||
|
||||
OU = get_ou_model()
|
||||
Role = get_role_model()
|
||||
|
||||
|
||||
def test_manager_role_export(app, admin, ou1, role_ou1, ou2, role_ou2):
|
||||
import csv
|
||||
|
@ -382,7 +378,7 @@ def test_role_members_display_inheritance_info(app, superuser, settings, simple_
|
|||
assert 'Role a' in resp.text
|
||||
|
||||
# display OU if there are more than one
|
||||
ou1 = OU.objects.create(name='ou1')
|
||||
ou1 = OrganizationalUnit.objects.create(name='ou1')
|
||||
resp = app.get(url)
|
||||
for i, el in enumerate(resp.pyquery.find('a.role-inheritance-%s' % relation)):
|
||||
assert el.text == f'Default organizational unit - Role {i}'
|
||||
|
|
|
@ -27,6 +27,8 @@ from django.contrib.contenttypes.models import ContentType
|
|||
from django.urls import reverse
|
||||
from webtest import Upload
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
||||
from authentic2.a2_rbac.models import Permission, Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou, get_view_user_perm
|
||||
from authentic2.apps.journal.models import Event
|
||||
from authentic2.custom_user.models import User
|
||||
|
@ -34,12 +36,10 @@ from authentic2.manager import user_import
|
|||
from authentic2.models import Attribute, AttributeValue
|
||||
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
|
||||
from django_rbac.models import VIEW_OP
|
||||
from django_rbac.utils import get_operation, get_ou_model, get_permission_model, get_role_model
|
||||
from django_rbac.utils import get_operation
|
||||
|
||||
from .utils import get_link_from_mail, login, logout
|
||||
|
||||
OU = get_ou_model()
|
||||
|
||||
|
||||
def visible_users(response):
|
||||
return {elt.text for elt in response.pyquery('td.username')}
|
||||
|
@ -208,7 +208,7 @@ def test_create_user_choose_ou(app, superuser, simple_user, ou1, ou2):
|
|||
assert str(ou1.pk) in response.url
|
||||
|
||||
logout(app)
|
||||
view_user_role = get_role_model().objects.create(name='view_user', ou=simple_user.ou)
|
||||
view_user_role = Role.objects.create(name='view_user', ou=simple_user.ou)
|
||||
view_user_role.permissions.add(get_view_user_perm())
|
||||
simple_user.roles.add(view_user_role)
|
||||
response = login(app, simple_user, '/manage/users/')
|
||||
|
@ -1028,7 +1028,6 @@ def test_manager_user_address_autocomplete_field(app, superuser, simple_user):
|
|||
|
||||
|
||||
def test_manager_user_roles_visibility(app, simple_user, admin, ou1, ou2):
|
||||
Role = get_role_model()
|
||||
role1 = Role.objects.create(name='Role 1', slug='role1', ou=ou1)
|
||||
role2 = Role.objects.create(name='Role 2', slug='role2', ou=ou2)
|
||||
simple_user.roles.add(role1)
|
||||
|
@ -1048,7 +1047,7 @@ def test_manager_user_roles_visibility(app, simple_user, admin, ou1, ou2):
|
|||
other_user = get_user_model().objects.create(username='other_user', ou=ou1)
|
||||
other_user.set_password('auietsrn')
|
||||
other_role = Role.objects.create(name='Other role', slug='other-role', ou=ou1)
|
||||
view_role1_perm = get_permission_model().objects.create(
|
||||
view_role1_perm = Permission.objects.create(
|
||||
operation=get_operation(VIEW_OP),
|
||||
target_ct=ContentType.objects.get_for_model(Role),
|
||||
target_id=role1.pk,
|
||||
|
@ -1078,7 +1077,6 @@ def test_manager_user_authorizations(app, superuser, simple_user):
|
|||
from authentic2.a2_rbac.models import MANAGE_AUTHORIZATIONS_OP
|
||||
from tests.conftest import create_user
|
||||
|
||||
Role = get_role_model()
|
||||
user_detail_url = reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id})
|
||||
user_authorizations_url = reverse('a2-manager-user-authorizations', kwargs={'pk': simple_user.id})
|
||||
|
||||
|
@ -1103,7 +1101,7 @@ def test_manager_user_authorizations(app, superuser, simple_user):
|
|||
)
|
||||
assert OIDCAuthorization.objects.count() == 1
|
||||
|
||||
view_user_perm = get_permission_model().objects.create(
|
||||
view_user_perm = Permission.objects.create(
|
||||
operation=get_operation(VIEW_OP),
|
||||
target_ct=ContentType.objects.get_for_model(User),
|
||||
target_id=simple_user.pk,
|
||||
|
@ -1111,7 +1109,7 @@ def test_manager_user_authorizations(app, superuser, simple_user):
|
|||
view_user_role = Role.objects.create(name='view_user', ou=simple_user.ou)
|
||||
view_user_role.permissions.add(view_user_perm)
|
||||
|
||||
manage_auth_perm = get_permission_model().objects.create(
|
||||
manage_auth_perm = Permission.objects.create(
|
||||
operation=get_operation(MANAGE_AUTHORIZATIONS_OP),
|
||||
target_ct=ContentType.objects.get_for_model(User),
|
||||
target_id=simple_user.pk,
|
||||
|
|
|
@ -21,6 +21,7 @@ from django.contrib.sessions.middleware import SessionMiddleware
|
|||
from django.core import mail
|
||||
from django.utils.functional import lazy
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2.journal import Journal
|
||||
from authentic2.utils.lazy import lazy_join
|
||||
from authentic2.utils.misc import (
|
||||
|
@ -35,7 +36,6 @@ from authentic2.utils.misc import (
|
|||
send_templated_mail,
|
||||
user_can_change_password,
|
||||
)
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
|
||||
def test_good_next_url(db, rf, settings):
|
||||
|
@ -135,7 +135,7 @@ def test_remember_cookie(rf):
|
|||
|
||||
|
||||
def test_send_templated_mail_template_selection(simple_user):
|
||||
ou = get_ou_model().objects.create(slug='ou_name')
|
||||
ou = OrganizationalUnit.objects.create(slug='ou_name')
|
||||
simple_user.ou = ou
|
||||
default_template = 'default_mail_template'
|
||||
specific_template = 'custom_mail_template'
|
||||
|
|
Loading…
Reference in New Issue