[wip: pre-#57500, rebased]

todo: models.Meta.unique_together

src/authentic2/a2_rbac/admin.py

@@ -50,7 +50,6 @@ class RoleAdmin(admin.ModelAdmin):
         'slug',
         'description',
         'ou',
-        'members',
         'permissions',
         'admin_scope_ct',
         'admin_scope_id',
@@ -58,7 +57,7 @@ class RoleAdmin(admin.ModelAdmin):
     )
     readonly_fields = ('uuid',)
     prepopulated_fields = {"slug": ("name",)}
-    filter_horizontal = ('members', 'permissions')
+    filter_horizontal = ('permissions',)
     list_display = ('__str__', 'slug', 'ou', 'service', 'admin_scope')
     list_select_related = True
     list_filter = ['ou', 'service']

src/authentic2/a2_rbac/migrations/0029_auto_20220217_1047.py

@@ -0,0 +1,51 @@
+# Generated by Django 2.2.24 on 2022-02-17 09:47
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('a2_rbac', '0028_ou_home_url'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='RoleMember',
+            fields=[
+                (
+                    'id',
+                    models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+                ),
+                ('created', models.DateTimeField(auto_now_add=True, verbose_name='Creation date')),
+                ('deleted', models.DateTimeField(null=True, verbose_name='Deletion date')),
+                (
+                    'member',
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name='role_member_relation',
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+        ),
+        migrations.AlterField(
+            model_name='role',
+            name='members',
+            field=models.ManyToManyField(
+                blank=True, related_name='roles', through='a2_rbac.RoleMember', to=settings.AUTH_USER_MODEL
+            ),
+        ),
+        migrations.AddField(
+            model_name='rolemember',
+            name='role',
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name='role_member_relation',
+                to=settings.RBAC_ROLE_MODEL,
+            ),
+        ),
+    ]

src/authentic2/a2_rbac/models.py

@@ -16,6 +16,7 @@
 
 from collections import namedtuple
 
+from django.contrib.auth import get_user_model
 from django.contrib.contenttypes.fields import GenericForeignKey, GenericRelation
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ValidationError
@@ -216,6 +217,20 @@ Permission._meta.natural_key = [
 ]
 
 
+class RoleMember(models.Model):
+    role = models.ForeignKey(
+        rbac_utils.get_role_model_name(), on_delete=models.CASCADE, related_name='role_member_relation'
+    )
+    member = models.ForeignKey(
+        'custom_user.User', on_delete=models.CASCADE, related_name='role_member_relation'
+    )  # xxx getter function
+    created = models.DateTimeField(verbose_name=_('Creation date'), auto_now_add=True)
+    deleted = models.DateTimeField(verbose_name=_('Deletion date'), null=True)
+
+    # class Meta:
+    #     db_table = 'a2_rbac_role_members'
+
+
 class Role(RoleAbstractBase):
     name = models.TextField(verbose_name=_('name'))
     admin_scope_ct = models.ForeignKey(

src/authentic2/settings.py

@@ -199,6 +199,7 @@ AUTH_FRONTENDS = (
 RBAC_OU_MODEL = 'a2_rbac.OrganizationalUnit'
 RBAC_PERMISSION_MODEL = 'a2_rbac.Permission'
 RBAC_ROLE_MODEL = 'a2_rbac.Role'
+RBAC_ROLE_MEMBER_MODEL = 'a2_rbac.RoleMember'
 RBAC_ROLE_PARENTING_MODEL = 'a2_rbac.RoleParenting'
 
 #############################

src/django_rbac/constants.py

@@ -1,4 +1,5 @@
 RBAC_OU_MODEL_SETTING = 'RBAC_OU_MODEL'
 RBAC_ROLE_MODEL_SETTING = 'RBAC_ROLE_MODEL'
+RBAC_ROLE_MEMBER_MODEL_SETTING = 'RBAC_ROLE_MEMBER_MODEL'
 RBAC_ROLE_PARENTING_MODEL_SETTING = 'RBAC_ROLE_PARENTING_MODEL'
 RBAC_PERMISSION_MODEL_SETTING = 'RBAC_PERMISSION_MODEL'

src/django_rbac/migrations/0007_auto_20220217_1047.py

@@ -0,0 +1,36 @@
+# Generated by Django 2.2.24 on 2022-02-17 09:47
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('django_rbac', '0006_remove_operation_name'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='RoleMember',
+            fields=[
+                (
+                    'id',
+                    models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+                ),
+                ('created', models.DateTimeField(auto_now_add=True, verbose_name='Creation date')),
+                ('deleted', models.DateTimeField(null=True, verbose_name='Deletion date')),
+            ],
+            options={
+                'db_table': 'django_rbac_role_members',
+                'managed': False,
+            },
+        ),
+        migrations.AlterField(
+            model_name='role',
+            name='members',
+            field=models.ManyToManyField(
+                blank=True, related_name='roles', through='a2_rbac.RoleMember', to=settings.AUTH_USER_MODEL
+            ),
+        ),
+    ]

src/django_rbac/models.py

@@ -174,9 +174,25 @@ class Permission(PermissionAbstractBase):
         verbose_name_plural = _('permissions')
 
 
+class RoleMember(models.Model):
+    role = models.ForeignKey(utils.get_role_model_name(), on_delete=models.CASCADE)
+    member = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
+    created = models.DateTimeField(verbose_name=_('Creation date'), auto_now_add=True)
+    deleted = models.DateTimeField(verbose_name=_('Deletion date'), null=True)
+
+    class Meta:
+        db_table = 'django_rbac_role_members'
+        managed = False
+
+
 class RoleAbstractBase(AbstractOrganizationalUnitScopedBase, AbstractBase):
     members = models.ManyToManyField(
-        to=settings.AUTH_USER_MODEL, swappable=True, blank=True, related_name='roles'
+        to=settings.AUTH_USER_MODEL,
+        swappable=True,
+        blank=True,
+        related_name='roles',
+        through=utils.get_role_member_model_name(),
+        through_fields=['role', 'member'],
     )
     permissions = models.ManyToManyField(
         to=utils.get_permission_model_name(), related_name='roles', blank=True

src/django_rbac/utils.py

@@ -10,6 +10,7 @@ DEFAULT_MODELS = {
     constants.RBAC_OU_MODEL_SETTING: 'django_rbac.OrganizationalUnit',
     constants.RBAC_ROLE_PARENTING_MODEL_SETTING: 'django_rbac.RoleParenting',
     constants.RBAC_ROLE_MODEL_SETTING: 'django_rbac.Role',
+    constants.RBAC_ROLE_MEMBER_MODEL_SETTING: 'django_rbac.RoleMember',
     constants.RBAC_PERMISSION_MODEL_SETTING: 'django_rbac.Permission',
 }
 
@@ -41,6 +42,11 @@ def get_role_model_name():
     return get_swapped_model_name(constants.RBAC_ROLE_MODEL_SETTING)
 
 
+def get_role_member_model_name():
+    '''Returns the currently configured role model'''
+    return get_swapped_model_name(constants.RBAC_ROLE_MEMBER_MODEL_SETTING)
+
+
 def get_ou_model_name():
     '''Returns the currently configured organizational unit model'''
     return get_swapped_model_name(constants.RBAC_OU_MODEL_SETTING)
@@ -61,6 +67,11 @@ def get_role_model():
     return get_swapped_model(constants.RBAC_ROLE_MODEL_SETTING)
 
 
+def get_role_member_model():
+    '''Returns the currently configured role model'''
+    return get_swapped_model(constants.RBAC_ROLE_MEMBER_MODEL_SETTING)
+
+
 def get_ou_model():
     '''Returns the currently configured organizational unit model'''
     return get_swapped_model(constants.RBAC_OU_MODEL_SETTING)