django_rbac: add method to list OUs covered by a permission (fixes #16653)

This commit is contained in:
Benjamin Dauvergne 2017-06-08 10:30:31 +02:00
parent 1fa1c09f08
commit 8fd02ed299
2 changed files with 31 additions and 1 deletions

View File

@ -233,3 +233,22 @@ class DjangoRBACBackend(object):
if self.has_perm(user_obj, perm):
return True
return perm in self.get_permission_cache(user_obj).get('ou.%s' % ou.pk, ())
def ous_with_perm(self, user_obj, perm, queryset=None):
OU = utils.get_ou_model()
qs = queryset or OU.objects.all()
if user_obj.is_anonymous():
return qs.empty()
if not user_obj.is_active:
return qs.empty()
if user_obj.is_superuser:
return qs
cache = self.get_permission_cache(user_obj)
ou_ids = []
for key in cache:
if key == '__all__' and perm in cache[key]:
return qs
if key.startswith('ou.') and perm in cache[key]:
ou_ids.append(int(key.split('.')[1]))
return qs.filter(id__in=ou_ids)

View File

@ -1,3 +1,4 @@
import pytest
import time
from django.contrib.auth import get_user_model
@ -117,7 +118,8 @@ def test_rbac_backend(db):
Permission = utils.get_permission_model()
User = get_user_model()
OU = utils.get_ou_model()
ou1 = OU.objects.create(name='ou1', slug='ou1')
ou1 = OU.objects.create(name=u'ou1', slug=u'ou1')
ou2 = OU.objects.create(name=u'ou2', slug=u'ou2')
user1 = User.objects.create(username='john.doe')
Role = utils.get_role_model()
ct_ct = ContentType.objects.get_for_model(ContentType)
@ -153,12 +155,15 @@ def test_rbac_backend(db):
ctx = CaptureQueriesContext(connection)
with ctx:
assert rbac_backend.get_all_permissions(user1) == set(['django_rbac.change_role',
'django_rbac.search_role',
'django_rbac.view_role'])
assert rbac_backend.get_all_permissions(user1, obj=role1) == set(['django_rbac.delete_role',
'django_rbac.change_role',
'django_rbac.search_role',
'django_rbac.view_role'])
assert rbac_backend.get_all_permissions(user1, obj=role2) == set(['django_rbac.change_role',
'django_rbac.view_role',
'django_rbac.search_role',
'django_rbac.add_role'])
assert not rbac_backend.has_perm(user1, 'django_rbac.delete_role', obj=role2)
assert rbac_backend.has_perm(user1, 'django_rbac.delete_role', obj=role1)
@ -191,10 +196,16 @@ def test_rbac_backend(db):
role3.permissions.add(perm5)
assert rbac_backend.get_all_permissions(user2) == set(['django_rbac.add_role',
'django_rbac.change_role',
'django_rbac.search_role',
'django_rbac.admin_role',
'django_rbac.view_role',
'django_rbac.delete_role'])
# test ous_with_perm
assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.add_role')) == set([ou1])
assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.view_role')) == set([ou1, ou2])
assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.delete_role')) == set([])
def test_all_members(db):
User = get_user_model()