django_rbac: add method to list OUs covered by a permission (fixes #16653)
This commit is contained in:
parent
1fa1c09f08
commit
8fd02ed299
|
@ -233,3 +233,22 @@ class DjangoRBACBackend(object):
|
|||
if self.has_perm(user_obj, perm):
|
||||
return True
|
||||
return perm in self.get_permission_cache(user_obj).get('ou.%s' % ou.pk, ())
|
||||
|
||||
def ous_with_perm(self, user_obj, perm, queryset=None):
|
||||
OU = utils.get_ou_model()
|
||||
qs = queryset or OU.objects.all()
|
||||
|
||||
if user_obj.is_anonymous():
|
||||
return qs.empty()
|
||||
if not user_obj.is_active:
|
||||
return qs.empty()
|
||||
if user_obj.is_superuser:
|
||||
return qs
|
||||
cache = self.get_permission_cache(user_obj)
|
||||
ou_ids = []
|
||||
for key in cache:
|
||||
if key == '__all__' and perm in cache[key]:
|
||||
return qs
|
||||
if key.startswith('ou.') and perm in cache[key]:
|
||||
ou_ids.append(int(key.split('.')[1]))
|
||||
return qs.filter(id__in=ou_ids)
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import pytest
|
||||
import time
|
||||
|
||||
from django.contrib.auth import get_user_model
|
||||
|
@ -117,7 +118,8 @@ def test_rbac_backend(db):
|
|||
Permission = utils.get_permission_model()
|
||||
User = get_user_model()
|
||||
OU = utils.get_ou_model()
|
||||
ou1 = OU.objects.create(name='ou1', slug='ou1')
|
||||
ou1 = OU.objects.create(name=u'ou1', slug=u'ou1')
|
||||
ou2 = OU.objects.create(name=u'ou2', slug=u'ou2')
|
||||
user1 = User.objects.create(username='john.doe')
|
||||
Role = utils.get_role_model()
|
||||
ct_ct = ContentType.objects.get_for_model(ContentType)
|
||||
|
@ -153,12 +155,15 @@ def test_rbac_backend(db):
|
|||
ctx = CaptureQueriesContext(connection)
|
||||
with ctx:
|
||||
assert rbac_backend.get_all_permissions(user1) == set(['django_rbac.change_role',
|
||||
'django_rbac.search_role',
|
||||
'django_rbac.view_role'])
|
||||
assert rbac_backend.get_all_permissions(user1, obj=role1) == set(['django_rbac.delete_role',
|
||||
'django_rbac.change_role',
|
||||
'django_rbac.search_role',
|
||||
'django_rbac.view_role'])
|
||||
assert rbac_backend.get_all_permissions(user1, obj=role2) == set(['django_rbac.change_role',
|
||||
'django_rbac.view_role',
|
||||
'django_rbac.search_role',
|
||||
'django_rbac.add_role'])
|
||||
assert not rbac_backend.has_perm(user1, 'django_rbac.delete_role', obj=role2)
|
||||
assert rbac_backend.has_perm(user1, 'django_rbac.delete_role', obj=role1)
|
||||
|
@ -191,10 +196,16 @@ def test_rbac_backend(db):
|
|||
role3.permissions.add(perm5)
|
||||
assert rbac_backend.get_all_permissions(user2) == set(['django_rbac.add_role',
|
||||
'django_rbac.change_role',
|
||||
'django_rbac.search_role',
|
||||
'django_rbac.admin_role',
|
||||
'django_rbac.view_role',
|
||||
'django_rbac.delete_role'])
|
||||
|
||||
# test ous_with_perm
|
||||
assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.add_role')) == set([ou1])
|
||||
assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.view_role')) == set([ou1, ou2])
|
||||
assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.delete_role')) == set([])
|
||||
|
||||
|
||||
def test_all_members(db):
|
||||
User = get_user_model()
|
||||
|
|
Loading…
Reference in New Issue