From ad2d35fed53f8d207610e6aa1eb54930024f3271 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Tue, 20 Sep 2022 16:38:46 +0200
Subject: [PATCH] auth_saml: move add role action to authenticators app
 (#53442)

---
 .../migrations/0005_addroleaction.py          | 60 +++++++++++++++++++
 src/authentic2/apps/authenticators/models.py  | 16 +++++
 src/authentic2/apps/authenticators/views.py   |  5 +-
 .../migrations/0012_move_add_role_action.py   | 20 +++++++
 src/authentic2_auth_saml/models.py            | 22 ++-----
 5 files changed, 105 insertions(+), 18 deletions(-)
 create mode 100644 src/authentic2/apps/authenticators/migrations/0005_addroleaction.py
 create mode 100644 src/authentic2_auth_saml/migrations/0012_move_add_role_action.py

diff --git a/src/authentic2/apps/authenticators/migrations/0005_addroleaction.py b/src/authentic2/apps/authenticators/migrations/0005_addroleaction.py
new file mode 100644
index 000000000..cf44b2c07
--- /dev/null
+++ b/src/authentic2/apps/authenticators/migrations/0005_addroleaction.py
@@ -0,0 +1,60 @@
+# Generated by Django 2.2.26 on 2022-09-20 15:20
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.RBAC_ROLE_MODEL),
+        ('authenticators', '0004_auto_20220726_1708'),
+        ('authentic2_auth_saml', '0012_move_add_role_action'),
+    ]
+
+    state_operations = [
+        migrations.CreateModel(
+            name='AddRoleAction',
+            fields=[
+                (
+                    'id',
+                    models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+                ),
+                (
+                    'condition',
+                    models.CharField(
+                        blank=True, editable=False, max_length=256, verbose_name='Condition (unused)'
+                    ),
+                ),
+                (
+                    'mandatory',
+                    models.BooleanField(default=False, editable=False, verbose_name='Mandatory (unused)'),
+                ),
+                (
+                    'authenticator',
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name='add_role_actions',
+                        to='authenticators.BaseAuthenticator',
+                    ),
+                ),
+                (
+                    'role',
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name='add_role_actions',
+                        to=settings.RBAC_ROLE_MODEL,
+                        verbose_name='Role',
+                    ),
+                ),
+            ],
+            options={
+                'verbose_name': 'Add a role',
+                'verbose_name_plural': 'Add roles',
+                'default_related_name': 'add_role_actions',
+            },
+        ),
+    ]
+
+    operations = [migrations.SeparateDatabaseAndState(state_operations=state_operations)]
diff --git a/src/authentic2/apps/authenticators/models.py b/src/authentic2/apps/authenticators/models.py
index f89d26acd..b15cb4713 100644
--- a/src/authentic2/apps/authenticators/models.py
+++ b/src/authentic2/apps/authenticators/models.py
@@ -27,6 +27,8 @@ from django.utils.translation import pgettext_lazy
 from django.utils.translation import ugettext_lazy as _
 
 from authentic2 import views
+from authentic2.a2_rbac.models import Role
+from authentic2.manager.utils import label_from_role
 from authentic2.utils.evaluate import condition_validator, evaluate_condition
 
 from .query import AuthenticatorManager
@@ -159,6 +161,20 @@ class AuthenticatorRelatedObjectBase(models.Model):
         return self._meta.verbose_name_plural
 
 
+class AddRoleAction(AuthenticatorRelatedObjectBase):
+    role = models.ForeignKey(Role, verbose_name=_('Role'), on_delete=models.CASCADE)
+    condition = models.CharField(_('Condition (unused)'), editable=False, max_length=256, blank=True)
+    mandatory = models.BooleanField(_('Mandatory (unused)'), editable=False, default=False)
+
+    class Meta:
+        default_related_name = 'add_role_actions'
+        verbose_name = _('Add a role')
+        verbose_name_plural = _('Add roles')
+
+    def __str__(self):
+        return label_from_role(self.role)
+
+
 class LoginPasswordAuthenticator(BaseAuthenticator):
     remember_me = models.PositiveIntegerField(
         _('Remember me duration'),
diff --git a/src/authentic2/apps/authenticators/views.py b/src/authentic2/apps/authenticators/views.py
index bc0b57bfb..cbf073d59 100644
--- a/src/authentic2/apps/authenticators/views.py
+++ b/src/authentic2/apps/authenticators/views.py
@@ -228,7 +228,10 @@ class AuthenticatorRelatedObjectMixin(MediaMixin, TitleMixin):
         model_name = kwargs.get('model_name')
         if model_name not in (x._meta.model_name for x in self.authenticator.related_models):
             raise Http404()
-        self.model = apps.get_model(self.authenticator._meta.app_label, model_name)
+        try:
+            self.model = apps.get_model(self.authenticator._meta.app_label, model_name)
+        except LookupError:
+            self.model = apps.get_model('authenticators', model_name)
 
         return super().dispatch(request, *args, **kwargs)
 
diff --git a/src/authentic2_auth_saml/migrations/0012_move_add_role_action.py b/src/authentic2_auth_saml/migrations/0012_move_add_role_action.py
new file mode 100644
index 000000000..c86f28bf8
--- /dev/null
+++ b/src/authentic2_auth_saml/migrations/0012_move_add_role_action.py
@@ -0,0 +1,20 @@
+# Generated by Django 2.2.26 on 2022-09-20 15:17
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentic2_auth_saml', '0011_alter_authenticator_foreign_key'),
+    ]
+
+    database_operations = [migrations.AlterModelTable('AddRoleAction', 'authenticators_addroleaction')]
+
+    state_operations = [migrations.DeleteModel('AddRoleAction')]
+
+    operations = [
+        migrations.SeparateDatabaseAndState(
+            database_operations=database_operations, state_operations=state_operations
+        )
+    ]
diff --git a/src/authentic2_auth_saml/models.py b/src/authentic2_auth_saml/models.py
index de276fe87..6222abba4 100644
--- a/src/authentic2_auth_saml/models.py
+++ b/src/authentic2_auth_saml/models.py
@@ -20,9 +20,11 @@ from django.core.exceptions import ValidationError
 from django.db import models
 from django.utils.translation import gettext_lazy as _
 
-from authentic2.a2_rbac.models import Role
-from authentic2.apps.authenticators.models import AuthenticatorRelatedObjectBase, BaseAuthenticator
-from authentic2.manager.utils import label_from_role
+from authentic2.apps.authenticators.models import (
+    AddRoleAction,
+    AuthenticatorRelatedObjectBase,
+    BaseAuthenticator,
+)
 from authentic2.utils.misc import redirect_to_login
 
 
@@ -268,17 +270,3 @@ class SetAttributeAction(AuthenticatorRelatedObjectBase):
         from authentic2.forms.widgets import SelectAttributeWidget
 
         return SelectAttributeWidget.get_options().get(self.user_field, self.user_field)
-
-
-class AddRoleAction(AuthenticatorRelatedObjectBase):
-    role = models.ForeignKey(Role, verbose_name=_('Role'), on_delete=models.CASCADE)
-    condition = models.CharField(_('Condition (unused)'), editable=False, max_length=256, blank=True)
-    mandatory = models.BooleanField(_('Mandatory (unused)'), editable=False, default=False)
-
-    class Meta:
-        default_related_name = 'add_role_actions'
-        verbose_name = _('Add a role')
-        verbose_name_plural = _('Add roles')
-
-    def __str__(self):
-        return label_from_role(self.role)