entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 32 Releases Activity

manager: remove role permission views (#77410)
gitea/authentic/pipeline/head This commit looks good Details

This commit is contained in:
Valentin Deniaud 2023-05-17 17:23:10 +02:00
parent d511b5ab60
commit e68e520521
7 changed files with 2 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/authentic2/manager/forms.py
View File

@ -23,7 +23,6 @@ from io import StringIO
from django import forms
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import ValidationError
from django.core.validators import validate_slug
from django.urls import reverse
@ -33,7 +32,7 @@ from django.utils.translation import pgettext
from django_select2.forms import HeavySelect2Widget
from authentic2 import app_settings as a2_app_settings
from authentic2.a2_rbac.models import Operation, OrganizationalUnit, Permission, Role
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.a2_rbac.utils import generate_slug, get_default_ou
from authentic2.custom_user.backends import DjangoRBACBackend
from authentic2.forms.fields import (
@ -144,16 +143,6 @@ class ChooseUserAuthorizationsForm(CssClass, forms.Form):
authorization = fields.ChooseUserAuthorizationsField()
class ChoosePermissionForm(CssClass, forms.Form):
operation = forms.ModelChoiceField(required=False, label=_('Operation'), queryset=Operation.objects)
ou = forms.ModelChoiceField(
label=_('Organizational unit'), queryset=OrganizationalUnit.objects, required=False
)
target = forms.ModelChoiceField(label=_('Target object'), required=False, queryset=ContentType.objects)
action = forms.CharField(initial='add', required=False, widget=forms.HiddenInput)
permission = forms.ModelChoiceField(queryset=Permission.objects, required=False, widget=forms.HiddenInput)
class UserEditForm(LimitQuerysetFormMixin, CssClass, BaseUserForm):
css_class = "user-form"
form_id = "id_user_edit_form"

56
src/authentic2/manager/role_views.py
View File

@ -343,62 +343,6 @@ class RoleDeleteView(RoleViewMixin, views.BaseDeleteView):
delete = RoleDeleteView.as_view()
class RolePermissionsView(RoleViewMixin, views.BaseSubTableView):
template_name = 'authentic2/manager/role_permissions.html'
table_class = tables.PermissionTable
form_class = forms.ChoosePermissionForm
success_url = '.'
permissions = ['a2_rbac.admin_permission']
title = _('Permissions')
def get_table_queryset(self):
return self.object.permissions.all()
def form_valid(self, form):
if self.can_change:
operation = form.cleaned_data.get('operation')
ou = form.cleaned_data.get('ou')
target = form.cleaned_data.get('target')
action = form.cleaned_data.get('action')
if action == 'add' and operation and target:
perm, dummy = Permission.objects.get_or_create(
operation=operation,
ou=ou,
target_ct=ContentType.objects.get_for_model(target),
target_id=target.pk,
)
self.object.permissions.add(perm)
hooks.call_hooks(
'event',
name='manager-add-permission',
user=self.request.user,
role=self.object,
permission=perm,
)
elif action == 'remove':
try:
permission_id = int(self.request.POST.get('permission', ''))
perm = Permission.objects.get(id=permission_id)
except (ValueError, Permission.DoesNotExist):
pass
else:
if self.object.permissions.filter(id=permission_id).exists():
self.object.permissions.remove(perm)
hooks.call_hooks(
'event',
name='manager-remove-permission',
user=self.request.user,
role=self.object,
permission=perm,
)
else:
messages.warning(self.request, _('You are not authorized'))
return super().form_valid(form)
permissions = RolePermissionsView.as_view()
class RoleMembersExportView(views.ExportMixin, RoleMembersView):
resource_class = resources.UserResource
permissions = ['a2_rbac.view_role']

14
src/authentic2/manager/tables.py
View File

@ -24,7 +24,7 @@ from django.utils.translation import gettext_lazy as _
from django.utils.translation import gettext_noop
from django_tables2.utils import A
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.middleware import StoreRequestMiddleware
from authentic2.models import Service
from authentic2_idp_oidc.models import OIDCAuthorization
@ -186,18 +186,6 @@ class RoleTable(Table):
order_by = ('name',)
class PermissionTable(Table):
operation = tables.Column()
scope = tables.Column()
target = tables.Column()
class Meta(Table.Meta):
model = Permission
attrs = {'class': 'main', 'id': 'role-table'}
fields = ('operation', 'scope', 'target')
empty_text = _('None')
class OUTable(Table):
name = tables.LinkColumn(
viewname='a2-manager-ou-detail',

3
src/authentic2/manager/templates/authentic2/manager/role_members.html
View File

@ -38,9 +38,6 @@
{% else %}
<li><a class="disabled" title="{% trans "This role is technical, you cannot delete it." %}" href="#">{% trans "Delete" %}</a></li>
{% endif %}
{% if perms.a2_rbac.admin_permission %}
<li><a href="{% url "a2-manager-role-permissions" pk=object.pk %}">{% trans "Permissions" %}</a></li>
{% endif %}
<li><a href="{% url "a2-manager-role-journal" pk=object.pk %}">{% trans "Journal" %}</a></li>
{% if view.can_manage_members %}
<li><a href="{% url "a2-manager-role-children" pk=object.pk %}">{% trans "Add a role as a member" %}</a></li>

36
src/authentic2/manager/templates/authentic2/manager/role_permissions.html
View File

@ -1,36 +0,0 @@
{% extends "authentic2/manager/role_common.html" %}
{% load i18n static django_tables2 %}
{% block page-title %}{% trans "Permissions" %} | {{ block.super }}{% endblock %}
{% block breadcrumb %}
{{ block.super }}
<a href="..">{{ object }}</a>
<a href="#">{% trans "Permissions" %}</a>
{% endblock %}
{% block appbar %}
{{ block.super }}
<span class="actions">
{% if view.can_delete %}
<a rel="popup" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
{% endif %}
{% if view.can_change and not object.is_internal %}
<a href="{% url "a2-manager-role-edit" pk=object.pk %}">{% trans "Edit" %}</a>
{% endif %}
<a href="{% url "a2-manager-role-members" pk=object.pk %}">{% trans "Members" %}</a>
</span>
{% endblock %}
{% block main %}
<div class="role-info">
{% render_table table "authentic2/manager/role_permissions_table.html" %}
</div>
{% if perms.a2_rbac.change_role %}
<form method="post" id="add-role-permission">
{% csrf_token %}
{{ form }}
<button>{% trans "Add" %}</button>
</form>
{% endif %}
{% endblock %}

10
src/authentic2/manager/templates/authentic2/manager/role_permissions_table.html
View File

@ -1,10 +0,0 @@
{% extends "authentic2/manager/table.html" %}
{% load i18n %}
{% block table.head.last.column %}
<th></th>
{% endblock %}
{% block table.tbody.last.column %}
<td class="remove-icon-column">{% if table.context.view.can_change %}<a class="js-remove-object" href="#" data-pk-arg="permission"><span class="icon-remove-sign"></span></a>{% endif %}</td>
{% endblock %}

1
src/authentic2/manager/urls.py
View File

@ -154,7 +154,6 @@ urlpatterns = required(
),
path('roles/<int:pk>/delete/', role_views.delete, name='a2-manager-role-delete'),
path('roles/<int:pk>/edit/', role_views.edit, name='a2-manager-role-edit'),
path('roles/<int:pk>/permissions/', role_views.permissions, name='a2-manager-role-permissions'),
path('roles/<int:pk>/journal/', role_views.journal, name='a2-manager-role-journal'),
re_path(
r'^roles/(?P<pk>\d+)/user-or-role-select2.json$',