src/authentic2/manager/forms.py

@@ -515,6 +515,8 @@ class OUSearchForm(FormWithRequest):
 class RoleSearchForm(ServiceRoleSearchForm, OUSearchForm):
     ou_permission = 'a2_rbac.search_role'
 
+    admin_roles = forms.BooleanField(label=_('Show admin roles of other roles'), required=False)
+
 
 class UserRoleSearchForm(OUSearchForm, ServiceRoleSearchForm):
     ou_permission = 'a2_rbac.change_role'

src/authentic2/manager/role_views.py

@@ -179,6 +179,7 @@ class RoleMembersView(views.HideOUColumnMixin, RoleViewMixin, views.BaseSubTable
     search_form_class = forms.RoleMembersSearchForm
     permissions = ['a2_rbac.view_role']
     slug_field = 'uuid'
+    admin_roles = True
 
     @property
     def table_class(self):
@@ -420,6 +421,12 @@ class RoleParentsView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTable
     success_url = '.'
     slug_field = 'uuid'
 
+    @property
+    def admin_roles(self):
+        if not hasattr(self, 'search_form'):
+            return False
+        return self.search_form.cleaned_data.get('admin_roles', False)
+
     def dispatch(self, request, *args, **kwargs):
         if self.get_object().is_internal():
             raise PermissionDenied

src/authentic2/manager/templates/authentic2/manager/roles_inheritance.html

@@ -10,6 +10,17 @@
 {% block extrascripts %}
   {{ block.super }}
   <script src="{% static "authentic2/manager/js/roles_ajax_checkbox.js" %}"></script>
+  <script>
+    $(function () {
+      $('input[type=checkbox][name=search-internals]').change(function() {
+        if(this.checked)
+          $('#id_search-admin_roles_p').show();
+        else
+          $('#id_search-admin_roles_p').hide();
+        return;
+      }).change();
+    });
+  </script>
 {% endblock %}
 
 {% block main %}

tests/test_role_manager.py

@@ -435,6 +435,30 @@ def test_role_members_display_role_parents(app, superuser, settings, simple_role
     ]
 
 
+def test_role_members_display_role_parents_search(app, superuser, simple_role):
+    Role.objects.create(name='Role 1', ou=get_default_ou())
+
+    url = reverse('a2-manager-role-members', kwargs={'pk': simple_role.pk})
+    resp = login(app, superuser, url)
+
+    resp = resp.click('Edit', href='parents')
+    assert [el.text_content() for el in resp.pyquery.find('tbody td.name')] == ['Role 1']
+
+    resp.form['search-internals'] = True
+    resp = resp.form.submit()
+    roles = [el.text_content() for el in resp.pyquery.find('tbody td.name')]
+    assert 'Role 1' in roles
+    assert 'Manager' in roles
+    assert 'Managers of role "simple role"' not in roles
+
+    resp.form['search-admin_roles'] = True
+    resp = resp.form.submit()
+    roles = [el.text_content() for el in resp.pyquery.find('tbody td.name')]
+    assert 'Role 1' in roles
+    assert 'Manager' in roles
+    assert 'Managers of role "simple role"' in roles
+
+
 def test_role_members_user_role_mixed_table(app, superuser, settings, simple_role, simple_user):
     simple_user.roles.add(simple_role)
 
@@ -665,3 +689,11 @@ def test_role_table_ordering(app, admin):
         'É role',
         'Z role',
     ]
+
+
+def test_manager_view_admin_role(app, admin, simple_role):
+    login(app, admin)
+
+    resp = app.get('/manage/roles/%s/' % simple_role.get_admin_role().pk)
+    assert 'Managers of role "simple role"' in resp.text
+    assert 'This role is technical, you cannot delete it.' in resp.text