misc: add possibility of internal roles (#36485)

2019-09-27 13:14:49 +02:00 · 2019-09-27 13:14:49 +02:00 · 776db6d218
parent bd7ae65c8e
commit 776db6d218
7 changed files with 49 additions and 4 deletions
--- a/tests/test_admin_pages.py
+++ b/tests/test_admin_pages.py
@ -629,6 +629,17 @@ def test_form_submitter_roles(pub):
    resp = resp.follow()
    assert FormDef.get(formdef.id).required_authentication_contexts == ['fedict']

+    # check internal roles are not advertised
+    role2 = Role(name='internal')
+    role2.internal = True
+    role2.store()
+
+    resp = app.get('/backoffice/forms/1/')
+    resp = resp.click(href=re.compile('^roles$'))
+    assert len(resp.form['roles$element0'].options) == 3  # None, Logged users, foobar
+    with pytest.raises(ValueError):
+        resp.form['roles$element0'] = str(role2.id)
+
 def test_form_workflow_role(pub):
    create_superuser(pub)
    role = create_role()
--- a/tests/test_hobo_notify.py
+++ b/tests/test_hobo_notify.py
@ -159,6 +159,32 @@ def test_process_notification_role(pub):
    assert Role.select()[0].emails == ['petite-enfance@example.com']
    assert Role.select()[0].emails_to_members is True

+def test_process_notification_internal_role(pub):
+    Role.wipe()
+
+    notification = {
+        '@type': u'provision',
+        'audience': [u'test'],
+        'full': True,
+        'objects': {
+            '@type': 'role',
+            'data': [
+                {
+                    'name': u'Service enfance',
+                    'slug': u'_service-enfance',
+                    'details': u'Rôle du service petite enfance',
+                    'uuid': u'12345',
+                    'emails': [u'petite-enfance@example.com'],
+                    'emails_to_members': False,
+                },
+            ]
+        }
+    }
+    CmdHoboNotify.process_notification(notification)
+    assert Role.count() == 1
+    role = Role.select()[0]
+    assert role.is_internal()
+
 def test_process_notification_role_description(pub):
    User = pub.user_class

--- a/wcs/admin/settings.py
+++ b/wcs/admin/settings.py
@ -570,6 +570,8 @@ class SettingsDirectory(QommonSettingsDirectory):
        value = []
        roles = list(Role.select(order_by='name'))
        for role in roles:
+            if role.is_internal():
+                continue
            rows.append(role.name)
            value.append([role.allows_backoffice_access])
            for k in permission_keys:
--- a/wcs/admin/users.py
+++ b/wcs/admin/users.py
@ -63,7 +63,7 @@ class UserUI(object):
                    add_element_label = _('Add Role'),
                    element_kwargs = {
                        'render_br': False,
-                        'options': [(None, '---', None)] + [(x.id, x.name, x.id) for x in roles]})
+                        'options': [(None, '---', None)] + [(x.id, x.name, x.id) for x in roles if not x.is_internal()]})

        for klass in [x for x in ident.get_method_classes() if x.key in ident_methods]:
            if klass.method_admin_widget:
--- a/wcs/api.py
+++ b/wcs/api.py
@ -827,7 +827,8 @@ class ApiDirectory(Directory):
        list_roles = []
        charset = get_publisher().site_charset
        for role in Role.select():
-            list_roles.append(role.get_json_export_dict())
+            if not role.is_internal():
+                list_roles.append(role.get_json_export_dict())
        get_response().set_content_type('application/json')
        return json.dumps({'err': 0, 'data': list_roles})

--- a/wcs/ctl/hobo_notify.py
+++ b/wcs/ctl/hobo_notify.py
@ -133,6 +133,8 @@ class CmdHoboNotify(Command):
                role.emails = emails
                role.details = details
                role.emails_to_members = emails_to_members
+                if role.slug.startswith('_'):
+                    role.internal = True
                role.store()
            elif action == 'deprovision':
                # Deprovision
--- a/wcs/roles.py
+++ b/wcs/roles.py
@ -26,6 +26,7 @@ class Role(StorableObject):
    name = None
    uuid = None
    slug = None
+    internal = False
    details = None
    emails = None
    emails_to_members = False
@ -72,6 +73,9 @@ class Role(StorableObject):
        emails.extend([x.email for x in users_with_roles if x.email])
        return emails

+    def is_internal(self):
+        return self.internal
+
    def get_substitution_variables(self, prefix=''):
        data = {}
        data[prefix + 'name'] = self.name
@ -125,6 +129,5 @@ def logged_users_role():


 def get_user_roles():
-    t = sorted([(misc.simplify(x.name), x.id, x.name, x.id) for x in Role.select()])
+    t = sorted([(misc.simplify(x.name), x.id, x.name, x.id) for x in Role.select() if not x.is_internal()])
    return [x[1:] for x in t]
-