Beispiel #1
0
def test_object_filter_error():
    r1 = Role(
        name='view',
        display_name='view',
        module_name='rbac.roles',
        class_name='ObjectRole',
        init_params={
            'app_name': 'cm',
            'model': 'qwe'
        },
    )
    r1.save()
    with pytest.raises(AdwpEx) as e:
        r1.filter()
    assert e.value.error_code == 'ROLE_FILTER_ERROR'

    r2 = Role(
        name='add',
        display_name='add',
        module_name='rbac.roles',
        class_name='ObjectRole',
        init_params={
            'app_name': 'qwe',
            'model': 'qwe'
        },
    )
    r2.save()
    with pytest.raises(AdwpEx) as e:
        r2.filter()
    assert e.value.error_code == 'ROLE_FILTER_ERROR'
Beispiel #2
0
def test_object_complex_filter():
    r = Role(
        name='view',
        module_name='rbac.roles',
        class_name='ObjectRole',
        init_params={
            'app_name': 'cm',
            'model': 'Action',
            'filter': {
                'name': 'start',
                'prototype__type': 'cluster',
                'prototype__name': 'Kafka',
                'prototype__bundle__name': 'Hadoop',
            },
        },
    )
    r.save()

    b1 = Bundle(name='Hadoop', version='1.0')
    b1.save()
    p1 = Prototype(bundle=b1, type='cluster', name='Kafka', version='1.0')
    p1.save()
    a1 = Action(prototype=p1, name='start')
    a1.save()
    a2 = Action(prototype=p1, name='stop')
    a2.save()

    assert [a1] == list(r.filter())
Beispiel #3
0
def upgrade_role(role: dict, data: dict) -> Role:
    """Upgrade single role"""
    perm_list = get_role_permissions(role, data['roles'])
    try:
        new_role = Role.objects.get(name=role['name'])
        new_role.permissions.clear()
    except Role.DoesNotExist:
        new_role = Role(name=role['name'])
        new_role.save()
    new_role.module_name = role['module_name']
    new_role.class_name = role['class_name']
    if 'init_params' in role:
        new_role.init_params = role['init_params']
    if 'description' in role:
        new_role.description = role['description']
    if 'display_name' in role:
        new_role.display_name = role['display_name']
    else:
        new_role.display_name = role['name']
    if 'parametrized_by' in role:
        new_role.parametrized_by_type = role['parametrized_by']
    if 'type' in role:
        new_role.type = role['type']
    for perm in perm_list:
        new_role.permissions.add(perm)
    for category_value in role.get('category', []):
        category = ProductCategory.objects.get(value=category_value)
        new_role.category.add(category)
    new_role.any_category = role.get('any_category', False)
    new_role.save()
    return new_role
Beispiel #4
0
 def post(self, request):
     res = dict(result=False)
     if 'id' in request.POST and request.POST['id']:
         role = get_object_or_404(Role, pk=request.POST.get('id'))
     else:
         role = Role()
     if request.POST.get('title'):
         role.title = request.POST.get('title')
         role.save()
         res['result'] = True
     return HttpResponse(json.dumps(res), content_type='application/json')
Beispiel #5
0
def prepare_hidden_roles(bundle: Bundle):
    """Prepares hidden roles"""
    hidden_roles = {}

    for act in Action.objects.filter(prototype__bundle=bundle):
        name_prefix = f'{act.prototype.type} action:'.title()
        name = f'{name_prefix} {act.display_name}'
        model = get_model_by_type(act.prototype.type)
        if act.prototype.type == 'component':
            serv_name = f'service_{act.prototype.parent.name}_'
        else:
            serv_name = ''
        role_name = (
            f'{bundle.name}_{bundle.version}_{bundle.edition}_{serv_name}'
            f'{act.prototype.type}_{act.prototype.display_name}_{act.name}')
        role = Role(
            name=role_name,
            display_name=role_name,
            description=
            (f'run action {act.name} of {act.prototype.type} {act.prototype.display_name}'
             ),
            bundle=bundle,
            type=RoleTypes.hidden,
            module_name='rbac.roles',
            class_name='ActionRole',
            init_params={
                'action_id': act.id,
                'app_name': 'cm',
                'model': model.__name__,
                'filter': {
                    'prototype__name': act.prototype.name,
                    'prototype__type': act.prototype.type,
                    'prototype__bundle_id': bundle.id,
                },
            },
            parametrized_by_type=[act.prototype.type],
        )
        role.save()
        if bundle.category:
            role.category.add(bundle.category)
        ct = ContentType.objects.get_for_model(model)
        perm, _ = Permission.objects.get_or_create(
            content_type=ct,
            codename=f'run_action_{act.display_name}',
            name=f'Can run {act.display_name} actions',
        )
        role.permissions.add(perm)
        if name not in hidden_roles:
            hidden_roles[name] = {
                'parametrized_by_type': act.prototype.type,
                'children': []
            }
        hidden_roles[name]['children'].append(role)
    return hidden_roles
Beispiel #6
0
def roleDetailView(request):
    if request.method == 'GET':

        ret = dict()
        if 'id' in request.GET and request.GET['id']:
            ret = dict(role=get_object_or_404(Role, pk=request.GET.get('id')))
        return render(request, 'system/rbac/role_detail.html', ret)

    else:
        res = dict(result=False)
        if 'id' in request.POST and request.POST['id']:
            role = get_object_or_404(Role, pk=request.POST.get('id'))
        else:
            role = Role()
        if request.POST.get('title'):
            role.title = request.POST.get('title')
            role.save()
            res['result'] = True
        return HttpResponse(json.dumps(res), content_type='application/json')
Beispiel #7
0
def role_update(role: Role, partial, **kwargs) -> Role:
    """Updating Role object"""
    child = kwargs.pop('child', [])
    parametrized_by = check_role_child(child, partial)
    kwargs['parametrized_by_type'] = parametrized_by
    kwargs.pop('name', None)
    for key, value in kwargs.items():
        setattr(role, key, value)
    try:
        role.save()
    except IntegrityError as exc:
        raise AdwpEx('ROLE_UPDATE_ERROR', msg=f'Role update failed with error {exc}') from exc

    if child:
        update_m2m_field(role.child, child)

    for policy in role.policy_set.all():
        policy.apply()
    return role
Beispiel #8
0
def test_object_filter():
    r = Role(
        name='view',
        module_name='rbac.roles',
        class_name='ObjectRole',
        init_params={
            'app_name': 'cm',
            'model': 'Bundle',
            'filter': {
                'name': 'Hadoop'
            },
        },
    )
    r.save()

    b1 = Bundle(name='Hadoop', version='1.0')
    b1.save()
    b2 = Bundle(name='Zookeper', version='1.0')
    b2.save()
    b3 = Bundle(name='Hadoop', version='2.0')
    b3.save()

    assert [b1, b3] == list(r.filter())
 
 for d in perlistdict:
     p = Permission()
     p.title = d[1][0]
     p.url = d[1][1]
     p.name = d[1][2]
     if d[0]:
         p.menu =  Menu.objects.get(title = d[0])
     p.save()
             
 # 角色 初始化 -- 3个角色(CEO、主管、普通用户) 
 
 # CEO -- 具有所有权限 
 r = Role()
 r.title = 'CEO'
 r.save()    
 r = Role.objects.get(title = 'CEO') 
 r.permissions.add(Permission.objects.get(title = '首页'),\
                   Permission.objects.get(title = '帮助文档'),\
                   Permission.objects.get(title = '上传文件'),\
                   Permission.objects.get(title = '下载文件'),\
                   
                   Permission.objects.get(title = '采购列表'),\
                   Permission.objects.get(title = '添加采购'),\
                   Permission.objects.get(title = '删除采购'),\
                   Permission.objects.get(title = '修改采购'),\
                   Permission.objects.get(title = '批量采购导入'),\
                   Permission.objects.get(title = '下载采购模板'),\
                   
                   Permission.objects.get(title = '送货列表'),\
                   Permission.objects.get(title = '添加送货'),\