def make_role(instance): role = _make_loaded_role(instance, rolename, FieldPermission.NONE, field_permissions) if models_to_permit: role.instance_permissions.add( *Role.model_permissions(models_to_permit)) return role
def make_officer_role(instance): """ The officer role has permission to modify only a few fields, and only a few models under test, but the officer is permitted to modify them directly without moderation. """ permissions = ( ('Plot', 'length', FieldPermission.WRITE_DIRECTLY), ('RainBarrel', 'capacity', FieldPermission.WRITE_DIRECTLY), ('Tree', 'diameter', FieldPermission.WRITE_DIRECTLY), ('Tree', 'height', FieldPermission.WRITE_DIRECTLY)) officer = _make_loaded_role(instance, 'officer', FieldPermission.NONE, permissions) models = [Model for Model in leaf_models_of_class(Authorizable) if Model.__name__ in {'Plot', 'RainBarrel', 'Tree'}] officer.instance_permissions.add(*Role.model_permissions(models)) officer.save() return officer
def make_conjurer_role(instance): """ The conjurer role has permission to create and delete all models under test and their related photo types, but limited permission to read or write fields in them. """ permissions = ( ('Plot', 'length', FieldPermission.WRITE_DIRECTLY), ('Tree', 'height', FieldPermission.WRITE_DIRECTLY)) conjurer = _make_loaded_role(instance, 'conjurer', FieldPermission.NONE, permissions) models = [Model for Model in leaf_models_of_class(Authorizable) if Model.__name__ in {'Plot', 'RainBarrel', 'Tree'}] ThroughModel = Role.instance_permissions.through model_permissions = Role.model_permissions(models) role_perms = [ThroughModel(role_id=conjurer.id, permission_id=perm.id) for perm in model_permissions] ThroughModel.objects.bulk_create(role_perms) return conjurer