def make_role(instance):
role = _make_loaded_role(instance, rolename, FieldPermission.NONE,
field_permissions)
if models_to_permit:
role.instance_permissions.add(
*Role.model_permissions(models_to_permit))
return role
def make_role(instance):
role = _make_loaded_role(instance, rolename, FieldPermission.NONE,
field_permissions)
if models_to_permit:
role.instance_permissions.add(
*Role.model_permissions(models_to_permit))
return role
def make_officer_role(instance):
"""
The officer role has permission to modify only a few fields,
and only a few models under test, but the officer is permitted to
modify them directly without moderation.
"""
permissions = (
('Plot', 'length', FieldPermission.WRITE_DIRECTLY),
('RainBarrel', 'capacity', FieldPermission.WRITE_DIRECTLY),
('Tree', 'diameter', FieldPermission.WRITE_DIRECTLY),
('Tree', 'height', FieldPermission.WRITE_DIRECTLY))
officer = _make_loaded_role(instance, 'officer', FieldPermission.NONE,
permissions)
models = [Model for Model in leaf_models_of_class(Authorizable)
if Model.__name__ in {'Plot', 'RainBarrel', 'Tree'}]
officer.instance_permissions.add(*Role.model_permissions(models))
officer.save()
return officer
def make_conjurer_role(instance):
"""
The conjurer role has permission to create and delete all models
under test and their related photo types,
but limited permission to read or write fields in them.
"""
permissions = (
('Plot', 'length', FieldPermission.WRITE_DIRECTLY),
('Tree', 'height', FieldPermission.WRITE_DIRECTLY))
conjurer = _make_loaded_role(instance, 'conjurer', FieldPermission.NONE,
permissions)
models = [Model for Model in leaf_models_of_class(Authorizable)
if Model.__name__ in {'Plot', 'RainBarrel', 'Tree'}]
ThroughModel = Role.instance_permissions.through
model_permissions = Role.model_permissions(models)
role_perms = [ThroughModel(role_id=conjurer.id, permission_id=perm.id)
for perm in model_permissions]
ThroughModel.objects.bulk_create(role_perms)
return conjurer
