def rbac_activity_stream(instance, sender, **kwargs): # Only if we are associating/disassociating if kwargs['action'] in ['pre_add', 'pre_remove']: if hasattr( instance, 'content_type' ): # Duck typing, migration-independent isinstance(instance, Role) if instance.content_type_id is None and instance.singleton_name == ROLE_SINGLETON_SYSTEM_ADMINISTRATOR: # Skip entries for the system admin role because user serializer covers it # System auditor role is shown in the serializer, but its relationship is # managed separately, its value is incorrect, and a correction entry is needed return # This juggles which role to use, because could be A->B or B->A association if sender.__name__ == 'Role_parents': role = kwargs['model'].objects.filter( pk__in=kwargs['pk_set']).first() # don't record implicit creation / parents in activity stream if role is not None and is_implicit_parent( parent_role=role, child_role=instance): return else: role = instance # If a singleton role is the instance, the singleton role is acted on # otherwise the related object is considered to be acted on if instance.content_object: instance = instance.content_object else: # Association with actor, like role->user role = kwargs['model'].objects.filter( pk__in=kwargs['pk_set']).first() activity_stream_associate(sender, instance, role=role, **kwargs)
def rbac_activity_stream(instance, sender, **kwargs): user_type = ContentType.objects.get_for_model(User) # Only if we are associating/disassociating if kwargs['action'] in ['pre_add', 'pre_remove']: # Only if this isn't for the User.admin_role if hasattr(instance, 'content_type'): if instance.content_type in [None, user_type]: return elif sender.__name__ == 'Role_parents': role = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']).first() # don't record implicit creation / parents in activity stream if role is not None and is_implicit_parent(parent_role=role, child_role=instance): return else: role = instance instance = instance.content_object else: role = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']).first() activity_stream_associate(sender, instance, role=role, **kwargs)
def test_member_is_not_parent_of_admin_role(self, organization): assert not is_implicit_parent(parent_role=organization.member_role, child_role=organization.admin_role)
def test_second_level_is_not_an_implicit_parent_role( self, job_template, organization): assert not is_implicit_parent(parent_role=organization.member_role, child_role=job_template.admin_role)
def test_sys_admin_implicit_parent(self, organization, system_administrator): assert is_implicit_parent(parent_role=system_administrator, child_role=organization.admin_role)