diff --git a/app/__init__.py b/app/__init__.py index 76760bd79..a1862aaa7 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -366,7 +366,7 @@ def user_db_init(): current_app.logger.info("Init User's db") # Create roles: - Role.insert_roles() + Role.reset_standard_roles_permissions() current_app.logger.info("created initial roles") # Ensure that admin exists admin_mail = current_app.config.get("SCODOC_ADMIN_MAIL") diff --git a/app/auth/models.py b/app/auth/models.py index 544afc319..cfab21a9c 100644 --- a/app/auth/models.py +++ b/app/auth/models.py @@ -410,20 +410,30 @@ class Role(db.Model): return self.permissions & perm == perm @staticmethod - def insert_roles(): - """Create default roles""" + def reset_standard_roles_permissions(reset_permissions=True): + """Create default roles if missing, then, if reset_permissions, + reset their permissions to default values. + """ default_role = "Observateur" for role_name, permissions in SCO_ROLES_DEFAULTS.items(): role = Role.query.filter_by(name=role_name).first() if role is None: role = Role(name=role_name) - role.reset_permissions() - for perm in permissions: - role.add_permission(perm) - role.default = role.name == default_role - db.session.add(role) + role.default = role.name == default_role + db.session.add(role) + if reset_permissions: + role.reset_permissions() + for perm in permissions: + role.add_permission(perm) + db.session.add(role) + db.session.commit() + @staticmethod + def ensure_standard_roles(): + """Create default roles if missing""" + Role.reset_standard_roles_permissions(reset_permissions=False) + @staticmethod def get_named_role(name): """Returns existing role with given name, or None.""" diff --git a/app/auth/routes.py b/app/auth/routes.py index df3401515..24daa8ca0 100644 --- a/app/auth/routes.py +++ b/app/auth/routes.py @@ -19,7 +19,7 @@ from app.auth.forms import ( ResetPasswordForm, DeactivateUserForm, ) -from app.auth.models import Permission +from app.auth.models import Role from app.auth.models import User from app.auth.email import send_password_reset_email from app.decorators import admin_required @@ -121,3 +121,11 @@ def reset_password(token): flash(_("Votre mot de passe a été changé.")) return redirect(url_for("auth.login")) return render_template("auth/reset_password.html", form=form, user=user) + + +@bp.route("/reset_standard_roles_permissions", methods=["GET", "POST"]) +@admin_required +def reset_standard_roles_permissions(): + Role.reset_standard_roles_permissions() + flash("rôles standard réinitialisés !") + return redirect(url_for("scodoc.configuration")) diff --git a/app/templates/configuration.html b/app/templates/configuration.html index 823772de5..33912fbf9 100644 --- a/app/templates/configuration.html +++ b/app/templates/configuration.html @@ -36,12 +36,15 @@
configuration des images et logos +
configuration des images et logos
configuration des codes de décision
- +configuration des codes de décision
+ +remettre les permissions des + rôles standards à leurs valeurs par défaut (efface les modifications apportées)
diff --git a/app/views/users.py b/app/views/users.py index 06157cbce..10f1124dd 100644 --- a/app/views/users.py +++ b/app/views/users.py @@ -153,7 +153,7 @@ def create_user_form(user_name=None, edit=0, all_roles=False): "form. création ou édition utilisateur" if user_name is not None: # scodoc7func converti en int ! user_name = str(user_name) - Role.insert_roles() # assure la mise à jour des rôles en base + Role.ensure_standard_roles() # assure la présence des rôles en base auth_dept = current_user.dept from_mail = current_app.config["SCODOC_MAIL_FROM"] # current_user.email initvalues = {} diff --git a/tests/unit/test_users.py b/tests/unit/test_users.py index 8c429386c..21b13fb42 100644 --- a/tests/unit/test_users.py +++ b/tests/unit/test_users.py @@ -40,7 +40,7 @@ def test_roles_permissions(test_client): role.remove_permission(perm) assert not role.has_permission(perm) # Default roles: - Role.insert_roles() + Role.reset_standard_roles_permissions() # Bien présents ? role_names = [r.name for r in Role.query.filter_by().all()] assert len(role_names) == len(SCO_ROLES_DEFAULTS)