forked from ScoDoc/ScoDoc
Ne réinitialise pas systématiquement les permissions des rôles standards.
This commit is contained in:
parent
474f334755
commit
590c52c138
@ -366,7 +366,7 @@ def user_db_init():
|
|||||||
|
|
||||||
current_app.logger.info("Init User's db")
|
current_app.logger.info("Init User's db")
|
||||||
# Create roles:
|
# Create roles:
|
||||||
Role.insert_roles()
|
Role.reset_standard_roles_permissions()
|
||||||
current_app.logger.info("created initial roles")
|
current_app.logger.info("created initial roles")
|
||||||
# Ensure that admin exists
|
# Ensure that admin exists
|
||||||
admin_mail = current_app.config.get("SCODOC_ADMIN_MAIL")
|
admin_mail = current_app.config.get("SCODOC_ADMIN_MAIL")
|
||||||
|
@ -410,20 +410,30 @@ class Role(db.Model):
|
|||||||
return self.permissions & perm == perm
|
return self.permissions & perm == perm
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def insert_roles():
|
def reset_standard_roles_permissions(reset_permissions=True):
|
||||||
"""Create default roles"""
|
"""Create default roles if missing, then, if reset_permissions,
|
||||||
|
reset their permissions to default values.
|
||||||
|
"""
|
||||||
default_role = "Observateur"
|
default_role = "Observateur"
|
||||||
for role_name, permissions in SCO_ROLES_DEFAULTS.items():
|
for role_name, permissions in SCO_ROLES_DEFAULTS.items():
|
||||||
role = Role.query.filter_by(name=role_name).first()
|
role = Role.query.filter_by(name=role_name).first()
|
||||||
if role is None:
|
if role is None:
|
||||||
role = Role(name=role_name)
|
role = Role(name=role_name)
|
||||||
|
role.default = role.name == default_role
|
||||||
|
db.session.add(role)
|
||||||
|
if reset_permissions:
|
||||||
role.reset_permissions()
|
role.reset_permissions()
|
||||||
for perm in permissions:
|
for perm in permissions:
|
||||||
role.add_permission(perm)
|
role.add_permission(perm)
|
||||||
role.default = role.name == default_role
|
|
||||||
db.session.add(role)
|
db.session.add(role)
|
||||||
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def ensure_standard_roles():
|
||||||
|
"""Create default roles if missing"""
|
||||||
|
Role.reset_standard_roles_permissions(reset_permissions=False)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_named_role(name):
|
def get_named_role(name):
|
||||||
"""Returns existing role with given name, or None."""
|
"""Returns existing role with given name, or None."""
|
||||||
|
@ -19,7 +19,7 @@ from app.auth.forms import (
|
|||||||
ResetPasswordForm,
|
ResetPasswordForm,
|
||||||
DeactivateUserForm,
|
DeactivateUserForm,
|
||||||
)
|
)
|
||||||
from app.auth.models import Permission
|
from app.auth.models import Role
|
||||||
from app.auth.models import User
|
from app.auth.models import User
|
||||||
from app.auth.email import send_password_reset_email
|
from app.auth.email import send_password_reset_email
|
||||||
from app.decorators import admin_required
|
from app.decorators import admin_required
|
||||||
@ -121,3 +121,11 @@ def reset_password(token):
|
|||||||
flash(_("Votre mot de passe a été changé."))
|
flash(_("Votre mot de passe a été changé."))
|
||||||
return redirect(url_for("auth.login"))
|
return redirect(url_for("auth.login"))
|
||||||
return render_template("auth/reset_password.html", form=form, user=user)
|
return render_template("auth/reset_password.html", form=form, user=user)
|
||||||
|
|
||||||
|
|
||||||
|
@bp.route("/reset_standard_roles_permissions", methods=["GET", "POST"])
|
||||||
|
@admin_required
|
||||||
|
def reset_standard_roles_permissions():
|
||||||
|
Role.reset_standard_roles_permissions()
|
||||||
|
flash("rôles standard réinitialisés !")
|
||||||
|
return redirect(url_for("scodoc.configuration"))
|
||||||
|
@ -36,12 +36,15 @@
|
|||||||
<h1>Gestion des images: logos, signatures, ...</h1>
|
<h1>Gestion des images: logos, signatures, ...</h1>
|
||||||
<div class="sco_help">Ces images peuvent être intégrées dans les documents
|
<div class="sco_help">Ces images peuvent être intégrées dans les documents
|
||||||
générés par ScoDoc: bulletins, PV, etc.</div>
|
générés par ScoDoc: bulletins, PV, etc.</div>
|
||||||
<p><a href="{{url_for('scodoc.configure_logos')}}">configuration des images et logos</a>
|
<p><a class="stdlink" href="{{url_for('scodoc.configure_logos')}}">configuration des images et logos</a>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h1>Exports Apogée</h1>
|
<h1>Exports Apogée</h1>
|
||||||
<p><a href="{{url_for('scodoc.config_codes_decisions')}}">configuration des codes de décision</a></p>
|
<p><a class="stdlink" href="{{url_for('scodoc.config_codes_decisions')}}">configuration des codes de décision</a></p>
|
||||||
|
|
||||||
|
<h1>Utilisateurs</h1>
|
||||||
|
<p><a class="stdlink" href="{{url_for('auth.reset_standard_roles_permissions')}}">remettre les permissions des
|
||||||
|
rôles standards à leurs valeurs par défaut</a> (efface les modifications apportées)</p>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ def create_user_form(user_name=None, edit=0, all_roles=False):
|
|||||||
"form. création ou édition utilisateur"
|
"form. création ou édition utilisateur"
|
||||||
if user_name is not None: # scodoc7func converti en int !
|
if user_name is not None: # scodoc7func converti en int !
|
||||||
user_name = str(user_name)
|
user_name = str(user_name)
|
||||||
Role.insert_roles() # assure la mise à jour des rôles en base
|
Role.ensure_standard_roles() # assure la présence des rôles en base
|
||||||
auth_dept = current_user.dept
|
auth_dept = current_user.dept
|
||||||
from_mail = current_app.config["SCODOC_MAIL_FROM"] # current_user.email
|
from_mail = current_app.config["SCODOC_MAIL_FROM"] # current_user.email
|
||||||
initvalues = {}
|
initvalues = {}
|
||||||
|
@ -40,7 +40,7 @@ def test_roles_permissions(test_client):
|
|||||||
role.remove_permission(perm)
|
role.remove_permission(perm)
|
||||||
assert not role.has_permission(perm)
|
assert not role.has_permission(perm)
|
||||||
# Default roles:
|
# Default roles:
|
||||||
Role.insert_roles()
|
Role.reset_standard_roles_permissions()
|
||||||
# Bien présents ?
|
# Bien présents ?
|
||||||
role_names = [r.name for r in Role.query.filter_by().all()]
|
role_names = [r.name for r in Role.query.filter_by().all()]
|
||||||
assert len(role_names) == len(SCO_ROLES_DEFAULTS)
|
assert len(role_names) == len(SCO_ROLES_DEFAULTS)
|
||||||
|
Loading…
Reference in New Issue
Block a user