Ne réinitialise pas systématiquement les permissions des rôles standards.

2022-03-21 22:07:34 +01:00 · 2022-03-21 22:07:34 +01:00 · 590c52c138
commit 590c52c138
parent 474f334755
6 changed files with 35 additions and 14 deletions
--- a/app/init.py
+++ b/app/init.py
@ -366,7 +366,7 @@ def user_db_init():

    current_app.logger.info("Init User's db")
    # Create roles:
-    Role.insert_roles()
+    Role.reset_standard_roles_permissions()
    current_app.logger.info("created initial roles")
    # Ensure that admin exists
    admin_mail = current_app.config.get("SCODOC_ADMIN_MAIL")
--- a/app/auth/models.py
+++ b/app/auth/models.py
@ -410,20 +410,30 @@ class Role(db.Model):
        return self.permissions & perm == perm

    @staticmethod
-    def insert_roles():
-        """Create default roles"""
+    def reset_standard_roles_permissions(reset_permissions=True):
+        """Create default roles if missing, then, if reset_permissions,
+        reset their permissions to default values.
+        """
        default_role = "Observateur"
        for role_name, permissions in SCO_ROLES_DEFAULTS.items():
            role = Role.query.filter_by(name=role_name).first()
            if role is None:
                role = Role(name=role_name)
-            role.reset_permissions()
-            for perm in permissions:
-                role.add_permission(perm)
-            role.default = role.name == default_role
-            db.session.add(role)
+                role.default = role.name == default_role
+                db.session.add(role)
+            if reset_permissions:
+                role.reset_permissions()
+                for perm in permissions:
+                    role.add_permission(perm)
+                db.session.add(role)
+
        db.session.commit()

+    @staticmethod
+    def ensure_standard_roles():
+        """Create default roles if missing"""
+        Role.reset_standard_roles_permissions(reset_permissions=False)
+
    @staticmethod
    def get_named_role(name):
        """Returns existing role with given name, or None."""
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@ -19,7 +19,7 @@ from app.auth.forms import (
    ResetPasswordForm,
    DeactivateUserForm,
 )
-from app.auth.models import Permission
+from app.auth.models import Role
 from app.auth.models import User
 from app.auth.email import send_password_reset_email
 from app.decorators import admin_required
@ -121,3 +121,11 @@ def reset_password(token):
        flash(_("Votre mot de passe a été changé."))
        return redirect(url_for("auth.login"))
    return render_template("auth/reset_password.html", form=form, user=user)
+
+
+@bp.route("/reset_standard_roles_permissions", methods=["GET", "POST"])
+@admin_required
+def reset_standard_roles_permissions():
+    Role.reset_standard_roles_permissions()
+    flash("rôles standard réinitialisés !")
+    return redirect(url_for("scodoc.configuration"))
--- a/app/templates/configuration.html
+++ b/app/templates/configuration.html
@ -36,12 +36,15 @@
    <h1>Gestion des images: logos, signatures, ...</h1>
        <div class="sco_help">Ces images peuvent être intégrées dans les documents 
        générés par ScoDoc: bulletins, PV, etc.</div>
-        <p><a href="{{url_for('scodoc.configure_logos')}}">configuration des images et logos</a>
+        <p><a class="stdlink" href="{{url_for('scodoc.configure_logos')}}">configuration des images et logos</a>
        </p>

    <h1>Exports Apogée</h1>
-        <p><a href="{{url_for('scodoc.config_codes_decisions')}}">configuration des codes de décision</a></p>
-        
+        <p><a class="stdlink" href="{{url_for('scodoc.config_codes_decisions')}}">configuration des codes de décision</a></p>
+    
+    <h1>Utilisateurs</h1>
+        <p><a class="stdlink" href="{{url_for('auth.reset_standard_roles_permissions')}}">remettre les permissions des 
+        rôles standards à leurs valeurs par défaut</a> (efface les modifications apportées)</p>
    </div>
 </form>

--- a/app/views/users.py
+++ b/app/views/users.py
@ -153,7 +153,7 @@ def create_user_form(user_name=None, edit=0, all_roles=False):
    "form. création ou édition utilisateur"
    if user_name is not None:  # scodoc7func converti en int !
        user_name = str(user_name)
-    Role.insert_roles()  # assure la mise à jour des rôles en base
+    Role.ensure_standard_roles()  # assure la présence des rôles en base
    auth_dept = current_user.dept
    from_mail = current_app.config["SCODOC_MAIL_FROM"]  # current_user.email
    initvalues = {}
--- a/tests/unit/test_users.py
+++ b/tests/unit/test_users.py
@ -40,7 +40,7 @@ def test_roles_permissions(test_client):
    role.remove_permission(perm)
    assert not role.has_permission(perm)
    # Default roles:
-    Role.insert_roles()
+    Role.reset_standard_roles_permissions()
    # Bien présents ?
    role_names = [r.name for r in Role.query.filter_by().all()]
    assert len(role_names) == len(SCO_ROLES_DEFAULTS)