forked from ScoDoc/ScoDoc
Ne réinitialise pas systématiquement les permissions des rôles standards.
This commit is contained in:
parent
474f334755
commit
590c52c138
@ -366,7 +366,7 @@ def user_db_init():
|
||||
|
||||
current_app.logger.info("Init User's db")
|
||||
# Create roles:
|
||||
Role.insert_roles()
|
||||
Role.reset_standard_roles_permissions()
|
||||
current_app.logger.info("created initial roles")
|
||||
# Ensure that admin exists
|
||||
admin_mail = current_app.config.get("SCODOC_ADMIN_MAIL")
|
||||
|
@ -410,20 +410,30 @@ class Role(db.Model):
|
||||
return self.permissions & perm == perm
|
||||
|
||||
@staticmethod
|
||||
def insert_roles():
|
||||
"""Create default roles"""
|
||||
def reset_standard_roles_permissions(reset_permissions=True):
|
||||
"""Create default roles if missing, then, if reset_permissions,
|
||||
reset their permissions to default values.
|
||||
"""
|
||||
default_role = "Observateur"
|
||||
for role_name, permissions in SCO_ROLES_DEFAULTS.items():
|
||||
role = Role.query.filter_by(name=role_name).first()
|
||||
if role is None:
|
||||
role = Role(name=role_name)
|
||||
role.reset_permissions()
|
||||
for perm in permissions:
|
||||
role.add_permission(perm)
|
||||
role.default = role.name == default_role
|
||||
db.session.add(role)
|
||||
role.default = role.name == default_role
|
||||
db.session.add(role)
|
||||
if reset_permissions:
|
||||
role.reset_permissions()
|
||||
for perm in permissions:
|
||||
role.add_permission(perm)
|
||||
db.session.add(role)
|
||||
|
||||
db.session.commit()
|
||||
|
||||
@staticmethod
|
||||
def ensure_standard_roles():
|
||||
"""Create default roles if missing"""
|
||||
Role.reset_standard_roles_permissions(reset_permissions=False)
|
||||
|
||||
@staticmethod
|
||||
def get_named_role(name):
|
||||
"""Returns existing role with given name, or None."""
|
||||
|
@ -19,7 +19,7 @@ from app.auth.forms import (
|
||||
ResetPasswordForm,
|
||||
DeactivateUserForm,
|
||||
)
|
||||
from app.auth.models import Permission
|
||||
from app.auth.models import Role
|
||||
from app.auth.models import User
|
||||
from app.auth.email import send_password_reset_email
|
||||
from app.decorators import admin_required
|
||||
@ -121,3 +121,11 @@ def reset_password(token):
|
||||
flash(_("Votre mot de passe a été changé."))
|
||||
return redirect(url_for("auth.login"))
|
||||
return render_template("auth/reset_password.html", form=form, user=user)
|
||||
|
||||
|
||||
@bp.route("/reset_standard_roles_permissions", methods=["GET", "POST"])
|
||||
@admin_required
|
||||
def reset_standard_roles_permissions():
|
||||
Role.reset_standard_roles_permissions()
|
||||
flash("rôles standard réinitialisés !")
|
||||
return redirect(url_for("scodoc.configuration"))
|
||||
|
@ -36,12 +36,15 @@
|
||||
<h1>Gestion des images: logos, signatures, ...</h1>
|
||||
<div class="sco_help">Ces images peuvent être intégrées dans les documents
|
||||
générés par ScoDoc: bulletins, PV, etc.</div>
|
||||
<p><a href="{{url_for('scodoc.configure_logos')}}">configuration des images et logos</a>
|
||||
<p><a class="stdlink" href="{{url_for('scodoc.configure_logos')}}">configuration des images et logos</a>
|
||||
</p>
|
||||
|
||||
<h1>Exports Apogée</h1>
|
||||
<p><a href="{{url_for('scodoc.config_codes_decisions')}}">configuration des codes de décision</a></p>
|
||||
<p><a class="stdlink" href="{{url_for('scodoc.config_codes_decisions')}}">configuration des codes de décision</a></p>
|
||||
|
||||
<h1>Utilisateurs</h1>
|
||||
<p><a class="stdlink" href="{{url_for('auth.reset_standard_roles_permissions')}}">remettre les permissions des
|
||||
rôles standards à leurs valeurs par défaut</a> (efface les modifications apportées)</p>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
|
@ -153,7 +153,7 @@ def create_user_form(user_name=None, edit=0, all_roles=False):
|
||||
"form. création ou édition utilisateur"
|
||||
if user_name is not None: # scodoc7func converti en int !
|
||||
user_name = str(user_name)
|
||||
Role.insert_roles() # assure la mise à jour des rôles en base
|
||||
Role.ensure_standard_roles() # assure la présence des rôles en base
|
||||
auth_dept = current_user.dept
|
||||
from_mail = current_app.config["SCODOC_MAIL_FROM"] # current_user.email
|
||||
initvalues = {}
|
||||
|
@ -40,7 +40,7 @@ def test_roles_permissions(test_client):
|
||||
role.remove_permission(perm)
|
||||
assert not role.has_permission(perm)
|
||||
# Default roles:
|
||||
Role.insert_roles()
|
||||
Role.reset_standard_roles_permissions()
|
||||
# Bien présents ?
|
||||
role_names = [r.name for r in Role.query.filter_by().all()]
|
||||
assert len(role_names) == len(SCO_ROLES_DEFAULTS)
|
||||
|
Loading…
Reference in New Issue
Block a user