forked from ScoDoc/ScoDoc
création roles en cli
This commit is contained in:
parent
e98302070a
commit
e6ff4c1460
@ -57,8 +57,8 @@ class Permission(object):
|
|||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_by_name(permission_name: str) -> int:
|
def get_by_name(permission_name: str) -> int:
|
||||||
"""Return permission mode (integer bit field). May raise keyError."""
|
"""Return permission mode (integer bit field), or None if it doesn't exist."""
|
||||||
return Permission.permission_by_name[permission_name]
|
return Permission.permission_by_name.get(permission_name)
|
||||||
|
|
||||||
|
|
||||||
Permission.init_permissions()
|
Permission.init_permissions()
|
||||||
|
@ -97,11 +97,12 @@ def user_info(user_name, format="json", REQUEST=None):
|
|||||||
@scodoc
|
@scodoc
|
||||||
@permission_required(Permission.ScoUsersAdmin)
|
@permission_required(Permission.ScoUsersAdmin)
|
||||||
@scodoc7func
|
@scodoc7func
|
||||||
def create_user_form(REQUEST, user_name=None, edit=0):
|
def create_user_form(REQUEST, user_name=None, edit=0, all_roles=1):
|
||||||
"form. creation ou edit utilisateur"
|
"form. création ou edition utilisateur"
|
||||||
auth_dept = current_user.dept
|
auth_dept = current_user.dept
|
||||||
initvalues = {}
|
initvalues = {}
|
||||||
edit = int(edit)
|
edit = int(edit)
|
||||||
|
all_roles = int(all_roles)
|
||||||
H = [html_sco_header.sco_header(bodyOnLoad="init_tf_form('')")]
|
H = [html_sco_header.sco_header(bodyOnLoad="init_tf_form('')")]
|
||||||
F = html_sco_header.sco_footer()
|
F = html_sco_header.sco_footer()
|
||||||
if edit:
|
if edit:
|
||||||
@ -120,11 +121,19 @@ def create_user_form(REQUEST, user_name=None, edit=0):
|
|||||||
H.append("""<p class="warning">Vous êtes super administrateur !</p>""")
|
H.append("""<p class="warning">Vous êtes super administrateur !</p>""")
|
||||||
is_super_admin = True
|
is_super_admin = True
|
||||||
|
|
||||||
|
if all_roles:
|
||||||
|
# tous sauf SuperAdmin
|
||||||
|
standard_roles = [
|
||||||
|
r
|
||||||
|
for r in Role.query.all()
|
||||||
|
if r.permissions != Permission.ALL_PERMISSIONS[0]
|
||||||
|
]
|
||||||
|
else:
|
||||||
# Les rôles standards créés à l'initialisation de ScoDoc:
|
# Les rôles standards créés à l'initialisation de ScoDoc:
|
||||||
standard_roles = [
|
standard_roles = [
|
||||||
Role.get_named_role(r) for r in ("Ens", "Secr", "Admin", "RespPe")
|
Role.get_named_role(r) for r in ("Ens", "Secr", "Admin", "RespPe")
|
||||||
]
|
]
|
||||||
# Rôles pouvant etre attribués aux utilisateurs via ce dialogue:
|
# Départements auxquels ont peut associer des rôles via ce dialogue:
|
||||||
# si SuperAdmin, tous les rôles standards dans tous les départements
|
# si SuperAdmin, tous les rôles standards dans tous les départements
|
||||||
# sinon, les départements dans lesquels l'utilisateur a le droit
|
# sinon, les départements dans lesquels l'utilisateur a le droit
|
||||||
if is_super_admin:
|
if is_super_admin:
|
||||||
|
60
scodoc.py
60
scodoc.py
@ -6,9 +6,8 @@
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
import os
|
|
||||||
from pprint import pprint as pp
|
from pprint import pprint as pp
|
||||||
|
import re
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
import click
|
import click
|
||||||
@ -151,6 +150,39 @@ def user_password(username, password=None): # user-password
|
|||||||
click.echo(f"changed password for user {u}")
|
click.echo(f"changed password for user {u}")
|
||||||
|
|
||||||
|
|
||||||
|
@app.cli.command()
|
||||||
|
@click.argument("rolename")
|
||||||
|
@click.argument("permissions", nargs=-1)
|
||||||
|
def create_role(rolename, permissions): # create-role
|
||||||
|
"""Create a new role"""
|
||||||
|
# Check rolename
|
||||||
|
if not re.match(r"^[a-zA-Z0-9]+$", rolename):
|
||||||
|
sys.stderr.write(f"create_role: invalid rolename {rolename}\n")
|
||||||
|
return 1
|
||||||
|
# Check permissions
|
||||||
|
permission_list = []
|
||||||
|
for permission_name in permissions:
|
||||||
|
perm = Permission.get_by_name(permission_name)
|
||||||
|
if not perm:
|
||||||
|
sys.stderr.write(f"create_role: invalid permission name {perm}\n")
|
||||||
|
sys.stderr.write(
|
||||||
|
f"\tavailable permissions: {', '.join([ name for name in Permission.permission_by_name])}.\n"
|
||||||
|
)
|
||||||
|
return 1
|
||||||
|
permission_list.append(perm)
|
||||||
|
|
||||||
|
role = Role.query.filter_by(name=rolename).first()
|
||||||
|
if role:
|
||||||
|
sys.stderr.write(f"create_role: role {rolename} already exists\n")
|
||||||
|
return 1
|
||||||
|
|
||||||
|
role = Role(name=rolename)
|
||||||
|
for perm in permission_list:
|
||||||
|
role.add_permission(perm)
|
||||||
|
db.session.add(role)
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
|
|
||||||
@app.cli.command()
|
@app.cli.command()
|
||||||
@click.argument("rolename")
|
@click.argument("rolename")
|
||||||
@click.option("-a", "--add", "addpermissionname")
|
@click.option("-a", "--add", "addpermissionname")
|
||||||
@ -163,9 +195,8 @@ def edit_role(rolename, addpermissionname=None, removepermissionname=None): # e
|
|||||||
Example: `flask edit-role -a ScoEditApo Ens`
|
Example: `flask edit-role -a ScoEditApo Ens`
|
||||||
"""
|
"""
|
||||||
if addpermissionname:
|
if addpermissionname:
|
||||||
try:
|
|
||||||
perm_to_add = Permission.get_by_name(addpermissionname)
|
perm_to_add = Permission.get_by_name(addpermissionname)
|
||||||
except KeyError:
|
if not perm_to_add:
|
||||||
sys.stderr.write(
|
sys.stderr.write(
|
||||||
f"edit_role: permission {addpermissionname} does not exists\n"
|
f"edit_role: permission {addpermissionname} does not exists\n"
|
||||||
)
|
)
|
||||||
@ -173,9 +204,8 @@ def edit_role(rolename, addpermissionname=None, removepermissionname=None): # e
|
|||||||
else:
|
else:
|
||||||
perm_to_add = None
|
perm_to_add = None
|
||||||
if removepermissionname:
|
if removepermissionname:
|
||||||
try:
|
|
||||||
perm_to_remove = Permission.get_by_name(removepermissionname)
|
perm_to_remove = Permission.get_by_name(removepermissionname)
|
||||||
except KeyError:
|
if not perm_to_remove:
|
||||||
sys.stderr.write(
|
sys.stderr.write(
|
||||||
f"edit_role: permission {removepermissionname} does not exists\n"
|
f"edit_role: permission {removepermissionname} does not exists\n"
|
||||||
)
|
)
|
||||||
@ -237,7 +267,7 @@ def create_dept(dept): # create-dept
|
|||||||
@app.cli.command()
|
@app.cli.command()
|
||||||
@with_appcontext
|
@with_appcontext
|
||||||
def import_scodoc7_users(): # import-scodoc7-users
|
def import_scodoc7_users(): # import-scodoc7-users
|
||||||
"""Import used defined in ScoDoc7 postgresql database into ScoDoc 9
|
"""Import users defined in ScoDoc7 postgresql database into ScoDoc 9
|
||||||
The old database SCOUSERS must be alive and readable by the current user.
|
The old database SCOUSERS must be alive and readable by the current user.
|
||||||
This script is typically run as unix user "scodoc".
|
This script is typically run as unix user "scodoc".
|
||||||
The original SCOUSERS database is left unmodified.
|
The original SCOUSERS database is left unmodified.
|
||||||
@ -263,7 +293,21 @@ def import_scodoc7_dept(dept: str, dept_db_name: str): # import-scodoc7-dept
|
|||||||
def clear_cache(): # clear-cache
|
def clear_cache(): # clear-cache
|
||||||
"""Clear ScoDoc cache
|
"""Clear ScoDoc cache
|
||||||
This cache (currently Redis) is persistent between invocation
|
This cache (currently Redis) is persistent between invocation
|
||||||
and it may be necessary to clear it during developement or tests.
|
and it may be necessary to clear it during development or tests.
|
||||||
"""
|
"""
|
||||||
clear_scodoc_cache()
|
clear_scodoc_cache()
|
||||||
click.echo("Redis caches flushed.")
|
click.echo("Redis caches flushed.")
|
||||||
|
|
||||||
|
|
||||||
|
def recursive_help(cmd, parent=None):
|
||||||
|
ctx = click.core.Context(cmd, info_name=cmd.name, parent=parent)
|
||||||
|
print(cmd.get_help(ctx))
|
||||||
|
print()
|
||||||
|
commands = getattr(cmd, "commands", {})
|
||||||
|
for sub in commands.values():
|
||||||
|
recursive_help(sub, ctx)
|
||||||
|
|
||||||
|
|
||||||
|
@app.cli.command()
|
||||||
|
def dumphelp():
|
||||||
|
recursive_help(app.cli)
|
||||||
|
Loading…
Reference in New Issue
Block a user