Ne réinitialise pas systématiquement les permissions des rôles standards.

This commit is contained in:
Emmanuel Viennet 2022-03-21 22:07:34 +01:00
parent 474f334755
commit 590c52c138
6 changed files with 35 additions and 14 deletions

@ -366,7 +366,7 @@ def user_db_init():
current_app.logger.info("Init User's db") current_app.logger.info("Init User's db")
# Create roles: # Create roles:
Role.insert_roles() Role.reset_standard_roles_permissions()
current_app.logger.info("created initial roles") current_app.logger.info("created initial roles")
# Ensure that admin exists # Ensure that admin exists
admin_mail = current_app.config.get("SCODOC_ADMIN_MAIL") admin_mail = current_app.config.get("SCODOC_ADMIN_MAIL")

@ -410,20 +410,30 @@ class Role(db.Model):
return self.permissions & perm == perm return self.permissions & perm == perm
@staticmethod @staticmethod
def insert_roles(): def reset_standard_roles_permissions(reset_permissions=True):
"""Create default roles""" """Create default roles if missing, then, if reset_permissions,
reset their permissions to default values.
"""
default_role = "Observateur" default_role = "Observateur"
for role_name, permissions in SCO_ROLES_DEFAULTS.items(): for role_name, permissions in SCO_ROLES_DEFAULTS.items():
role = Role.query.filter_by(name=role_name).first() role = Role.query.filter_by(name=role_name).first()
if role is None: if role is None:
role = Role(name=role_name) role = Role(name=role_name)
role.reset_permissions() role.default = role.name == default_role
for perm in permissions: db.session.add(role)
role.add_permission(perm) if reset_permissions:
role.default = role.name == default_role role.reset_permissions()
db.session.add(role) for perm in permissions:
role.add_permission(perm)
db.session.add(role)
db.session.commit() db.session.commit()
@staticmethod
def ensure_standard_roles():
"""Create default roles if missing"""
Role.reset_standard_roles_permissions(reset_permissions=False)
@staticmethod @staticmethod
def get_named_role(name): def get_named_role(name):
"""Returns existing role with given name, or None.""" """Returns existing role with given name, or None."""

@ -19,7 +19,7 @@ from app.auth.forms import (
ResetPasswordForm, ResetPasswordForm,
DeactivateUserForm, DeactivateUserForm,
) )
from app.auth.models import Permission from app.auth.models import Role
from app.auth.models import User from app.auth.models import User
from app.auth.email import send_password_reset_email from app.auth.email import send_password_reset_email
from app.decorators import admin_required from app.decorators import admin_required
@ -121,3 +121,11 @@ def reset_password(token):
flash(_("Votre mot de passe a été changé.")) flash(_("Votre mot de passe a été changé."))
return redirect(url_for("auth.login")) return redirect(url_for("auth.login"))
return render_template("auth/reset_password.html", form=form, user=user) return render_template("auth/reset_password.html", form=form, user=user)
@bp.route("/reset_standard_roles_permissions", methods=["GET", "POST"])
@admin_required
def reset_standard_roles_permissions():
Role.reset_standard_roles_permissions()
flash("rôles standard réinitialisés !")
return redirect(url_for("scodoc.configuration"))

@ -36,12 +36,15 @@
<h1>Gestion des images: logos, signatures, ...</h1> <h1>Gestion des images: logos, signatures, ...</h1>
<div class="sco_help">Ces images peuvent être intégrées dans les documents <div class="sco_help">Ces images peuvent être intégrées dans les documents
générés par ScoDoc: bulletins, PV, etc.</div> générés par ScoDoc: bulletins, PV, etc.</div>
<p><a href="{{url_for('scodoc.configure_logos')}}">configuration des images et logos</a> <p><a class="stdlink" href="{{url_for('scodoc.configure_logos')}}">configuration des images et logos</a>
</p> </p>
<h1>Exports Apogée</h1> <h1>Exports Apogée</h1>
<p><a href="{{url_for('scodoc.config_codes_decisions')}}">configuration des codes de décision</a></p> <p><a class="stdlink" href="{{url_for('scodoc.config_codes_decisions')}}">configuration des codes de décision</a></p>
<h1>Utilisateurs</h1>
<p><a class="stdlink" href="{{url_for('auth.reset_standard_roles_permissions')}}">remettre les permissions des
rôles standards à leurs valeurs par défaut</a> (efface les modifications apportées)</p>
</div> </div>
</form> </form>

@ -153,7 +153,7 @@ def create_user_form(user_name=None, edit=0, all_roles=False):
"form. création ou édition utilisateur" "form. création ou édition utilisateur"
if user_name is not None: # scodoc7func converti en int ! if user_name is not None: # scodoc7func converti en int !
user_name = str(user_name) user_name = str(user_name)
Role.insert_roles() # assure la mise à jour des rôles en base Role.ensure_standard_roles() # assure la présence des rôles en base
auth_dept = current_user.dept auth_dept = current_user.dept
from_mail = current_app.config["SCODOC_MAIL_FROM"] # current_user.email from_mail = current_app.config["SCODOC_MAIL_FROM"] # current_user.email
initvalues = {} initvalues = {}

@ -40,7 +40,7 @@ def test_roles_permissions(test_client):
role.remove_permission(perm) role.remove_permission(perm)
assert not role.has_permission(perm) assert not role.has_permission(perm)
# Default roles: # Default roles:
Role.insert_roles() Role.reset_standard_roles_permissions()
# Bien présents ? # Bien présents ?
role_names = [r.name for r in Role.query.filter_by().all()] role_names = [r.name for r in Role.query.filter_by().all()]
assert len(role_names) == len(SCO_ROLES_DEFAULTS) assert len(role_names) == len(SCO_ROLES_DEFAULTS)