diff --git a/rolepermissions/migrations/0001_initial.py b/rolepermissions/migrations/0001_initial.py deleted file mode 100644 index 2ddc027..0000000 --- a/rolepermissions/migrations/0001_initial.py +++ /dev/null @@ -1,103 +0,0 @@ -# -*- coding: utf-8 -*- -import datetime -from south.db import db -from south.v2 import SchemaMigration -from django.db import models - - -# Safe User import for Django < 1.5 -try: - from django.contrib.auth import get_user_model -except ImportError: - from django.contrib.auth.models import User -else: - User = get_user_model() - -# With the default User model these will be 'auth.User' and 'auth.user' -# so instead of using orm['auth.User'] we can use orm[user_orm_label] -user_orm_label = '%s.%s' % (User._meta.app_label, User._meta.object_name) -user_model_label = '%s.%s' % (User._meta.app_label, User._meta.module_name) - - -class Migration(SchemaMigration): - - def forwards(self, orm): - # Adding model 'UserRole' - db.create_table(u'rolepermissions_userrole', ( - (u'id', self.gf('django.db.models.fields.AutoField')(primary_key=True)), - ('user', self.gf('django.db.models.fields.related.OneToOneField')(related_name='role', unique=True, to=orm[user_orm_label])), - ('role_name', self.gf('django.db.models.fields.CharField')(max_length=255)), - )) - db.send_create_signal(u'rolepermissions', ['UserRole']) - - # Adding model 'UserPermission' - db.create_table(u'rolepermissions_userpermission', ( - (u'id', self.gf('django.db.models.fields.AutoField')(primary_key=True)), - ('user', self.gf('django.db.models.fields.related.ForeignKey')(related_name='+', to=orm[user_orm_label])), - ('permission_name', self.gf('django.db.models.fields.CharField')(max_length=255)), - ('is_granted', self.gf('django.db.models.fields.BooleanField')(default=False)), - )) - db.send_create_signal(u'rolepermissions', ['UserPermission']) - - - def backwards(self, orm): - # Deleting model 'UserRole' - db.delete_table(u'rolepermissions_userrole') - - # Deleting model 'UserPermission' - db.delete_table(u'rolepermissions_userpermission') - - - models = { - u'auth.group': { - 'Meta': {'object_name': 'Group'}, - u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}), - 'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}) - }, - u'auth.permission': { - 'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'}, - 'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}), - 'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}), - u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}) - }, - user_model_label: { - 'Meta': {'object_name': User.__name__}, - 'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), - 'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}), - 'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), - 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}), - u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), - 'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), - 'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), - 'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), - 'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), - 'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}), - 'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}), - 'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'}) - }, - u'contenttypes.contenttype': { - 'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"}, - 'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), - u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}), - 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'}) - }, - u'rolepermissions.userpermission': { - 'Meta': {'object_name': 'UserPermission'}, - u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'is_granted': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), - 'permission_name': ('django.db.models.fields.CharField', [], {'max_length': '255'}), - 'user': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'+'", 'to': u"orm['%s']" % user_orm_label}) - }, - u'rolepermissions.userrole': { - 'Meta': {'object_name': 'UserRole'}, - u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'role_name': ('django.db.models.fields.CharField', [], {'max_length': '255'}), - 'user': ('django.db.models.fields.related.OneToOneField', [], {'related_name': "'role'", 'unique': 'True', 'to': u"orm['%s']" % user_orm_label}) - } - } - - complete_apps = ['rolepermissions'] diff --git a/rolepermissions/migrations/__init__.py b/rolepermissions/migrations/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/rolepermissions/models.py b/rolepermissions/models.py index 07db092..5fc6cf1 100644 --- a/rolepermissions/models.py +++ b/rolepermissions/models.py @@ -1,20 +1,2 @@ from django.db import models -from django.conf import settings - - -class UserRole(models.Model): - user = models.OneToOneField(settings.AUTH_USER_MODEL, related_name='role') - role_name = models.CharField(max_length=255) - - def __unicode__(self): - return self.user.get_full_name() + ' - ' + self.role_name - - -class UserPermission(models.Model): - user = models.ForeignKey(settings.AUTH_USER_MODEL, related_name='+') - permission_name = models.CharField(max_length=255) - is_granted = models.BooleanField(default=False) - - def __unicode__(self): - return self.user.get_full_name() + ' - ' + self.permission_name + ' - ' + str(self.is_granted) diff --git a/rolepermissions/roles.py b/rolepermissions/roles.py index 3ccdee5..a5958fc 100644 --- a/rolepermissions/roles.py +++ b/rolepermissions/roles.py @@ -1,10 +1,11 @@ import inspect import re - +from django.conf import settings from django.core.exceptions import ObjectDoesNotExist - -from rolepermissions.models import UserRole, UserPermission +from django.contrib.auth.models import Group, Permission +from django.contrib.contenttypes.models import ContentType +from django.contrib.auth import get_user_model def camelToSnake(s): @@ -53,36 +54,41 @@ def get_name(cls): @classmethod def assign_role_to_user(cls, user): - try: - user_role = UserRole.objects.get(user=user) - except ObjectDoesNotExist: - user_role = None - - UserPermission.objects.filter(user=user).delete() + old_groups = user.groups.all() + + if old_groups: + old_group = old_groups[0] + role = RolesManager.retrieve_role(old_group.name) + permissions_to_remove = Permission.objects.filter(codename__in=role.permission_list()).all() + user.user_permissions.remove(*permissions_to_remove) + user.groups.clear() + + group, created = Group.objects.get_or_create(name=cls.get_name()) + user.groups.add(group) + permissions_to_add = cls.get_default_true_permissions() + user.user_permissions.add(*permissions_to_add) + + return group - if not user_role: - user_role = UserRole(user=user) - - user_role.role_name = cls.get_name() - user_role.save() + @classmethod + def permission_list(cls): + return [key for (key, value) in cls.available_permissions.items()] - user.role = user_role + @classmethod + def get_default_true_permissions(cls): + permission_names = [key for (key, default) in cls.available_permissions.items() if default] - cls.assign_default_permissions(user) + user_type = ContentType.objects.get_for_model(get_user_model()) + permissions = list(Permission.objects.filter(content_type=user_type, codename__in=permission_names).all()) - return user_role + if len(permissions) != len(permission_names): + for permission_name in permission_names: + permission, created = Permission.objects.get_or_create(content_type=user_type, codename=permission_name) + if created: + permissions.append(permission) - @classmethod - def assign_default_permissions(cls, user): - role_permissions = cls.available_permissions - for permission in role_permissions: - UserPermission.objects.get_or_create( - user=user, permission_name=permission, - is_granted=role_permissions[permission]) + return permissions - @classmethod - def permission_list(cls): - return cls.available_permissions.keys() @classmethod def get_default(cls, permission_name): diff --git a/rolepermissions/tests/test_roles.py b/rolepermissions/tests/test_roles.py index 4cc766a..5cfd1c0 100644 --- a/rolepermissions/tests/test_roles.py +++ b/rolepermissions/tests/test_roles.py @@ -5,7 +5,7 @@ from model_mommy import mommy from rolepermissions.roles import RolesManager, AbstractUserRole -from rolepermissions.models import UserPermission + class RolRole1(AbstractUserRole): available_permissions = { @@ -40,51 +40,45 @@ def test_get_name(self): def test_assign_Role1_default_permissions(self): user = mommy.make(get_user_model()) - RolRole1.assign_default_permissions(user) - permissions = UserPermission.objects.filter(user=user) + RolRole1.assign_role_to_user(user) + permissions = user.user_permissions.all() - permission_hash = { p.permission_name: p.is_granted for p in permissions } + permission_list = [perm.codename for perm in permissions] - self.assertIn('permission1', permission_hash) - self.assertTrue(permission_hash['permission1']) - self.assertIn('permission2', permission_hash) - self.assertTrue(permission_hash['permission2']) + self.assertIn('permission1', permission_list) + self.assertIn('permission2', permission_list) self.assertEquals(len(permissions), 2) def test_assign_Role2_default_permissions(self): user = mommy.make(get_user_model()) - RolRole2.assign_default_permissions(user) - permissions = UserPermission.objects.filter(user=user) + RolRole2.assign_role_to_user(user) + permissions = user.user_permissions.all() - permission_hash = { p.permission_name: p.is_granted for p in permissions } + permission_list = [perm.codename for perm in permissions] - self.assertIn('permission3', permission_hash) - self.assertTrue(permission_hash['permission3']) - self.assertIn('permission4', permission_hash) - self.assertFalse(permission_hash['permission4']) - self.assertEquals(len(permissions), 2) + self.assertIn('permission3', permission_list) + self.assertNotIn('permission4', permission_list) + self.assertEquals(len(permissions), 1) def test_assign_Role3_default_permissions(self): user = mommy.make(get_user_model()) - RolRole3.assign_default_permissions(user) - permissions = UserPermission.objects.filter(user=user) + RolRole3.assign_role_to_user(user) + permissions = user.user_permissions.all() - permission_hash = { p.permission_name: p.is_granted for p in permissions } + permission_list = [perm.codename for perm in permissions] - self.assertIn('permission5', permission_hash) - self.assertFalse(permission_hash['permission5']) - self.assertIn('permission6', permission_hash) - self.assertFalse(permission_hash['permission6']) - self.assertEquals(len(permissions), 2) + self.assertNotIn('permission5', permission_list) + self.assertNotIn('permission6', permission_list) + self.assertEquals(len(permissions), 0) def test_assign_role_to_user(self): user = mommy.make(get_user_model()) user_role = RolRole1.assign_role_to_user(user) - self.assertEquals(user_role.role_name, 'rol_role1') + self.assertEquals(user_role.name, 'rol_role1') def test_instanciate_role(self): user = mommy.make(get_user_model()) @@ -98,20 +92,20 @@ def test_change_user_role(self): user_role = RolRole1.assign_role_to_user(user) - self.assertEquals(user_role.role_name, 'rol_role1') + self.assertEquals(user_role.name, 'rol_role1') user_role = RolRole2.assign_role_to_user(user) - self.assertEquals(user_role.role_name, 'rol_role2') + self.assertEquals(user_role.name, 'rol_role2') def test_delete_old_permissions_on_role_change(self): user = mommy.make(get_user_model()) RolRole1().assign_role_to_user(user) - permissions = UserPermission.objects.filter(user=user) + permissions = user.user_permissions.all() - permission_names = [n.permission_name for n in permissions] + permission_names = [n.codename for n in permissions] self.assertIn('permission1', permission_names) self.assertIn('permission2', permission_names) @@ -119,13 +113,15 @@ def test_delete_old_permissions_on_role_change(self): RolRole2.assign_role_to_user(user) - permissions = UserPermission.objects.filter(user=user) + permissions = user.user_permissions.all() - permission_names = [n.permission_name for n in permissions] + permission_names = [n.codename for n in permissions] + self.assertNotIn('permission1', permission_names) + self.assertNotIn('permission2', permission_names) self.assertIn('permission3', permission_names) - self.assertIn('permission4', permission_names) - self.assertEquals(len(permissions), 2) + self.assertNotIn('permission4', permission_names) + self.assertEquals(len(permissions), 1) def test_permission_list(self):