création roles en cli

This commit is contained in:
Emmanuel Viennet 2021-09-13 23:06:42 +02:00
parent e98302070a
commit e6ff4c1460
3 changed files with 72 additions and 19 deletions

View File

@ -57,8 +57,8 @@ class Permission(object):
@staticmethod @staticmethod
def get_by_name(permission_name: str) -> int: def get_by_name(permission_name: str) -> int:
"""Return permission mode (integer bit field). May raise keyError.""" """Return permission mode (integer bit field), or None if it doesn't exist."""
return Permission.permission_by_name[permission_name] return Permission.permission_by_name.get(permission_name)
Permission.init_permissions() Permission.init_permissions()

View File

@ -97,11 +97,12 @@ def user_info(user_name, format="json", REQUEST=None):
@scodoc @scodoc
@permission_required(Permission.ScoUsersAdmin) @permission_required(Permission.ScoUsersAdmin)
@scodoc7func @scodoc7func
def create_user_form(REQUEST, user_name=None, edit=0): def create_user_form(REQUEST, user_name=None, edit=0, all_roles=1):
"form. creation ou edit utilisateur" "form. création ou edition utilisateur"
auth_dept = current_user.dept auth_dept = current_user.dept
initvalues = {} initvalues = {}
edit = int(edit) edit = int(edit)
all_roles = int(all_roles)
H = [html_sco_header.sco_header(bodyOnLoad="init_tf_form('')")] H = [html_sco_header.sco_header(bodyOnLoad="init_tf_form('')")]
F = html_sco_header.sco_footer() F = html_sco_header.sco_footer()
if edit: if edit:
@ -120,11 +121,19 @@ def create_user_form(REQUEST, user_name=None, edit=0):
H.append("""<p class="warning">Vous êtes super administrateur !</p>""") H.append("""<p class="warning">Vous êtes super administrateur !</p>""")
is_super_admin = True is_super_admin = True
if all_roles:
# tous sauf SuperAdmin
standard_roles = [
r
for r in Role.query.all()
if r.permissions != Permission.ALL_PERMISSIONS[0]
]
else:
# Les rôles standards créés à l'initialisation de ScoDoc: # Les rôles standards créés à l'initialisation de ScoDoc:
standard_roles = [ standard_roles = [
Role.get_named_role(r) for r in ("Ens", "Secr", "Admin", "RespPe") Role.get_named_role(r) for r in ("Ens", "Secr", "Admin", "RespPe")
] ]
# Rôles pouvant etre attribués aux utilisateurs via ce dialogue: # Départements auxquels ont peut associer des rôles via ce dialogue:
# si SuperAdmin, tous les rôles standards dans tous les départements # si SuperAdmin, tous les rôles standards dans tous les départements
# sinon, les départements dans lesquels l'utilisateur a le droit # sinon, les départements dans lesquels l'utilisateur a le droit
if is_super_admin: if is_super_admin:

View File

@ -6,9 +6,8 @@
""" """
import os
from pprint import pprint as pp from pprint import pprint as pp
import re
import sys import sys
import click import click
@ -151,6 +150,39 @@ def user_password(username, password=None): # user-password
click.echo(f"changed password for user {u}") click.echo(f"changed password for user {u}")
@app.cli.command()
@click.argument("rolename")
@click.argument("permissions", nargs=-1)
def create_role(rolename, permissions): # create-role
"""Create a new role"""
# Check rolename
if not re.match(r"^[a-zA-Z0-9]+$", rolename):
sys.stderr.write(f"create_role: invalid rolename {rolename}\n")
return 1
# Check permissions
permission_list = []
for permission_name in permissions:
perm = Permission.get_by_name(permission_name)
if not perm:
sys.stderr.write(f"create_role: invalid permission name {perm}\n")
sys.stderr.write(
f"\tavailable permissions: {', '.join([ name for name in Permission.permission_by_name])}.\n"
)
return 1
permission_list.append(perm)
role = Role.query.filter_by(name=rolename).first()
if role:
sys.stderr.write(f"create_role: role {rolename} already exists\n")
return 1
role = Role(name=rolename)
for perm in permission_list:
role.add_permission(perm)
db.session.add(role)
db.session.commit()
@app.cli.command() @app.cli.command()
@click.argument("rolename") @click.argument("rolename")
@click.option("-a", "--add", "addpermissionname") @click.option("-a", "--add", "addpermissionname")
@ -163,9 +195,8 @@ def edit_role(rolename, addpermissionname=None, removepermissionname=None): # e
Example: `flask edit-role -a ScoEditApo Ens` Example: `flask edit-role -a ScoEditApo Ens`
""" """
if addpermissionname: if addpermissionname:
try:
perm_to_add = Permission.get_by_name(addpermissionname) perm_to_add = Permission.get_by_name(addpermissionname)
except KeyError: if not perm_to_add:
sys.stderr.write( sys.stderr.write(
f"edit_role: permission {addpermissionname} does not exists\n" f"edit_role: permission {addpermissionname} does not exists\n"
) )
@ -173,9 +204,8 @@ def edit_role(rolename, addpermissionname=None, removepermissionname=None): # e
else: else:
perm_to_add = None perm_to_add = None
if removepermissionname: if removepermissionname:
try:
perm_to_remove = Permission.get_by_name(removepermissionname) perm_to_remove = Permission.get_by_name(removepermissionname)
except KeyError: if not perm_to_remove:
sys.stderr.write( sys.stderr.write(
f"edit_role: permission {removepermissionname} does not exists\n" f"edit_role: permission {removepermissionname} does not exists\n"
) )
@ -237,7 +267,7 @@ def create_dept(dept): # create-dept
@app.cli.command() @app.cli.command()
@with_appcontext @with_appcontext
def import_scodoc7_users(): # import-scodoc7-users def import_scodoc7_users(): # import-scodoc7-users
"""Import used defined in ScoDoc7 postgresql database into ScoDoc 9 """Import users defined in ScoDoc7 postgresql database into ScoDoc 9
The old database SCOUSERS must be alive and readable by the current user. The old database SCOUSERS must be alive and readable by the current user.
This script is typically run as unix user "scodoc". This script is typically run as unix user "scodoc".
The original SCOUSERS database is left unmodified. The original SCOUSERS database is left unmodified.
@ -263,7 +293,21 @@ def import_scodoc7_dept(dept: str, dept_db_name: str): # import-scodoc7-dept
def clear_cache(): # clear-cache def clear_cache(): # clear-cache
"""Clear ScoDoc cache """Clear ScoDoc cache
This cache (currently Redis) is persistent between invocation This cache (currently Redis) is persistent between invocation
and it may be necessary to clear it during developement or tests. and it may be necessary to clear it during development or tests.
""" """
clear_scodoc_cache() clear_scodoc_cache()
click.echo("Redis caches flushed.") click.echo("Redis caches flushed.")
def recursive_help(cmd, parent=None):
ctx = click.core.Context(cmd, info_name=cmd.name, parent=parent)
print(cmd.get_help(ctx))
print()
commands = getattr(cmd, "commands", {})
for sub in commands.values():
recursive_help(sub, ctx)
@app.cli.command()
def dumphelp():
recursive_help(app.cli)