Add more built-in roles

This commit is contained in:
grossmj 2023-09-02 18:15:00 +07:00
parent 0077fd98aa
commit 170f476733
3 changed files with 43 additions and 1 deletions

View File

@ -304,5 +304,44 @@ def add_privileges_to_default_roles(target, connection, **kw):
add_privileges_to_role(target, connection, "Auditor", auditor_privileges)
# add required privileges to the "Template manager" role
template_manager_privileges = (
"Template.Allocate",
"Template.Audit",
"Template.Modify",
"Symbol.Allocate",
"Symbol.Audit",
"Image.Allocate",
"Image.Audit",
"Appliance.Allocate",
"Appliance.Audit"
)
add_privileges_to_role(target, connection, "Template manager", template_manager_privileges)
# add required privileges to the "User manager" role
user_manager_privileges = (
"User.Allocate",
"User.Audit",
"User.Modify",
"Group.Allocate",
"Group.Audit",
"Group.Modify"
)
add_privileges_to_role(target, connection, "User manager", user_manager_privileges)
# add required privileges to the "ACL manager" role
acl_manager_privileges = (
"Role.Allocate",
"Role.Audit",
"Role.Modify",
"ACE.Allocate",
"ACE.Audit",
"ACE.Modify"
)
add_privileges_to_role(target, connection, "ACL manager", acl_manager_privileges)
connection.commit()
log.debug("Privileges have been added to the default roles in the database")

View File

@ -45,6 +45,9 @@ def create_default_roles(target, connection, **kw):
{"name": "Administrator", "description": "Administrator role", "is_builtin": True},
{"name": "User", "description": "User role", "is_builtin": True},
{"name": "Auditor", "description": "Role with read only access", "is_builtin": True},
{"name": "Template manager", "description": "Role to manage templates", "is_builtin": True},
{"name": "User manager", "description": "Role to manage users and groups", "is_builtin": True},
{"name": "ACL manager", "description": "Role to manage other roles and the ACL", "is_builtin": True},
{"name": "No Access", "description": "Role with no privileges (used to forbid access)", "is_builtin": True}
]

View File

@ -46,7 +46,7 @@ class TestRolesRoutes:
response = await client.get(app.url_path_for("get_roles"))
assert response.status_code == status.HTTP_200_OK
assert len(response.json()) == 5 # 4 default roles + role1
assert len(response.json()) == 8 # 7 default roles + role1
async def test_update_role(self, app: FastAPI, client: AsyncClient, db_session: AsyncSession) -> None: