From aa208bef0060fa2bbad5a2639f232f52e8a052d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20S=C3=A9bille?= Date: Mon, 30 Dec 2024 11:22:13 +0100 Subject: [PATCH] users: Create an ACL group for Pilotage --- .../commands/sync_group_and_perms.py | 26 +++++++++++ .../test_sync_group_and_perms.ambr | 45 +++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/itou/users/management/commands/sync_group_and_perms.py b/itou/users/management/commands/sync_group_and_perms.py index 42eb8b4c5d..dad4367833 100644 --- a/itou/users/management/commands/sync_group_and_perms.py +++ b/itou/users/management/commands/sync_group_and_perms.py @@ -8,6 +8,7 @@ PERMS_DELETE = {"change", "delete", "view"} PERMS_ADD = {"add", "change", "view"} PERMS_EDIT = {"change", "view"} +PERMS_HIJACK = {"view", "hijack"} PERMS_READ = {"view"} @@ -82,6 +83,23 @@ def get_permissions_dict(): users_models.User: PERMS_ADD, users_models.JobSeekerProfile: PERMS_EDIT, } + group_pilotage_admin_permissions = { + analytics_models.StatsDashboardVisit: PERMS_READ, + approvals_models.Approval: PERMS_READ, + approvals_models.CancelledApproval: PERMS_READ, + approvals_models.PoleEmploiApproval: PERMS_READ, + approvals_models.Prolongation: PERMS_READ, + approvals_models.Suspension: PERMS_READ, + companies_models.Company: PERMS_READ, + companies_models.CompanyMembership: PERMS_READ, + institution_models.Institution: PERMS_ADD, + institution_models.InstitutionMembership: PERMS_ADD, + job_applications_models.JobApplication: PERMS_READ, + job_applications_models.JobApplicationTransitionLog: PERMS_READ, + prescribers_models.PrescriberOrganization: PERMS_READ, + prescribers_models.PrescriberMembership: PERMS_READ, + users_models.User: PERMS_HIJACK, + } return { "itou-admin": { @@ -100,6 +118,14 @@ def get_permissions_dict(): **{model: PERMS_READ for model in group_gps_admin_permissions}, **{model: PERMS_READ for model in always_read_only_models if model in group_gps_admin_permissions}, }, + "pilotage-admin": { + **group_pilotage_admin_permissions, + **{model: PERMS_READ for model in always_read_only_models if model in group_pilotage_admin_permissions}, + }, + "pilotage-admin-readonly": { + **{model: PERMS_READ for model in group_pilotage_admin_permissions}, + **{model: PERMS_READ for model in always_read_only_models if model in group_pilotage_admin_permissions}, + }, } diff --git a/tests/users/__snapshots__/test_sync_group_and_perms.ambr b/tests/users/__snapshots__/test_sync_group_and_perms.ambr index d0ab0e9203..f47c8891bb 100644 --- a/tests/users/__snapshots__/test_sync_group_and_perms.ambr +++ b/tests/users/__snapshots__/test_sync_group_and_perms.ambr @@ -160,12 +160,57 @@ 'view_user', ]) # --- +# name: test_command[pilotage-admin-readonly] + list([ + 'view_statsdashboardvisit', + 'view_approval', + 'view_cancelledapproval', + 'view_poleemploiapproval', + 'view_prolongation', + 'view_suspension', + 'view_company', + 'view_companymembership', + 'view_institution', + 'view_institutionmembership', + 'view_jobapplication', + 'view_jobapplicationtransitionlog', + 'view_prescribermembership', + 'view_prescriberorganization', + 'view_user', + ]) +# --- +# name: test_command[pilotage-admin] + list([ + 'view_statsdashboardvisit', + 'view_approval', + 'view_cancelledapproval', + 'view_poleemploiapproval', + 'view_prolongation', + 'view_suspension', + 'view_company', + 'view_companymembership', + 'add_institution', + 'change_institution', + 'view_institution', + 'add_institutionmembership', + 'change_institutionmembership', + 'view_institutionmembership', + 'view_jobapplication', + 'view_jobapplicationtransitionlog', + 'view_prescribermembership', + 'view_prescriberorganization', + 'hijack_user', + 'view_user', + ]) +# --- # name: test_command[stdout] ''' group name=gps-admin created group name=gps-admin-readonly created group name=itou-admin created group name=itou-admin-readonly created + group name=pilotage-admin created + group name=pilotage-admin-readonly created All done! '''