Manage roles and permissions via the django admin UserAdmin Groups and Permissions.

rolepermissions/admin.py

@@ -1,2 +1,31 @@
+from django.conf import settings
+from django.contrib import admin, auth
+from django.contrib.auth.admin import UserAdmin
+from rolepermissions import roles
 
-from django.contrib import admin
+ROLEPERMISSIONS_REGISTER_ADMIN = getattr(settings, 'ROLEPERMISSIONS_REGISTER_ADMIN', False)
+UserModel = auth.get_user_model()
+
+
+class RolePermissionsUserAdminMixin(object):
+    """ Must be mixed in with an UserAdmin class"""
+    def save_related(self, request, form, formsets, change):
+        super(RolePermissionsUserAdminMixin, self).save_related(request, form, formsets, change)
+        # re-load and take a copy of user's newly saved roles
+        user = UserModel.objects.get(pk=form.instance.pk)
+        groups = list(user.groups.all())
+        # reset user's roles to match the list of groups just saved
+        roles.clear_roles(user)
+        for g in groups :
+            try :
+                roles.assign_role(user, g.name)
+            except roles.RoleDoesNotExist :
+                pass
+
+
+class RolePermissionsUserAdmin(RolePermissionsUserAdminMixin, UserAdmin):
+    pass
+
+if ROLEPERMISSIONS_REGISTER_ADMIN:
+    admin.site.unregister(UserModel)
+    admin.site.register(UserModel, RolePermissionsUserAdmin)

rolepermissions/management/commands/sync_roles.py

@@ -0,0 +1,27 @@
+from django.conf import settings
+from django.core.management.base import BaseCommand
+from django.contrib.auth.models import Group
+from django.contrib.auth import get_user_model
+from rolepermissions import roles
+
+UserModel = get_user_model()
+
+class Command(BaseCommand):
+    ROLEPERMISSIONS_MODULE = getattr(settings, 'ROLEPERMISSIONS_MODULE', 'roles.py')
+    help = "Synchronize auth Groups and Permissions with UserRoles defined in %s."%ROLEPERMISSIONS_MODULE
+
+    def handle(self, *args, **options):
+        # Sync auth.Group with current registered roles (leaving existing groups intact!)
+        for role in roles.RolesManager.get_roles() :
+            group, created = Group.objects.get_or_create(name=role.get_name())
+            if created:
+                self.stdout.write("Created Group: %s from Role: %s"%(group.name, role.get_name()))
+            # Sync auth.Permission with permissions for this role
+            role.get_default_true_permissions()
+
+        # Push any permission changes made to roles and remove any unregistered roles from all auth.Users
+        for user in UserModel.objects.all():
+            user_roles = roles.get_user_roles(user)
+            roles.clear_roles(user)
+            for role in user_roles:
+                roles.assign_role(user, role)

rolepermissions/permissions.py

@@ -6,7 +6,7 @@
 
 from rolepermissions.exceptions import (
     RolePermissionScopeException, CheckerNotRegistered)
-from rolepermissions.roles import get_user_roles
+from rolepermissions.roles import get_user_roles, get_or_create_permission
 
 
 class PermissionsManager(object):
@@ -37,9 +37,7 @@ def fuction_decorator(func):
 
 def get_permission(permission_name):
     """Get a Permission object from a permission name."""
-    user_ct = ContentType.objects.get_for_model(get_user_model())
-    permission, _created = Permission.objects.get_or_create(
-        content_type=user_ct, codename=permission_name)
+    permission, created = get_or_create_permission(permission_name)
 
     return permission
 

rolepermissions/roles.py

@@ -8,7 +8,7 @@
 from django.contrib.auth import get_user_model
 from django.contrib.contenttypes.models import ContentType
 
-from rolepermissions.utils import camelToSnake
+from rolepermissions.utils import camelToSnake, camel_or_snake_to_title
 from rolepermissions.exceptions import RoleDoesNotExist
 
 
@@ -29,6 +29,10 @@ def retrieve_role(cls, role_name):
     def get_roles_names(cls):
         return registered_roles.keys()
 
+    @classmethod
+    def get_roles(cls):
+        return registered_roles.values()
+
 
 class RolesClassRegister(type):
 
@@ -158,11 +162,11 @@ def get_or_create_permissions(cls, permission_names):
         permissions = list(Permission.objects.filter(
             content_type=user_ct, codename__in=permission_names).all())
 
-        if len(permissions) != len(permission_names):
-            for permission_name in permission_names:
-                permission, created = Permission.objects.get_or_create(
-                    content_type=user_ct, codename=permission_name)
-                if created:
+        missing_permissions = set(permission_names) - set((p.codename for p in permissions))
+        if len(missing_permissions) > 0:
+            for permission_name in missing_permissions:
+                permission, created = get_or_create_permission(permission_name)
+                if created:  # assert created is True
                     permissions.append(permission)
 
         return permissions
@@ -172,6 +176,13 @@ def get_default(cls, permission_name):
         return cls.available_permissions[permission_name]
 
 
+def get_or_create_permission(permission_name):
+    """Get a Permission object from a permission name."""
+    user_ct = ContentType.objects.get_for_model(get_user_model())
+    return Permission.objects.get_or_create(
+            content_type=user_ct, codename=permission_name, name=camel_or_snake_to_title(permission_name))
+
+
 def retrieve_role(role_name):
     """Get a Role object from a role name."""
     return RolesManager.retrieve_role(role_name)

rolepermissions/tests/test_admin.py

@@ -0,0 +1,91 @@
+from collections import namedtuple
+from django.core.management import call_command
+from django.test import TestCase
+from django.utils.six import StringIO
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import Group, Permission
+
+from model_mommy import mommy
+
+from rolepermissions.roles import AbstractUserRole, get_user_roles
+from rolepermissions.admin import RolePermissionsUserAdminMixin
+
+
+class AdminRole1(AbstractUserRole):
+    available_permissions = {
+        'admin_perm1': True,
+        'admin_perm2': False,
+    }
+
+
+class UserAdminMixinTest(TestCase):
+    class UserAdminMock:
+        def save_related(self, request, form, formsets, change) :
+            pass
+    class CustomUserAdminMock(RolePermissionsUserAdminMixin, UserAdminMock):
+        pass
+
+    FormMock = namedtuple('FormMock', ['instance', ])
+
+    def setup(self):
+        pass
+
+    def test_admin_save_related_syncs_roles(self):
+        user = mommy.make(get_user_model())
+        grp1 = mommy.make(Group)
+        grp2 = mommy.make(Group, name=AdminRole1.get_name())
+        user.groups.add(grp1)
+        user.groups.add(grp2)
+        form = self.FormMock(instance=user)
+        self.CustomUserAdminMock().save_related(None, form, None, None)
+        user_roles = get_user_roles(user)
+        self.assertNotIn(grp1.name, (role.get_name() for role in user_roles))
+        self.assertIn(AdminRole1, user_roles)
+
+
+class SyncRolesTest(TestCase):
+
+    def setup(self):
+        pass
+
+    def test_sync_group(self):
+        out = StringIO()
+        call_command('sync_roles', stdout=out)
+        self.assertIn('Created Group: %s'%AdminRole1.get_name(), out.getvalue())
+        group_names = [group['name'] for group in Group.objects.all().values('name')]
+        self.assertIn(AdminRole1.get_name(), group_names)
+
+    def test_sync_permissions(self):
+        out = StringIO()
+        call_command('sync_roles', stdout=out)
+        permissions = [perm['codename'] for perm in Permission.objects.all().values('codename')]
+        self.assertIn('admin_perm1', permissions)
+        self.assertNotIn('admin_perm2', permissions)
+
+    def test_sync_user_role_permissions(self):
+        user = mommy.make(get_user_model())
+        grp1 = mommy.make(Group)
+        grp2 = mommy.make(Group, name=AdminRole1.get_name())
+        user.groups.add(grp1)
+        user.groups.add(grp2)
+        out = StringIO()
+        call_command('sync_roles', stdout=out)
+
+        user_group_names = [group['name'] for group in user.groups.all().values('name')]
+        self.assertIn(grp1.name, user_group_names)
+        self.assertIn(grp2.name, user_group_names)
+
+        user_permission_names = [perm['codename'] for perm in user.user_permissions.all().values('codename')]
+        self.assertIn('admin_perm1', user_permission_names)
+        self.assertNotIn('admin_perm2', user_permission_names)
+
+    def test_sync_preserves_groups(self):
+        grp1 = mommy.make(Group)
+        grp2 = mommy.make(Group, name=AdminRole1.get_name())
+        out = StringIO()
+        call_command('sync_roles', stdout=out)
+        group_names = [group['name'] for group in Group.objects.all().values('name')]
+        self.assertIn(grp1.name, group_names)
+        self.assertIn(grp2.name, group_names)
+
+

rolepermissions/tests/test_roles.py

@@ -29,6 +29,11 @@ class RolRole3(AbstractUserRole):
         'permission6': False,
     }
 
+class RolRole4(AbstractUserRole):
+    available_permissions = {
+        'permission_number_7': True,
+        'PermissionNumber8': True,
+    }
 
 class AbstractUserRoleTests(TestCase):
 
@@ -130,6 +135,18 @@ def test_permission_names_list(self):
         self.assertIn('permission3', RolRole2.permission_names_list())
         self.assertIn('permission4', RolRole2.permission_names_list())
 
+    def test_permission_labels(self):
+        user = mommy.make(get_user_model())
+
+        RolRole4.assign_role_to_user(user)
+        permissions = user.user_permissions.all()
+
+        permission_labels = [perm.name for perm in permissions]
+
+        self.assertIn('Permission Number 7', permission_labels)
+        self.assertIn('Permission Number8', permission_labels)
+        self.assertEquals(len(permissions), 2)
+
 
 class RolesManagerTests(TestCase):
 

rolepermissions/utils.py

@@ -24,3 +24,10 @@ def camelToSnake(s):
 
     subbed = _underscorer1.sub(r'\1_\2', s)
     return _underscorer2.sub(r'\1_\2', subbed).lower()
+
+
+def snake_to_title(s) :
+    return ' '.join(x.capitalize() for x in s.split('_'))
+
+def camel_or_snake_to_title(s):
+    return snake_to_title(camelToSnake(s))