Add more built-in roles

9 months ago · 170f476733
parent 0077fd98aa
commit 170f476733
3 changed files with 43 additions and 1 deletions
--- a/gns3server/db/models/privileges.py
+++ b/gns3server/db/models/privileges.py
@ -304,5 +304,44 @@ def add_privileges_to_default_roles(target, connection, **kw):

    add_privileges_to_role(target, connection, "Auditor", auditor_privileges)

+    # add required privileges to the "Template manager" role
+    template_manager_privileges = (
+        "Template.Allocate",
+        "Template.Audit",
+        "Template.Modify",
+        "Symbol.Allocate",
+        "Symbol.Audit",
+        "Image.Allocate",
+        "Image.Audit",
+        "Appliance.Allocate",
+        "Appliance.Audit"
+    )
+
+    add_privileges_to_role(target, connection, "Template manager", template_manager_privileges)
+
+    # add required privileges to the "User manager" role
+    user_manager_privileges = (
+        "User.Allocate",
+        "User.Audit",
+        "User.Modify",
+        "Group.Allocate",
+        "Group.Audit",
+        "Group.Modify"
+    )
+
+    add_privileges_to_role(target, connection, "User manager", user_manager_privileges)
+
+    # add required privileges to the "ACL manager" role
+    acl_manager_privileges = (
+        "Role.Allocate",
+        "Role.Audit",
+        "Role.Modify",
+        "ACE.Allocate",
+        "ACE.Audit",
+        "ACE.Modify"
+    )
+
+    add_privileges_to_role(target, connection, "ACL manager", acl_manager_privileges)
+
    connection.commit()
    log.debug("Privileges have been added to the default roles in the database")
--- a/gns3server/db/models/roles.py
+++ b/gns3server/db/models/roles.py
@ -45,6 +45,9 @@ def create_default_roles(target, connection, **kw):
        {"name": "Administrator", "description": "Administrator role", "is_builtin": True},
        {"name": "User", "description": "User role", "is_builtin": True},
        {"name": "Auditor", "description": "Role with read only access", "is_builtin": True},
+        {"name": "Template manager", "description": "Role to manage templates", "is_builtin": True},
+        {"name": "User manager", "description": "Role to manage users and groups", "is_builtin": True},
+        {"name": "ACL manager", "description": "Role to manage other roles and the ACL", "is_builtin": True},
        {"name": "No Access", "description": "Role with no privileges (used to forbid access)", "is_builtin": True}
    ]

--- a/tests/api/routes/controller/test_roles.py
+++ b/tests/api/routes/controller/test_roles.py
@ -46,7 +46,7 @@ class TestRolesRoutes:

        response = await client.get(app.url_path_for("get_roles"))
        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()) == 5  # 4 default roles + role1
+        assert len(response.json()) == 8  # 7 default roles + role1

    async def test_update_role(self, app: FastAPI, client: AsyncClient, db_session: AsyncSession) -> None: