From 170f47673319bb1cb1fec792d15dee3c65cd4fe0 Mon Sep 17 00:00:00 2001
From: grossmj <grossmj@gns3.net>
Date: Sat, 2 Sep 2023 18:15:00 +0700
Subject: [PATCH] Add more built-in roles

---
 gns3server/db/models/privileges.py        | 39 +++++++++++++++++++++++
 gns3server/db/models/roles.py             |  3 ++
 tests/api/routes/controller/test_roles.py |  2 +-
 3 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/gns3server/db/models/privileges.py b/gns3server/db/models/privileges.py
index dcc141fc..65f0df38 100644
--- a/gns3server/db/models/privileges.py
+++ b/gns3server/db/models/privileges.py
@@ -304,5 +304,44 @@ def add_privileges_to_default_roles(target, connection, **kw):
 
     add_privileges_to_role(target, connection, "Auditor", auditor_privileges)
 
+    # add required privileges to the "Template manager" role
+    template_manager_privileges = (
+        "Template.Allocate",
+        "Template.Audit",
+        "Template.Modify",
+        "Symbol.Allocate",
+        "Symbol.Audit",
+        "Image.Allocate",
+        "Image.Audit",
+        "Appliance.Allocate",
+        "Appliance.Audit"
+    )
+
+    add_privileges_to_role(target, connection, "Template manager", template_manager_privileges)
+
+    # add required privileges to the "User manager" role
+    user_manager_privileges = (
+        "User.Allocate",
+        "User.Audit",
+        "User.Modify",
+        "Group.Allocate",
+        "Group.Audit",
+        "Group.Modify"
+    )
+
+    add_privileges_to_role(target, connection, "User manager", user_manager_privileges)
+
+    # add required privileges to the "ACL manager" role
+    acl_manager_privileges = (
+        "Role.Allocate",
+        "Role.Audit",
+        "Role.Modify",
+        "ACE.Allocate",
+        "ACE.Audit",
+        "ACE.Modify"
+    )
+
+    add_privileges_to_role(target, connection, "ACL manager", acl_manager_privileges)
+
     connection.commit()
     log.debug("Privileges have been added to the default roles in the database")
diff --git a/gns3server/db/models/roles.py b/gns3server/db/models/roles.py
index f2a9ea81..ea02365f 100644
--- a/gns3server/db/models/roles.py
+++ b/gns3server/db/models/roles.py
@@ -45,6 +45,9 @@ def create_default_roles(target, connection, **kw):
         {"name": "Administrator", "description": "Administrator role", "is_builtin": True},
         {"name": "User", "description": "User role", "is_builtin": True},
         {"name": "Auditor", "description": "Role with read only access", "is_builtin": True},
+        {"name": "Template manager", "description": "Role to manage templates", "is_builtin": True},
+        {"name": "User manager", "description": "Role to manage users and groups", "is_builtin": True},
+        {"name": "ACL manager", "description": "Role to manage other roles and the ACL", "is_builtin": True},
         {"name": "No Access", "description": "Role with no privileges (used to forbid access)", "is_builtin": True}
     ]
 
diff --git a/tests/api/routes/controller/test_roles.py b/tests/api/routes/controller/test_roles.py
index f0c85856..b6fca22b 100644
--- a/tests/api/routes/controller/test_roles.py
+++ b/tests/api/routes/controller/test_roles.py
@@ -46,7 +46,7 @@ class TestRolesRoutes:
 
         response = await client.get(app.url_path_for("get_roles"))
         assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()) == 5  # 4 default roles + role1
+        assert len(response.json()) == 8  # 7 default roles + role1
 
     async def test_update_role(self, app: FastAPI, client: AsyncClient, db_session: AsyncSession) -> None: