add role perms

2021-05-11 17:42:43 +00:00
parent a3dec841b6
commit 2229eb1167
5 changed files with 35 additions and 1 deletions
--- a/api/tacticalrmm/accounts/migrations/0020_role_can_manage_roles.py
+++ b/api/tacticalrmm/accounts/migrations/0020_role_can_manage_roles.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-05-11 17:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0019_user_role'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_roles',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/models.py
+++ b/api/tacticalrmm/accounts/models.py
@@ -132,6 +132,7 @@ class Role(models.Model):

    # accounts
    can_manage_accounts = models.BooleanField(default=False)
+    can_manage_roles = models.BooleanField(default=False)

    def __str__(self):
        return self.name
@@ -172,4 +173,5 @@ class Role(models.Model):
            "can_manage_software",
            "can_manage_winupdates",
            "can_manage_accounts",
+            "can_manage_roles",
        ]
--- a/api/tacticalrmm/accounts/permissions.py
+++ b/api/tacticalrmm/accounts/permissions.py
@@ -9,3 +9,11 @@ class AccountsPerms(permissions.BasePermission):
            return True

        return _has_perm(r, "can_manage_accounts")
+
+
+class RolesPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return True
+
+        return _has_perm(r, "can_manage_roles")
--- a/api/tacticalrmm/accounts/views.py
+++ b/api/tacticalrmm/accounts/views.py
@@ -14,7 +14,7 @@ from logs.models import AuditLog
 from tacticalrmm.utils import notify_error

 from .models import User, Role
-from .permissions import AccountsPerms
+from .permissions import AccountsPerms, RolesPerms
 from .serializers import (
    TOTPSetupSerializer,
    UserSerializer,
@@ -202,6 +202,8 @@ class PermsList(APIView):


 class GetAddRoles(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
    def get(self, request):
        roles = Role.objects.all()
        return Response(RoleSerializer(roles, many=True).data)
@@ -214,6 +216,8 @@ class GetAddRoles(APIView):


 class GetUpdateDeleteRole(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
    def get(self, request, pk):
        role = get_object_or_404(Role, pk=pk)
        return Response(RoleSerializer(role).data)
--- a/web/src/components/modals/admin/RolesForm.vue
+++ b/web/src/components/modals/admin/RolesForm.vue
@@ -26,6 +26,7 @@
        <q-card-section class="row">
          <div class="q-gutter-sm">
            <q-checkbox v-model="role.can_manage_accounts" label="Manage User Accounts" />
+            <q-checkbox v-model="role.can_manage_roles" label="Manage Permissions" />
          </div>
        </q-card-section>

@@ -195,6 +196,7 @@ export default {
        can_manage_software: false,
        can_manage_winupdates: false,
        can_manage_accounts: false,
+        can_manage_roles: false,
      },
    };
  },