Sync GovOPlaN module state
This commit is contained in:
@@ -3,7 +3,6 @@ from __future__ import annotations
|
||||
from pathlib import Path
|
||||
|
||||
from govoplan_core.core.access import CAPABILITY_AUTH_PERMISSION_EVALUATOR, CAPABILITY_AUTH_PRINCIPAL_RESOLVER
|
||||
from govoplan_core.core.identity import CAPABILITY_IDENTITY_DIRECTORY, IdentityDirectory
|
||||
from govoplan_core.core.module_guards import persistent_table_uninstall_guard
|
||||
from govoplan_core.core.modules import (
|
||||
DocumentationTopic,
|
||||
@@ -50,22 +49,21 @@ PERMISSIONS = (
|
||||
_permission("organizations:settings:write", "Manage organization settings", "Edit organization governance, audit, and retention settings."),
|
||||
_permission("organizations:unit:read", "View organization units", "Read concrete organization units and relations."),
|
||||
_permission("organizations:unit:write", "Manage organization units", "Create and edit concrete organization units and relations."),
|
||||
_permission("organizations:function:read", "View organization functions", "Read function definitions and identity-held assignments."),
|
||||
_permission("organizations:function:read", "View organization functions", "Read function definitions."),
|
||||
_permission("organizations:function:write", "Manage organization functions", "Create and edit function definitions."),
|
||||
_permission("organizations:function:assign", "Assign organization functions", "Assign identity-held functions in organization units."),
|
||||
)
|
||||
|
||||
ROLE_TEMPLATES = (
|
||||
RoleTemplate(
|
||||
slug="organization_modeler",
|
||||
name="Organization modeler",
|
||||
description="Manage organization meta-model, concrete units, structures, functions, and assignments.",
|
||||
description="Manage organization meta-model, concrete units, structures, and functions.",
|
||||
permissions=tuple(permission.scope for permission in PERMISSIONS),
|
||||
),
|
||||
RoleTemplate(
|
||||
slug="organization_viewer",
|
||||
name="Organization viewer",
|
||||
description="Read organization model, organization units, and function assignments.",
|
||||
description="Read organization model, organization units, and functions.",
|
||||
permissions=("organizations:model:read", "organizations:settings:read", "organizations:unit:read", "organizations:function:read"),
|
||||
),
|
||||
)
|
||||
@@ -79,15 +77,10 @@ def _route_factory(context: ModuleContext):
|
||||
|
||||
|
||||
def _organization_directory(context: ModuleContext) -> object:
|
||||
identity_directory: IdentityDirectory | None = None
|
||||
registry = context.registry
|
||||
if hasattr(registry, "has_capability") and registry.has_capability(CAPABILITY_IDENTITY_DIRECTORY):
|
||||
capability = registry.require_capability(CAPABILITY_IDENTITY_DIRECTORY)
|
||||
if isinstance(capability, IdentityDirectory):
|
||||
identity_directory = capability
|
||||
del context
|
||||
from govoplan_organizations.backend.directory import SqlOrganizationDirectory
|
||||
|
||||
return SqlOrganizationDirectory(identity_directory=identity_directory)
|
||||
return SqlOrganizationDirectory()
|
||||
|
||||
|
||||
manifest = ModuleManifest(
|
||||
@@ -95,7 +88,7 @@ manifest = ModuleManifest(
|
||||
name="Organizations",
|
||||
version="0.1.6",
|
||||
required_capabilities=(CAPABILITY_AUTH_PRINCIPAL_RESOLVER, CAPABILITY_AUTH_PERMISSION_EVALUATOR),
|
||||
optional_dependencies=("tenancy", "identity", "access", "audit", "policy"),
|
||||
optional_dependencies=("tenancy", "access", "audit", "policy"),
|
||||
permissions=PERMISSIONS,
|
||||
role_templates=ROLE_TEMPLATES,
|
||||
route_factory=_route_factory,
|
||||
@@ -121,7 +114,6 @@ manifest = ModuleManifest(
|
||||
organization_models.OrganizationUnit,
|
||||
organization_models.OrganizationFunctionType,
|
||||
organization_models.OrganizationFunction,
|
||||
organization_models.OrganizationFunctionAssignment,
|
||||
label="Organizations",
|
||||
),
|
||||
),
|
||||
@@ -132,11 +124,11 @@ manifest = ModuleManifest(
|
||||
DocumentationTopic(
|
||||
id="organizations.model",
|
||||
title="Organization model",
|
||||
summary="Organizations owns units, hierarchy, functions, and function assignments. Access maps those facts to roles and rights.",
|
||||
summary="Organizations owns units, hierarchy, and functions. IDM links identities to functions, and Access maps accepted facts to roles and rights.",
|
||||
body=(
|
||||
"Use organization unit types, structures, and relation types to model how the institution describes itself. "
|
||||
"A concrete organization unit can participate in several structures at the same time, such as an employer hierarchy and an academic structure. "
|
||||
"Functions are held by identities in organization units. Accounts only exercise those functions through identity and access policy."
|
||||
"Functions describe responsibilities in organization units. IDM links identities to those functions, and Access maps accepted facts to roles and rights."
|
||||
),
|
||||
layer="configured",
|
||||
documentation_types=("admin", "user"),
|
||||
|
||||
Reference in New Issue
Block a user