HewlettPackard · Sispheor · Sep 19, 2023 · Sep 18, 2023 · Sep 18, 2023 · Sep 19, 2023
diff --git a/Squest/settings.py b/Squest/settings.py
@@ -511,7 +511,7 @@ def backup_filename(databasename, servername, datetime, extension, content_type)
 # -----------------------------------------
 if SQL_DEBUG:
     LOGGING["loggers"]["django.db.backends"] = {
-        "level": "DEBUG", "handlers": ["console"]
+        "level": "DEBUG"
     }
 
 print('[Settings] loaded')
diff --git a/profiles/models/role.py b/profiles/models/role.py
@@ -24,4 +24,16 @@ def __str__(self):
 
 
 class Role(AbstractRole):
-    pass
+
+    def get_role_assignment_user_dict(self):
+        from django.contrib.auth.models import User
+        from profiles.models import AbstractScope
+        rbac = self.rbac_set.prefetch_related("user_set", "scope").values_list("user__id", "scope__id")
+        user_dict_id = {x.id: x for x in User.objects.all()}
+        scope_dict_id = {x.id: {"name": x.name, "url": x.get_absolute_url()} for x in AbstractScope.objects.all()}
+        return [{"username": user_dict_id[user_id], "scope": scope_dict_id[scope_id]} for user_id, scope_id in rbac]
+
+    def get_role_assignment_scope_dict(self):
+        from profiles.models import AbstractScope
+        return [{"scope": {"name": x.name, "url": x.get_absolute_url()}} for x in
+                AbstractScope.objects.filter(id__in=self.scopes.values_list('id', flat=True))]
diff --git a/profiles/models/scope.py b/profiles/models/scope.py
@@ -1,5 +1,6 @@
 from django.contrib.auth.models import User
 from django.db.models import CharField, ManyToManyField, Prefetch, Q
+from django.urls import reverse_lazy
 
 from Squest.utils.squest_model import SquestModel
 from profiles.models import Role
@@ -95,9 +96,12 @@ def get_users_in_role(self, role):
     def get_potential_users(self):
         return self.get_object().get_potential_users()
 
-    def get_absolute_url(self):
+    def get_url(self):
         return self.get_object().get_absolute_url()
 
+    def get_absolute_url(self):
+        return reverse_lazy("profiles:scope_detail", kwargs={"pk": self.pk})
+
 
 class Scope(AbstractScope):
     class Meta:

diff --git a/profiles/tables/role_table.py b/profiles/tables/role_table.py
@@ -1,3 +1,4 @@
+from django.utils.html import format_html
 from django_tables2 import tables, TemplateColumn, Column
 
 from profiles.models import Role
@@ -20,3 +21,20 @@ class Meta:
         model = Role
         attrs = {"id": "role_table", "class": "table squest-pagination-tables"}
         fields = ("name",)
+
+
+class RoleAssignementUserTable(tables.Table):
+    scope = Column(orderable=False)
+    username = Column(orderable=False)
+
+    def render_scope(self, value, record):
+        return format_html(
+            f'<a title={record["scope"]["name"]} href="{record["scope"]["url"]}">{record["scope"]["name"]}</a>')
+
+
+class RoleAssignementScopeTable(tables.Table):
+    scope = Column(orderable=False)
+
+    def render_scope(self, value, record):
+        return format_html(
+            f'<a title={record["scope"]["name"]} href="{record["scope"]["url"]}">{record["scope"]["name"]}</a>')
diff --git a/profiles/urls.py b/profiles/urls.py
@@ -74,6 +74,9 @@
     path('team/<int:pk>/role/<int:role_id>/user/<int:user_id>/delete/', views.ScopeRBACDeleteView.as_view(), name="team_rbac_delete"),
     path('team/<int:pk>/user/<int:user_id>/delete/', views.ScopeRBACDeleteUserView.as_view(), name="team_rbac_delete"),
 
+    # Redirect view for AbstractScope
+    path('scope/<int:pk>/', views.ScopeRedirectView.as_view(), name="scope_detail"),
+
     # Permission
     path('permission/', views.PermissionListView.as_view(), name="permission_list"),
     path('permission/create/', views.PermissionCreateView.as_view(), name="permission_create"),

diff --git a/profiles/views/role.py b/profiles/views/role.py
@@ -2,7 +2,7 @@
 from profiles.filters import RoleFilter
 from profiles.forms import RoleForm
 from profiles.models import Role
-from profiles.tables import RoleTable, PermissionTable
+from profiles.tables import RoleTable, PermissionTable, RoleAssignementUserTable, RoleAssignementScopeTable
 
 
 class RoleListView(SquestListView):
@@ -17,9 +17,11 @@ class RoleDetailView(SquestDetailView):
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
-        permission_table = PermissionTable(self.object.permissions.all())
+        permission_table = PermissionTable(self.object.permissions.prefetch_related("content_type"))
         permission_table.exclude = ("actions",)
         context['permissions_table'] = permission_table
+        context['rbac_assignement_user_table'] = RoleAssignementUserTable(self.object.get_role_assignment_user_dict())
+        context['rbac_assignement_scope_table'] = RoleAssignementScopeTable(self.object.get_role_assignment_scope_dict())
         return context
 
 

diff --git a/profiles/views/scope.py b/profiles/views/scope.py
@@ -5,6 +5,7 @@
 from django.shortcuts import get_object_or_404
 from django.urls import reverse
 from django.utils.safestring import mark_safe
+from django.views.generic import RedirectView
 
 from Squest.utils.squest_views import SquestFormView, SquestDeleteView
 from profiles.forms.scope_form import ScopeCreateRBACForm
@@ -28,6 +29,15 @@ def get_breadcrumbs_for_scope(scope):
     return breadcrumbs
 
 
+class ScopeRedirectView(RedirectView):
+    permanent = False
+    query_string = True
+
+    def get_redirect_url(self, *args, **kwargs):
+        scope = get_object_or_404(AbstractScope, pk=kwargs["pk"])
+        return scope.get_url()
+
+
 class ScopeRBACCreateView(SquestFormView):
     model = AbstractScope
     form_class = ScopeCreateRBACForm
@@ -91,6 +101,7 @@ def delete(self, request, *args, **kwargs):
                                             protected_objects=e.protected_objects)
             return self.render_to_response(context)
 
+
 class ScopeRBACDeleteUserView(SquestDeleteView):
     model = AbstractScope
 

diff --git a/project-static/squest/css/squest-dark.css b/project-static/squest/css/squest-dark.css
@@ -1,12 +1,22 @@
 /*fix select button color*/
-.btn-light{
+.btn-light {
     background-color: #343a40 !important;
     color: #fff !important;
 }
-.dtfc-fixed-left{
+
+.dtfc-fixed-left {
     background-color: #343a40 !important;
     z-index: 1;
 }
 input.form-control[disabled] {
-  opacity: 0.4;
+    opacity: 0.4;
+}
+
+div.martor-preview.bg-dark > h1,
+div.martor-preview.bg-dark > h2,
+div.martor-preview.bg-dark > h3,
+div.martor-preview.bg-dark > h4,
+div.martor-preview.bg-dark > h5,
+div.martor-preview.bg-dark > h6 {
+    color: white !important;
 }
diff --git a/service_catalog/filters/request_filter.py b/service_catalog/filters/request_filter.py
@@ -3,6 +3,7 @@
 from django_filters import MultipleChoiceFilter
 
 from Squest.utils.squest_filter import SquestFilter
+from profiles.models import Scope, AbstractScope
 from service_catalog.models import Request
 from service_catalog.models.operations import OperationType
 from service_catalog.models.request import RequestState
@@ -19,6 +20,12 @@ class Meta:
         choices=[],
         widget=SelectMultiple(attrs={'data-live-search': "true"}))
 
+    instance__quota_scope = MultipleChoiceFilter(
+        label="Quota scope",
+        choices=AbstractScope.objects.filter(id__in=Scope.objects.values_list("id", flat=True)).values_list("id",
+                                                                                                            "name"),
+        widget=SelectMultiple(attrs={'data-live-search': "true"}))
+
     operation__type = MultipleChoiceFilter(
         label="Type",
         choices=OperationType.choices,

diff --git a/service_catalog/tables/request_tables.py b/service_catalog/tables/request_tables.py
@@ -21,7 +21,13 @@ class Meta:
         model = Request
         attrs = {"id": "request_table", "class": "table squest-pagination-tables"}
         fields = ("selection", "id", "user__username", "instance__quota_scope__name",
-                  "instance__service", "operation", "state", "instance", "date_submitted", "last_updated")
+                  "instance__service", "operation", "state", "instance", "date_submitted",
+                  "last_updated")
+
+    def render_operation(self, value, record):
+        from service_catalog.views import map_operation_type
+        return format_html(
+            f'<strong class="text-{map_operation_type(record.operation.type)}">{value.name}</strong>')
 
     def render_id(self, value, record):
         return format_html(f'<a title={value} href="{record.get_absolute_url()}">{record}</a>')
@@ -35,4 +41,4 @@ def render_state(self, record, value):
                 f'<a href="{record.get_absolute_url()}"><strong class="text-{map_request_state(record.state)}">{value} ({position}/{number_of_steps})</strong></a>')
 
         return format_html(
-            f'<a href="{record.get_absolute_url()}"><strong class="text-{map_request_state(record.state)}">{value}</strong></a>')
+            f'<strong class="text-{map_request_state(record.state)}">{value}</strong>')
diff --git a/templates/profiles/role_detail.html b/templates/profiles/role_detail.html
@@ -10,6 +10,8 @@
 {% endblock %}
 
 {% block main %}
+    {% has_perm request.user "profiles.view_rbac" as can_view_rbac %}
+
     <div class="container-fluid">
         <div class="row">
             <section class="col-lg-3">
@@ -29,16 +31,49 @@ <h3 class="card-title"><b>{{ object.name }}</b></h3>
             </section>
             <section class="col-lg-9">
                 <div class="card">
-                    <div class="card-header">
-                        <h3 class="card-title">
-                            Permissions
-                        </h3>
+                    <div class="card-header p-2">
+                        <ul class="nav nav-pills squest-default-active" id="tabs">
+                            <li class="nav-item">
+                                <a class="nav-link" href="#permissions" data-toggle="tab">Permissions</a>
+                            </li>
+                            {% if can_view_rbac %}
+                                <li class="nav-item">
+                                    <a class="nav-link" href="#rbac" data-toggle="tab">RBAC usage</a>
+                                </li>
+                                <li class="nav-item">
+                                    <a class="nav-link" href="#default-roles" data-toggle="tab">Default role usage</a>
+                                </li>
+                            {% endif %}
+                        </ul>
                     </div>
                     <div class="card-body">
-                        {% render_table permissions_table %}
+                        <div class="tab-content">
+                            <div class="tab-pane" id="permissions">
+                                {% render_table permissions_table %}
+                            </div>
+                            {% if can_view_rbac %}
+                                <div class="tab-pane" id="rbac">
+                                    <div class="callout callout-info">
+                                        Assignment trough Org/Team RBAC
+                                    </div>
+                                    {% if rbac_assignement_user_table %}
+                                        {% render_table rbac_assignement_user_table %}
+                                    {% endif %}
+                                </div>
+                                <div class="tab-pane" id="default-roles">
+                                    <div class="callout callout-info">
+                                        Used in default roles
+                                    </div>
+                                    {% if rbac_assignement_scope_table %}
+                                        {% render_table rbac_assignement_scope_table %}
+                                    {% endif %}
+                                </div>
+                            {% endif %}
+                        </div>
                     </div>
                 </div>
             </section>
+
         </div>
     </div>
 {% endblock %}