diff --git a/galaxy_ng/app/migrations/_dab_rbac.py b/galaxy_ng/app/migrations/_dab_rbac.py index 6cf5d0b1dd..f7012fed23 100644 --- a/galaxy_ng/app/migrations/_dab_rbac.py +++ b/galaxy_ng/app/migrations/_dab_rbac.py @@ -54,7 +54,13 @@ def copy_roles_to_role_definitions(apps, schema_editor): dab_perms.append(dabperm) if dab_perms: - roledef, created = RoleDefinition.objects.get_or_create(name=corerole.name) + roledef, created = RoleDefinition.objects.get_or_create( + name=corerole.name, + defaults={ + 'description': corerole.description or corerole.name, + 'managed': corerole.locked, + } + ) if created: print(f'CREATED RoleDefinition from {corerole} {corerole.name}') roledef.permissions.set(dab_perms) diff --git a/galaxy_ng/app/signals/handlers.py b/galaxy_ng/app/signals/handlers.py index 0be22d4965..082e4f9d16 100644 --- a/galaxy_ng/app/signals/handlers.py +++ b/galaxy_ng/app/signals/handlers.py @@ -206,7 +206,11 @@ def copy_role_to_role_definition(sender, instance, created, **kwargs): with pulp_rbac_signals(): rd = RoleDefinition.objects.filter(name=instance.name).first() if not rd: - RoleDefinition.objects.create(name=instance.name) + RoleDefinition.objects.create( + name=instance.name, + managed=instance.locked, + description=instance.description or instance.name, + ) # TODO: other fields? like description diff --git a/galaxy_ng/tests/integration/dab/test_dab_rbac.py b/galaxy_ng/tests/integration/dab/test_dab_rbac.py index 98552444ee..d1d6b79c51 100644 --- a/galaxy_ng/tests/integration/dab/test_dab_rbac.py +++ b/galaxy_ng/tests/integration/dab/test_dab_rbac.py @@ -102,10 +102,10 @@ def test_dab_rbac_namespace_owner_by_user( @pytest.mark.deployment_standalone -# @pytest.mark.skipif( -# not os.getenv("ENABLE_DAB_TESTS"), -# reason="Skipping test because ENABLE_DAB_TESTS is not set" -# ) +@pytest.mark.skip(reason=( + "the galaxy.collection_namespace_owner role is global" + " and does not allow object assignment" +)) def test_dab_rbac_namespace_owner_by_team( settings, galaxy_client,