OpenSlides/openslides/users/signals.py

168 lines
6.9 KiB
Python
Raw Normal View History

2017-02-21 09:34:24 +01:00
from django.apps import apps
2015-09-16 00:55:27 +02:00
from django.contrib.auth.models import Permission
2015-02-18 15:58:12 +01:00
from django.db.models import Q
2013-03-12 20:58:22 +01:00
2018-10-09 13:44:38 +02:00
from ..utils.auth import GROUP_ADMIN_PK, GROUP_DEFAULT_PK
from ..utils.autoupdate import inform_changed_data
2015-09-16 00:55:27 +02:00
from .models import Group, User
2013-03-12 20:58:22 +01:00
2017-02-21 09:34:24 +01:00
def get_permission_change_data(sender, permissions=None, **kwargs):
"""
Yields all necessary collections if 'users.can_see_name' permission changes.
2017-02-21 09:34:24 +01:00
"""
users_app = apps.get_app_config(app_label='users')
2017-02-21 09:34:24 +01:00
for permission in permissions:
# There could be only one 'users.can_see_name' and then we want to return data.
if permission.content_type.app_label == users_app.label and permission.codename == 'can_see_name':
yield from users_app.get_startup_elements()
2017-02-21 09:34:24 +01:00
def create_builtin_groups_and_admin(**kwargs):
"""
Creates the builtin groups: Default, Delegates, Staff and Committees.
Creates the builtin user: admin.
"""
2016-08-30 09:16:47 +02:00
# Check whether there are groups in the database.
if Group.objects.exists():
2016-09-08 11:40:58 +02:00
# Do completely nothing if there are already some groups in the database.
return
2015-02-18 15:58:12 +01:00
permission_strings = (
'agenda.can_be_speaker',
'agenda.can_manage',
'agenda.can_manage_list_of_speakers',
'agenda.can_see',
'agenda.can_see_internal_items',
'assignments.can_manage',
'assignments.can_nominate_other',
'assignments.can_nominate_self',
'assignments.can_see',
2015-06-29 12:08:15 +02:00
'core.can_manage_config',
2018-01-30 16:12:02 +01:00
'core.can_manage_logos_and_fonts',
2015-02-18 15:58:12 +01:00
'core.can_manage_projector',
'core.can_manage_tags',
2016-10-17 12:00:18 +02:00
'core.can_manage_chat',
'core.can_see_frontpage',
2015-02-18 15:58:12 +01:00
'core.can_see_projector',
'core.can_use_chat',
'mediafiles.can_manage',
'mediafiles.can_see',
'mediafiles.can_see_hidden',
'mediafiles.can_upload',
'motions.can_create',
'motions.can_manage',
'motions.can_manage_metadata',
'motions.can_see',
'motions.can_support',
2015-02-18 15:58:12 +01:00
'users.can_manage',
'users.can_see_extra_data',
'users.can_see_name', )
permission_query = Q()
2015-09-16 00:55:27 +02:00
permission_dict = {}
2015-02-18 15:58:12 +01:00
2015-09-16 00:55:27 +02:00
# Load all permissions
2015-02-18 15:58:12 +01:00
for permission_string in permission_strings:
app_label, codename = permission_string.split('.')
query_part = Q(content_type__app_label=app_label) & Q(codename=codename)
permission_query = permission_query | query_part
for permission in Permission.objects.select_related('content_type').filter(permission_query):
permission_string = '.'.join((permission.content_type.app_label, permission.codename))
permission_dict[permission_string] = permission
2018-10-09 13:44:38 +02:00
# Default (pk 1 == GROUP_DEFAULT_PK)
2015-02-18 15:58:12 +01:00
base_permissions = (
permission_dict['agenda.can_see'],
permission_dict['agenda.can_see_internal_items'],
permission_dict['assignments.can_see'],
permission_dict['core.can_see_frontpage'],
2015-02-18 15:58:12 +01:00
permission_dict['core.can_see_projector'],
permission_dict['mediafiles.can_see'],
permission_dict['motions.can_see'],
2015-02-18 15:58:12 +01:00
permission_dict['users.can_see_name'], )
2018-10-09 13:44:38 +02:00
group_default = Group.objects.create(pk=GROUP_DEFAULT_PK, name='Default')
group_default.permissions.add(*base_permissions)
2018-10-09 13:44:38 +02:00
# Admin (pk 2 == GROUP_ADMIN_PK)
group_admin = Group.objects.create(pk=GROUP_ADMIN_PK, name='Admin')
# Delegates (pk 3)
2015-02-18 15:58:12 +01:00
delegates_permissions = (
permission_dict['agenda.can_see'],
permission_dict['agenda.can_see_internal_items'],
permission_dict['agenda.can_be_speaker'],
permission_dict['assignments.can_see'],
permission_dict['assignments.can_nominate_other'],
permission_dict['assignments.can_nominate_self'],
permission_dict['core.can_see_frontpage'],
permission_dict['core.can_see_projector'],
permission_dict['mediafiles.can_see'],
permission_dict['motions.can_see'],
permission_dict['motions.can_create'],
permission_dict['motions.can_support'],
permission_dict['users.can_see_name'], )
2018-10-09 13:44:38 +02:00
group_delegates = Group.objects.create(pk=3, name='Delegates')
2015-02-18 15:58:12 +01:00
group_delegates.permissions.add(*delegates_permissions)
2018-10-09 13:44:38 +02:00
# Staff (pk 4)
2015-02-18 15:58:12 +01:00
staff_permissions = (
2018-02-23 13:00:47 +01:00
permission_dict['agenda.can_see'],
permission_dict['agenda.can_see_internal_items'],
2018-02-23 13:00:47 +01:00
permission_dict['agenda.can_be_speaker'],
permission_dict['agenda.can_manage'],
permission_dict['agenda.can_manage_list_of_speakers'],
permission_dict['assignments.can_see'],
permission_dict['assignments.can_manage'],
permission_dict['assignments.can_nominate_other'],
permission_dict['assignments.can_nominate_self'],
permission_dict['core.can_see_frontpage'],
permission_dict['core.can_see_projector'],
permission_dict['core.can_manage_projector'],
permission_dict['core.can_manage_tags'],
permission_dict['core.can_use_chat'],
permission_dict['mediafiles.can_see'],
permission_dict['mediafiles.can_manage'],
permission_dict['mediafiles.can_upload'],
permission_dict['motions.can_see'],
permission_dict['motions.can_create'],
permission_dict['motions.can_manage'],
permission_dict['motions.can_manage_metadata'],
2018-02-23 13:00:47 +01:00
permission_dict['users.can_see_name'],
permission_dict['users.can_manage'],
permission_dict['users.can_see_extra_data'],
permission_dict['mediafiles.can_see_hidden'],)
2018-10-09 13:44:38 +02:00
group_staff = Group.objects.create(pk=4, name='Staff')
2018-02-23 13:00:47 +01:00
group_staff.permissions.add(*staff_permissions)
# Add users.can_see_name permission to staff/admin
2015-09-16 00:55:27 +02:00
# group to ensure proper management possibilities
# TODO: Remove this redundancy after cleanup of the permission system.
2015-02-18 15:58:12 +01:00
group_staff.permissions.add(
permission_dict['users.can_see_name'])
2018-02-23 13:00:47 +01:00
group_admin.permissions.add(
permission_dict['users.can_see_name'])
2018-02-23 13:00:47 +01:00
# Committees (pk 5)
committees_permissions = (
permission_dict['agenda.can_see'],
permission_dict['agenda.can_see_internal_items'],
permission_dict['assignments.can_see'],
permission_dict['core.can_see_frontpage'],
permission_dict['core.can_see_projector'],
permission_dict['mediafiles.can_see'],
permission_dict['motions.can_see'],
permission_dict['motions.can_create'],
permission_dict['motions.can_support'],
permission_dict['users.can_see_name'], )
2018-10-09 13:44:38 +02:00
group_committee = Group.objects.create(pk=5, name='Committees')
group_committee.permissions.add(*committees_permissions)
2015-09-16 00:55:27 +02:00
# Create or reset admin user
User.objects.create_or_reset_admin_user()
# After each group was created, the permissions (many to many fields) where
# added to the group. So we have to update the cache by calling
# inform_changed_data().
2018-10-09 13:44:38 +02:00
inform_changed_data((group_default, group_admin, group_delegates, group_staff, group_committee))