2017-02-21 09:34:24 +01:00
|
|
|
from django.apps import apps
|
2015-09-16 00:55:27 +02:00
|
|
|
from django.contrib.auth.models import Permission
|
2019-04-02 07:50:09 +02:00
|
|
|
from django.db import connection
|
2015-02-18 15:58:12 +01:00
|
|
|
from django.db.models import Q
|
2013-03-12 20:58:22 +01:00
|
|
|
|
2019-03-04 18:40:08 +01:00
|
|
|
from ..utils.auth import GROUP_ADMIN_PK, GROUP_DEFAULT_PK
|
2019-03-06 14:53:24 +01:00
|
|
|
from .models import Group, User
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2013-03-12 20:58:22 +01:00
|
|
|
|
2017-02-21 09:34:24 +01:00
|
|
|
def get_permission_change_data(sender, permissions=None, **kwargs):
|
|
|
|
"""
|
2017-03-07 10:23:24 +01:00
|
|
|
Yields all necessary collections if 'users.can_see_name' permission changes.
|
2017-02-21 09:34:24 +01:00
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
users_app = apps.get_app_config(app_label="users")
|
2017-02-21 09:34:24 +01:00
|
|
|
for permission in permissions:
|
2017-03-07 10:23:24 +01:00
|
|
|
# There could be only one 'users.can_see_name' and then we want to return data.
|
2019-01-06 16:22:33 +01:00
|
|
|
if (
|
|
|
|
permission.content_type.app_label == users_app.label
|
|
|
|
and permission.codename == "can_see_name"
|
|
|
|
):
|
2017-03-06 16:34:20 +01:00
|
|
|
yield from users_app.get_startup_elements()
|
2017-02-21 09:34:24 +01:00
|
|
|
|
|
|
|
|
2015-02-12 20:57:05 +01:00
|
|
|
def create_builtin_groups_and_admin(**kwargs):
|
2014-11-13 22:23:16 +01:00
|
|
|
"""
|
2016-08-08 09:37:46 +02:00
|
|
|
Creates the builtin groups: Default, Delegates, Staff and Committees.
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
Creates the builtin user: admin.
|
2014-11-13 22:23:16 +01:00
|
|
|
"""
|
2016-08-30 09:16:47 +02:00
|
|
|
# Check whether there are groups in the database.
|
|
|
|
if Group.objects.exists():
|
2016-09-08 11:40:58 +02:00
|
|
|
# Do completely nothing if there are already some groups in the database.
|
2014-10-11 14:34:49 +02:00
|
|
|
return
|
|
|
|
|
2015-02-18 15:58:12 +01:00
|
|
|
permission_strings = (
|
2019-01-06 16:22:33 +01:00
|
|
|
"agenda.can_be_speaker",
|
|
|
|
"agenda.can_manage",
|
|
|
|
"agenda.can_manage_list_of_speakers",
|
|
|
|
"agenda.can_see",
|
|
|
|
"agenda.can_see_internal_items",
|
|
|
|
"assignments.can_manage",
|
|
|
|
"assignments.can_nominate_other",
|
|
|
|
"assignments.can_nominate_self",
|
|
|
|
"assignments.can_see",
|
|
|
|
"core.can_manage_config",
|
|
|
|
"core.can_manage_logos_and_fonts",
|
|
|
|
"core.can_manage_projector",
|
|
|
|
"core.can_manage_tags",
|
|
|
|
"core.can_see_frontpage",
|
2019-02-19 20:24:48 +01:00
|
|
|
"core.can_see_history",
|
2019-01-06 16:22:33 +01:00
|
|
|
"core.can_see_projector",
|
|
|
|
"mediafiles.can_manage",
|
|
|
|
"mediafiles.can_see",
|
|
|
|
"mediafiles.can_see_hidden",
|
|
|
|
"mediafiles.can_upload",
|
|
|
|
"motions.can_create",
|
2019-01-18 19:41:05 +01:00
|
|
|
"motions.can_create_amendments",
|
2019-01-06 16:22:33 +01:00
|
|
|
"motions.can_manage",
|
|
|
|
"motions.can_manage_metadata",
|
|
|
|
"motions.can_see",
|
2019-03-20 08:43:01 +01:00
|
|
|
"motions.can_see_internal",
|
2019-01-06 16:22:33 +01:00
|
|
|
"motions.can_support",
|
2019-01-19 09:52:13 +01:00
|
|
|
"users.can_change_password",
|
2019-01-06 16:22:33 +01:00
|
|
|
"users.can_manage",
|
|
|
|
"users.can_see_extra_data",
|
|
|
|
"users.can_see_name",
|
|
|
|
)
|
2015-02-18 15:58:12 +01:00
|
|
|
permission_query = Q()
|
2015-09-16 00:55:27 +02:00
|
|
|
permission_dict = {}
|
2015-02-18 15:58:12 +01:00
|
|
|
|
2015-09-16 00:55:27 +02:00
|
|
|
# Load all permissions
|
2015-02-18 15:58:12 +01:00
|
|
|
for permission_string in permission_strings:
|
2019-01-06 16:22:33 +01:00
|
|
|
app_label, codename = permission_string.split(".")
|
2015-02-18 15:58:12 +01:00
|
|
|
query_part = Q(content_type__app_label=app_label) & Q(codename=codename)
|
|
|
|
permission_query = permission_query | query_part
|
2019-01-06 16:22:33 +01:00
|
|
|
for permission in Permission.objects.select_related("content_type").filter(
|
|
|
|
permission_query
|
|
|
|
):
|
|
|
|
permission_string = ".".join(
|
|
|
|
(permission.content_type.app_label, permission.codename)
|
|
|
|
)
|
2015-02-18 15:58:12 +01:00
|
|
|
permission_dict[permission_string] = permission
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2018-10-09 13:44:38 +02:00
|
|
|
# Default (pk 1 == GROUP_DEFAULT_PK)
|
2015-02-18 15:58:12 +01:00
|
|
|
base_permissions = (
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_dict["agenda.can_see"],
|
|
|
|
permission_dict["agenda.can_see_internal_items"],
|
|
|
|
permission_dict["assignments.can_see"],
|
|
|
|
permission_dict["core.can_see_frontpage"],
|
|
|
|
permission_dict["core.can_see_projector"],
|
|
|
|
permission_dict["mediafiles.can_see"],
|
|
|
|
permission_dict["motions.can_see"],
|
|
|
|
permission_dict["users.can_see_name"],
|
2019-01-19 09:52:13 +01:00
|
|
|
permission_dict["users.can_change_password"],
|
2019-01-06 16:22:33 +01:00
|
|
|
)
|
|
|
|
group_default = Group(pk=GROUP_DEFAULT_PK, name="Default")
|
2018-11-04 14:02:30 +01:00
|
|
|
group_default.save(skip_autoupdate=True)
|
2016-08-08 09:37:46 +02:00
|
|
|
group_default.permissions.add(*base_permissions)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2018-10-09 13:44:38 +02:00
|
|
|
# Admin (pk 2 == GROUP_ADMIN_PK)
|
2019-01-06 16:22:33 +01:00
|
|
|
group_admin = Group(pk=GROUP_ADMIN_PK, name="Admin")
|
2018-11-04 14:02:30 +01:00
|
|
|
group_admin.save(skip_autoupdate=True)
|
2018-10-09 13:44:38 +02:00
|
|
|
|
|
|
|
# Delegates (pk 3)
|
2015-02-18 15:58:12 +01:00
|
|
|
delegates_permissions = (
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_dict["agenda.can_see"],
|
|
|
|
permission_dict["agenda.can_see_internal_items"],
|
|
|
|
permission_dict["agenda.can_be_speaker"],
|
|
|
|
permission_dict["assignments.can_see"],
|
|
|
|
permission_dict["assignments.can_nominate_other"],
|
|
|
|
permission_dict["assignments.can_nominate_self"],
|
|
|
|
permission_dict["core.can_see_frontpage"],
|
|
|
|
permission_dict["core.can_see_projector"],
|
|
|
|
permission_dict["mediafiles.can_see"],
|
|
|
|
permission_dict["motions.can_see"],
|
|
|
|
permission_dict["motions.can_create"],
|
2019-01-18 19:41:05 +01:00
|
|
|
permission_dict["motions.can_create_amendments"],
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_dict["motions.can_support"],
|
|
|
|
permission_dict["users.can_see_name"],
|
2019-01-19 09:52:13 +01:00
|
|
|
permission_dict["users.can_change_password"],
|
2019-01-06 16:22:33 +01:00
|
|
|
)
|
|
|
|
group_delegates = Group(pk=3, name="Delegates")
|
2018-11-04 14:02:30 +01:00
|
|
|
group_delegates.save(skip_autoupdate=True)
|
2015-02-18 15:58:12 +01:00
|
|
|
group_delegates.permissions.add(*delegates_permissions)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2018-10-09 13:44:38 +02:00
|
|
|
# Staff (pk 4)
|
2015-02-18 15:58:12 +01:00
|
|
|
staff_permissions = (
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_dict["agenda.can_see"],
|
|
|
|
permission_dict["agenda.can_see_internal_items"],
|
|
|
|
permission_dict["agenda.can_be_speaker"],
|
|
|
|
permission_dict["agenda.can_manage"],
|
|
|
|
permission_dict["agenda.can_manage_list_of_speakers"],
|
|
|
|
permission_dict["assignments.can_see"],
|
|
|
|
permission_dict["assignments.can_manage"],
|
|
|
|
permission_dict["assignments.can_nominate_other"],
|
|
|
|
permission_dict["assignments.can_nominate_self"],
|
|
|
|
permission_dict["core.can_see_frontpage"],
|
2019-02-19 20:24:48 +01:00
|
|
|
permission_dict["core.can_see_history"],
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_dict["core.can_see_projector"],
|
|
|
|
permission_dict["core.can_manage_projector"],
|
|
|
|
permission_dict["core.can_manage_tags"],
|
|
|
|
permission_dict["mediafiles.can_see"],
|
|
|
|
permission_dict["mediafiles.can_manage"],
|
|
|
|
permission_dict["mediafiles.can_upload"],
|
2019-01-19 09:52:13 +01:00
|
|
|
permission_dict["mediafiles.can_see_hidden"],
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_dict["motions.can_see"],
|
2019-03-20 08:43:01 +01:00
|
|
|
permission_dict["motions.can_see_internal"],
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_dict["motions.can_create"],
|
2019-01-18 19:41:05 +01:00
|
|
|
permission_dict["motions.can_create_amendments"],
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_dict["motions.can_manage"],
|
|
|
|
permission_dict["motions.can_manage_metadata"],
|
|
|
|
permission_dict["users.can_see_name"],
|
|
|
|
permission_dict["users.can_manage"],
|
|
|
|
permission_dict["users.can_see_extra_data"],
|
2019-01-19 09:52:13 +01:00
|
|
|
permission_dict["users.can_change_password"],
|
2019-01-06 16:22:33 +01:00
|
|
|
)
|
|
|
|
group_staff = Group(pk=4, name="Staff")
|
2018-11-04 14:02:30 +01:00
|
|
|
group_staff.save(skip_autoupdate=True)
|
2018-02-23 13:00:47 +01:00
|
|
|
group_staff.permissions.add(*staff_permissions)
|
|
|
|
|
|
|
|
# Committees (pk 5)
|
2016-06-30 13:06:23 +02:00
|
|
|
committees_permissions = (
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_dict["agenda.can_see"],
|
|
|
|
permission_dict["agenda.can_see_internal_items"],
|
|
|
|
permission_dict["assignments.can_see"],
|
|
|
|
permission_dict["core.can_see_frontpage"],
|
|
|
|
permission_dict["core.can_see_projector"],
|
|
|
|
permission_dict["mediafiles.can_see"],
|
|
|
|
permission_dict["motions.can_see"],
|
|
|
|
permission_dict["motions.can_create"],
|
2019-01-18 19:41:05 +01:00
|
|
|
permission_dict["motions.can_create_amendments"],
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_dict["motions.can_support"],
|
|
|
|
permission_dict["users.can_see_name"],
|
2019-01-19 09:52:13 +01:00
|
|
|
permission_dict["users.can_change_password"],
|
2019-01-06 16:22:33 +01:00
|
|
|
)
|
|
|
|
group_committee = Group(pk=5, name="Committees")
|
2018-11-04 14:02:30 +01:00
|
|
|
group_committee.save(skip_autoupdate=True)
|
2016-06-30 13:06:23 +02:00
|
|
|
group_committee.permissions.add(*committees_permissions)
|
|
|
|
|
2015-09-16 00:55:27 +02:00
|
|
|
# Create or reset admin user
|
2019-03-19 20:26:12 +01:00
|
|
|
User.objects.create_or_reset_admin_user(skip_autoupdate=True)
|
2016-12-17 09:30:20 +01:00
|
|
|
|
|
|
|
# After each group was created, the permissions (many to many fields) where
|
2018-11-04 14:02:30 +01:00
|
|
|
# added to the group. But we do not have to update the cache by calling
|
|
|
|
# inform_changed_data() because the cache is updated on server start.
|
2019-04-02 07:50:09 +02:00
|
|
|
|
|
|
|
# For postgres, the id sequence (the current auto increment value for the id field)
|
|
|
|
# needs to be refreshed after inserting the groups per id, because postgres does not
|
|
|
|
# increment the sequence then.
|
|
|
|
if connection.vendor == "postgresql":
|
|
|
|
with connection.cursor() as cursor:
|
|
|
|
cursor.execute("SELECT max(id) + 1 as max FROM auth_group;")
|
|
|
|
max_id = cursor.fetchone()[0]
|
|
|
|
cursor.execute(f"ALTER SEQUENCE auth_group_id_seq RESTART WITH {max_id};")
|