Added new permission to see motions in internal state (so called authorized users).

This commit is contained in:
Norman Jäckel 2019-03-20 08:43:01 +01:00 committed by Emanuel Schütze
parent d62f1538ab
commit 16cde2cd96
6 changed files with 63 additions and 7 deletions

View File

@ -35,13 +35,14 @@ Motions:
follow recommendation, manage submitters and supporters, change motion follow recommendation, manage submitters and supporters, change motion
category, motion block and origin and manage motion polls [#3913]. category, motion block and origin and manage motion polls [#3913].
- Added new permission to create amendments [#4128]. - Added new permission to create amendments [#4128].
- Added new flag to motion state to control access for different users. Added
new permission to see motions in some internal state [#4235, #4518].
- Allowed submitters to set state of new motions in complex and customized - Allowed submitters to set state of new motions in complex and customized
workflow [#4236]. workflow [#4236].
- Added multi select action to manage submitters, tags, states and - Added multi select action to manage submitters, tags, states and
recommendations [#4037, #4132]. recommendations [#4037, #4132].
- Added timestampes for motions [#4134]. - Added timestampes for motions [#4134].
- New config option to set reason as required field [#4232] - New config option to set reason as required field [#4232]
- Added new flag to motion state to control access for different users [#4235].
User: User:
- Added new admin group which grants all permissions. Users of existing group - Added new admin group which grants all permissions. Users of existing group

View File

@ -118,8 +118,8 @@ export class WorkflowDetailComponent extends BaseViewComponent implements OnInit
*/ */
public accessLevels = [ public accessLevels = [
{ level: 0, label: '0: All users' }, { level: 0, label: '0: All users' },
{ level: 1, label: '1: Submitters and all managers' }, { level: 1, label: '1: Submitters, authorized users and managers' },
{ level: 2, label: '2: Only managers for motions and metadata' }, { level: 2, label: '2: Authorized users and managers for motions and metadata' },
{ level: 3, label: '3: Only managers for motions' } { level: 3, label: '3: Only managers for motions' }
] as AccessLevel[]; ] as AccessLevel[];

View File

@ -41,7 +41,9 @@ class MotionAccessPermissions(BaseAccessPermissions):
if await async_has_perm(user_id, "motions.can_manage"): if await async_has_perm(user_id, "motions.can_manage"):
level = State.MANAGERS_ONLY level = State.MANAGERS_ONLY
elif await async_has_perm(user_id, "motions.can_manage_metadata"): elif await async_has_perm(
user_id, "motions.can_manage_metadata"
) or await async_has_perm(user_id, "motions.can_see_internal"):
level = State.EXTENDED_MANAGERS level = State.EXTENDED_MANAGERS
elif is_submitter: elif is_submitter:
level = State.EXTENDED_MANAGERS_AND_SUBMITTER level = State.EXTENDED_MANAGERS_AND_SUBMITTER

View File

@ -0,0 +1,49 @@
# Generated by Django 2.1.7 on 2019-03-20 07:40
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [("motions", "0021_state_access_level_3")]
operations = [
migrations.AlterModelOptions(
name="motion",
options={
"default_permissions": (),
"ordering": ("identifier",),
"permissions": (
("can_see", "Can see motions"),
("can_see_internal", "Can see motions in internal state"),
("can_create", "Can create motions"),
("can_create_amendments", "Can create amendments"),
("can_support", "Can support motions"),
("can_manage_metadata", "Can manage motion metadata"),
("can_manage", "Can manage motions"),
),
"verbose_name": "Motion",
},
),
migrations.AlterField(
model_name="state",
name="access_level",
field=models.IntegerField(
choices=[
(0, "All users with permission to see motions"),
(
1,
"Submitters, authorized users (with permission to see internal motions), managers and "
"users with permission to manage metadata",
),
(
2,
"Only authorized users (with permission to see internal motions), managers and "
"users with permission to manage metadata",
),
(3, "Only managers"),
],
default=0,
),
),
]

View File

@ -264,6 +264,7 @@ class Motion(RESTModelMixin, models.Model):
default_permissions = () default_permissions = ()
permissions = ( permissions = (
("can_see", "Can see motions"), ("can_see", "Can see motions"),
("can_see_internal", "Can see motions in internal state"),
("can_create", "Can create motions"), ("can_create", "Can create motions"),
("can_create_amendments", "Can create amendments"), ("can_create_amendments", "Can create amendments"),
("can_support", "Can support motions"), ("can_support", "Can support motions"),
@ -1050,11 +1051,11 @@ class State(RESTModelMixin, models.Model):
(ALL, "All users with permission to see motions"), (ALL, "All users with permission to see motions"),
( (
EXTENDED_MANAGERS_AND_SUBMITTER, EXTENDED_MANAGERS_AND_SUBMITTER,
"Submitters, managers and users with permission to manage metadata", "Submitters, authorized users (with permission to see internal motions), managers and users with permission to manage metadata",
), ),
( (
EXTENDED_MANAGERS, EXTENDED_MANAGERS,
"Only managers and users with permission to manage metadata", "Only authorized users (with permission to see internal motions), managers and users with permission to manage metadata",
), ),
(MANAGERS_ONLY, "Only managers"), (MANAGERS_ONLY, "Only managers"),
) )
@ -1083,7 +1084,8 @@ class State(RESTModelMixin, models.Model):
access_level = models.IntegerField(choices=ACCESS_LEVELS, default=0) access_level = models.IntegerField(choices=ACCESS_LEVELS, default=0)
""" """
Defines which users may see motions in this state e. g. only managers, Defines which users may see motions in this state e. g. only managers,
users with permission to manage metadata and submitters. authorized users with permission to see internal motiosn, users with permission
to manage metadata and submitters.
""" """
allow_support = models.BooleanField(default=False) allow_support = models.BooleanField(default=False)

View File

@ -59,6 +59,7 @@ def create_builtin_groups_and_admin(**kwargs):
"motions.can_manage", "motions.can_manage",
"motions.can_manage_metadata", "motions.can_manage_metadata",
"motions.can_see", "motions.can_see",
"motions.can_see_internal",
"motions.can_support", "motions.can_support",
"users.can_change_password", "users.can_change_password",
"users.can_manage", "users.can_manage",
@ -145,6 +146,7 @@ def create_builtin_groups_and_admin(**kwargs):
permission_dict["mediafiles.can_upload"], permission_dict["mediafiles.can_upload"],
permission_dict["mediafiles.can_see_hidden"], permission_dict["mediafiles.can_see_hidden"],
permission_dict["motions.can_see"], permission_dict["motions.can_see"],
permission_dict["motions.can_see_internal"],
permission_dict["motions.can_create"], permission_dict["motions.can_create"],
permission_dict["motions.can_create_amendments"], permission_dict["motions.can_create_amendments"],
permission_dict["motions.can_manage"], permission_dict["motions.can_manage"],