diff --git a/openslides/motions/migrations/0015_metadata_permission.py b/openslides/motions/migrations/0015_metadata_permission.py new file mode 100644 index 000000000..fc583971f --- /dev/null +++ b/openslides/motions/migrations/0015_metadata_permission.py @@ -0,0 +1,28 @@ +# Generated by Django 2.1.2 on 2018-10-29 13:54 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('motions', '0014_motionchangerecommendation_internal'), + ] + + operations = [ + migrations.AlterModelOptions( + name='motion', + options={ + 'default_permissions': (), + 'ordering': ('identifier',), + 'permissions': ( + ('can_see', 'Can see motions'), + ('can_create', 'Can create motions'), + ('can_support', 'Can support motions'), + ('can_manage_metadata', 'Can manage motion metadata'), + ('can_manage', 'Can manage motions') + ), + 'verbose_name': 'Motion' + }, + ), + ] diff --git a/openslides/motions/views.py b/openslides/motions/views.py index b4c0ff200..403a492b1 100644 --- a/openslides/motions/views.py +++ b/openslides/motions/views.py @@ -231,6 +231,9 @@ class MotionViewSet(ModelViewSet): self.permission_denied(request) # Check permission to send only some data. + # Attention: Users with motions.can_manage permission can change all + # fields even if they do not have motions.can_manage_metadata + # permission. if not has_perm(request.user, 'motions.can_manage'): # Remove fields that the user is not allowed to change. # The list() is required because we want to use del inside the loop. diff --git a/openslides/users/signals.py b/openslides/users/signals.py index ac762f391..e7d021a3e 100644 --- a/openslides/users/signals.py +++ b/openslides/users/signals.py @@ -53,6 +53,7 @@ def create_builtin_groups_and_admin(**kwargs): 'mediafiles.can_upload', 'motions.can_create', 'motions.can_manage', + 'motions.can_manage_metadata', 'motions.can_see', 'motions.can_support', 'users.can_manage', @@ -126,6 +127,7 @@ def create_builtin_groups_and_admin(**kwargs): permission_dict['motions.can_see'], permission_dict['motions.can_create'], permission_dict['motions.can_manage'], + permission_dict['motions.can_manage_metadata'], permission_dict['users.can_see_name'], permission_dict['users.can_manage'], permission_dict['users.can_see_extra_data'],