diff --git a/CHANGELOG b/CHANGELOG index e9e28f1c5..d3c96638b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -82,6 +82,7 @@ Users: - Hide password in change password view [#3417]. - Added a change presence view [#3496]. - New feature to send invitation emails with OpenSlides login [#3503]. +- New admin user group [#3621]. Core: - No reload on logoff. OpenSlides is now a full single page diff --git a/openslides/users/models.py b/openslides/users/models.py index a28f33719..5c4a3c0c4 100644 --- a/openslides/users/models.py +++ b/openslides/users/models.py @@ -68,9 +68,9 @@ class UserManager(BaseUserManager): query_can_see_name = Q(content_type__app_label='users') & Q(codename='can_see_name') query_can_manage = Q(content_type__app_label='users') & Q(codename='can_manage') - staff, _ = Group.objects.get_or_create(name='Staff') - staff.permissions.add(Permission.objects.get(query_can_see_name)) - staff.permissions.add(Permission.objects.get(query_can_manage)) + admin_group, _ = Group.objects.get_or_create(name='Admin') + admin_group.permissions.add(Permission.objects.get(query_can_see_name)) + admin_group.permissions.add(Permission.objects.get(query_can_manage)) admin, created = self.get_or_create( username='admin', @@ -78,7 +78,7 @@ class UserManager(BaseUserManager): admin.default_password = 'admin' admin.password = make_password(admin.default_password) admin.save() - admin.groups.add(staff) + admin.groups.add(admin_group) return created def generate_username(self, first_name, last_name): diff --git a/openslides/users/signals.py b/openslides/users/signals.py index 1f6ff6568..7f5b5a531 100644 --- a/openslides/users/signals.py +++ b/openslides/users/signals.py @@ -95,7 +95,6 @@ def create_builtin_groups_and_admin(**kwargs): permission_dict['core.can_see_frontpage'], permission_dict['core.can_see_projector'], permission_dict['mediafiles.can_see'], - permission_dict['mediafiles.can_upload'], permission_dict['motions.can_see'], permission_dict['motions.can_create'], permission_dict['motions.can_support'], @@ -105,6 +104,37 @@ def create_builtin_groups_and_admin(**kwargs): # Staff (pk 3) staff_permissions = ( + permission_dict['agenda.can_see'], + permission_dict['agenda.can_see_hidden_items'], + permission_dict['agenda.can_be_speaker'], + permission_dict['agenda.can_manage'], + permission_dict['agenda.can_manage_list_of_speakers'], + permission_dict['assignments.can_see'], + permission_dict['assignments.can_manage'], + permission_dict['assignments.can_nominate_other'], + permission_dict['assignments.can_nominate_self'], + permission_dict['core.can_see_frontpage'], + permission_dict['core.can_see_projector'], + permission_dict['core.can_manage_projector'], + permission_dict['core.can_manage_tags'], + permission_dict['core.can_use_chat'], + permission_dict['mediafiles.can_see'], + permission_dict['mediafiles.can_manage'], + permission_dict['mediafiles.can_upload'], + permission_dict['motions.can_see'], + permission_dict['motions.can_create'], + permission_dict['motions.can_manage'], + permission_dict['motions.can_see_comments'], + permission_dict['motions.can_manage_comments'], + permission_dict['users.can_see_name'], + permission_dict['users.can_manage'], + permission_dict['users.can_see_extra_data'], + permission_dict['mediafiles.can_see_hidden'],) + group_staff = Group.objects.create(name='Staff') + group_staff.permissions.add(*staff_permissions) + + # Admin (pk 4) + admin_permissions = ( permission_dict['agenda.can_see'], permission_dict['agenda.can_see_hidden_items'], permission_dict['agenda.can_be_speaker'], @@ -134,25 +164,25 @@ def create_builtin_groups_and_admin(**kwargs): permission_dict['users.can_manage'], permission_dict['users.can_see_extra_data'], permission_dict['mediafiles.can_see_hidden'],) - group_staff = Group.objects.create(name='Staff') - group_staff.permissions.add(*staff_permissions) + group_admin = Group.objects.create(name='Admin') + group_admin.permissions.add(*admin_permissions) - # Add users.can_see_name permission to staff + # Add users.can_see_name permission to staff/admin # group to ensure proper management possibilities # TODO: Remove this redundancy after cleanup of the permission system. group_staff.permissions.add( permission_dict['users.can_see_name']) + group_admin.permissions.add( + permission_dict['users.can_see_name']) - # Committees (pk 4) + # Committees (pk 5) committees_permissions = ( permission_dict['agenda.can_see'], permission_dict['agenda.can_see_hidden_items'], - permission_dict['agenda.can_be_speaker'], permission_dict['assignments.can_see'], permission_dict['core.can_see_frontpage'], permission_dict['core.can_see_projector'], permission_dict['mediafiles.can_see'], - permission_dict['mediafiles.can_upload'], permission_dict['motions.can_see'], permission_dict['motions.can_create'], permission_dict['motions.can_support'], @@ -166,4 +196,4 @@ def create_builtin_groups_and_admin(**kwargs): # After each group was created, the permissions (many to many fields) where # added to the group. So we have to update the cache by calling # inform_changed_data(). - inform_changed_data((group_default, group_delegates, group_staff, group_committee)) + inform_changed_data((group_default, group_delegates, group_staff, group_admin, group_committee)) diff --git a/tests/integration/agenda/test_viewset.py b/tests/integration/agenda/test_viewset.py index 509c308e9..df82c19ff 100644 --- a/tests/integration/agenda/test_viewset.py +++ b/tests/integration/agenda/test_viewset.py @@ -203,10 +203,10 @@ class ManageSpeaker(TestCase): def test_add_someone_else_non_admin(self): admin = get_user_model().objects.get(username='admin') - group_staff = admin.groups.get(name='Staff') - group_delegates = type(group_staff).objects.get(name='Delegates') + group_admin = admin.groups.get(name='Admin') + group_delegates = type(group_admin).objects.get(name='Delegates') admin.groups.add(group_delegates) - admin.groups.remove(group_staff) + admin.groups.remove(group_admin) CollectionElement.from_instance(admin) response = self.client.post( @@ -240,10 +240,10 @@ class ManageSpeaker(TestCase): def test_remove_someone_else_non_admin(self): admin = get_user_model().objects.get(username='admin') - group_staff = admin.groups.get(name='Staff') - group_delegates = type(group_staff).objects.get(name='Delegates') + group_admin = admin.groups.get(name='Admin') + group_delegates = type(group_admin).objects.get(name='Delegates') admin.groups.add(group_delegates) - admin.groups.remove(group_staff) + admin.groups.remove(group_admin) CollectionElement.from_instance(admin) speaker = Speaker.objects.add(self.user, self.item) @@ -268,10 +268,10 @@ class ManageSpeaker(TestCase): def test_mark_speaker_non_admin(self): admin = get_user_model().objects.get(username='admin') - group_staff = admin.groups.get(name='Staff') - group_delegates = type(group_staff).objects.get(name='Delegates') + group_admin = admin.groups.get(name='Admin') + group_delegates = type(group_admin).objects.get(name='Delegates') admin.groups.add(group_delegates) - admin.groups.remove(group_staff) + admin.groups.remove(group_admin) CollectionElement.from_instance(admin) Speaker.objects.add(self.user, self.item) diff --git a/tests/integration/assignments/test_viewset.py b/tests/integration/assignments/test_viewset.py index c2ee1d0cd..5b889b575 100644 --- a/tests/integration/assignments/test_viewset.py +++ b/tests/integration/assignments/test_viewset.py @@ -106,10 +106,10 @@ class CanidatureSelf(TestCase): self.assignment.set_phase(Assignment.PHASE_VOTING) self.assignment.save() admin = get_user_model().objects.get(username='admin') - group_staff = admin.groups.get(name='Staff') - group_delegates = type(group_staff).objects.get(name='Delegates') + group_admin = admin.groups.get(name='Admin') + group_delegates = type(group_admin).objects.get(name='Delegates') admin.groups.add(group_delegates) - admin.groups.remove(group_staff) + admin.groups.remove(group_admin) get_redis_connection('default').flushall() response = self.client.post(reverse('assignment-candidature-self', args=[self.assignment.pk])) @@ -153,10 +153,10 @@ class CanidatureSelf(TestCase): self.assignment.set_phase(Assignment.PHASE_VOTING) self.assignment.save() admin = get_user_model().objects.get(username='admin') - group_staff = admin.groups.get(name='Staff') - group_delegates = type(group_staff).objects.get(name='Delegates') + group_admin = admin.groups.get(name='Admin') + group_delegates = type(group_admin).objects.get(name='Delegates') admin.groups.add(group_delegates) - admin.groups.remove(group_staff) + admin.groups.remove(group_admin) get_redis_connection('default').flushall() response = self.client.delete(reverse('assignment-candidature-self', args=[self.assignment.pk])) @@ -234,10 +234,10 @@ class CandidatureOther(TestCase): self.assignment.set_phase(Assignment.PHASE_VOTING) self.assignment.save() admin = get_user_model().objects.get(username='admin') - group_staff = admin.groups.get(name='Staff') - group_delegates = type(group_staff).objects.get(name='Delegates') + group_admin = admin.groups.get(name='Admin') + group_delegates = type(group_admin).objects.get(name='Delegates') admin.groups.add(group_delegates) - admin.groups.remove(group_staff) + admin.groups.remove(group_admin) get_redis_connection('default').flushall() response = self.client.post( @@ -290,10 +290,10 @@ class CandidatureOther(TestCase): self.assignment.set_phase(Assignment.PHASE_VOTING) self.assignment.save() admin = get_user_model().objects.get(username='admin') - group_staff = admin.groups.get(name='Staff') - group_delegates = type(group_staff).objects.get(name='Delegates') + group_admin = admin.groups.get(name='Admin') + group_delegates = type(group_admin).objects.get(name='Delegates') admin.groups.add(group_delegates) - admin.groups.remove(group_staff) + admin.groups.remove(group_admin) get_redis_connection('default').flushall() response = self.client.delete( diff --git a/tests/integration/motions/test_viewset.py b/tests/integration/motions/test_viewset.py index dac3922a8..bbebe4697 100644 --- a/tests/integration/motions/test_viewset.py +++ b/tests/integration/motions/test_viewset.py @@ -321,7 +321,7 @@ class CreateMotion(TestCase): """ self.admin = get_user_model().objects.get(username='admin') self.admin.groups.add(2) - self.admin.groups.remove(3) + self.admin.groups.remove(4) group_delegate = self.admin.groups.get() group_delegate.permissions.add(Permission.objects.get( content_type__app_label='motions', @@ -381,7 +381,7 @@ class CreateMotion(TestCase): self.admin = get_user_model().objects.get(username='admin') self.admin.groups.add(2) - self.admin.groups.remove(3) + self.admin.groups.remove(4) get_redis_connection('default').flushall() response = self.client.post( @@ -564,8 +564,8 @@ class UpdateMotion(TestCase): def test_removal_of_supporters(self): # No cache used here. admin = get_user_model().objects.get(username='admin') - group_staff = admin.groups.get(name='Staff') - admin.groups.remove(group_staff) + group_admin = admin.groups.get(name='Admin') + admin.groups.remove(group_admin) self.motion.submitters.add(admin) supporter = get_user_model().objects.create_user( username='test_username_ahshi4oZin0OoSh9chee', @@ -656,9 +656,9 @@ class DeleteMotion(TestCase): self.assertEqual(motions, 0) def make_admin_delegate(self): - group_staff = self.admin.groups.get(name='Staff') + group_admin = self.admin.groups.get(name='Admin') group_delegates = Group.objects.get(name='Delegates') - self.admin.groups.remove(group_staff) + self.admin.groups.remove(group_admin) self.admin.groups.add(group_delegates) CollectionElement.from_instance(self.admin)