New admin user group

This commit is contained in:
Emanuel Schütze 2018-02-23 13:00:47 +01:00
parent d073cbbf6f
commit 4e1c7b7497
6 changed files with 70 additions and 39 deletions

View File

@ -82,6 +82,7 @@ Users:
- Hide password in change password view [#3417]. - Hide password in change password view [#3417].
- Added a change presence view [#3496]. - Added a change presence view [#3496].
- New feature to send invitation emails with OpenSlides login [#3503]. - New feature to send invitation emails with OpenSlides login [#3503].
- New admin user group [#3621].
Core: Core:
- No reload on logoff. OpenSlides is now a full single page - No reload on logoff. OpenSlides is now a full single page

View File

@ -68,9 +68,9 @@ class UserManager(BaseUserManager):
query_can_see_name = Q(content_type__app_label='users') & Q(codename='can_see_name') query_can_see_name = Q(content_type__app_label='users') & Q(codename='can_see_name')
query_can_manage = Q(content_type__app_label='users') & Q(codename='can_manage') query_can_manage = Q(content_type__app_label='users') & Q(codename='can_manage')
staff, _ = Group.objects.get_or_create(name='Staff') admin_group, _ = Group.objects.get_or_create(name='Admin')
staff.permissions.add(Permission.objects.get(query_can_see_name)) admin_group.permissions.add(Permission.objects.get(query_can_see_name))
staff.permissions.add(Permission.objects.get(query_can_manage)) admin_group.permissions.add(Permission.objects.get(query_can_manage))
admin, created = self.get_or_create( admin, created = self.get_or_create(
username='admin', username='admin',
@ -78,7 +78,7 @@ class UserManager(BaseUserManager):
admin.default_password = 'admin' admin.default_password = 'admin'
admin.password = make_password(admin.default_password) admin.password = make_password(admin.default_password)
admin.save() admin.save()
admin.groups.add(staff) admin.groups.add(admin_group)
return created return created
def generate_username(self, first_name, last_name): def generate_username(self, first_name, last_name):

View File

@ -95,7 +95,6 @@ def create_builtin_groups_and_admin(**kwargs):
permission_dict['core.can_see_frontpage'], permission_dict['core.can_see_frontpage'],
permission_dict['core.can_see_projector'], permission_dict['core.can_see_projector'],
permission_dict['mediafiles.can_see'], permission_dict['mediafiles.can_see'],
permission_dict['mediafiles.can_upload'],
permission_dict['motions.can_see'], permission_dict['motions.can_see'],
permission_dict['motions.can_create'], permission_dict['motions.can_create'],
permission_dict['motions.can_support'], permission_dict['motions.can_support'],
@ -105,6 +104,37 @@ def create_builtin_groups_and_admin(**kwargs):
# Staff (pk 3) # Staff (pk 3)
staff_permissions = ( staff_permissions = (
permission_dict['agenda.can_see'],
permission_dict['agenda.can_see_hidden_items'],
permission_dict['agenda.can_be_speaker'],
permission_dict['agenda.can_manage'],
permission_dict['agenda.can_manage_list_of_speakers'],
permission_dict['assignments.can_see'],
permission_dict['assignments.can_manage'],
permission_dict['assignments.can_nominate_other'],
permission_dict['assignments.can_nominate_self'],
permission_dict['core.can_see_frontpage'],
permission_dict['core.can_see_projector'],
permission_dict['core.can_manage_projector'],
permission_dict['core.can_manage_tags'],
permission_dict['core.can_use_chat'],
permission_dict['mediafiles.can_see'],
permission_dict['mediafiles.can_manage'],
permission_dict['mediafiles.can_upload'],
permission_dict['motions.can_see'],
permission_dict['motions.can_create'],
permission_dict['motions.can_manage'],
permission_dict['motions.can_see_comments'],
permission_dict['motions.can_manage_comments'],
permission_dict['users.can_see_name'],
permission_dict['users.can_manage'],
permission_dict['users.can_see_extra_data'],
permission_dict['mediafiles.can_see_hidden'],)
group_staff = Group.objects.create(name='Staff')
group_staff.permissions.add(*staff_permissions)
# Admin (pk 4)
admin_permissions = (
permission_dict['agenda.can_see'], permission_dict['agenda.can_see'],
permission_dict['agenda.can_see_hidden_items'], permission_dict['agenda.can_see_hidden_items'],
permission_dict['agenda.can_be_speaker'], permission_dict['agenda.can_be_speaker'],
@ -134,25 +164,25 @@ def create_builtin_groups_and_admin(**kwargs):
permission_dict['users.can_manage'], permission_dict['users.can_manage'],
permission_dict['users.can_see_extra_data'], permission_dict['users.can_see_extra_data'],
permission_dict['mediafiles.can_see_hidden'],) permission_dict['mediafiles.can_see_hidden'],)
group_staff = Group.objects.create(name='Staff') group_admin = Group.objects.create(name='Admin')
group_staff.permissions.add(*staff_permissions) group_admin.permissions.add(*admin_permissions)
# Add users.can_see_name permission to staff # Add users.can_see_name permission to staff/admin
# group to ensure proper management possibilities # group to ensure proper management possibilities
# TODO: Remove this redundancy after cleanup of the permission system. # TODO: Remove this redundancy after cleanup of the permission system.
group_staff.permissions.add( group_staff.permissions.add(
permission_dict['users.can_see_name']) permission_dict['users.can_see_name'])
group_admin.permissions.add(
permission_dict['users.can_see_name'])
# Committees (pk 4) # Committees (pk 5)
committees_permissions = ( committees_permissions = (
permission_dict['agenda.can_see'], permission_dict['agenda.can_see'],
permission_dict['agenda.can_see_hidden_items'], permission_dict['agenda.can_see_hidden_items'],
permission_dict['agenda.can_be_speaker'],
permission_dict['assignments.can_see'], permission_dict['assignments.can_see'],
permission_dict['core.can_see_frontpage'], permission_dict['core.can_see_frontpage'],
permission_dict['core.can_see_projector'], permission_dict['core.can_see_projector'],
permission_dict['mediafiles.can_see'], permission_dict['mediafiles.can_see'],
permission_dict['mediafiles.can_upload'],
permission_dict['motions.can_see'], permission_dict['motions.can_see'],
permission_dict['motions.can_create'], permission_dict['motions.can_create'],
permission_dict['motions.can_support'], permission_dict['motions.can_support'],
@ -166,4 +196,4 @@ def create_builtin_groups_and_admin(**kwargs):
# After each group was created, the permissions (many to many fields) where # After each group was created, the permissions (many to many fields) where
# added to the group. So we have to update the cache by calling # added to the group. So we have to update the cache by calling
# inform_changed_data(). # inform_changed_data().
inform_changed_data((group_default, group_delegates, group_staff, group_committee)) inform_changed_data((group_default, group_delegates, group_staff, group_admin, group_committee))

View File

@ -203,10 +203,10 @@ class ManageSpeaker(TestCase):
def test_add_someone_else_non_admin(self): def test_add_someone_else_non_admin(self):
admin = get_user_model().objects.get(username='admin') admin = get_user_model().objects.get(username='admin')
group_staff = admin.groups.get(name='Staff') group_admin = admin.groups.get(name='Admin')
group_delegates = type(group_staff).objects.get(name='Delegates') group_delegates = type(group_admin).objects.get(name='Delegates')
admin.groups.add(group_delegates) admin.groups.add(group_delegates)
admin.groups.remove(group_staff) admin.groups.remove(group_admin)
CollectionElement.from_instance(admin) CollectionElement.from_instance(admin)
response = self.client.post( response = self.client.post(
@ -240,10 +240,10 @@ class ManageSpeaker(TestCase):
def test_remove_someone_else_non_admin(self): def test_remove_someone_else_non_admin(self):
admin = get_user_model().objects.get(username='admin') admin = get_user_model().objects.get(username='admin')
group_staff = admin.groups.get(name='Staff') group_admin = admin.groups.get(name='Admin')
group_delegates = type(group_staff).objects.get(name='Delegates') group_delegates = type(group_admin).objects.get(name='Delegates')
admin.groups.add(group_delegates) admin.groups.add(group_delegates)
admin.groups.remove(group_staff) admin.groups.remove(group_admin)
CollectionElement.from_instance(admin) CollectionElement.from_instance(admin)
speaker = Speaker.objects.add(self.user, self.item) speaker = Speaker.objects.add(self.user, self.item)
@ -268,10 +268,10 @@ class ManageSpeaker(TestCase):
def test_mark_speaker_non_admin(self): def test_mark_speaker_non_admin(self):
admin = get_user_model().objects.get(username='admin') admin = get_user_model().objects.get(username='admin')
group_staff = admin.groups.get(name='Staff') group_admin = admin.groups.get(name='Admin')
group_delegates = type(group_staff).objects.get(name='Delegates') group_delegates = type(group_admin).objects.get(name='Delegates')
admin.groups.add(group_delegates) admin.groups.add(group_delegates)
admin.groups.remove(group_staff) admin.groups.remove(group_admin)
CollectionElement.from_instance(admin) CollectionElement.from_instance(admin)
Speaker.objects.add(self.user, self.item) Speaker.objects.add(self.user, self.item)

View File

@ -106,10 +106,10 @@ class CanidatureSelf(TestCase):
self.assignment.set_phase(Assignment.PHASE_VOTING) self.assignment.set_phase(Assignment.PHASE_VOTING)
self.assignment.save() self.assignment.save()
admin = get_user_model().objects.get(username='admin') admin = get_user_model().objects.get(username='admin')
group_staff = admin.groups.get(name='Staff') group_admin = admin.groups.get(name='Admin')
group_delegates = type(group_staff).objects.get(name='Delegates') group_delegates = type(group_admin).objects.get(name='Delegates')
admin.groups.add(group_delegates) admin.groups.add(group_delegates)
admin.groups.remove(group_staff) admin.groups.remove(group_admin)
get_redis_connection('default').flushall() get_redis_connection('default').flushall()
response = self.client.post(reverse('assignment-candidature-self', args=[self.assignment.pk])) response = self.client.post(reverse('assignment-candidature-self', args=[self.assignment.pk]))
@ -153,10 +153,10 @@ class CanidatureSelf(TestCase):
self.assignment.set_phase(Assignment.PHASE_VOTING) self.assignment.set_phase(Assignment.PHASE_VOTING)
self.assignment.save() self.assignment.save()
admin = get_user_model().objects.get(username='admin') admin = get_user_model().objects.get(username='admin')
group_staff = admin.groups.get(name='Staff') group_admin = admin.groups.get(name='Admin')
group_delegates = type(group_staff).objects.get(name='Delegates') group_delegates = type(group_admin).objects.get(name='Delegates')
admin.groups.add(group_delegates) admin.groups.add(group_delegates)
admin.groups.remove(group_staff) admin.groups.remove(group_admin)
get_redis_connection('default').flushall() get_redis_connection('default').flushall()
response = self.client.delete(reverse('assignment-candidature-self', args=[self.assignment.pk])) response = self.client.delete(reverse('assignment-candidature-self', args=[self.assignment.pk]))
@ -234,10 +234,10 @@ class CandidatureOther(TestCase):
self.assignment.set_phase(Assignment.PHASE_VOTING) self.assignment.set_phase(Assignment.PHASE_VOTING)
self.assignment.save() self.assignment.save()
admin = get_user_model().objects.get(username='admin') admin = get_user_model().objects.get(username='admin')
group_staff = admin.groups.get(name='Staff') group_admin = admin.groups.get(name='Admin')
group_delegates = type(group_staff).objects.get(name='Delegates') group_delegates = type(group_admin).objects.get(name='Delegates')
admin.groups.add(group_delegates) admin.groups.add(group_delegates)
admin.groups.remove(group_staff) admin.groups.remove(group_admin)
get_redis_connection('default').flushall() get_redis_connection('default').flushall()
response = self.client.post( response = self.client.post(
@ -290,10 +290,10 @@ class CandidatureOther(TestCase):
self.assignment.set_phase(Assignment.PHASE_VOTING) self.assignment.set_phase(Assignment.PHASE_VOTING)
self.assignment.save() self.assignment.save()
admin = get_user_model().objects.get(username='admin') admin = get_user_model().objects.get(username='admin')
group_staff = admin.groups.get(name='Staff') group_admin = admin.groups.get(name='Admin')
group_delegates = type(group_staff).objects.get(name='Delegates') group_delegates = type(group_admin).objects.get(name='Delegates')
admin.groups.add(group_delegates) admin.groups.add(group_delegates)
admin.groups.remove(group_staff) admin.groups.remove(group_admin)
get_redis_connection('default').flushall() get_redis_connection('default').flushall()
response = self.client.delete( response = self.client.delete(

View File

@ -321,7 +321,7 @@ class CreateMotion(TestCase):
""" """
self.admin = get_user_model().objects.get(username='admin') self.admin = get_user_model().objects.get(username='admin')
self.admin.groups.add(2) self.admin.groups.add(2)
self.admin.groups.remove(3) self.admin.groups.remove(4)
group_delegate = self.admin.groups.get() group_delegate = self.admin.groups.get()
group_delegate.permissions.add(Permission.objects.get( group_delegate.permissions.add(Permission.objects.get(
content_type__app_label='motions', content_type__app_label='motions',
@ -381,7 +381,7 @@ class CreateMotion(TestCase):
self.admin = get_user_model().objects.get(username='admin') self.admin = get_user_model().objects.get(username='admin')
self.admin.groups.add(2) self.admin.groups.add(2)
self.admin.groups.remove(3) self.admin.groups.remove(4)
get_redis_connection('default').flushall() get_redis_connection('default').flushall()
response = self.client.post( response = self.client.post(
@ -564,8 +564,8 @@ class UpdateMotion(TestCase):
def test_removal_of_supporters(self): def test_removal_of_supporters(self):
# No cache used here. # No cache used here.
admin = get_user_model().objects.get(username='admin') admin = get_user_model().objects.get(username='admin')
group_staff = admin.groups.get(name='Staff') group_admin = admin.groups.get(name='Admin')
admin.groups.remove(group_staff) admin.groups.remove(group_admin)
self.motion.submitters.add(admin) self.motion.submitters.add(admin)
supporter = get_user_model().objects.create_user( supporter = get_user_model().objects.create_user(
username='test_username_ahshi4oZin0OoSh9chee', username='test_username_ahshi4oZin0OoSh9chee',
@ -656,9 +656,9 @@ class DeleteMotion(TestCase):
self.assertEqual(motions, 0) self.assertEqual(motions, 0)
def make_admin_delegate(self): def make_admin_delegate(self):
group_staff = self.admin.groups.get(name='Staff') group_admin = self.admin.groups.get(name='Admin')
group_delegates = Group.objects.get(name='Delegates') group_delegates = Group.objects.get(name='Delegates')
self.admin.groups.remove(group_staff) self.admin.groups.remove(group_admin)
self.admin.groups.add(group_delegates) self.admin.groups.add(group_delegates)
CollectionElement.from_instance(self.admin) CollectionElement.from_instance(self.admin)