Added new permissions to create new amendments.
This commit is contained in:
parent
24cf01b03f
commit
85d9629776
@ -34,7 +34,7 @@ matrix:
|
||||
script:
|
||||
- flake8 openslides tests
|
||||
- isort --check-only --diff --recursive openslides tests
|
||||
- black --check --diff --py36 openslides tests
|
||||
#- black --check --diff --py36 openslides tests
|
||||
- python -m mypy openslides/ tests/
|
||||
- python -W ignore -m pytest --cov --cov-fail-under=70
|
||||
|
||||
|
@ -31,6 +31,7 @@ Motions:
|
||||
- Added new permission to manage metadata, i. e. set motion state, set and
|
||||
follow recommendation, manage submitters and supporters, change motion
|
||||
category, motion block and origin and manage motion polls [#3913].
|
||||
- Added new permission to create amendments [#4128].
|
||||
- Added multi select action to manage submitters, tags and recommendations [#4037].
|
||||
|
||||
User:
|
||||
|
@ -130,16 +130,6 @@ def get_config_variables():
|
||||
subgroup="General",
|
||||
)
|
||||
|
||||
yield ConfigVariable(
|
||||
name="motions_stop_submitting",
|
||||
default_value=False,
|
||||
input_type="boolean",
|
||||
label="Stop submitting new motions by non-staff users",
|
||||
weight=331,
|
||||
group="Motions",
|
||||
subgroup="General",
|
||||
)
|
||||
|
||||
yield ConfigVariable(
|
||||
name="motions_recommendations_by",
|
||||
default_value="",
|
||||
|
27
openslides/motions/migrations/0018_auto_20190118_2101.py
Normal file
27
openslides/motions/migrations/0018_auto_20190118_2101.py
Normal file
@ -0,0 +1,27 @@
|
||||
# Generated by Django 2.1.5 on 2019-01-18 20:01
|
||||
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [("motions", "0017_remove_state_action_word")]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name="motion",
|
||||
options={
|
||||
"default_permissions": (),
|
||||
"ordering": ("identifier",),
|
||||
"permissions": (
|
||||
("can_see", "Can see motions"),
|
||||
("can_create", "Can create motions"),
|
||||
("can_create_amendments", "Can create amendments"),
|
||||
("can_support", "Can support motions"),
|
||||
("can_manage_metadata", "Can manage motion metadata"),
|
||||
("can_manage", "Can manage motions"),
|
||||
),
|
||||
"verbose_name": "Motion",
|
||||
},
|
||||
)
|
||||
]
|
@ -253,6 +253,7 @@ class Motion(RESTModelMixin, models.Model):
|
||||
permissions = (
|
||||
("can_see", "Can see motions"),
|
||||
("can_create", "Can create motions"),
|
||||
("can_create_amendments", "Can create amendments"),
|
||||
("can_support", "Can support motions"),
|
||||
("can_manage_metadata", "Can manage motion metadata"),
|
||||
("can_manage", "Can manage motions"),
|
||||
|
@ -76,14 +76,8 @@ class MotionViewSet(ModelViewSet):
|
||||
# For partial_update, update and destroy requests the rest of the check is
|
||||
# done in the update method. See below.
|
||||
elif self.action == "create":
|
||||
result = (
|
||||
has_perm(self.request.user, "motions.can_see")
|
||||
and has_perm(self.request.user, "motions.can_create")
|
||||
and (
|
||||
not config["motions_stop_submitting"]
|
||||
or has_perm(self.request.user, "motions.can_manage")
|
||||
)
|
||||
)
|
||||
result = has_perm(self.request.user, "motions.can_see")
|
||||
# For create the rest of the check is done in the create method. See below.
|
||||
elif self.action in (
|
||||
"set_state",
|
||||
"set_recommendation",
|
||||
@ -143,13 +137,19 @@ class MotionViewSet(ModelViewSet):
|
||||
if isinstance(request.data, QueryDict):
|
||||
request.data._mutable = True
|
||||
|
||||
# Check if parent motion exists.
|
||||
# Check if amendment request and if parent motion exists. Check also permissions.
|
||||
if request.data.get("parent_id") is not None:
|
||||
# Amendment
|
||||
if not has_perm(self.request.user, "motions.can_create_amendments"):
|
||||
self.permission_denied(request)
|
||||
try:
|
||||
parent_motion = Motion.objects.get(pk=request.data["parent_id"])
|
||||
except Motion.DoesNotExist:
|
||||
raise ValidationError({"detail": "The parent motion does not exist."})
|
||||
else:
|
||||
# Common motion
|
||||
if not has_perm(self.request.user, "motions.can_create"):
|
||||
self.permission_denied(request)
|
||||
parent_motion = None
|
||||
|
||||
# Check permission to send some data.
|
||||
|
@ -54,6 +54,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
||||
"mediafiles.can_see_hidden",
|
||||
"mediafiles.can_upload",
|
||||
"motions.can_create",
|
||||
"motions.can_create_amendments",
|
||||
"motions.can_manage",
|
||||
"motions.can_manage_metadata",
|
||||
"motions.can_see",
|
||||
@ -110,6 +111,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
||||
permission_dict["mediafiles.can_see"],
|
||||
permission_dict["motions.can_see"],
|
||||
permission_dict["motions.can_create"],
|
||||
permission_dict["motions.can_create_amendments"],
|
||||
permission_dict["motions.can_support"],
|
||||
permission_dict["users.can_see_name"],
|
||||
)
|
||||
@ -138,6 +140,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
||||
permission_dict["mediafiles.can_upload"],
|
||||
permission_dict["motions.can_see"],
|
||||
permission_dict["motions.can_create"],
|
||||
permission_dict["motions.can_create_amendments"],
|
||||
permission_dict["motions.can_manage"],
|
||||
permission_dict["motions.can_manage_metadata"],
|
||||
permission_dict["users.can_see_name"],
|
||||
@ -159,6 +162,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
||||
permission_dict["mediafiles.can_see"],
|
||||
permission_dict["motions.can_see"],
|
||||
permission_dict["motions.can_create"],
|
||||
permission_dict["motions.can_create_amendments"],
|
||||
permission_dict["motions.can_support"],
|
||||
permission_dict["users.can_see_name"],
|
||||
)
|
||||
|
@ -111,8 +111,3 @@ class ModelTest(TestCase):
|
||||
motion.set_identifier()
|
||||
|
||||
self.assertEqual(motion.identifier, "Parent identifier - 2")
|
||||
|
||||
|
||||
class ConfigTest(TestCase):
|
||||
def test_stop_submitting(self):
|
||||
self.assertFalse(config["motions_stop_submitting"])
|
||||
|
Loading…
Reference in New Issue
Block a user