diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 95f798ea6..02a7e0dfa 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -35,13 +35,14 @@ Motions: follow recommendation, manage submitters and supporters, change motion category, motion block and origin and manage motion polls [#3913]. - Added new permission to create amendments [#4128]. + - Added new flag to motion state to control access for different users. Added + new permission to see motions in some internal state [#4235, #4518]. - Allowed submitters to set state of new motions in complex and customized workflow [#4236]. - Added multi select action to manage submitters, tags, states and recommendations [#4037, #4132]. - Added timestampes for motions [#4134]. - New config option to set reason as required field [#4232] - - Added new flag to motion state to control access for different users [#4235]. User: - Added new admin group which grants all permissions. Users of existing group diff --git a/client/src/app/site/motions/modules/motion-workflow/components/workflow-detail/workflow-detail.component.ts b/client/src/app/site/motions/modules/motion-workflow/components/workflow-detail/workflow-detail.component.ts index 86b1d3551..c92ad6f05 100644 --- a/client/src/app/site/motions/modules/motion-workflow/components/workflow-detail/workflow-detail.component.ts +++ b/client/src/app/site/motions/modules/motion-workflow/components/workflow-detail/workflow-detail.component.ts @@ -118,8 +118,8 @@ export class WorkflowDetailComponent extends BaseViewComponent implements OnInit */ public accessLevels = [ { level: 0, label: '0: All users' }, - { level: 1, label: '1: Submitters and all managers' }, - { level: 2, label: '2: Only managers for motions and metadata' }, + { level: 1, label: '1: Submitters, authorized users and managers' }, + { level: 2, label: '2: Authorized users and managers for motions and metadata' }, { level: 3, label: '3: Only managers for motions' } ] as AccessLevel[]; diff --git a/openslides/motions/access_permissions.py b/openslides/motions/access_permissions.py index 7e4a20bc5..66d6a2cb0 100644 --- a/openslides/motions/access_permissions.py +++ b/openslides/motions/access_permissions.py @@ -41,7 +41,9 @@ class MotionAccessPermissions(BaseAccessPermissions): if await async_has_perm(user_id, "motions.can_manage"): level = State.MANAGERS_ONLY - elif await async_has_perm(user_id, "motions.can_manage_metadata"): + elif await async_has_perm( + user_id, "motions.can_manage_metadata" + ) or await async_has_perm(user_id, "motions.can_see_internal"): level = State.EXTENDED_MANAGERS elif is_submitter: level = State.EXTENDED_MANAGERS_AND_SUBMITTER diff --git a/openslides/motions/migrations/0022_auto_20190320_0840.py b/openslides/motions/migrations/0022_auto_20190320_0840.py new file mode 100644 index 000000000..04db7afdd --- /dev/null +++ b/openslides/motions/migrations/0022_auto_20190320_0840.py @@ -0,0 +1,49 @@ +# Generated by Django 2.1.7 on 2019-03-20 07:40 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [("motions", "0021_state_access_level_3")] + + operations = [ + migrations.AlterModelOptions( + name="motion", + options={ + "default_permissions": (), + "ordering": ("identifier",), + "permissions": ( + ("can_see", "Can see motions"), + ("can_see_internal", "Can see motions in internal state"), + ("can_create", "Can create motions"), + ("can_create_amendments", "Can create amendments"), + ("can_support", "Can support motions"), + ("can_manage_metadata", "Can manage motion metadata"), + ("can_manage", "Can manage motions"), + ), + "verbose_name": "Motion", + }, + ), + migrations.AlterField( + model_name="state", + name="access_level", + field=models.IntegerField( + choices=[ + (0, "All users with permission to see motions"), + ( + 1, + "Submitters, authorized users (with permission to see internal motions), managers and " + "users with permission to manage metadata", + ), + ( + 2, + "Only authorized users (with permission to see internal motions), managers and " + "users with permission to manage metadata", + ), + (3, "Only managers"), + ], + default=0, + ), + ), + ] diff --git a/openslides/motions/models.py b/openslides/motions/models.py index 7c9674a09..dae7d50ee 100644 --- a/openslides/motions/models.py +++ b/openslides/motions/models.py @@ -264,6 +264,7 @@ class Motion(RESTModelMixin, models.Model): default_permissions = () permissions = ( ("can_see", "Can see motions"), + ("can_see_internal", "Can see motions in internal state"), ("can_create", "Can create motions"), ("can_create_amendments", "Can create amendments"), ("can_support", "Can support motions"), @@ -1050,11 +1051,11 @@ class State(RESTModelMixin, models.Model): (ALL, "All users with permission to see motions"), ( EXTENDED_MANAGERS_AND_SUBMITTER, - "Submitters, managers and users with permission to manage metadata", + "Submitters, authorized users (with permission to see internal motions), managers and users with permission to manage metadata", ), ( EXTENDED_MANAGERS, - "Only managers and users with permission to manage metadata", + "Only authorized users (with permission to see internal motions), managers and users with permission to manage metadata", ), (MANAGERS_ONLY, "Only managers"), ) @@ -1083,7 +1084,8 @@ class State(RESTModelMixin, models.Model): access_level = models.IntegerField(choices=ACCESS_LEVELS, default=0) """ Defines which users may see motions in this state e. g. only managers, - users with permission to manage metadata and submitters. + authorized users with permission to see internal motiosn, users with permission + to manage metadata and submitters. """ allow_support = models.BooleanField(default=False) diff --git a/openslides/users/signals.py b/openslides/users/signals.py index 324c4c229..db1c0e984 100644 --- a/openslides/users/signals.py +++ b/openslides/users/signals.py @@ -59,6 +59,7 @@ def create_builtin_groups_and_admin(**kwargs): "motions.can_manage", "motions.can_manage_metadata", "motions.can_see", + "motions.can_see_internal", "motions.can_support", "users.can_change_password", "users.can_manage", @@ -145,6 +146,7 @@ def create_builtin_groups_and_admin(**kwargs): permission_dict["mediafiles.can_upload"], permission_dict["mediafiles.can_see_hidden"], permission_dict["motions.can_see"], + permission_dict["motions.can_see_internal"], permission_dict["motions.can_create"], permission_dict["motions.can_create_amendments"], permission_dict["motions.can_manage"],