Merge pull request #4518 from normanjaeckel/NewPermInternalMotions
Added new permission to see motions in internal state (so called auth…
This commit is contained in:
commit
a3ed1ae00c
@ -35,13 +35,14 @@ Motions:
|
|||||||
follow recommendation, manage submitters and supporters, change motion
|
follow recommendation, manage submitters and supporters, change motion
|
||||||
category, motion block and origin and manage motion polls [#3913].
|
category, motion block and origin and manage motion polls [#3913].
|
||||||
- Added new permission to create amendments [#4128].
|
- Added new permission to create amendments [#4128].
|
||||||
|
- Added new flag to motion state to control access for different users. Added
|
||||||
|
new permission to see motions in some internal state [#4235, #4518].
|
||||||
- Allowed submitters to set state of new motions in complex and customized
|
- Allowed submitters to set state of new motions in complex and customized
|
||||||
workflow [#4236].
|
workflow [#4236].
|
||||||
- Added multi select action to manage submitters, tags, states and
|
- Added multi select action to manage submitters, tags, states and
|
||||||
recommendations [#4037, #4132].
|
recommendations [#4037, #4132].
|
||||||
- Added timestampes for motions [#4134].
|
- Added timestampes for motions [#4134].
|
||||||
- New config option to set reason as required field [#4232]
|
- New config option to set reason as required field [#4232]
|
||||||
- Added new flag to motion state to control access for different users [#4235].
|
|
||||||
|
|
||||||
User:
|
User:
|
||||||
- Added new admin group which grants all permissions. Users of existing group
|
- Added new admin group which grants all permissions. Users of existing group
|
||||||
|
@ -118,8 +118,8 @@ export class WorkflowDetailComponent extends BaseViewComponent implements OnInit
|
|||||||
*/
|
*/
|
||||||
public accessLevels = [
|
public accessLevels = [
|
||||||
{ level: 0, label: '0: All users' },
|
{ level: 0, label: '0: All users' },
|
||||||
{ level: 1, label: '1: Submitters and all managers' },
|
{ level: 1, label: '1: Submitters, authorized users and managers' },
|
||||||
{ level: 2, label: '2: Only managers for motions and metadata' },
|
{ level: 2, label: '2: Authorized users and managers for motions and metadata' },
|
||||||
{ level: 3, label: '3: Only managers for motions' }
|
{ level: 3, label: '3: Only managers for motions' }
|
||||||
] as AccessLevel[];
|
] as AccessLevel[];
|
||||||
|
|
||||||
|
@ -41,7 +41,9 @@ class MotionAccessPermissions(BaseAccessPermissions):
|
|||||||
|
|
||||||
if await async_has_perm(user_id, "motions.can_manage"):
|
if await async_has_perm(user_id, "motions.can_manage"):
|
||||||
level = State.MANAGERS_ONLY
|
level = State.MANAGERS_ONLY
|
||||||
elif await async_has_perm(user_id, "motions.can_manage_metadata"):
|
elif await async_has_perm(
|
||||||
|
user_id, "motions.can_manage_metadata"
|
||||||
|
) or await async_has_perm(user_id, "motions.can_see_internal"):
|
||||||
level = State.EXTENDED_MANAGERS
|
level = State.EXTENDED_MANAGERS
|
||||||
elif is_submitter:
|
elif is_submitter:
|
||||||
level = State.EXTENDED_MANAGERS_AND_SUBMITTER
|
level = State.EXTENDED_MANAGERS_AND_SUBMITTER
|
||||||
|
49
openslides/motions/migrations/0022_auto_20190320_0840.py
Normal file
49
openslides/motions/migrations/0022_auto_20190320_0840.py
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
# Generated by Django 2.1.7 on 2019-03-20 07:40
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [("motions", "0021_state_access_level_3")]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name="motion",
|
||||||
|
options={
|
||||||
|
"default_permissions": (),
|
||||||
|
"ordering": ("identifier",),
|
||||||
|
"permissions": (
|
||||||
|
("can_see", "Can see motions"),
|
||||||
|
("can_see_internal", "Can see motions in internal state"),
|
||||||
|
("can_create", "Can create motions"),
|
||||||
|
("can_create_amendments", "Can create amendments"),
|
||||||
|
("can_support", "Can support motions"),
|
||||||
|
("can_manage_metadata", "Can manage motion metadata"),
|
||||||
|
("can_manage", "Can manage motions"),
|
||||||
|
),
|
||||||
|
"verbose_name": "Motion",
|
||||||
|
},
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="state",
|
||||||
|
name="access_level",
|
||||||
|
field=models.IntegerField(
|
||||||
|
choices=[
|
||||||
|
(0, "All users with permission to see motions"),
|
||||||
|
(
|
||||||
|
1,
|
||||||
|
"Submitters, authorized users (with permission to see internal motions), managers and "
|
||||||
|
"users with permission to manage metadata",
|
||||||
|
),
|
||||||
|
(
|
||||||
|
2,
|
||||||
|
"Only authorized users (with permission to see internal motions), managers and "
|
||||||
|
"users with permission to manage metadata",
|
||||||
|
),
|
||||||
|
(3, "Only managers"),
|
||||||
|
],
|
||||||
|
default=0,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
@ -264,6 +264,7 @@ class Motion(RESTModelMixin, models.Model):
|
|||||||
default_permissions = ()
|
default_permissions = ()
|
||||||
permissions = (
|
permissions = (
|
||||||
("can_see", "Can see motions"),
|
("can_see", "Can see motions"),
|
||||||
|
("can_see_internal", "Can see motions in internal state"),
|
||||||
("can_create", "Can create motions"),
|
("can_create", "Can create motions"),
|
||||||
("can_create_amendments", "Can create amendments"),
|
("can_create_amendments", "Can create amendments"),
|
||||||
("can_support", "Can support motions"),
|
("can_support", "Can support motions"),
|
||||||
@ -1050,11 +1051,11 @@ class State(RESTModelMixin, models.Model):
|
|||||||
(ALL, "All users with permission to see motions"),
|
(ALL, "All users with permission to see motions"),
|
||||||
(
|
(
|
||||||
EXTENDED_MANAGERS_AND_SUBMITTER,
|
EXTENDED_MANAGERS_AND_SUBMITTER,
|
||||||
"Submitters, managers and users with permission to manage metadata",
|
"Submitters, authorized users (with permission to see internal motions), managers and users with permission to manage metadata",
|
||||||
),
|
),
|
||||||
(
|
(
|
||||||
EXTENDED_MANAGERS,
|
EXTENDED_MANAGERS,
|
||||||
"Only managers and users with permission to manage metadata",
|
"Only authorized users (with permission to see internal motions), managers and users with permission to manage metadata",
|
||||||
),
|
),
|
||||||
(MANAGERS_ONLY, "Only managers"),
|
(MANAGERS_ONLY, "Only managers"),
|
||||||
)
|
)
|
||||||
@ -1083,7 +1084,8 @@ class State(RESTModelMixin, models.Model):
|
|||||||
access_level = models.IntegerField(choices=ACCESS_LEVELS, default=0)
|
access_level = models.IntegerField(choices=ACCESS_LEVELS, default=0)
|
||||||
"""
|
"""
|
||||||
Defines which users may see motions in this state e. g. only managers,
|
Defines which users may see motions in this state e. g. only managers,
|
||||||
users with permission to manage metadata and submitters.
|
authorized users with permission to see internal motiosn, users with permission
|
||||||
|
to manage metadata and submitters.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
allow_support = models.BooleanField(default=False)
|
allow_support = models.BooleanField(default=False)
|
||||||
|
@ -59,6 +59,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
|||||||
"motions.can_manage",
|
"motions.can_manage",
|
||||||
"motions.can_manage_metadata",
|
"motions.can_manage_metadata",
|
||||||
"motions.can_see",
|
"motions.can_see",
|
||||||
|
"motions.can_see_internal",
|
||||||
"motions.can_support",
|
"motions.can_support",
|
||||||
"users.can_change_password",
|
"users.can_change_password",
|
||||||
"users.can_manage",
|
"users.can_manage",
|
||||||
@ -145,6 +146,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
|||||||
permission_dict["mediafiles.can_upload"],
|
permission_dict["mediafiles.can_upload"],
|
||||||
permission_dict["mediafiles.can_see_hidden"],
|
permission_dict["mediafiles.can_see_hidden"],
|
||||||
permission_dict["motions.can_see"],
|
permission_dict["motions.can_see"],
|
||||||
|
permission_dict["motions.can_see_internal"],
|
||||||
permission_dict["motions.can_create"],
|
permission_dict["motions.can_create"],
|
||||||
permission_dict["motions.can_create_amendments"],
|
permission_dict["motions.can_create_amendments"],
|
||||||
permission_dict["motions.can_manage"],
|
permission_dict["motions.can_manage"],
|
||||||
|
Loading…
Reference in New Issue
Block a user