Merge pull request #4131 from normanjaeckel/PasswordPerm
Added new permission to set password.
This commit is contained in:
Oskar Hahn
GitHub
commit
a895481cef
@ -40,6 +40,7 @@ Motions:
|
|||||||
User:
|
User:
|
||||||
- Added new admin group which grants all permissions. Users of existing group
|
- Added new admin group which grants all permissions. Users of existing group
|
||||||
'Admin' or 'Staff' are move to the new group during migration [#3859].
|
'Admin' or 'Staff' are move to the new group during migration [#3859].
|
||||||
|
- Added new permission to set its own password [#4131].
|
||||||
- Added gender field [#4124].
|
- Added gender field [#4124].
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
23
openslides/users/migrations/0009_auto_20190119_0941.py
Normal file
23
openslides/users/migrations/0009_auto_20190119_0941.py
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Generated by Django 2.1.5 on 2019-01-19 08:41
|
||||||
|
|
||||||
|
from django.db import migrations
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0008_user_gender'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name='user',
|
||||||
|
options={
|
||||||
|
'default_permissions': (), 'ordering': ('last_name', 'first_name', 'username'),
|
||||||
|
'permissions': (
|
||||||
|
('can_see_name', 'Can see names of users'),
|
||||||
|
('can_see_extra_data', 'Can see extra data of users (e.g. present and comment)'),
|
||||||
|
('can_change_password', 'Can change its own password'),
|
||||||
|
('can_manage', 'Can manage users'))},
|
||||||
|
),
|
||||||
|
]
|
||||||
@ -170,6 +170,7 @@ class User(RESTModelMixin, PermissionsMixin, AbstractBaseUser):
|
|||||||
"can_see_extra_data",
|
"can_see_extra_data",
|
||||||
"Can see extra data of users (e.g. present and comment)",
|
"Can see extra data of users (e.g. present and comment)",
|
||||||
),
|
),
|
||||||
|
("can_change_password", "Can change its own password"),
|
||||||
("can_manage", "Can manage users"),
|
("can_manage", "Can manage users"),
|
||||||
)
|
)
|
||||||
ordering = ("last_name", "first_name", "username")
|
ordering = ("last_name", "first_name", "username")
|
||||||
|
|||||||
@ -59,6 +59,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
|||||||
"motions.can_manage_metadata",
|
"motions.can_manage_metadata",
|
||||||
"motions.can_see",
|
"motions.can_see",
|
||||||
"motions.can_support",
|
"motions.can_support",
|
||||||
|
"users.can_change_password",
|
||||||
"users.can_manage",
|
"users.can_manage",
|
||||||
"users.can_see_extra_data",
|
"users.can_see_extra_data",
|
||||||
"users.can_see_name",
|
"users.can_see_name",
|
||||||
@ -89,6 +90,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
|||||||
permission_dict["mediafiles.can_see"],
|
permission_dict["mediafiles.can_see"],
|
||||||
permission_dict["motions.can_see"],
|
permission_dict["motions.can_see"],
|
||||||
permission_dict["users.can_see_name"],
|
permission_dict["users.can_see_name"],
|
||||||
|
permission_dict["users.can_change_password"],
|
||||||
)
|
)
|
||||||
group_default = Group(pk=GROUP_DEFAULT_PK, name="Default")
|
group_default = Group(pk=GROUP_DEFAULT_PK, name="Default")
|
||||||
group_default.save(skip_autoupdate=True)
|
group_default.save(skip_autoupdate=True)
|
||||||
@ -114,6 +116,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
|||||||
permission_dict["motions.can_create_amendments"],
|
permission_dict["motions.can_create_amendments"],
|
||||||
permission_dict["motions.can_support"],
|
permission_dict["motions.can_support"],
|
||||||
permission_dict["users.can_see_name"],
|
permission_dict["users.can_see_name"],
|
||||||
|
permission_dict["users.can_change_password"],
|
||||||
)
|
)
|
||||||
group_delegates = Group(pk=3, name="Delegates")
|
group_delegates = Group(pk=3, name="Delegates")
|
||||||
group_delegates.save(skip_autoupdate=True)
|
group_delegates.save(skip_autoupdate=True)
|
||||||
@ -138,6 +141,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
|||||||
permission_dict["mediafiles.can_see"],
|
permission_dict["mediafiles.can_see"],
|
||||||
permission_dict["mediafiles.can_manage"],
|
permission_dict["mediafiles.can_manage"],
|
||||||
permission_dict["mediafiles.can_upload"],
|
permission_dict["mediafiles.can_upload"],
|
||||||
|
permission_dict["mediafiles.can_see_hidden"],
|
||||||
permission_dict["motions.can_see"],
|
permission_dict["motions.can_see"],
|
||||||
permission_dict["motions.can_create"],
|
permission_dict["motions.can_create"],
|
||||||
permission_dict["motions.can_create_amendments"],
|
permission_dict["motions.can_create_amendments"],
|
||||||
@ -146,7 +150,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
|||||||
permission_dict["users.can_see_name"],
|
permission_dict["users.can_see_name"],
|
||||||
permission_dict["users.can_manage"],
|
permission_dict["users.can_manage"],
|
||||||
permission_dict["users.can_see_extra_data"],
|
permission_dict["users.can_see_extra_data"],
|
||||||
permission_dict["mediafiles.can_see_hidden"],
|
permission_dict["users.can_change_password"],
|
||||||
)
|
)
|
||||||
group_staff = Group(pk=4, name="Staff")
|
group_staff = Group(pk=4, name="Staff")
|
||||||
group_staff.save(skip_autoupdate=True)
|
group_staff.save(skip_autoupdate=True)
|
||||||
@ -165,6 +169,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
|||||||
permission_dict["motions.can_create_amendments"],
|
permission_dict["motions.can_create_amendments"],
|
||||||
permission_dict["motions.can_support"],
|
permission_dict["motions.can_support"],
|
||||||
permission_dict["users.can_see_name"],
|
permission_dict["users.can_see_name"],
|
||||||
|
permission_dict["users.can_change_password"],
|
||||||
)
|
)
|
||||||
group_committee = Group(pk=5, name="Committees")
|
group_committee = Group(pk=5, name="Committees")
|
||||||
group_committee.save(skip_autoupdate=True)
|
group_committee.save(skip_autoupdate=True)
|
||||||
|
|||||||
@ -571,6 +571,8 @@ class SetPasswordView(APIView):
|
|||||||
|
|
||||||
def post(self, request, *args, **kwargs):
|
def post(self, request, *args, **kwargs):
|
||||||
user = request.user
|
user = request.user
|
||||||
|
if not (has_perm(user, "users.can_change_password") or has_perm(user, "users.can_manage")):
|
||||||
|
self.permission_denied(request)
|
||||||
if user.check_password(request.data["old_password"]):
|
if user.check_password(request.data["old_password"]):
|
||||||
try:
|
try:
|
||||||
validate_password(request.data.get("new_password"), user=user)
|
validate_password(request.data.get("new_password"), user=user)
|
||||||
@ -600,6 +602,8 @@ class PasswordResetView(APIView):
|
|||||||
"""
|
"""
|
||||||
Loop over all users and send emails.
|
Loop over all users and send emails.
|
||||||
"""
|
"""
|
||||||
|
if not (has_perm(request.user, "users.can_change_password") or has_perm(request.user, "users.can_manage")):
|
||||||
|
self.permission_denied(request)
|
||||||
to_email = request.data.get("email")
|
to_email = request.data.get("email")
|
||||||
for user in self.get_users(to_email):
|
for user in self.get_users(to_email):
|
||||||
current_site = get_current_site(request)
|
current_site = get_current_site(request)
|
||||||
@ -667,6 +671,8 @@ class PasswordResetConfirmView(APIView):
|
|||||||
http_method_names = ["post"]
|
http_method_names = ["post"]
|
||||||
|
|
||||||
def post(self, request, *args, **kwargs):
|
def post(self, request, *args, **kwargs):
|
||||||
|
if not (has_perm(request.user, "users.can_change_password") or has_perm(request.user, "users.can_manage")):
|
||||||
|
self.permission_denied(request)
|
||||||
uidb64 = request.data.get("user_id")
|
uidb64 = request.data.get("user_id")
|
||||||
token = request.data.get("token")
|
token = request.data.get("token")
|
||||||
password = request.data.get("password")
|
password = request.data.get("password")
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user