From f9bac798aadb3697643d8a54c5069631e7bd0779 Mon Sep 17 00:00:00 2001 From: FinnStutzenstein Date: Mon, 29 Apr 2019 09:02:10 +0200 Subject: [PATCH] Rename the manage restriction field Renamed 'managers_only' to 'motions.can_maange' to adapt the (new) behavior of #4638. Closes #4643. --- .../workflow-detail.component.ts | 2 +- openslides/motions/access_permissions.py | 21 +++++++----------- .../migrations/0026_rename_restriction.py | 22 +++++++++++++++++++ openslides/motions/models.py | 7 +++--- openslides/motions/serializers.py | 2 +- tests/integration/motions/test_viewset.py | 4 ++-- 6 files changed, 37 insertions(+), 21 deletions(-) create mode 100644 openslides/motions/migrations/0026_rename_restriction.py diff --git a/client/src/app/site/motions/modules/motion-workflow/components/workflow-detail/workflow-detail.component.ts b/client/src/app/site/motions/modules/motion-workflow/components/workflow-detail/workflow-detail.component.ts index 7a8aca5f4..1ec62fa23 100644 --- a/client/src/app/site/motions/modules/motion-workflow/components/workflow-detail/workflow-detail.component.ts +++ b/client/src/app/site/motions/modules/motion-workflow/components/workflow-detail/workflow-detail.component.ts @@ -117,7 +117,7 @@ export class WorkflowDetailComponent extends BaseViewComponent implements OnInit * Determines possible restrictions */ public restrictions = [ - { key: 'managers_only', label: 'Can manage motions' }, + { key: 'motions.can_manage', label: 'Can manage motions' }, { key: 'motions.can_see_internal', label: 'Can see motions in internal state' }, { key: 'motions.can_manage_metadata', label: 'Can manage motion metadata' }, { key: 'is_submitter', label: 'Submitters' } diff --git a/openslides/motions/access_permissions.py b/openslides/motions/access_permissions.py index 8be74da94..b514d7b1b 100644 --- a/openslides/motions/access_permissions.py +++ b/openslides/motions/access_permissions.py @@ -48,21 +48,16 @@ class MotionAccessPermissions(BaseAccessPermissions): # Parse values of restriction field. # If at least one restriction is ok, permissions are granted. for value in restriction: - if value == "managers_only": - # permission remains false, becuase the user does not - # have this permission (see above); continue to check other fields - continue - elif value in ( + if value in ( "motions.can_see_internal", "motions.can_manage_metadata", - ): - if await async_has_perm(user_id, value): - permission = True - break - elif value == "is_submitter": - if is_submitter: - permission = True - break + "motions.can_manage", + ) and await async_has_perm(user_id, value): + permission = True + break + elif value == "is_submitter" and is_submitter: + permission = True + break # Parse single motion. if permission: diff --git a/openslides/motions/migrations/0026_rename_restriction.py b/openslides/motions/migrations/0026_rename_restriction.py new file mode 100644 index 000000000..45f55fa95 --- /dev/null +++ b/openslides/motions/migrations/0026_rename_restriction.py @@ -0,0 +1,22 @@ +# Generated by Finn Stutzenstein on 2019-04-29 08:51 + +from django.db import migrations + + +def rename_manager_restriction(apps, schema_editor): + """ + Renames 'managers_only' to 'motions.can_manage' + """ + State = apps.get_model("motions", "State") + for state in State.objects.all(): + for i in range(len(state.restriction)): + if state.restriction[i] == "managers_only": + state.restriction[i] = "motions.can_manage" + state.save(skip_autoupdate=True) + + +class Migration(migrations.Migration): + + dependencies = [("motions", "0025_motion_category_weight")] + + operations = [migrations.RunPython(rename_manager_restriction)] diff --git a/openslides/motions/models.py b/openslides/motions/models.py index 429162caf..9c7d25b18 100644 --- a/openslides/motions/models.py +++ b/openslides/motions/models.py @@ -1019,13 +1019,12 @@ class State(RESTModelMixin, models.Model): Contains a list of one or more of the following strings: * motions.can_see_internal * motions.can_manage_metadata + * motions.can_manage * is_submitter - * managers_only If the list is empty, everybody with the general permission to see motions - can see this motion. If the list contains 'managers_only', only managers with - motions.can_manage permission may see this motion. In all other cases the user - shall have one of the given permissions respectivly is submitter of the motion. + can see this motion. If the list contains at least one item, the user needs + the permission (or have the attribute) for at least one of the restrictions. Default: Empty list so everybody can see the motion. """ diff --git a/openslides/motions/serializers.py b/openslides/motions/serializers.py index 21aaa6f86..dec7f268e 100644 --- a/openslides/motions/serializers.py +++ b/openslides/motions/serializers.py @@ -131,8 +131,8 @@ class StateSerializer(ModelSerializer): "enum": [ "motions.can_see_internal", "motions.can_manage_metadata", + "motions.can_manage", "is_submitter", - "managers_only", ], }, } diff --git a/tests/integration/motions/test_viewset.py b/tests/integration/motions/test_viewset.py index 4e2b2e037..a11a960aa 100644 --- a/tests/integration/motions/test_viewset.py +++ b/tests/integration/motions/test_viewset.py @@ -481,7 +481,7 @@ class RetrieveMotion(TestCase): config["general_system_enable_anonymous"] = True guest_client = APIClient() state = self.motion.state - state.restriction = ["managers_only"] + state.restriction = ["motions.can_manage"] state.save() # The cache has to be cleared, see: # https://github.com/OpenSlides/OpenSlides/issues/3396 @@ -492,7 +492,7 @@ class RetrieveMotion(TestCase): def test_admin_state_with_restriction(self): state = self.motion.state - state.restriction = ["managers_only"] + state.restriction = ["motions.can_manage"] state.save() response = self.client.get(reverse("motion-detail", args=[self.motion.pk])) self.assertEqual(response.status_code, status.HTTP_200_OK)