Splitup comment see and manage permissions for motion comments
This commit is contained in:
parent
8042beda60
commit
ca8ee3edd6
@ -27,7 +27,7 @@ script:
|
||||
- node_modules/.bin/karma start --browsers PhantomJS tests/karma/karma.conf.js
|
||||
|
||||
- DJANGO_SETTINGS_MODULE='tests.settings' coverage run ./manage.py test tests.unit
|
||||
- coverage report --fail-under=44
|
||||
- coverage report --fail-under=43
|
||||
|
||||
- DJANGO_SETTINGS_MODULE='tests.settings' coverage run ./manage.py test tests.integration
|
||||
- coverage report --fail-under=73
|
||||
|
@ -59,6 +59,8 @@ Motions:
|
||||
- Allow to delete own motions [#3516].
|
||||
- Log which comment was updated [#3569].
|
||||
- Save pagination sate to session storage [#3569].
|
||||
- Split up 'can_see_and_manage_comments' permission in two seperate
|
||||
ones [#3565].
|
||||
|
||||
Elections:
|
||||
- Added pagination for list view [#3393].
|
||||
|
@ -19,7 +19,6 @@ class CoreAppConfig(AppConfig):
|
||||
def ready(self):
|
||||
# Import all required stuff.
|
||||
from .config import config
|
||||
from .signals import post_permission_creation
|
||||
from ..utils.rest_api import router
|
||||
from .config_variables import get_config_variables
|
||||
from .projector import get_projector_elements
|
||||
@ -27,8 +26,10 @@ class CoreAppConfig(AppConfig):
|
||||
delete_django_app_permissions,
|
||||
get_permission_change_data,
|
||||
permission_change,
|
||||
post_permission_creation,
|
||||
required_users,
|
||||
user_data_required)
|
||||
user_data_required,
|
||||
)
|
||||
from .views import (
|
||||
ChatMessageViewSet,
|
||||
ConfigViewSet,
|
||||
|
@ -58,7 +58,7 @@ class MotionAccessPermissions(BaseAccessPermissions):
|
||||
|
||||
# Parse single motion.
|
||||
if permission:
|
||||
if has_perm(user, 'motions.can_see_and_manage_comments') or not full.get('comments'):
|
||||
if has_perm(user, 'motions.can_see_comments') or not full.get('comments'):
|
||||
# Provide access to all fields.
|
||||
motion = full
|
||||
else:
|
||||
|
@ -18,15 +18,28 @@ class MotionsAppConfig(AppConfig):
|
||||
from openslides.utils.rest_api import router
|
||||
from .config_variables import get_config_variables
|
||||
from .projector import get_projector_elements
|
||||
from .signals import create_builtin_workflows, get_permission_change_data, required_users
|
||||
from .views import CategoryViewSet, MotionViewSet, MotionBlockViewSet, MotionPollViewSet, MotionChangeRecommendationViewSet, WorkflowViewSet
|
||||
from .signals import (
|
||||
create_builtin_workflows,
|
||||
get_permission_change_data,
|
||||
required_users,
|
||||
)
|
||||
from .views import (
|
||||
CategoryViewSet,
|
||||
MotionViewSet,
|
||||
MotionBlockViewSet,
|
||||
MotionPollViewSet,
|
||||
MotionChangeRecommendationViewSet,
|
||||
WorkflowViewSet,
|
||||
)
|
||||
|
||||
# Define config variables and projector elements.
|
||||
config.update_config_variables(get_config_variables())
|
||||
register_projector_elements(get_projector_elements())
|
||||
|
||||
# Connect signals.
|
||||
post_migrate.connect(create_builtin_workflows, dispatch_uid='motion_create_builtin_workflows')
|
||||
post_migrate.connect(
|
||||
create_builtin_workflows,
|
||||
dispatch_uid='motion_create_builtin_workflows')
|
||||
permission_change.connect(
|
||||
get_permission_change_data,
|
||||
dispatch_uid='motions_get_permission_change_data')
|
||||
|
69
openslides/motions/migrations/0005_auto_20180202_1318.py
Normal file
69
openslides/motions/migrations/0005_auto_20180202_1318.py
Normal file
@ -0,0 +1,69 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.8 on 2018-02-02 12:18
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.contrib.auth.models import Permission
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
def delete_old_comment_permission(apps, schema_editor):
|
||||
"""
|
||||
Deletes the old 'can_see_and_manage_comments' permission which is
|
||||
split up into two seperate permissions.
|
||||
"""
|
||||
perm = Permission.objects.filter(codename='can_see_and_manage_comments')
|
||||
|
||||
if len(perm):
|
||||
perm = perm.get()
|
||||
# Save content_type for manual creation of new permissions.
|
||||
content_type = perm.content_type
|
||||
|
||||
# Save groups. list() is necessary to evaluate the database query right now.
|
||||
groups = list(perm.group_set.all())
|
||||
|
||||
# Delete permission
|
||||
perm.delete()
|
||||
|
||||
# Create new permission
|
||||
perm_see = Permission.objects.create(
|
||||
codename='can_see_comments',
|
||||
name='Can see comments',
|
||||
content_type=content_type)
|
||||
perm_manage = Permission.objects.create(
|
||||
codename='can_manage_comments',
|
||||
name='Can manage comments',
|
||||
content_type=content_type)
|
||||
|
||||
for group in groups:
|
||||
group.permissions.add(perm_see)
|
||||
group.permissions.add(perm_manage)
|
||||
group.save()
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('motions', '0004_motionchangerecommendation_other_description'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='motion',
|
||||
options={
|
||||
'default_permissions': (),
|
||||
'ordering': ('identifier',),
|
||||
'permissions': (
|
||||
('can_see', 'Can see motions'),
|
||||
('can_create', 'Can create motions'),
|
||||
('can_support', 'Can support motions'),
|
||||
('can_see_comments', 'Can see comments'),
|
||||
('can_manage_comments', 'Can manage comments'),
|
||||
('can_manage', 'Can manage motions')
|
||||
),
|
||||
'verbose_name': 'Motion'
|
||||
},
|
||||
),
|
||||
migrations.RunPython(
|
||||
delete_old_comment_permission
|
||||
),
|
||||
]
|
@ -182,7 +182,8 @@ class Motion(RESTModelMixin, models.Model):
|
||||
('can_see', 'Can see motions'),
|
||||
('can_create', 'Can create motions'),
|
||||
('can_support', 'Can support motions'),
|
||||
('can_see_and_manage_comments', 'Can see and manage comments'),
|
||||
('can_see_comments', 'Can see comments'),
|
||||
('can_manage_comments', 'Can manage comments'),
|
||||
('can_manage', 'Can manage motions'),
|
||||
)
|
||||
ordering = ('identifier', )
|
||||
|
@ -589,7 +589,7 @@ angular.module('OpenSlidesApp.motions', [
|
||||
case 'reset_state':
|
||||
return operator.hasPerms('motions.can_manage');
|
||||
case 'change_comments':
|
||||
return operator.hasPerms('motions.can_see_and_manage_comments');
|
||||
return operator.hasPerms('motions.can_manage_comments');
|
||||
case 'change_recommendation':
|
||||
return operator.hasPerms('motions.can_manage');
|
||||
case 'can_manage':
|
||||
@ -776,7 +776,7 @@ angular.module('OpenSlidesApp.motions', [
|
||||
data: {
|
||||
ckeditorOptions: Editor.getOptions()
|
||||
},
|
||||
hide: !operator.hasPerms("motions.can_see_and_manage_comments")
|
||||
hide: !operator.hasPerms("motions.can_manage_comments")
|
||||
};
|
||||
}
|
||||
);
|
||||
@ -828,7 +828,7 @@ angular.module('OpenSlidesApp.motions', [
|
||||
return function (commentsFields) {
|
||||
var withoutDeletedAndForbiddenCommentsFields = {};
|
||||
_.forEach(commentsFields, function (field, id) {
|
||||
if (field && (field.public || operator.hasPerms('motions.can_see_and_manage_comments'))) {
|
||||
if (field && (field.public || operator.hasPerms('motions.can_see_comments'))) {
|
||||
withoutDeletedAndForbiddenCommentsFields[id] = field;
|
||||
}
|
||||
});
|
||||
|
@ -1433,6 +1433,9 @@ angular.module('OpenSlidesApp.motions.site', [
|
||||
});
|
||||
}
|
||||
};
|
||||
// TODO: put this into a Group-watcher, so on permission changes, the comments
|
||||
// show up. For this, the inline editing has to be reloaded, so every field
|
||||
// has to be checked. wait for #3565 to be merged, then edit this in #3567
|
||||
$scope.commentsFields = MotionComment.getCommentsFields();
|
||||
$scope.noSpecialCommentsFields = MotionComment.getNoSpecialCommentsFields();
|
||||
$scope.commentFieldForStateId = MotionComment.getFieldIdForFlag('forState');
|
||||
|
@ -136,7 +136,8 @@ class MotionViewSet(ModelViewSet):
|
||||
del request.data[key]
|
||||
|
||||
# Check permission to send comment data.
|
||||
if not has_perm(request.user, 'motions.can_see_and_manage_comments'):
|
||||
if (not has_perm(request.user, 'motions.can_see_comments') or
|
||||
not has_perm(request.user, 'motions.can_manage_comments')):
|
||||
try:
|
||||
# Ignore comments data if user is not allowed to send comments.
|
||||
del request.data['comments']
|
||||
@ -176,7 +177,8 @@ class MotionViewSet(ModelViewSet):
|
||||
# Check permissions.
|
||||
if (not has_perm(request.user, 'motions.can_manage') and
|
||||
not (motion.is_submitter(request.user) and motion.state.allow_submitter_edit) and
|
||||
not has_perm(request.user, 'motions.can_see_and_manage_comments')):
|
||||
not (has_perm(request.user, 'motions.can_see_comments') and
|
||||
has_perm(request.user, 'motions.can_manage_comments'))):
|
||||
self.permission_denied(request)
|
||||
|
||||
# Check permission to send only some data.
|
||||
@ -197,7 +199,8 @@ class MotionViewSet(ModelViewSet):
|
||||
for key in keys:
|
||||
if key not in whitelist:
|
||||
del request.data[key]
|
||||
if not has_perm(request.user, 'motions.can_see_and_manage_comments'):
|
||||
if (not has_perm(request.user, 'motions.can_see_comments') or
|
||||
not has_perm(request.user, 'motions.can_manage_comments')):
|
||||
try:
|
||||
del request.data['comments']
|
||||
except KeyError:
|
||||
|
@ -53,7 +53,8 @@ def create_builtin_groups_and_admin(**kwargs):
|
||||
'motions.can_create',
|
||||
'motions.can_manage',
|
||||
'motions.can_see',
|
||||
'motions.can_see_and_manage_comments',
|
||||
'motions.can_see_comments',
|
||||
'motions.can_manage_comments',
|
||||
'motions.can_support',
|
||||
'users.can_manage',
|
||||
'users.can_see_extra_data',
|
||||
@ -127,7 +128,8 @@ def create_builtin_groups_and_admin(**kwargs):
|
||||
permission_dict['motions.can_see'],
|
||||
permission_dict['motions.can_create'],
|
||||
permission_dict['motions.can_manage'],
|
||||
permission_dict['motions.can_see_and_manage_comments'],
|
||||
permission_dict['motions.can_see_comments'],
|
||||
permission_dict['motions.can_manage_comments'],
|
||||
permission_dict['users.can_see_name'],
|
||||
permission_dict['users.can_manage'],
|
||||
permission_dict['users.can_see_extra_data'],
|
||||
|
@ -325,7 +325,7 @@ class CreateMotion(TestCase):
|
||||
group_delegate = self.admin.groups.get()
|
||||
group_delegate.permissions.add(Permission.objects.get(
|
||||
content_type__app_label='motions',
|
||||
codename='can_see_and_manage_comments',
|
||||
codename='can_manage_comments',
|
||||
))
|
||||
|
||||
response = self.client.post(
|
||||
|
@ -531,7 +531,8 @@ class GroupUpdate(TestCase):
|
||||
'motions.can_create',
|
||||
'motions.can_manage',
|
||||
'motions.can_see',
|
||||
'motions.can_see_and_manage_comments',
|
||||
'motions.can_manage_comments',
|
||||
'motions.can_see_comments',
|
||||
'motions.can_support',
|
||||
'users.can_manage',
|
||||
'users.can_see_extra_data',
|
||||
|
Loading…
Reference in New Issue
Block a user