Splitup comment see and manage permissions for motion comments
This commit is contained in:
parent
8042beda60
commit
ca8ee3edd6
@ -27,7 +27,7 @@ script:
|
|||||||
- node_modules/.bin/karma start --browsers PhantomJS tests/karma/karma.conf.js
|
- node_modules/.bin/karma start --browsers PhantomJS tests/karma/karma.conf.js
|
||||||
|
|
||||||
- DJANGO_SETTINGS_MODULE='tests.settings' coverage run ./manage.py test tests.unit
|
- DJANGO_SETTINGS_MODULE='tests.settings' coverage run ./manage.py test tests.unit
|
||||||
- coverage report --fail-under=44
|
- coverage report --fail-under=43
|
||||||
|
|
||||||
- DJANGO_SETTINGS_MODULE='tests.settings' coverage run ./manage.py test tests.integration
|
- DJANGO_SETTINGS_MODULE='tests.settings' coverage run ./manage.py test tests.integration
|
||||||
- coverage report --fail-under=73
|
- coverage report --fail-under=73
|
||||||
|
@ -59,6 +59,8 @@ Motions:
|
|||||||
- Allow to delete own motions [#3516].
|
- Allow to delete own motions [#3516].
|
||||||
- Log which comment was updated [#3569].
|
- Log which comment was updated [#3569].
|
||||||
- Save pagination sate to session storage [#3569].
|
- Save pagination sate to session storage [#3569].
|
||||||
|
- Split up 'can_see_and_manage_comments' permission in two seperate
|
||||||
|
ones [#3565].
|
||||||
|
|
||||||
Elections:
|
Elections:
|
||||||
- Added pagination for list view [#3393].
|
- Added pagination for list view [#3393].
|
||||||
|
@ -19,7 +19,6 @@ class CoreAppConfig(AppConfig):
|
|||||||
def ready(self):
|
def ready(self):
|
||||||
# Import all required stuff.
|
# Import all required stuff.
|
||||||
from .config import config
|
from .config import config
|
||||||
from .signals import post_permission_creation
|
|
||||||
from ..utils.rest_api import router
|
from ..utils.rest_api import router
|
||||||
from .config_variables import get_config_variables
|
from .config_variables import get_config_variables
|
||||||
from .projector import get_projector_elements
|
from .projector import get_projector_elements
|
||||||
@ -27,8 +26,10 @@ class CoreAppConfig(AppConfig):
|
|||||||
delete_django_app_permissions,
|
delete_django_app_permissions,
|
||||||
get_permission_change_data,
|
get_permission_change_data,
|
||||||
permission_change,
|
permission_change,
|
||||||
|
post_permission_creation,
|
||||||
required_users,
|
required_users,
|
||||||
user_data_required)
|
user_data_required,
|
||||||
|
)
|
||||||
from .views import (
|
from .views import (
|
||||||
ChatMessageViewSet,
|
ChatMessageViewSet,
|
||||||
ConfigViewSet,
|
ConfigViewSet,
|
||||||
|
@ -58,7 +58,7 @@ class MotionAccessPermissions(BaseAccessPermissions):
|
|||||||
|
|
||||||
# Parse single motion.
|
# Parse single motion.
|
||||||
if permission:
|
if permission:
|
||||||
if has_perm(user, 'motions.can_see_and_manage_comments') or not full.get('comments'):
|
if has_perm(user, 'motions.can_see_comments') or not full.get('comments'):
|
||||||
# Provide access to all fields.
|
# Provide access to all fields.
|
||||||
motion = full
|
motion = full
|
||||||
else:
|
else:
|
||||||
|
@ -18,15 +18,28 @@ class MotionsAppConfig(AppConfig):
|
|||||||
from openslides.utils.rest_api import router
|
from openslides.utils.rest_api import router
|
||||||
from .config_variables import get_config_variables
|
from .config_variables import get_config_variables
|
||||||
from .projector import get_projector_elements
|
from .projector import get_projector_elements
|
||||||
from .signals import create_builtin_workflows, get_permission_change_data, required_users
|
from .signals import (
|
||||||
from .views import CategoryViewSet, MotionViewSet, MotionBlockViewSet, MotionPollViewSet, MotionChangeRecommendationViewSet, WorkflowViewSet
|
create_builtin_workflows,
|
||||||
|
get_permission_change_data,
|
||||||
|
required_users,
|
||||||
|
)
|
||||||
|
from .views import (
|
||||||
|
CategoryViewSet,
|
||||||
|
MotionViewSet,
|
||||||
|
MotionBlockViewSet,
|
||||||
|
MotionPollViewSet,
|
||||||
|
MotionChangeRecommendationViewSet,
|
||||||
|
WorkflowViewSet,
|
||||||
|
)
|
||||||
|
|
||||||
# Define config variables and projector elements.
|
# Define config variables and projector elements.
|
||||||
config.update_config_variables(get_config_variables())
|
config.update_config_variables(get_config_variables())
|
||||||
register_projector_elements(get_projector_elements())
|
register_projector_elements(get_projector_elements())
|
||||||
|
|
||||||
# Connect signals.
|
# Connect signals.
|
||||||
post_migrate.connect(create_builtin_workflows, dispatch_uid='motion_create_builtin_workflows')
|
post_migrate.connect(
|
||||||
|
create_builtin_workflows,
|
||||||
|
dispatch_uid='motion_create_builtin_workflows')
|
||||||
permission_change.connect(
|
permission_change.connect(
|
||||||
get_permission_change_data,
|
get_permission_change_data,
|
||||||
dispatch_uid='motions_get_permission_change_data')
|
dispatch_uid='motions_get_permission_change_data')
|
||||||
|
69
openslides/motions/migrations/0005_auto_20180202_1318.py
Normal file
69
openslides/motions/migrations/0005_auto_20180202_1318.py
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Generated by Django 1.10.8 on 2018-02-02 12:18
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.contrib.auth.models import Permission
|
||||||
|
from django.db import migrations
|
||||||
|
|
||||||
|
|
||||||
|
def delete_old_comment_permission(apps, schema_editor):
|
||||||
|
"""
|
||||||
|
Deletes the old 'can_see_and_manage_comments' permission which is
|
||||||
|
split up into two seperate permissions.
|
||||||
|
"""
|
||||||
|
perm = Permission.objects.filter(codename='can_see_and_manage_comments')
|
||||||
|
|
||||||
|
if len(perm):
|
||||||
|
perm = perm.get()
|
||||||
|
# Save content_type for manual creation of new permissions.
|
||||||
|
content_type = perm.content_type
|
||||||
|
|
||||||
|
# Save groups. list() is necessary to evaluate the database query right now.
|
||||||
|
groups = list(perm.group_set.all())
|
||||||
|
|
||||||
|
# Delete permission
|
||||||
|
perm.delete()
|
||||||
|
|
||||||
|
# Create new permission
|
||||||
|
perm_see = Permission.objects.create(
|
||||||
|
codename='can_see_comments',
|
||||||
|
name='Can see comments',
|
||||||
|
content_type=content_type)
|
||||||
|
perm_manage = Permission.objects.create(
|
||||||
|
codename='can_manage_comments',
|
||||||
|
name='Can manage comments',
|
||||||
|
content_type=content_type)
|
||||||
|
|
||||||
|
for group in groups:
|
||||||
|
group.permissions.add(perm_see)
|
||||||
|
group.permissions.add(perm_manage)
|
||||||
|
group.save()
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('motions', '0004_motionchangerecommendation_other_description'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name='motion',
|
||||||
|
options={
|
||||||
|
'default_permissions': (),
|
||||||
|
'ordering': ('identifier',),
|
||||||
|
'permissions': (
|
||||||
|
('can_see', 'Can see motions'),
|
||||||
|
('can_create', 'Can create motions'),
|
||||||
|
('can_support', 'Can support motions'),
|
||||||
|
('can_see_comments', 'Can see comments'),
|
||||||
|
('can_manage_comments', 'Can manage comments'),
|
||||||
|
('can_manage', 'Can manage motions')
|
||||||
|
),
|
||||||
|
'verbose_name': 'Motion'
|
||||||
|
},
|
||||||
|
),
|
||||||
|
migrations.RunPython(
|
||||||
|
delete_old_comment_permission
|
||||||
|
),
|
||||||
|
]
|
@ -182,7 +182,8 @@ class Motion(RESTModelMixin, models.Model):
|
|||||||
('can_see', 'Can see motions'),
|
('can_see', 'Can see motions'),
|
||||||
('can_create', 'Can create motions'),
|
('can_create', 'Can create motions'),
|
||||||
('can_support', 'Can support motions'),
|
('can_support', 'Can support motions'),
|
||||||
('can_see_and_manage_comments', 'Can see and manage comments'),
|
('can_see_comments', 'Can see comments'),
|
||||||
|
('can_manage_comments', 'Can manage comments'),
|
||||||
('can_manage', 'Can manage motions'),
|
('can_manage', 'Can manage motions'),
|
||||||
)
|
)
|
||||||
ordering = ('identifier', )
|
ordering = ('identifier', )
|
||||||
|
@ -589,7 +589,7 @@ angular.module('OpenSlidesApp.motions', [
|
|||||||
case 'reset_state':
|
case 'reset_state':
|
||||||
return operator.hasPerms('motions.can_manage');
|
return operator.hasPerms('motions.can_manage');
|
||||||
case 'change_comments':
|
case 'change_comments':
|
||||||
return operator.hasPerms('motions.can_see_and_manage_comments');
|
return operator.hasPerms('motions.can_manage_comments');
|
||||||
case 'change_recommendation':
|
case 'change_recommendation':
|
||||||
return operator.hasPerms('motions.can_manage');
|
return operator.hasPerms('motions.can_manage');
|
||||||
case 'can_manage':
|
case 'can_manage':
|
||||||
@ -776,7 +776,7 @@ angular.module('OpenSlidesApp.motions', [
|
|||||||
data: {
|
data: {
|
||||||
ckeditorOptions: Editor.getOptions()
|
ckeditorOptions: Editor.getOptions()
|
||||||
},
|
},
|
||||||
hide: !operator.hasPerms("motions.can_see_and_manage_comments")
|
hide: !operator.hasPerms("motions.can_manage_comments")
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
@ -828,7 +828,7 @@ angular.module('OpenSlidesApp.motions', [
|
|||||||
return function (commentsFields) {
|
return function (commentsFields) {
|
||||||
var withoutDeletedAndForbiddenCommentsFields = {};
|
var withoutDeletedAndForbiddenCommentsFields = {};
|
||||||
_.forEach(commentsFields, function (field, id) {
|
_.forEach(commentsFields, function (field, id) {
|
||||||
if (field && (field.public || operator.hasPerms('motions.can_see_and_manage_comments'))) {
|
if (field && (field.public || operator.hasPerms('motions.can_see_comments'))) {
|
||||||
withoutDeletedAndForbiddenCommentsFields[id] = field;
|
withoutDeletedAndForbiddenCommentsFields[id] = field;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
@ -1433,6 +1433,9 @@ angular.module('OpenSlidesApp.motions.site', [
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
// TODO: put this into a Group-watcher, so on permission changes, the comments
|
||||||
|
// show up. For this, the inline editing has to be reloaded, so every field
|
||||||
|
// has to be checked. wait for #3565 to be merged, then edit this in #3567
|
||||||
$scope.commentsFields = MotionComment.getCommentsFields();
|
$scope.commentsFields = MotionComment.getCommentsFields();
|
||||||
$scope.noSpecialCommentsFields = MotionComment.getNoSpecialCommentsFields();
|
$scope.noSpecialCommentsFields = MotionComment.getNoSpecialCommentsFields();
|
||||||
$scope.commentFieldForStateId = MotionComment.getFieldIdForFlag('forState');
|
$scope.commentFieldForStateId = MotionComment.getFieldIdForFlag('forState');
|
||||||
|
@ -136,7 +136,8 @@ class MotionViewSet(ModelViewSet):
|
|||||||
del request.data[key]
|
del request.data[key]
|
||||||
|
|
||||||
# Check permission to send comment data.
|
# Check permission to send comment data.
|
||||||
if not has_perm(request.user, 'motions.can_see_and_manage_comments'):
|
if (not has_perm(request.user, 'motions.can_see_comments') or
|
||||||
|
not has_perm(request.user, 'motions.can_manage_comments')):
|
||||||
try:
|
try:
|
||||||
# Ignore comments data if user is not allowed to send comments.
|
# Ignore comments data if user is not allowed to send comments.
|
||||||
del request.data['comments']
|
del request.data['comments']
|
||||||
@ -176,7 +177,8 @@ class MotionViewSet(ModelViewSet):
|
|||||||
# Check permissions.
|
# Check permissions.
|
||||||
if (not has_perm(request.user, 'motions.can_manage') and
|
if (not has_perm(request.user, 'motions.can_manage') and
|
||||||
not (motion.is_submitter(request.user) and motion.state.allow_submitter_edit) and
|
not (motion.is_submitter(request.user) and motion.state.allow_submitter_edit) and
|
||||||
not has_perm(request.user, 'motions.can_see_and_manage_comments')):
|
not (has_perm(request.user, 'motions.can_see_comments') and
|
||||||
|
has_perm(request.user, 'motions.can_manage_comments'))):
|
||||||
self.permission_denied(request)
|
self.permission_denied(request)
|
||||||
|
|
||||||
# Check permission to send only some data.
|
# Check permission to send only some data.
|
||||||
@ -197,7 +199,8 @@ class MotionViewSet(ModelViewSet):
|
|||||||
for key in keys:
|
for key in keys:
|
||||||
if key not in whitelist:
|
if key not in whitelist:
|
||||||
del request.data[key]
|
del request.data[key]
|
||||||
if not has_perm(request.user, 'motions.can_see_and_manage_comments'):
|
if (not has_perm(request.user, 'motions.can_see_comments') or
|
||||||
|
not has_perm(request.user, 'motions.can_manage_comments')):
|
||||||
try:
|
try:
|
||||||
del request.data['comments']
|
del request.data['comments']
|
||||||
except KeyError:
|
except KeyError:
|
||||||
|
@ -53,7 +53,8 @@ def create_builtin_groups_and_admin(**kwargs):
|
|||||||
'motions.can_create',
|
'motions.can_create',
|
||||||
'motions.can_manage',
|
'motions.can_manage',
|
||||||
'motions.can_see',
|
'motions.can_see',
|
||||||
'motions.can_see_and_manage_comments',
|
'motions.can_see_comments',
|
||||||
|
'motions.can_manage_comments',
|
||||||
'motions.can_support',
|
'motions.can_support',
|
||||||
'users.can_manage',
|
'users.can_manage',
|
||||||
'users.can_see_extra_data',
|
'users.can_see_extra_data',
|
||||||
@ -127,7 +128,8 @@ def create_builtin_groups_and_admin(**kwargs):
|
|||||||
permission_dict['motions.can_see'],
|
permission_dict['motions.can_see'],
|
||||||
permission_dict['motions.can_create'],
|
permission_dict['motions.can_create'],
|
||||||
permission_dict['motions.can_manage'],
|
permission_dict['motions.can_manage'],
|
||||||
permission_dict['motions.can_see_and_manage_comments'],
|
permission_dict['motions.can_see_comments'],
|
||||||
|
permission_dict['motions.can_manage_comments'],
|
||||||
permission_dict['users.can_see_name'],
|
permission_dict['users.can_see_name'],
|
||||||
permission_dict['users.can_manage'],
|
permission_dict['users.can_manage'],
|
||||||
permission_dict['users.can_see_extra_data'],
|
permission_dict['users.can_see_extra_data'],
|
||||||
|
@ -325,7 +325,7 @@ class CreateMotion(TestCase):
|
|||||||
group_delegate = self.admin.groups.get()
|
group_delegate = self.admin.groups.get()
|
||||||
group_delegate.permissions.add(Permission.objects.get(
|
group_delegate.permissions.add(Permission.objects.get(
|
||||||
content_type__app_label='motions',
|
content_type__app_label='motions',
|
||||||
codename='can_see_and_manage_comments',
|
codename='can_manage_comments',
|
||||||
))
|
))
|
||||||
|
|
||||||
response = self.client.post(
|
response = self.client.post(
|
||||||
|
@ -531,7 +531,8 @@ class GroupUpdate(TestCase):
|
|||||||
'motions.can_create',
|
'motions.can_create',
|
||||||
'motions.can_manage',
|
'motions.can_manage',
|
||||||
'motions.can_see',
|
'motions.can_see',
|
||||||
'motions.can_see_and_manage_comments',
|
'motions.can_manage_comments',
|
||||||
|
'motions.can_see_comments',
|
||||||
'motions.can_support',
|
'motions.can_support',
|
||||||
'users.can_manage',
|
'users.can_manage',
|
||||||
'users.can_see_extra_data',
|
'users.can_see_extra_data',
|
||||||
|
Loading…
Reference in New Issue
Block a user