Added new permission to see the history.

CHANGELOG.rst

@@ -21,7 +21,7 @@ Core:
  - Add a change-id system to get only new elements [#3938].
  - Switch from Yarn back to npm [#3964].
  - Added password reset link (password reset via email) [#3914, #4199].
- - Added global history mode [#3977, #4141].
+ - Added global history mode [#3977, #4141, #4369, #4373].
  - Projector refactoring [4119, #4130].
  - Fixed logo configuration if logo file is deleted [#4374].
 

openslides/core/access_permissions.py

@@ -1,5 +1,4 @@
 from ..utils.access_permissions import BaseAccessPermissions
-from ..utils.auth import GROUP_ADMIN_PK, async_in_some_groups
 
 
 class ProjectorAccessPermissions(BaseAccessPermissions):
@@ -52,9 +51,4 @@ class HistoryAccessPermissions(BaseAccessPermissions):
     Access permissions container for the Histroy.
     """
 
-    async def async_check_permissions(self, user_id: int) -> bool:
-        """
-        Returns True if the user is in admin group and has read access to
-        model instances.
-        """
-        return await async_in_some_groups(user_id, [GROUP_ADMIN_PK])
+    base_permission = "core.can_see_history"

openslides/core/migrations/0017_auto_20190219_2015.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.1.5 on 2019-02-19 19:15
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [("core", "0016_projector_reference_projector")]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="history",
+            options={
+                "default_permissions": (),
+                "permissions": (("can_see_history", "Can see history"),),
+            },
+        )
+    ]

openslides/core/models.py

@@ -355,3 +355,4 @@ class History(RESTModelMixin, models.Model):
 
     class Meta:
         default_permissions = ()
+        permissions = (("can_see_history", "Can see history"),)

openslides/core/views.py

@@ -501,8 +501,10 @@ class HistoryViewSet(ListModelMixin, RetrieveModelMixin, GenericViewSet):
         """
         Returns True if the user has required permissions.
         """
-        if self.action in ("list", "retrieve", "clear_history"):
+        if self.action in ("list", "retrieve"):
             result = self.get_access_permissions().check_permissions(self.request.user)
+        elif self.action == "clear_history":
+            result = in_some_groups(self.request.user.pk or 0, [GROUP_ADMIN_PK])
         else:
             result = False
         return result

openslides/users/signals.py

@@ -47,6 +47,7 @@ def create_builtin_groups_and_admin(**kwargs):
         "core.can_manage_tags",
         "core.can_manage_chat",
         "core.can_see_frontpage",
+        "core.can_see_history",
         "core.can_see_projector",
         "core.can_use_chat",
         "mediafiles.can_manage",
@@ -134,6 +135,7 @@ def create_builtin_groups_and_admin(**kwargs):
         permission_dict["assignments.can_nominate_other"],
         permission_dict["assignments.can_nominate_self"],
         permission_dict["core.can_see_frontpage"],
+        permission_dict["core.can_see_history"],
         permission_dict["core.can_see_projector"],
         permission_dict["core.can_manage_projector"],
         permission_dict["core.can_manage_tags"],