diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 38a1f64a9..290bcf48c 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -21,7 +21,7 @@ Core: - Add a change-id system to get only new elements [#3938]. - Switch from Yarn back to npm [#3964]. - Added password reset link (password reset via email) [#3914, #4199]. - - Added global history mode [#3977, #4141]. + - Added global history mode [#3977, #4141, #4369, #4373]. - Projector refactoring [4119, #4130]. - Fixed logo configuration if logo file is deleted [#4374]. diff --git a/openslides/core/access_permissions.py b/openslides/core/access_permissions.py index 9627f29bb..feebc360e 100644 --- a/openslides/core/access_permissions.py +++ b/openslides/core/access_permissions.py @@ -1,5 +1,4 @@ from ..utils.access_permissions import BaseAccessPermissions -from ..utils.auth import GROUP_ADMIN_PK, async_in_some_groups class ProjectorAccessPermissions(BaseAccessPermissions): @@ -52,9 +51,4 @@ class HistoryAccessPermissions(BaseAccessPermissions): Access permissions container for the Histroy. """ - async def async_check_permissions(self, user_id: int) -> bool: - """ - Returns True if the user is in admin group and has read access to - model instances. - """ - return await async_in_some_groups(user_id, [GROUP_ADMIN_PK]) + base_permission = "core.can_see_history" diff --git a/openslides/core/migrations/0017_auto_20190219_2015.py b/openslides/core/migrations/0017_auto_20190219_2015.py new file mode 100644 index 000000000..f55fb7a30 --- /dev/null +++ b/openslides/core/migrations/0017_auto_20190219_2015.py @@ -0,0 +1,18 @@ +# Generated by Django 2.1.5 on 2019-02-19 19:15 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [("core", "0016_projector_reference_projector")] + + operations = [ + migrations.AlterModelOptions( + name="history", + options={ + "default_permissions": (), + "permissions": (("can_see_history", "Can see history"),), + }, + ) + ] diff --git a/openslides/core/models.py b/openslides/core/models.py index caa1c0778..7267340ec 100644 --- a/openslides/core/models.py +++ b/openslides/core/models.py @@ -355,3 +355,4 @@ class History(RESTModelMixin, models.Model): class Meta: default_permissions = () + permissions = (("can_see_history", "Can see history"),) diff --git a/openslides/core/views.py b/openslides/core/views.py index 4ce5720e6..b34ba2d6c 100644 --- a/openslides/core/views.py +++ b/openslides/core/views.py @@ -501,8 +501,10 @@ class HistoryViewSet(ListModelMixin, RetrieveModelMixin, GenericViewSet): """ Returns True if the user has required permissions. """ - if self.action in ("list", "retrieve", "clear_history"): + if self.action in ("list", "retrieve"): result = self.get_access_permissions().check_permissions(self.request.user) + elif self.action == "clear_history": + result = in_some_groups(self.request.user.pk or 0, [GROUP_ADMIN_PK]) else: result = False return result diff --git a/openslides/users/signals.py b/openslides/users/signals.py index a3ec4c636..324c4c229 100644 --- a/openslides/users/signals.py +++ b/openslides/users/signals.py @@ -47,6 +47,7 @@ def create_builtin_groups_and_admin(**kwargs): "core.can_manage_tags", "core.can_manage_chat", "core.can_see_frontpage", + "core.can_see_history", "core.can_see_projector", "core.can_use_chat", "mediafiles.can_manage", @@ -134,6 +135,7 @@ def create_builtin_groups_and_admin(**kwargs): permission_dict["assignments.can_nominate_other"], permission_dict["assignments.can_nominate_self"], permission_dict["core.can_see_frontpage"], + permission_dict["core.can_see_history"], permission_dict["core.can_see_projector"], permission_dict["core.can_manage_projector"], permission_dict["core.can_manage_tags"],