Merge pull request #3565 from FinnStutzenstein/splitup-comment-perms

Splitup comment see and manage permissions for motion comments
This commit is contained in:
Emanuel Schütze 2018-02-16 14:26:11 +01:00 committed by GitHub
commit f859a27fca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 113 additions and 18 deletions

View File

@ -27,7 +27,7 @@ script:
- node_modules/.bin/karma start --browsers PhantomJS tests/karma/karma.conf.js
- DJANGO_SETTINGS_MODULE='tests.settings' coverage run ./manage.py test tests.unit
- coverage report --fail-under=44
- coverage report --fail-under=43
- DJANGO_SETTINGS_MODULE='tests.settings' coverage run ./manage.py test tests.integration
- coverage report --fail-under=73

View File

@ -59,6 +59,8 @@ Motions:
- Allow to delete own motions [#3516].
- Log which comment was updated [#3569].
- Save pagination sate to session storage [#3569].
- Split up 'can_see_and_manage_comments' permission in two seperate
ones [#3565].
Elections:
- Added pagination for list view [#3393].

View File

@ -19,7 +19,6 @@ class CoreAppConfig(AppConfig):
def ready(self):
# Import all required stuff.
from .config import config
from .signals import post_permission_creation
from ..utils.rest_api import router
from .config_variables import get_config_variables
from .projector import get_projector_elements
@ -27,8 +26,10 @@ class CoreAppConfig(AppConfig):
delete_django_app_permissions,
get_permission_change_data,
permission_change,
post_permission_creation,
required_users,
user_data_required)
user_data_required,
)
from .views import (
ChatMessageViewSet,
ConfigViewSet,

View File

@ -58,7 +58,7 @@ class MotionAccessPermissions(BaseAccessPermissions):
# Parse single motion.
if permission:
if has_perm(user, 'motions.can_see_and_manage_comments') or not full.get('comments'):
if has_perm(user, 'motions.can_see_comments') or not full.get('comments'):
# Provide access to all fields.
motion = full
else:

View File

@ -18,15 +18,28 @@ class MotionsAppConfig(AppConfig):
from openslides.utils.rest_api import router
from .config_variables import get_config_variables
from .projector import get_projector_elements
from .signals import create_builtin_workflows, get_permission_change_data, required_users
from .views import CategoryViewSet, MotionViewSet, MotionBlockViewSet, MotionPollViewSet, MotionChangeRecommendationViewSet, WorkflowViewSet
from .signals import (
create_builtin_workflows,
get_permission_change_data,
required_users,
)
from .views import (
CategoryViewSet,
MotionViewSet,
MotionBlockViewSet,
MotionPollViewSet,
MotionChangeRecommendationViewSet,
WorkflowViewSet,
)
# Define config variables and projector elements.
config.update_config_variables(get_config_variables())
register_projector_elements(get_projector_elements())
# Connect signals.
post_migrate.connect(create_builtin_workflows, dispatch_uid='motion_create_builtin_workflows')
post_migrate.connect(
create_builtin_workflows,
dispatch_uid='motion_create_builtin_workflows')
permission_change.connect(
get_permission_change_data,
dispatch_uid='motions_get_permission_change_data')

View File

@ -0,0 +1,69 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.8 on 2018-02-02 12:18
from __future__ import unicode_literals
from django.contrib.auth.models import Permission
from django.db import migrations
def delete_old_comment_permission(apps, schema_editor):
"""
Deletes the old 'can_see_and_manage_comments' permission which is
split up into two seperate permissions.
"""
perm = Permission.objects.filter(codename='can_see_and_manage_comments')
if len(perm):
perm = perm.get()
# Save content_type for manual creation of new permissions.
content_type = perm.content_type
# Save groups. list() is necessary to evaluate the database query right now.
groups = list(perm.group_set.all())
# Delete permission
perm.delete()
# Create new permission
perm_see = Permission.objects.create(
codename='can_see_comments',
name='Can see comments',
content_type=content_type)
perm_manage = Permission.objects.create(
codename='can_manage_comments',
name='Can manage comments',
content_type=content_type)
for group in groups:
group.permissions.add(perm_see)
group.permissions.add(perm_manage)
group.save()
class Migration(migrations.Migration):
dependencies = [
('motions', '0004_motionchangerecommendation_other_description'),
]
operations = [
migrations.AlterModelOptions(
name='motion',
options={
'default_permissions': (),
'ordering': ('identifier',),
'permissions': (
('can_see', 'Can see motions'),
('can_create', 'Can create motions'),
('can_support', 'Can support motions'),
('can_see_comments', 'Can see comments'),
('can_manage_comments', 'Can manage comments'),
('can_manage', 'Can manage motions')
),
'verbose_name': 'Motion'
},
),
migrations.RunPython(
delete_old_comment_permission
),
]

View File

@ -182,7 +182,8 @@ class Motion(RESTModelMixin, models.Model):
('can_see', 'Can see motions'),
('can_create', 'Can create motions'),
('can_support', 'Can support motions'),
('can_see_and_manage_comments', 'Can see and manage comments'),
('can_see_comments', 'Can see comments'),
('can_manage_comments', 'Can manage comments'),
('can_manage', 'Can manage motions'),
)
ordering = ('identifier', )

View File

@ -589,7 +589,7 @@ angular.module('OpenSlidesApp.motions', [
case 'reset_state':
return operator.hasPerms('motions.can_manage');
case 'change_comments':
return operator.hasPerms('motions.can_see_and_manage_comments');
return operator.hasPerms('motions.can_manage_comments');
case 'change_recommendation':
return operator.hasPerms('motions.can_manage');
case 'can_manage':
@ -776,7 +776,7 @@ angular.module('OpenSlidesApp.motions', [
data: {
ckeditorOptions: Editor.getOptions()
},
hide: !operator.hasPerms("motions.can_see_and_manage_comments")
hide: !operator.hasPerms("motions.can_manage_comments")
};
}
);
@ -828,7 +828,7 @@ angular.module('OpenSlidesApp.motions', [
return function (commentsFields) {
var withoutDeletedAndForbiddenCommentsFields = {};
_.forEach(commentsFields, function (field, id) {
if (field && (field.public || operator.hasPerms('motions.can_see_and_manage_comments'))) {
if (field && (field.public || operator.hasPerms('motions.can_see_comments'))) {
withoutDeletedAndForbiddenCommentsFields[id] = field;
}
});

View File

@ -1433,6 +1433,9 @@ angular.module('OpenSlidesApp.motions.site', [
});
}
};
// TODO: put this into a Group-watcher, so on permission changes, the comments
// show up. For this, the inline editing has to be reloaded, so every field
// has to be checked. wait for #3565 to be merged, then edit this in #3567
$scope.commentsFields = MotionComment.getCommentsFields();
$scope.noSpecialCommentsFields = MotionComment.getNoSpecialCommentsFields();
$scope.commentFieldForStateId = MotionComment.getFieldIdForFlag('forState');

View File

@ -136,7 +136,8 @@ class MotionViewSet(ModelViewSet):
del request.data[key]
# Check permission to send comment data.
if not has_perm(request.user, 'motions.can_see_and_manage_comments'):
if (not has_perm(request.user, 'motions.can_see_comments') or
not has_perm(request.user, 'motions.can_manage_comments')):
try:
# Ignore comments data if user is not allowed to send comments.
del request.data['comments']
@ -176,7 +177,8 @@ class MotionViewSet(ModelViewSet):
# Check permissions.
if (not has_perm(request.user, 'motions.can_manage') and
not (motion.is_submitter(request.user) and motion.state.allow_submitter_edit) and
not has_perm(request.user, 'motions.can_see_and_manage_comments')):
not (has_perm(request.user, 'motions.can_see_comments') and
has_perm(request.user, 'motions.can_manage_comments'))):
self.permission_denied(request)
# Check permission to send only some data.
@ -197,7 +199,8 @@ class MotionViewSet(ModelViewSet):
for key in keys:
if key not in whitelist:
del request.data[key]
if not has_perm(request.user, 'motions.can_see_and_manage_comments'):
if (not has_perm(request.user, 'motions.can_see_comments') or
not has_perm(request.user, 'motions.can_manage_comments')):
try:
del request.data['comments']
except KeyError:

View File

@ -53,7 +53,8 @@ def create_builtin_groups_and_admin(**kwargs):
'motions.can_create',
'motions.can_manage',
'motions.can_see',
'motions.can_see_and_manage_comments',
'motions.can_see_comments',
'motions.can_manage_comments',
'motions.can_support',
'users.can_manage',
'users.can_see_extra_data',
@ -127,7 +128,8 @@ def create_builtin_groups_and_admin(**kwargs):
permission_dict['motions.can_see'],
permission_dict['motions.can_create'],
permission_dict['motions.can_manage'],
permission_dict['motions.can_see_and_manage_comments'],
permission_dict['motions.can_see_comments'],
permission_dict['motions.can_manage_comments'],
permission_dict['users.can_see_name'],
permission_dict['users.can_manage'],
permission_dict['users.can_see_extra_data'],

View File

@ -325,7 +325,7 @@ class CreateMotion(TestCase):
group_delegate = self.admin.groups.get()
group_delegate.permissions.add(Permission.objects.get(
content_type__app_label='motions',
codename='can_see_and_manage_comments',
codename='can_manage_comments',
))
response = self.client.post(

View File

@ -531,7 +531,8 @@ class GroupUpdate(TestCase):
'motions.can_create',
'motions.can_manage',
'motions.can_see',
'motions.can_see_and_manage_comments',
'motions.can_manage_comments',
'motions.can_see_comments',
'motions.can_support',
'users.can_manage',
'users.can_see_extra_data',