dd4754d045
Before this commit, there where two different locks when updating the restricted data cache. A future lock, what is faster but only works in the same thread. The other lock is in redis, it is not so fast, but also works in many threads. The future lock was buggy, because on a second call of update_restricted_data the same future was reused. So on the second run, the future was already done. I don't see any way to delete. The last client would have to delete it, but there is no way to find out which client the last one is.
186 lines
7.2 KiB
Python
186 lines
7.2 KiB
Python
from django.apps import apps
|
|
from django.contrib.auth.models import Permission
|
|
from django.db.models import Q
|
|
|
|
from .models import Group, User
|
|
from ..utils.auth import GROUP_ADMIN_PK, GROUP_DEFAULT_PK
|
|
|
|
|
|
def get_permission_change_data(sender, permissions=None, **kwargs):
|
|
"""
|
|
Yields all necessary collections if 'users.can_see_name' permission changes.
|
|
"""
|
|
users_app = apps.get_app_config(app_label="users")
|
|
for permission in permissions:
|
|
# There could be only one 'users.can_see_name' and then we want to return data.
|
|
if (
|
|
permission.content_type.app_label == users_app.label
|
|
and permission.codename == "can_see_name"
|
|
):
|
|
yield from users_app.get_startup_elements()
|
|
|
|
|
|
def create_builtin_groups_and_admin(**kwargs):
|
|
"""
|
|
Creates the builtin groups: Default, Delegates, Staff and Committees.
|
|
|
|
Creates the builtin user: admin.
|
|
"""
|
|
# Check whether there are groups in the database.
|
|
if Group.objects.exists():
|
|
# Do completely nothing if there are already some groups in the database.
|
|
return
|
|
|
|
permission_strings = (
|
|
"agenda.can_be_speaker",
|
|
"agenda.can_manage",
|
|
"agenda.can_manage_list_of_speakers",
|
|
"agenda.can_see",
|
|
"agenda.can_see_internal_items",
|
|
"assignments.can_manage",
|
|
"assignments.can_nominate_other",
|
|
"assignments.can_nominate_self",
|
|
"assignments.can_see",
|
|
"core.can_manage_config",
|
|
"core.can_manage_logos_and_fonts",
|
|
"core.can_manage_projector",
|
|
"core.can_manage_tags",
|
|
"core.can_manage_chat",
|
|
"core.can_see_frontpage",
|
|
"core.can_see_history",
|
|
"core.can_see_projector",
|
|
"core.can_use_chat",
|
|
"mediafiles.can_manage",
|
|
"mediafiles.can_see",
|
|
"mediafiles.can_see_hidden",
|
|
"mediafiles.can_upload",
|
|
"motions.can_create",
|
|
"motions.can_create_amendments",
|
|
"motions.can_manage",
|
|
"motions.can_manage_metadata",
|
|
"motions.can_see",
|
|
"motions.can_support",
|
|
"users.can_change_password",
|
|
"users.can_manage",
|
|
"users.can_see_extra_data",
|
|
"users.can_see_name",
|
|
)
|
|
permission_query = Q()
|
|
permission_dict = {}
|
|
|
|
# Load all permissions
|
|
for permission_string in permission_strings:
|
|
app_label, codename = permission_string.split(".")
|
|
query_part = Q(content_type__app_label=app_label) & Q(codename=codename)
|
|
permission_query = permission_query | query_part
|
|
for permission in Permission.objects.select_related("content_type").filter(
|
|
permission_query
|
|
):
|
|
permission_string = ".".join(
|
|
(permission.content_type.app_label, permission.codename)
|
|
)
|
|
permission_dict[permission_string] = permission
|
|
|
|
# Default (pk 1 == GROUP_DEFAULT_PK)
|
|
base_permissions = (
|
|
permission_dict["agenda.can_see"],
|
|
permission_dict["agenda.can_see_internal_items"],
|
|
permission_dict["assignments.can_see"],
|
|
permission_dict["core.can_see_frontpage"],
|
|
permission_dict["core.can_see_projector"],
|
|
permission_dict["mediafiles.can_see"],
|
|
permission_dict["motions.can_see"],
|
|
permission_dict["users.can_see_name"],
|
|
permission_dict["users.can_change_password"],
|
|
)
|
|
group_default = Group(pk=GROUP_DEFAULT_PK, name="Default")
|
|
group_default.save(skip_autoupdate=True)
|
|
group_default.permissions.add(*base_permissions)
|
|
|
|
# Admin (pk 2 == GROUP_ADMIN_PK)
|
|
group_admin = Group(pk=GROUP_ADMIN_PK, name="Admin")
|
|
group_admin.save(skip_autoupdate=True)
|
|
|
|
# Delegates (pk 3)
|
|
delegates_permissions = (
|
|
permission_dict["agenda.can_see"],
|
|
permission_dict["agenda.can_see_internal_items"],
|
|
permission_dict["agenda.can_be_speaker"],
|
|
permission_dict["assignments.can_see"],
|
|
permission_dict["assignments.can_nominate_other"],
|
|
permission_dict["assignments.can_nominate_self"],
|
|
permission_dict["core.can_see_frontpage"],
|
|
permission_dict["core.can_see_projector"],
|
|
permission_dict["mediafiles.can_see"],
|
|
permission_dict["motions.can_see"],
|
|
permission_dict["motions.can_create"],
|
|
permission_dict["motions.can_create_amendments"],
|
|
permission_dict["motions.can_support"],
|
|
permission_dict["users.can_see_name"],
|
|
permission_dict["users.can_change_password"],
|
|
)
|
|
group_delegates = Group(pk=3, name="Delegates")
|
|
group_delegates.save(skip_autoupdate=True)
|
|
group_delegates.permissions.add(*delegates_permissions)
|
|
|
|
# Staff (pk 4)
|
|
staff_permissions = (
|
|
permission_dict["agenda.can_see"],
|
|
permission_dict["agenda.can_see_internal_items"],
|
|
permission_dict["agenda.can_be_speaker"],
|
|
permission_dict["agenda.can_manage"],
|
|
permission_dict["agenda.can_manage_list_of_speakers"],
|
|
permission_dict["assignments.can_see"],
|
|
permission_dict["assignments.can_manage"],
|
|
permission_dict["assignments.can_nominate_other"],
|
|
permission_dict["assignments.can_nominate_self"],
|
|
permission_dict["core.can_see_frontpage"],
|
|
permission_dict["core.can_see_history"],
|
|
permission_dict["core.can_see_projector"],
|
|
permission_dict["core.can_manage_projector"],
|
|
permission_dict["core.can_manage_tags"],
|
|
permission_dict["core.can_use_chat"],
|
|
permission_dict["mediafiles.can_see"],
|
|
permission_dict["mediafiles.can_manage"],
|
|
permission_dict["mediafiles.can_upload"],
|
|
permission_dict["mediafiles.can_see_hidden"],
|
|
permission_dict["motions.can_see"],
|
|
permission_dict["motions.can_create"],
|
|
permission_dict["motions.can_create_amendments"],
|
|
permission_dict["motions.can_manage"],
|
|
permission_dict["motions.can_manage_metadata"],
|
|
permission_dict["users.can_see_name"],
|
|
permission_dict["users.can_manage"],
|
|
permission_dict["users.can_see_extra_data"],
|
|
permission_dict["users.can_change_password"],
|
|
)
|
|
group_staff = Group(pk=4, name="Staff")
|
|
group_staff.save(skip_autoupdate=True)
|
|
group_staff.permissions.add(*staff_permissions)
|
|
|
|
# Committees (pk 5)
|
|
committees_permissions = (
|
|
permission_dict["agenda.can_see"],
|
|
permission_dict["agenda.can_see_internal_items"],
|
|
permission_dict["assignments.can_see"],
|
|
permission_dict["core.can_see_frontpage"],
|
|
permission_dict["core.can_see_projector"],
|
|
permission_dict["mediafiles.can_see"],
|
|
permission_dict["motions.can_see"],
|
|
permission_dict["motions.can_create"],
|
|
permission_dict["motions.can_create_amendments"],
|
|
permission_dict["motions.can_support"],
|
|
permission_dict["users.can_see_name"],
|
|
permission_dict["users.can_change_password"],
|
|
)
|
|
group_committee = Group(pk=5, name="Committees")
|
|
group_committee.save(skip_autoupdate=True)
|
|
group_committee.permissions.add(*committees_permissions)
|
|
|
|
# Create or reset admin user
|
|
User.objects.create_or_reset_admin_user()
|
|
|
|
# After each group was created, the permissions (many to many fields) where
|
|
# added to the group. But we do not have to update the cache by calling
|
|
# inform_changed_data() because the cache is updated on server start.
|