1a17862d6b
The old hidden type was used as internal, so everything is changed to not be shown if the item is internal. hidden is "new", and actually behaves as hidden now.
200 lines
8.3 KiB
Python
200 lines
8.3 KiB
Python
from django.apps import apps
|
|
from django.contrib.auth.models import Permission
|
|
from django.db.models import Q
|
|
|
|
from ..utils.autoupdate import inform_changed_data
|
|
from .models import Group, User
|
|
|
|
|
|
def get_permission_change_data(sender, permissions=None, **kwargs):
|
|
"""
|
|
Yields all necessary collections if 'users.can_see_name' permission changes.
|
|
"""
|
|
users_app = apps.get_app_config(app_label='users')
|
|
for permission in permissions:
|
|
# There could be only one 'users.can_see_name' and then we want to return data.
|
|
if permission.content_type.app_label == users_app.label and permission.codename == 'can_see_name':
|
|
yield from users_app.get_startup_elements()
|
|
|
|
|
|
def create_builtin_groups_and_admin(**kwargs):
|
|
"""
|
|
Creates the builtin groups: Default, Delegates, Staff and Committees.
|
|
|
|
Creates the builtin user: admin.
|
|
"""
|
|
# Check whether there are groups in the database.
|
|
if Group.objects.exists():
|
|
# Do completely nothing if there are already some groups in the database.
|
|
return
|
|
|
|
permission_strings = (
|
|
'agenda.can_be_speaker',
|
|
'agenda.can_manage',
|
|
'agenda.can_manage_list_of_speakers',
|
|
'agenda.can_see',
|
|
'agenda.can_see_internal_items',
|
|
'assignments.can_manage',
|
|
'assignments.can_nominate_other',
|
|
'assignments.can_nominate_self',
|
|
'assignments.can_see',
|
|
'core.can_manage_config',
|
|
'core.can_manage_logos_and_fonts',
|
|
'core.can_manage_projector',
|
|
'core.can_manage_tags',
|
|
'core.can_manage_chat',
|
|
'core.can_see_frontpage',
|
|
'core.can_see_projector',
|
|
'core.can_use_chat',
|
|
'mediafiles.can_manage',
|
|
'mediafiles.can_see',
|
|
'mediafiles.can_see_hidden',
|
|
'mediafiles.can_upload',
|
|
'motions.can_create',
|
|
'motions.can_manage',
|
|
'motions.can_see',
|
|
'motions.can_see_comments',
|
|
'motions.can_manage_comments',
|
|
'motions.can_support',
|
|
'users.can_manage',
|
|
'users.can_see_extra_data',
|
|
'users.can_see_name', )
|
|
permission_query = Q()
|
|
permission_dict = {}
|
|
|
|
# Load all permissions
|
|
for permission_string in permission_strings:
|
|
app_label, codename = permission_string.split('.')
|
|
query_part = Q(content_type__app_label=app_label) & Q(codename=codename)
|
|
permission_query = permission_query | query_part
|
|
for permission in Permission.objects.select_related('content_type').filter(permission_query):
|
|
permission_string = '.'.join((permission.content_type.app_label, permission.codename))
|
|
permission_dict[permission_string] = permission
|
|
|
|
# Default (pk 1)
|
|
base_permissions = (
|
|
permission_dict['agenda.can_see'],
|
|
permission_dict['agenda.can_see_internal_items'],
|
|
permission_dict['assignments.can_see'],
|
|
permission_dict['core.can_see_frontpage'],
|
|
permission_dict['core.can_see_projector'],
|
|
permission_dict['mediafiles.can_see'],
|
|
permission_dict['motions.can_see'],
|
|
permission_dict['users.can_see_name'], )
|
|
group_default = Group.objects.create(name='Default')
|
|
group_default.permissions.add(*base_permissions)
|
|
|
|
# Delegates (pk 2)
|
|
delegates_permissions = (
|
|
permission_dict['agenda.can_see'],
|
|
permission_dict['agenda.can_see_internal_items'],
|
|
permission_dict['agenda.can_be_speaker'],
|
|
permission_dict['assignments.can_see'],
|
|
permission_dict['assignments.can_nominate_other'],
|
|
permission_dict['assignments.can_nominate_self'],
|
|
permission_dict['core.can_see_frontpage'],
|
|
permission_dict['core.can_see_projector'],
|
|
permission_dict['mediafiles.can_see'],
|
|
permission_dict['motions.can_see'],
|
|
permission_dict['motions.can_create'],
|
|
permission_dict['motions.can_support'],
|
|
permission_dict['users.can_see_name'], )
|
|
group_delegates = Group.objects.create(name='Delegates')
|
|
group_delegates.permissions.add(*delegates_permissions)
|
|
|
|
# Staff (pk 3)
|
|
staff_permissions = (
|
|
permission_dict['agenda.can_see'],
|
|
permission_dict['agenda.can_see_internal_items'],
|
|
permission_dict['agenda.can_be_speaker'],
|
|
permission_dict['agenda.can_manage'],
|
|
permission_dict['agenda.can_manage_list_of_speakers'],
|
|
permission_dict['assignments.can_see'],
|
|
permission_dict['assignments.can_manage'],
|
|
permission_dict['assignments.can_nominate_other'],
|
|
permission_dict['assignments.can_nominate_self'],
|
|
permission_dict['core.can_see_frontpage'],
|
|
permission_dict['core.can_see_projector'],
|
|
permission_dict['core.can_manage_projector'],
|
|
permission_dict['core.can_manage_tags'],
|
|
permission_dict['core.can_use_chat'],
|
|
permission_dict['mediafiles.can_see'],
|
|
permission_dict['mediafiles.can_manage'],
|
|
permission_dict['mediafiles.can_upload'],
|
|
permission_dict['motions.can_see'],
|
|
permission_dict['motions.can_create'],
|
|
permission_dict['motions.can_manage'],
|
|
permission_dict['motions.can_see_comments'],
|
|
permission_dict['motions.can_manage_comments'],
|
|
permission_dict['users.can_see_name'],
|
|
permission_dict['users.can_manage'],
|
|
permission_dict['users.can_see_extra_data'],
|
|
permission_dict['mediafiles.can_see_hidden'],)
|
|
group_staff = Group.objects.create(name='Staff')
|
|
group_staff.permissions.add(*staff_permissions)
|
|
|
|
# Admin (pk 4)
|
|
admin_permissions = (
|
|
permission_dict['agenda.can_see'],
|
|
permission_dict['agenda.can_see_internal_items'],
|
|
permission_dict['agenda.can_be_speaker'],
|
|
permission_dict['agenda.can_manage'],
|
|
permission_dict['agenda.can_manage_list_of_speakers'],
|
|
permission_dict['assignments.can_see'],
|
|
permission_dict['assignments.can_manage'],
|
|
permission_dict['assignments.can_nominate_other'],
|
|
permission_dict['assignments.can_nominate_self'],
|
|
permission_dict['core.can_see_frontpage'],
|
|
permission_dict['core.can_see_projector'],
|
|
permission_dict['core.can_manage_config'],
|
|
permission_dict['core.can_manage_logos_and_fonts'],
|
|
permission_dict['core.can_manage_projector'],
|
|
permission_dict['core.can_manage_tags'],
|
|
permission_dict['core.can_use_chat'],
|
|
permission_dict['core.can_manage_chat'],
|
|
permission_dict['mediafiles.can_see'],
|
|
permission_dict['mediafiles.can_manage'],
|
|
permission_dict['mediafiles.can_upload'],
|
|
permission_dict['motions.can_see'],
|
|
permission_dict['motions.can_create'],
|
|
permission_dict['motions.can_manage'],
|
|
permission_dict['motions.can_see_comments'],
|
|
permission_dict['motions.can_manage_comments'],
|
|
permission_dict['users.can_see_name'],
|
|
permission_dict['users.can_manage'],
|
|
permission_dict['users.can_see_extra_data'],
|
|
permission_dict['mediafiles.can_see_hidden'],)
|
|
group_admin = Group.objects.create(name='Admin')
|
|
group_admin.permissions.add(*admin_permissions)
|
|
|
|
# Add users.can_see_name permission to staff/admin
|
|
# group to ensure proper management possibilities
|
|
# TODO: Remove this redundancy after cleanup of the permission system.
|
|
group_staff.permissions.add(
|
|
permission_dict['users.can_see_name'])
|
|
group_admin.permissions.add(
|
|
permission_dict['users.can_see_name'])
|
|
|
|
# Committees (pk 5)
|
|
committees_permissions = (
|
|
permission_dict['agenda.can_see'],
|
|
permission_dict['agenda.can_see_internal_items'],
|
|
permission_dict['assignments.can_see'],
|
|
permission_dict['core.can_see_frontpage'],
|
|
permission_dict['core.can_see_projector'],
|
|
permission_dict['mediafiles.can_see'],
|
|
permission_dict['motions.can_see'],
|
|
permission_dict['motions.can_create'],
|
|
permission_dict['motions.can_support'],
|
|
permission_dict['users.can_see_name'], )
|
|
group_committee = Group.objects.create(name='Committees')
|
|
group_committee.permissions.add(*committees_permissions)
|
|
|
|
# Create or reset admin user
|
|
User.objects.create_or_reset_admin_user()
|
|
|
|
# After each group was created, the permissions (many to many fields) where
|
|
# added to the group. So we have to update the cache by calling
|
|
# inform_changed_data().
|
|
inform_changed_data((group_default, group_delegates, group_staff, group_admin, group_committee))
|