From 75d9fb1dbb02aebea379a40ca13ce6ef079aee2b Mon Sep 17 00:00:00 2001 From: Jan Tuomi Date: Thu, 28 Sep 2017 18:46:51 +0300 Subject: [PATCH] Create new permission groups and fix member register permissions --- members/migrations/0018_auto_20170927_1918.py | 6 ++-- members/models.py | 6 ++-- members/views/applications.py | 10 +++--- members/views/members.py | 18 +++++----- members/views/payments.py | 14 ++++---- members/views/utils.py | 6 ++-- webapp/management/commands/initialize.py | 34 ++++--------------- 7 files changed, 37 insertions(+), 57 deletions(-) diff --git a/members/migrations/0018_auto_20170927_1918.py b/members/migrations/0018_auto_20170927_1918.py index 43f01be..0c601a9 100644 --- a/members/migrations/0018_auto_20170927_1918.py +++ b/members/migrations/0018_auto_20170927_1918.py @@ -14,14 +14,14 @@ class Migration(migrations.Migration): operations = [ migrations.AlterModelOptions( name='member', - options={'permissions': (('check_by_email', 'Can check if user exists by email'), ('read', 'Can see member in list'))}, + options={'permissions': (('check_by_email', 'Can check if user exists by email'), ('read_member', 'Can see member in list'))}, ), migrations.AlterModelOptions( name='payment', - options={'permissions': (('read', 'Can see payment in list'),)}, + options={'permissions': (('read_payment', 'Can see payment in list'),)}, ), migrations.AlterModelOptions( name='request', - options={'permissions': (('read', 'Can see member application in list'),)}, + options={'permissions': (('read_application', 'Can see member application in list'),)}, ), ] diff --git a/members/models.py b/members/models.py index 2a0337d..8f36dbc 100644 --- a/members/models.py +++ b/members/models.py @@ -45,7 +45,7 @@ class Request(BaseMember): class Meta: permissions = ( - ('read', 'Can see member application in list'), + ('read_application', 'Can see member application in list'), ) submitted = models.DateTimeField(_('Submitted'), default=timezone.now) @@ -62,7 +62,7 @@ class Payment(models.Model): class Meta: permissions = ( - ('read', 'Can see payment in list'), + ('read_payment', 'Can see payment in list'), ) date = models.DateTimeField(_('Date'), default=timezone.now) @@ -98,7 +98,7 @@ class Member(BaseMember): class Meta: permissions = ( ('check_by_email', 'Can check if user exists by email'), - ('read', 'Can see member in list'), + ('read_member', 'Can see member in list'), ) def last_paid(self): diff --git a/members/views/applications.py b/members/views/applications.py index 9207fd7..86e100e 100644 --- a/members/views/applications.py +++ b/members/views/applications.py @@ -18,7 +18,7 @@ from members.forms import ApplicationForm @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.read_application', login_url='/login', raise_exception=True) def application_list(request, *args, **kwargs): """List member applications not yet processed.""" applications = Request.objects.all() @@ -40,7 +40,7 @@ def application_list(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.change_request', login_url='/login', raise_exception=True) def application_edit(request, *args, **kwargs): """Edit member request information.""" i = kwargs.pop('index', None) @@ -58,7 +58,7 @@ def application_edit(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.add_member', login_url='/login', raise_exception=True) def application_accept(request, *args, **kwargs): """Accept application.""" form = ApplicationForm(request.POST) @@ -86,7 +86,7 @@ def application_accept(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.delete_request', login_url='/login', raise_exception=True) def application_delete(request, *args, **kwargs): """Delete member application.""" try: @@ -114,7 +114,7 @@ def application_delete(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.delete_request', login_url='/login', raise_exception=True) def application_delete_confirm(request, *args, **kwargs): """Confirm application deletion.""" i = kwargs.pop('index', None) diff --git a/members/views/members.py b/members/views/members.py index 16467a9..0b7c9db 100644 --- a/members/views/members.py +++ b/members/views/members.py @@ -27,7 +27,7 @@ from members.views.utils import * @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.read_member', login_url='/login', raise_exception=True) def member_list(request, *args, **kwargs): """Render members list.""" search = request.GET.get('q', None) @@ -53,7 +53,7 @@ def member_list(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.add_member', login_url='/login', raise_exception=True) def member_add(request, *args, **kwargs): """Render add member page.""" form = MemberForm() @@ -62,7 +62,7 @@ def member_add(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.delete_member', login_url='/login', raise_exception=True) def member_delete_confirm(request, *args, **kwargs): """Render member deletion confirmation page.""" i = kwargs.pop('index', None) @@ -78,7 +78,7 @@ def member_delete_confirm(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.add_member', login_url='/login', raise_exception=True) def member_add_many(request, *args, **kwargs): """Render add multiple members page.""" return render(request, 'member_add_many.html', {}) @@ -86,7 +86,7 @@ def member_add_many(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.add_member', login_url='/login', raise_exception=True) def add_many_confirm(request, *args, **kwargs): models = request.session['models'] @@ -108,7 +108,7 @@ def add_many_confirm(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.add_member', login_url='/login', raise_exception=True) def member_submit(request, *args, **kwargs): """Add member based on data gained from member form.""" form = MemberForm(request.POST) @@ -128,7 +128,7 @@ def member_submit(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.change_member', login_url='/login', raise_exception=True) def member_update(request, *args, **kwargs): """Update member information.""" form = MemberForm(request.POST) @@ -154,7 +154,7 @@ def member_update(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.delete_member', login_url='/login', raise_exception=True) def member_delete(request, *args, **kwargs): """Delete member.""" try: @@ -181,7 +181,7 @@ def member_delete(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.change_member', login_url='/login', raise_exception=True) def member_edit(request, *args, **kwargs): """Edit member information.""" i = kwargs.pop('index', None) diff --git a/members/views/payments.py b/members/views/payments.py index b5f22af..988fcbe 100644 --- a/members/views/payments.py +++ b/members/views/payments.py @@ -18,7 +18,7 @@ from members.forms import PaymentForm @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.read_payment', login_url='/login', raise_exception=True) def payment_list(request, *args, **kwargs): """Render list of payments.""" search = request.GET.get('q', None) @@ -45,7 +45,7 @@ def payment_list(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.add_payment', login_url='/login', raise_exception=True) def payment_add(request, *args, **kwargs): """Render add payment form.""" form = PaymentForm() @@ -54,7 +54,7 @@ def payment_add(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.add_payment', login_url='/login', raise_exception=True) def payment_submit(request, *args, **kwargs): """Submit payment.""" form = PaymentForm(request.POST) @@ -75,7 +75,7 @@ def payment_submit(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.change_payment', login_url='/login', raise_exception=True) def payment_edit(request, *args, **kwargs): """Edit payment.""" i = kwargs.pop('index', None) @@ -93,7 +93,7 @@ def payment_edit(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.delete_payment', login_url='/login', raise_exception=True) def payment_delete_confirm(request, *args, **kwargs): """Render payment delete confirmation page.""" i = kwargs.pop('index', None) @@ -111,7 +111,7 @@ def payment_delete_confirm(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.delete_payment', login_url='/login', raise_exception=True) def payment_delete(request, *args, **kwargs): """Delete payment.""" try: @@ -139,7 +139,7 @@ def payment_delete(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.change_payment', login_url='/login', raise_exception=True) def payment_update(request, *args, **kwargs): """Update payment information.""" form = PaymentForm(request.POST) diff --git a/members/views/utils.py b/members/views/utils.py index 3463914..acf2d04 100644 --- a/members/views/utils.py +++ b/members/views/utils.py @@ -93,7 +93,7 @@ def convert_table_to_html(table, request): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.change_member', login_url='/login', raise_exception=True) def settings_page(request, *args, **kwargs): """Render member app settings page.""" return render(request, 'settings.html', {}) @@ -101,7 +101,7 @@ def settings_page(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login') +@permission_required(['members.change_member', 'members.change_payment'], login_url='/login', raise_exception=True) def import_csv(request, *args, **kwargs): """Get csv data imported to page and create members based on that.""" try: @@ -145,7 +145,7 @@ def import_csv(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login') +@permission_required('members.read_member', login_url='/login', raise_exception=True) def export_csv(request, *args, **kwargs): """Export members as csv.""" response = HttpResponse() diff --git a/webapp/management/commands/initialize.py b/webapp/management/commands/initialize.py index d7ab9da..31073e3 100644 --- a/webapp/management/commands/initialize.py +++ b/webapp/management/commands/initialize.py @@ -50,36 +50,16 @@ class Command(BaseCommand): self.stdout.write('The group "officials" already existed ' 'and was not therefore created') - feed_permissions = Permission.objects.filter(codename__contains='feed') + cts = ContentType.objects.filter(app_label='webapp') + feed_permissions = Permission.objects.filter(content_type__in=cts, codename__contains='feed') + event_permissions = Permission.objects.filter(content_type__in=cts, codename__contains='event') + registration_permissions = Permission.objects.filter(content_type__in=cts, codename__contains='registration') + officials_group.permissions.add(*feed_permissions) + officials_group.permissions.add(*event_permissions) + officials_group.permissions.add(*registration_permissions) def handle(self, *args, **options): - - self.stdout.write("Creating sikadmin group") - sikadmin_group, created = Group.objects.get_or_create(name="sikadmin") - if not created: - self.stdout.write('The group "sikadmin" already existed ' - 'and was not therefore created') - - self.stdout.write("Creating sikadmin permission") - - # TODO Use some sikadmin native model when such exists - group_ctype = ContentType.objects.get_for_model(Group) - sikadmin_permission, created = Permission.objects.get_or_create( - codename='sikadmin', - content_type=group_ctype, - name='SIK Admin') - - if not created: - self.stdout.write('The permission "sikadmin" already existed ' - 'and was not therefore created') - - self.stdout.write("Giving sikadmin group permission to sikadmin") - if sikadmin_group.permissions.filter(id=sikadmin_permission.id).exists(): - self.stdout.write("Permission already existed. skipping...") - else: - sikadmin_group.permissions.add(sikadmin_permission) - self.create_infoscreen_moderator() self.create_member_register_viewer() self.create_member_register_administrator()