mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-07-23 19:20:47 +02:00
Refactor groups and permissions: divide fixtures in 2 files, one for users and one for data, load groups in migrations (using methods defined in user_groups model), use hasperm in admin to test for 'superuser'
This commit is contained in:
parent
fd860998fb
commit
cd14eb2584
15 changed files with 667 additions and 559 deletions
|
@ -1,8 +1,117 @@
|
|||
from django.contrib.auth.models import Group
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
class UserGroup(Group):
|
||||
# Add custom fields or methods specific to your group model here
|
||||
|
||||
class Meta:
|
||||
verbose_name = "User group"
|
||||
verbose_name_plural = "User groups"
|
||||
verbose_name_plural = "User groups"
|
||||
|
||||
def create_cisa_analyst_group(apps, schema_editor):
|
||||
|
||||
# Hard to pass self to these methods as the calls from migrations
|
||||
# are only expecting apps and schema_editor, so we'll just define
|
||||
# apps, schema_editor in the local scope instead
|
||||
CISA_ANALYST_GROUP_PERMISSIONS = [
|
||||
{
|
||||
"app_label": "auditlog",
|
||||
"model": "logentry",
|
||||
"permissions": ["view_logentry"],
|
||||
},
|
||||
{"app_label": "registrar", "model": "contact", "permissions": ["view_contact"]},
|
||||
{
|
||||
"app_label": "registrar",
|
||||
"model": "domaininformation",
|
||||
"permissions": ["change_domaininformation"],
|
||||
},
|
||||
{
|
||||
"app_label": "registrar",
|
||||
"model": "domainapplication",
|
||||
"permissions": ["change_domainapplication"],
|
||||
},
|
||||
{"app_label": "registrar", "model": "domain", "permissions": ["view_domain"]},
|
||||
{
|
||||
"app_label": "registrar",
|
||||
"model": "draftdomain",
|
||||
"permissions": ["change_draftdomain"],
|
||||
},
|
||||
{"app_label": "registrar", "model": "user", "permissions": ["change_user"]},
|
||||
]
|
||||
|
||||
# Avoid error: You can't execute queries until the end
|
||||
# of the 'atomic' block.
|
||||
# From django docs:
|
||||
# https://docs.djangoproject.com/en/4.2/topics/migrations/#data-migrations
|
||||
# We can’t import the Person model directly as it may be a newer
|
||||
# version than this migration expects. We use the historical version.
|
||||
ContentType = apps.get_model("contenttypes", "ContentType")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
UserGroup = apps.get_model("registrar", "UserGroup")
|
||||
|
||||
logger.info("Going to create the Analyst Group")
|
||||
try:
|
||||
cisa_analysts_group, _ = UserGroup.objects.get_or_create(
|
||||
name="cisa_analysts_group",
|
||||
)
|
||||
|
||||
cisa_analysts_group.permissions.clear()
|
||||
|
||||
for permission in CISA_ANALYST_GROUP_PERMISSIONS:
|
||||
app_label = permission["app_label"]
|
||||
model_name = permission["model"]
|
||||
permissions = permission["permissions"]
|
||||
|
||||
# Retrieve the content type for the app and model
|
||||
content_type = ContentType.objects.get(
|
||||
app_label=app_label, model=model_name
|
||||
)
|
||||
|
||||
# Retrieve the permissions based on their codenames
|
||||
permissions = Permission.objects.filter(
|
||||
content_type=content_type, codename__in=permissions
|
||||
)
|
||||
|
||||
# Assign the permissions to the group
|
||||
cisa_analysts_group.permissions.add(*permissions)
|
||||
|
||||
# Convert the permissions QuerySet to a list of codenames
|
||||
permission_list = list(
|
||||
permissions.values_list("codename", flat=True)
|
||||
)
|
||||
|
||||
logger.debug(
|
||||
app_label
|
||||
+ " | "
|
||||
+ model_name
|
||||
+ " | "
|
||||
+ ", ".join(permission_list)
|
||||
+ " added to group "
|
||||
+ cisa_analysts_group.name
|
||||
)
|
||||
|
||||
cisa_analysts_group.save()
|
||||
logger.debug("CISA Analyt permissions added to group " + cisa_analysts_group.name)
|
||||
except Exception as e:
|
||||
logger.error(f"Error creating analyst permissions group: {e}")
|
||||
|
||||
def create_full_access_group(apps, schema_editor):
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
UserGroup = apps.get_model("registrar", "UserGroup")
|
||||
|
||||
logger.info("Going to create the Full Access Group")
|
||||
try:
|
||||
full_access_group, _ = UserGroup.objects.get_or_create(
|
||||
name="full_access_group",
|
||||
)
|
||||
# Get all available permissions
|
||||
all_permissions = Permission.objects.all()
|
||||
|
||||
# Assign all permissions to the group
|
||||
full_access_group.permissions.add(*all_permissions)
|
||||
|
||||
full_access_group.save()
|
||||
logger.debug("All permissions added to group " + full_access_group.name)
|
||||
except Exception as e:
|
||||
logger.error(f"Error creating full access group: {e}")
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue