✨ [#390] Add django permissions and groups

maykinmedia · Oct 1, 2024 · 776aab3 · 776aab3
1 parent c29d146
commit 776aab3
Show file tree

Hide file tree

Showing 2 changed files with 159 additions and 0 deletions.
diff --git a/backend/src/openarchiefbeheer/accounts/migrations/0004_add_groups_permissions.py b/backend/src/openarchiefbeheer/accounts/migrations/0004_add_groups_permissions.py
@@ -0,0 +1,58 @@
+# Generated by Django 4.2.15 on 2024-09-30 11:56
+
+from django.db import migrations
+
+PERMISSIONS = {
+    "can_start_destruction": "Can start destruction",
+    "can_review_destruction": "Can review destruction",
+    "can_review_final_list": "Can review final list",
+}
+
+GROUPS = {
+    "Record Manager": [
+        "can_start_destruction",
+    ],
+    "Reviewer": [
+        "can_review_destruction",
+    ],
+    "Archivist": [
+        "can_review_final_list",
+    ],
+    "Administrator": [
+        "can_start_destruction",
+        "can_review_destruction",
+        "can_review_final_list",
+    ],
+}
+
+
+def create_groups_permissions(apps, schema_editor):
+    User = apps.get_model("accounts", "User")
+    Group = apps.get_model("auth", "Group")
+    Permission = apps.get_model("auth", "Permission")
+    ContentType = apps.get_model("contenttypes", "ContentType")
+
+    content_type = ContentType.objects.get_for_model(User)
+    for code_name, name in PERMISSIONS.items():
+        Permission.objects.get_or_create(
+            codename=code_name, name=name, content_type=content_type
+        )
+
+    for group_name, permission_codenames in GROUPS.items():
+        group, _ = Group.objects.get_or_create(name=group_name)
+
+        for codename in permission_codenames:
+            permission = Permission.objects.get(codename=codename)
+            group.permissions.add(permission)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0003_role_can_review_final_list"),
+        ("auth", "0012_alter_user_first_name_max_length"),
+    ]
+
+    operations = [
+        migrations.RunPython(create_groups_permissions, migrations.RunPython.noop),
+    ]
diff --git a/backend/src/openarchiefbeheer/accounts/migrations/0005_add_users_to_groups.py b/backend/src/openarchiefbeheer/accounts/migrations/0005_add_users_to_groups.py
@@ -0,0 +1,101 @@
+# Generated by Django 4.2.15 on 2024-09-30 12:10
+
+from django.db import migrations
+
+
+def add_users_to_groups(apps, schema_editor):
+    User = apps.get_model("accounts", "User")
+    Group = apps.get_model("auth", "Group")
+
+    administrators = User.objects.filter(
+        role__can_start_destruction=True,
+        role__can_review_destruction=True,
+        role__can_review_final_list=True,
+    )
+    admin_group = Group.objects.get(name="Administrator")
+    for user in administrators:
+        user.groups.add(admin_group)
+
+    record_managers = User.objects.filter(
+        role__can_start_destruction=True,
+        role__can_review_destruction=False,
+        role__can_review_final_list=False,
+    )
+    record_manager_group = Group.objects.get(name="Record Manager")
+    for user in record_managers:
+        user.groups.add(record_manager_group)
+
+    reviewers = User.objects.filter(
+        role__can_start_destruction=False,
+        role__can_review_destruction=True,
+        role__can_review_final_list=False,
+    )
+    reviewer_group = Group.objects.get(name="Reviewer")
+    for user in reviewers:
+        user.groups.add(reviewer_group)
+
+    archivists = User.objects.filter(
+        role__can_start_destruction=False,
+        role__can_review_destruction=False,
+        role__can_review_final_list=True,
+    )
+    archivist_group = Group.objects.get(name="Archivist")
+    for user in archivists:
+        user.groups.add(archivist_group)
+
+
+def add_role_to_users(apps, schema_editor):
+    User = apps.get_model("accounts", "User")
+    Role = apps.get_model("accounts", "Role")
+
+    administrator, _ = Role.objects.get_or_create(
+        name="Administrator",
+        can_start_destruction=True,
+        can_review_destruction=True,
+        can_review_final_list=True,
+    )
+    record_manager, _ = Role.objects.get_or_create(
+        name="Record Manager",
+        can_start_destruction=True,
+        can_review_destruction=False,
+        can_review_final_list=False,
+    )
+    reviewer, _ = Role.objects.get_or_create(
+        name="Reviewer",
+        can_start_destruction=False,
+        can_review_destruction=True,
+        can_review_final_list=False,
+    )
+    archivist, _ = Role.objects.get_or_create(
+        name="Archivist",
+        can_start_destruction=False,
+        can_review_destruction=False,
+        can_review_final_list=True,
+    )
+
+    users = User.objects.all()
+
+    for user in users:
+        if user.groups.filter(name="Administrator").exists():
+            user.role = administrator
+        elif user.groups.filter(name="Record Manager").exists():
+            user.role = record_manager
+        elif user.groups.filter(name="Reviewer").exists():
+            user.role = reviewer
+        elif user.groups.filter(name="Archivist").exists():
+            user.role = archivist
+        else:
+            continue
+
+        user.save()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0004_add_groups_permissions"),
+    ]
+
+    operations = [
+        migrations.RunPython(add_users_to_groups, add_role_to_users),
+    ]