From 776aab3ab427f00d70449b70c5656087b412870b Mon Sep 17 00:00:00 2001 From: SilviaAmAm Date: Tue, 1 Oct 2024 10:19:30 +0200 Subject: [PATCH] :sparkles: [#390] Add django permissions and groups --- .../migrations/0004_add_groups_permissions.py | 58 ++++++++++ .../migrations/0005_add_users_to_groups.py | 101 ++++++++++++++++++ 2 files changed, 159 insertions(+) create mode 100644 backend/src/openarchiefbeheer/accounts/migrations/0004_add_groups_permissions.py create mode 100644 backend/src/openarchiefbeheer/accounts/migrations/0005_add_users_to_groups.py diff --git a/backend/src/openarchiefbeheer/accounts/migrations/0004_add_groups_permissions.py b/backend/src/openarchiefbeheer/accounts/migrations/0004_add_groups_permissions.py new file mode 100644 index 000000000..3e157dc80 --- /dev/null +++ b/backend/src/openarchiefbeheer/accounts/migrations/0004_add_groups_permissions.py @@ -0,0 +1,58 @@ +# Generated by Django 4.2.15 on 2024-09-30 11:56 + +from django.db import migrations + +PERMISSIONS = { + "can_start_destruction": "Can start destruction", + "can_review_destruction": "Can review destruction", + "can_review_final_list": "Can review final list", +} + +GROUPS = { + "Record Manager": [ + "can_start_destruction", + ], + "Reviewer": [ + "can_review_destruction", + ], + "Archivist": [ + "can_review_final_list", + ], + "Administrator": [ + "can_start_destruction", + "can_review_destruction", + "can_review_final_list", + ], +} + + +def create_groups_permissions(apps, schema_editor): + User = apps.get_model("accounts", "User") + Group = apps.get_model("auth", "Group") + Permission = apps.get_model("auth", "Permission") + ContentType = apps.get_model("contenttypes", "ContentType") + + content_type = ContentType.objects.get_for_model(User) + for code_name, name in PERMISSIONS.items(): + Permission.objects.get_or_create( + codename=code_name, name=name, content_type=content_type + ) + + for group_name, permission_codenames in GROUPS.items(): + group, _ = Group.objects.get_or_create(name=group_name) + + for codename in permission_codenames: + permission = Permission.objects.get(codename=codename) + group.permissions.add(permission) + + +class Migration(migrations.Migration): + + dependencies = [ + ("accounts", "0003_role_can_review_final_list"), + ("auth", "0012_alter_user_first_name_max_length"), + ] + + operations = [ + migrations.RunPython(create_groups_permissions, migrations.RunPython.noop), + ] diff --git a/backend/src/openarchiefbeheer/accounts/migrations/0005_add_users_to_groups.py b/backend/src/openarchiefbeheer/accounts/migrations/0005_add_users_to_groups.py new file mode 100644 index 000000000..5d1108d8b --- /dev/null +++ b/backend/src/openarchiefbeheer/accounts/migrations/0005_add_users_to_groups.py @@ -0,0 +1,101 @@ +# Generated by Django 4.2.15 on 2024-09-30 12:10 + +from django.db import migrations + + +def add_users_to_groups(apps, schema_editor): + User = apps.get_model("accounts", "User") + Group = apps.get_model("auth", "Group") + + administrators = User.objects.filter( + role__can_start_destruction=True, + role__can_review_destruction=True, + role__can_review_final_list=True, + ) + admin_group = Group.objects.get(name="Administrator") + for user in administrators: + user.groups.add(admin_group) + + record_managers = User.objects.filter( + role__can_start_destruction=True, + role__can_review_destruction=False, + role__can_review_final_list=False, + ) + record_manager_group = Group.objects.get(name="Record Manager") + for user in record_managers: + user.groups.add(record_manager_group) + + reviewers = User.objects.filter( + role__can_start_destruction=False, + role__can_review_destruction=True, + role__can_review_final_list=False, + ) + reviewer_group = Group.objects.get(name="Reviewer") + for user in reviewers: + user.groups.add(reviewer_group) + + archivists = User.objects.filter( + role__can_start_destruction=False, + role__can_review_destruction=False, + role__can_review_final_list=True, + ) + archivist_group = Group.objects.get(name="Archivist") + for user in archivists: + user.groups.add(archivist_group) + + +def add_role_to_users(apps, schema_editor): + User = apps.get_model("accounts", "User") + Role = apps.get_model("accounts", "Role") + + administrator, _ = Role.objects.get_or_create( + name="Administrator", + can_start_destruction=True, + can_review_destruction=True, + can_review_final_list=True, + ) + record_manager, _ = Role.objects.get_or_create( + name="Record Manager", + can_start_destruction=True, + can_review_destruction=False, + can_review_final_list=False, + ) + reviewer, _ = Role.objects.get_or_create( + name="Reviewer", + can_start_destruction=False, + can_review_destruction=True, + can_review_final_list=False, + ) + archivist, _ = Role.objects.get_or_create( + name="Archivist", + can_start_destruction=False, + can_review_destruction=False, + can_review_final_list=True, + ) + + users = User.objects.all() + + for user in users: + if user.groups.filter(name="Administrator").exists(): + user.role = administrator + elif user.groups.filter(name="Record Manager").exists(): + user.role = record_manager + elif user.groups.filter(name="Reviewer").exists(): + user.role = reviewer + elif user.groups.filter(name="Archivist").exists(): + user.role = archivist + else: + continue + + user.save() + + +class Migration(migrations.Migration): + + dependencies = [ + ("accounts", "0004_add_groups_permissions"), + ] + + operations = [ + migrations.RunPython(add_users_to_groups, add_role_to_users), + ]