Skip to content

Commit

Permalink
Merge pull request openwisp#60 from openwisp/permissions
Browse files Browse the repository at this point in the history 
[permissions] Improved patch openwisp#57
  • Loading branch information
@nemesifier
nemesifier authored Nov 11, 2018
2 parents a52f751 + cad54d6 commit 36663df
Show file tree
Hide file tree
Showing 6 changed files with 132 additions and 0 deletions.
1 change: 1 addition & 0 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ install:
# TODO: temporary, remove when django-netjsonconfig 0.9.0 is released
- if [[ $TRAVIS_PYTHON_VERSION == "2.7" ]]; then pipenv install git+git://github.com/tinio/pysqlite.git@extension-enabled#egg=pysqlite; fi
- pipenv run pip install https://github.com/openwisp/django-x509/tarball/master
- pipenv run pip install git+https://github.com/openwisp/openwisp-users.git

script:
# for some reason the migrations check is failing only on django 2.0
Expand Down
50 changes: 50 additions & 0 deletions openwisp_controller/config/migrations/0015_default_groups_permissions.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
from django.db import migrations
from django.contrib.auth.models import Permission

from ...migrations import create_default_permissions


def assign_permissions_to_groups(apps, schema_editor):
create_default_permissions(apps, schema_editor)
Group = apps.get_model('openwisp_users', 'Group')
admin = Group.objects.get(name='Administrator')
operator = Group.objects.get(name='Operator')
operators_and_admins_can_change = ['device', 'config', 'template']
operators_read_only_admins_manage = ['vpn']
manage_operations = ['add', 'change', 'delete']

for model_name in operators_and_admins_can_change:
for operation in manage_operations:
permission = Permission.objects.get(
codename='{}_{}'.format(operation, model_name)
)
admin.permissions.add(permission.pk)
operator.permissions.add(permission.pk)

for model_name in operators_read_only_admins_manage:
try:
permission = Permission.objects.get(
codename="view_{}".format(model_name)
)
operator.permissions.add(permission.pk)
except Permission.DoesNotExist:
pass

for operation in manage_operations:
admin.permissions.add(
Permission.objects.get(codename="{}_{}".format(operation, model_name)).pk
)


class Migration(migrations.Migration):
dependencies = [
('openwisp_users', '0004_default_groups'),
('config', '0014_device_hardware_id'),
]

operations = [
migrations.RunPython(
assign_permissions_to_groups,
reverse_code=migrations.RunPython.noop
),
]
34 changes: 34 additions & 0 deletions openwisp_controller/geo/migrations/0002_default_groups_permissions.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
from django.db import migrations
from django.contrib.auth.models import Permission

from ...migrations import create_default_permissions


def assign_permissions_to_groups(apps, schema_editor):
create_default_permissions(apps, schema_editor)
Group = apps.get_model('openwisp_users', 'Group')
admin = Group.objects.get(name='Administrator')
operator = Group.objects.get(name='Operator')
operators_and_admins_can_change = ['location', 'floorplan', ]
manage_operations = ['add', 'change', 'delete']

for model_name in operators_and_admins_can_change:
for operation in manage_operations:
permission = Permission.objects.get(
codename='{}_{}'.format(operation, model_name)
)
admin.permissions.add(permission.pk)
operator.permissions.add(permission.pk)


class Migration(migrations.Migration):
dependencies = [
('openwisp_users', '0004_default_groups'),
('geo', '0001_initial')
]
operations = [
migrations.RunPython(
assign_permissions_to_groups,
reverse_code=migrations.RunPython.noop
)
]
8 changes: 8 additions & 0 deletions openwisp_controller/migrations.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
from django.contrib.auth.management import create_permissions


def create_default_permissions(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
37 changes: 37 additions & 0 deletions openwisp_controller/pki/migrations/0007_default_groups_permissions.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
from django.db import migrations
from django.contrib.auth.models import Permission

from ...migrations import create_default_permissions


def assign_permissions_to_groups(apps, schema_editor):
create_default_permissions(apps, schema_editor)
Group = apps.get_model('openwisp_users', 'Group')
admin = Group.objects.get(name='Administrator')
operator = Group.objects.get(name='Operator')
operators_read_only_admins_manage = ['ca', 'cert']
manage_operations = ['add', 'change', 'delete']

for model_name in operators_read_only_admins_manage:
try:
permission = Permission.objects.get(codename="view_{}".format(model_name))
operator.permissions.add(permission.pk)
except Permission.DoesNotExist:
pass
for operation in manage_operations:
admin.permissions.add(
Permission.objects.get(codename="{}_{}".format(operation, model_name)).pk
)


class Migration(migrations.Migration):
dependencies = [
('openwisp_users', '0004_default_groups'),
('pki', '0006_add_x509_passphrase_field'),
]
operations = [
migrations.RunPython(
assign_permissions_to_groups,
reverse_code=migrations.RunPython.noop
)
]
2 changes: 2 additions & 0 deletions tests/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,8 @@
EMAIL_PORT = '1025' # for testing purposes
LOGIN_REDIRECT_URL = 'admin:index'
ACCOUNT_LOGOUT_REDIRECT_URL = LOGIN_REDIRECT_URL
OPENWISP_ORGANIZATON_USER_ADMIN = True # tests will fail without this setting
OPENWISP_ORGANIZATON_OWNER_ADMIN = True # tests will fail without this setting

# during development only
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
Expand Down

0 comments on commit 36663df

Please sign in to comment.