From ebc1643713d97e25ca939c2510aff23ce137ae0f Mon Sep 17 00:00:00 2001
From: "J.-S. Caux" <J.S.Caux@uva.nl>
Date: Fri, 1 Mar 2019 18:53:41 +0100
Subject: [PATCH] Remove partners-related permissions (including
django-generated)
---
organizations/views.py | 2 +-
.../0025_partners_groups_permissions.py | 90 +++++++++++++++++++
.../commands/add_groups_and_permissions.py | 47 ----------
3 files changed, 91 insertions(+), 48 deletions(-)
create mode 100644 partners/migrations/0025_partners_groups_permissions.py
diff --git a/organizations/views.py b/organizations/views.py
index fc70b5f9a..df80d6f32 100644
--- a/organizations/views.py
+++ b/organizations/views.py
@@ -237,7 +237,7 @@ def email_contactperson(request, contactperson_id, mail=None):
return mail_request.return_render()
-@permission_required('scipost.can_manage_SPB', return_403=True)
+@permission_required('scipost.can_manage_organizations', return_403=True)
def organization_add_contact(request, organization_id, contactperson_id=None):
organization = get_object_or_404(Organization, id=organization_id)
if contactperson_id:
diff --git a/partners/migrations/0025_partners_groups_permissions.py b/partners/migrations/0025_partners_groups_permissions.py
new file mode 100644
index 000000000..add572d18
--- /dev/null
+++ b/partners/migrations/0025_partners_groups_permissions.py
@@ -0,0 +1,90 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.4 on 2019-03-01 16:49
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+def delete_partner_groups(apps, schema_editor):
+ Group = apps.get_model('auth', 'Group')
+ try:
+ PartnersAdmin = Group.objects.get(name='Partners Administrators')
+ PartnersAdmin.delete()
+ except Group.DoesNotExist:
+ pass
+ try:
+ PartnersOfficers = Group.objects.get(name='Partners Officers')
+ PartnersOfficers.delete()
+ except Group.DoesNotExist:
+ pass
+ try:
+ PartnersAccounts = Group.objects.get(name='Partners Accounts')
+ PartnersAccounts.delete()
+ except Group.DoesNotExist:
+ pass
+
+
+def delete_partner_permissions(apps, schema_editor):
+ Permission = apps.get_model('auth', 'Permission')
+ try:
+ can_manage_SPB = Permission.objects.get(codename='can_manage_SPB')
+ can_manage_SPB.delete()
+ except Permission.DoesNotExist:
+ pass
+ try:
+ can_email_prospartner_contact = Permission.objects.get(
+ codename='can_email_prospartner_contact')
+ can_email_prospartner_contact.delete()
+ except Permission.DoesNotExist:
+ pass
+ try:
+ can_read_partner_page = Permission.objects.get(
+ codename='can_read_partner_page')
+ can_read_partner_page.delete()
+ except Permission.DoesNotExist:
+ pass
+ try:
+ can_view_partners = Permission.objects.get(
+ codename='can_view_partners')
+ can_view_partners.delete()
+ except Permission.DoesNotExist:
+ pass
+ try:
+ can_view_own_partner_details = Permission.objects.get(
+ codename='can_view_own_partner_details')
+ can_view_own_partner_details.delete()
+ except Permission.DoesNotExist:
+ pass
+
+
+def delete_model_permissions(apps, schema_editor):
+ ContentType = apps.get_model('contenttypes.ContentType')
+ Permission = apps.get_model('auth.Permission')
+ for modelname in ['consortium', 'contact', 'contactperson', 'contactrequest',
+ 'institution', 'membershipagreement', 'organization',
+ 'partner', 'partnerevent', 'partnersattachment',
+ 'prospectivecontact', 'prospectivepartner', 'prospectivepartnerevent']:
+ content_type = ContentType.objects.get(
+ model=modelname,
+ app_label='partners',
+ )
+ Permission.objects.filter(
+ content_type=content_type,
+ codename__in=('add_' + modelname, 'change_' + modelname, 'delete_' + modelname),
+ ).delete()
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('partners', '0024_auto_20190301_1638'),
+ ]
+
+ operations = [
+ migrations.RunPython(delete_partner_groups,
+ reverse_code=migrations.RunPython.noop),
+ migrations.RunPython(delete_partner_permissions,
+ reverse_code=migrations.RunPython.noop),
+ migrations.RunPython(delete_model_permissions,
+ reverse_code=migrations.RunPython.noop),
+ ]
diff --git a/scipost/management/commands/add_groups_and_permissions.py b/scipost/management/commands/add_groups_and_permissions.py
index 51d5e5a1d..0fb5363de 100644
--- a/scipost/management/commands/add_groups_and_permissions.py
+++ b/scipost/management/commands/add_groups_and_permissions.py
@@ -7,7 +7,6 @@ from django.core.management.base import BaseCommand
from django.contrib.auth.models import Group, Permission
from django.contrib.contenttypes.models import ContentType
-from partners.models import Contact
from scipost.models import Contributor, DraftInvitation
from submissions.models import Report
@@ -36,9 +35,6 @@ class Command(BaseCommand):
OrgContacts, created = Group.objects.get_or_create(name='Organization Contacts')
- PartnersAdmin, created = Group.objects.get_or_create(name='Partners Administrators')
- PartnersOfficers, created = Group.objects.get_or_create(name='Partners Officers')
- PartnerAccounts, created = Group.objects.get_or_create(name='Partners Accounts')
# Create Permissions
content_type = ContentType.objects.get_for_model(Contributor)
@@ -57,28 +53,6 @@ class Command(BaseCommand):
name='Can view ContactRole list',
content_type=content_type)
- # Supporting Partners
- can_manage_SPB, created = Permission.objects.get_or_create(
- codename='can_manage_SPB',
- name='Can manage Supporting Partners Board',
- content_type=content_type)
- can_email_prospartner_contact, created = Permission.objects.get_or_create(
- codename='can_email_prospartner_contact',
- name='Can email Prospective Partner Contact',
- content_type=content_type)
- can_read_partner_page, created = Permission.objects.get_or_create(
- codename='can_read_partner_page',
- name='Can read Prospective Partner personal page',
- content_type=content_type)
- can_view_partners, created = Permission.objects.get_or_create(
- codename='can_view_partners',
- name='Can view Partner details of all Partners',
- content_type=content_type)
- can_view_own_partner_details, created = Permission.objects.get_or_create(
- codename='can_view_own_partner_details',
- name='Can view (its own) partner details',
- content_type=content_type)
-
# Registration and invitations
can_manage_contributors, created = Permission.objects.get_or_create(
codename='can_manage_contributors',
@@ -494,26 +468,5 @@ class Command(BaseCommand):
can_view_contactrole_list,
])
- PartnersAdmin.permissions.set([
- can_manage_organizations,
- can_read_partner_page,
- can_view_own_partner_details,
- can_manage_SPB,
- can_email_prospartner_contact,
- can_view_partners,
- ])
-
- PartnersOfficers.permissions.set([
- can_read_partner_page,
- can_view_own_partner_details,
- can_manage_SPB,
- can_view_partners,
- ])
-
- PartnerAccounts.permissions.set([
- can_read_partner_page,
- can_view_own_partner_details,
- ])
-
if verbose:
self.stdout.write(self.style.SUCCESS('Successfully created groups and permissions.'))
--
GitLab