From 89ff92664ff06a974e37c15ab663394271ac4a10 Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Thu, 7 Nov 2024 14:59:01 +0100 Subject: ✨ update permission script - admin: delete "owns" groups when non relevent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../migrations/0254_permissionrequests.py | 32 +++++++- .../0255_migrate_delete_perm_clean_groups.py | 95 ++++++++++++++++++++++ .../migrations/0255_migrate_delete_permissions.py | 52 ------------ 3 files changed, 126 insertions(+), 53 deletions(-) create mode 100644 ishtar_common/migrations/0255_migrate_delete_perm_clean_groups.py delete mode 100644 ishtar_common/migrations/0255_migrate_delete_permissions.py (limited to 'ishtar_common/migrations') diff --git a/ishtar_common/migrations/0254_permissionrequests.py b/ishtar_common/migrations/0254_permissionrequests.py index 68c4891b0..6d3435ddb 100644 --- a/ishtar_common/migrations/0254_permissionrequests.py +++ b/ishtar_common/migrations/0254_permissionrequests.py @@ -169,5 +169,35 @@ class Migration(migrations.Migration): model_name='userprofile', name='profile_type', field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='user_profiles', to='ishtar_common.ProfileType', verbose_name='Profile type') - ) + ), + migrations.AddField( + model_name='ishtaruser', + name='need_permission_update', + field=models.BooleanField(default=True, verbose_name='Need permission update'), + ), + migrations.AlterField( + model_name='biographicalnote', + name='ishtar_users', + field=models.ManyToManyField(blank=True, related_name='biographicalnote_associated', to='ishtar_common.IshtarUser'), + ), + migrations.AlterField( + model_name='document', + name='ishtar_users', + field=models.ManyToManyField(blank=True, related_name='document_associated', to='ishtar_common.IshtarUser'), + ), + migrations.AlterField( + model_name='organization', + name='ishtar_users', + field=models.ManyToManyField(blank=True, related_name='organization_associated', to='ishtar_common.IshtarUser'), + ), + migrations.AlterField( + model_name='person', + name='ishtar_users', + field=models.ManyToManyField(blank=True, related_name='person_associated', to='ishtar_common.IshtarUser'), + ), + migrations.AlterField( + model_name='profiletype', + name='groups', + field=models.ManyToManyField(blank=True, related_name='profile_types', to='auth.Group', verbose_name='Groups'), + ), ] diff --git a/ishtar_common/migrations/0255_migrate_delete_perm_clean_groups.py b/ishtar_common/migrations/0255_migrate_delete_perm_clean_groups.py new file mode 100644 index 000000000..d9aa4cd32 --- /dev/null +++ b/ishtar_common/migrations/0255_migrate_delete_perm_clean_groups.py @@ -0,0 +1,95 @@ +# Generated by Django 2.2.28 on 2024-11-04 16:52 + +from django.db import migrations + + +def clean_groups(profile_type): + # raw copy of the admin code + owns, full = {}, [] + # get all permissions + for group in profile_type.groups.all(): + permissions = [] + own, gen = False, False + q = group.permissions + if not q.count(): + continue + for permission in q.all(): + if "_own_" in permission.codename: + own = True + else: + gen = True + parts = permission.codename.split("_") + permissions.append(f"{parts[0]}_{parts[-1]}") + if own and gen: + # group has "own" and "generic" permissions: do nothing + continue + permissions = tuple(sorted(permissions)) + if own: + owns[permissions] = group + else: + full.append(permissions) + # clean + for permissions in owns.keys(): + if len(permissions) == 1: + for full_permissions in full: + for full_permission in full_permissions: + if full_permission == permissions[0]: + profile_type.groups.remove(owns[permissions]) + break + else: + if permissions in full: + profile_type.groups.remove(owns[permissions]) + + +def migrate_permission(apps, __): + # clean delete permissions + Permission = apps.get_model("auth", "permission") + Group = apps.get_model("auth", "group") + ProfileType = apps.get_model("ishtar_common", "profiletype") + print() + for modif_group in Group.objects.filter( + name__endswith="modification/suppression").all(): + name = modif_group.name.replace("/suppression", "") + modif_group.name = name + modif_group.save() + delete_permissions = [] + for permission in modif_group.permissions.filter( + codename__startswith="change_").all(): + codename = permission.codename.replace("change_", "delete_") + try: + delete_permission = Permission.objects.get( + content_type=permission.content_type, + codename=codename + ) + delete_permissions.append(delete_permission) + if delete_permission in list(modif_group.permissions.all()): + modif_group.permissions.remove(delete_permission) + except Permission.DoesNotExist: + print(f"Permission {codename} does not exist") + + if not delete_permissions: + continue + delete_group = Group.objects.create( + name=name.replace("modification", "suppression") + ) + print(f"* New group: {delete_group.name}") + for delete_permission in delete_permissions: + delete_group.permissions.add(delete_permission) + for profile_type in ProfileType.objects.filter(groups__pk=modif_group.pk).all(): + profile_type.groups.add(delete_group) + print(f"\t- profile type {profile_type.label} updated") + # clean groups + ProfileType = apps.get_model("ishtar_common", "ProfileType") + for pt in ProfileType.objects.all(): + clean_groups(pt) + + +class Migration(migrations.Migration): + + dependencies = [ + ('ishtar_common', '0254_permissionrequests'), + ] + + operations = [ + migrations.RunPython(migrate_permission) + ] diff --git a/ishtar_common/migrations/0255_migrate_delete_permissions.py b/ishtar_common/migrations/0255_migrate_delete_permissions.py deleted file mode 100644 index 61b63c0df..000000000 --- a/ishtar_common/migrations/0255_migrate_delete_permissions.py +++ /dev/null @@ -1,52 +0,0 @@ -# Generated by Django 2.2.28 on 2024-11-04 16:52 - -from django.db import migrations - - -def migrate_permission(apps, __): - Permission = apps.get_model("auth", "permission") - Group = apps.get_model("auth", "group") - ProfileType = apps.get_model("ishtar_common", "profiletype") - print() - for modif_group in Group.objects.filter( - name__endswith="modification/suppression").all(): - name = modif_group.name.replace("/suppression", "") - modif_group.name = name - modif_group.save() - delete_permissions = [] - for permission in modif_group.permissions.filter( - codename__startswith="change_").all(): - codename = permission.codename.replace("change_", "delete_") - try: - delete_permission = Permission.objects.get( - content_type=permission.content_type, - codename=codename - ) - delete_permissions.append(delete_permission) - if delete_permission in list(modif_group.permissions.all()): - modif_group.permissions.remove(delete_permission) - except Permission.DoesNotExist: - print(f"Permission {codename} does not exist") - - if not delete_permissions: - continue - delete_group = Group.objects.create( - name=name.replace("modification", "suppression") - ) - print(f"* New group: {delete_group.name}") - for delete_permission in delete_permissions: - delete_group.permissions.add(delete_permission) - for profile_type in ProfileType.objects.filter(groups__pk=modif_group.pk).all(): - profile_type.groups.add(delete_group) - print(f"\t- profile type {profile_type.label} updated") - - -class Migration(migrations.Migration): - - dependencies = [ - ('ishtar_common', '0254_permissionrequests'), - ] - - operations = [ - migrations.RunPython(migrate_permission) - ] -- cgit v1.2.3