Commit b0092e7e authored by Joern jkuensem's avatar Joern jkuensem

TMSS-461: Populate permissions according to User roles confluence table

parent 9eda93fe
......@@ -29,6 +29,7 @@ from lofar.common import isTestEnvironment, isDevelopmentEnvironment
from concurrent.futures import ThreadPoolExecutor
from django.contrib.auth.models import User, Group, Permission
from django.contrib.contenttypes.models import ContentType
from django.db.utils import IntegrityError
working_dir = os.path.dirname(os.path.abspath(__file__))
......@@ -249,24 +250,72 @@ def populate_connectors():
def populate_permissions():
logger.info('Populating permissions')
perm = ProjectPermission.objects.create(name='taskdraft')
populate_project_permissions()
populate_system_permissions()
populate_system_roles()
populate_system_test_users()
def populate_project_permissions():
# For each viewset and for each extra action create a project permission entry.
for name, obj in inspect.getmembers(viewsets):
if inspect.isclass(obj):
try:
permission_name = obj.serializer_class.Meta.model.__name__.lower()
logger.info('creating project permission %s' % permission_name)
try:
ProjectPermission.objects.create(name=permission_name)
except IntegrityError as e:
logger.debug('Skipping project permission creation for obj=%s: %s' % (obj, e))
extra_actions = obj.get_extra_actions()
if extra_actions:
for action in extra_actions:
action_permission_name = '%s-%s' % (permission_name, action.__name__)
logger.info('creating project permission %s' % action_permission_name)
try:
ProjectPermission.objects.create(name=action_permission_name)
except IntegrityError as e:
logger.debug('Skipping project permission creation for obj=%s: %s' % (obj, e))
except Exception as e:
logger.debug('Skipping project permission creation for obj=%s: %s' % (obj, e))
# Project
perm = ProjectPermission.objects.get(name='project')
perm.GET.set([ProjectRole.objects.get(value='pi')])
perm.GET.set([ProjectRole.objects.get(value='co_i')])
perm.GET.set([ProjectRole.objects.get(value='contact_author')])
perm.GET.set([ProjectRole.objects.get(value='shared_support_user')])
perm.POST.set([ProjectRole.objects.get(value='shared_support_user')])
perm.GET.set([ProjectRole.objects.get(value='friend_of_project')])
perm.PATCH.set([ProjectRole.objects.get(value='friend_of_project')])
perm.save()
perm = ProjectPermission.objects.create(name="taskdraft-create_task_blueprint")
perm.GET.set([ProjectRole.objects.get(value='shared_support_user')])
# Subtask
# Subtask-schedule
perm = ProjectPermission.objects.get(name='subtask-schedule')
perm.GET.set([ProjectRole.objects.get(value='friend_of_project')])
perm.save()
perm = ProjectPermission.objects.create(name='project')
# SchedulingUnitDraft
perm = ProjectPermission.objects.get(name='schedulingunitdraft')
perm.GET.set([ProjectRole.objects.get(value='shared_support_user')])
perm.GET.set([ProjectRole.objects.get(value='friend_of_project')])
perm.GET.set([ProjectRole.objects.get(value='contact_author')])
perm.POST.set([ProjectRole.objects.get(value='shared_support_user')])
perm.POST.set([ProjectRole.objects.get(value='friend_of_project')])
perm.save()
populate_system_permissions()
populate_system_roles()
populate_system_test_users()
# SchedulingUnitBlueprint
perm = ProjectPermission.objects.get(name='schedulingunitblueprint')
perm.GET.set([ProjectRole.objects.get(value='shared_support_user')])
perm.GET.set([ProjectRole.objects.get(value='friend_of_project')])
perm.GET.set([ProjectRole.objects.get(value='contact_author')])
perm.POST.set([ProjectRole.objects.get(value='shared_support_user')]) # "Let's try, we may want to revoke this later and review"
perm.POST.set([ProjectRole.objects.get(value='friend_of_project')])
perm.save()
def populate_system_permissions():
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment