From b0092e7e149a29f405cae07b47294cbcade8bc6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20K=C3=BCnsem=C3=B6ller?=
 <jkuensem@physik.uni-bielefeld.de>
Date: Wed, 3 Mar 2021 17:08:26 +0100
Subject: [PATCH] TMSS-461: Populate permissions according to User roles
 confluence table

---
 SAS/TMSS/backend/src/tmss/tmssapp/populate.py | 67 ++++++++++++++++---
 1 file changed, 58 insertions(+), 9 deletions(-)

diff --git a/SAS/TMSS/backend/src/tmss/tmssapp/populate.py b/SAS/TMSS/backend/src/tmss/tmssapp/populate.py
index b0f83fb4748..d9352294552 100644
--- a/SAS/TMSS/backend/src/tmss/tmssapp/populate.py
+++ b/SAS/TMSS/backend/src/tmss/tmssapp/populate.py
@@ -29,6 +29,7 @@ from lofar.common import isTestEnvironment, isDevelopmentEnvironment
 from concurrent.futures import ThreadPoolExecutor
 from django.contrib.auth.models import User, Group, Permission
 from django.contrib.contenttypes.models import ContentType
+from django.db.utils import IntegrityError
 
 working_dir = os.path.dirname(os.path.abspath(__file__))
 
@@ -249,24 +250,72 @@ def populate_connectors():
 def populate_permissions():
     logger.info('Populating permissions')
 
-    perm = ProjectPermission.objects.create(name='taskdraft')
+    populate_project_permissions()
+    populate_system_permissions()
+    populate_system_roles()
+    populate_system_test_users()
+
+
+def populate_project_permissions():
+
+    # For each viewset and for each extra action create a project permission entry.
+    for name, obj in inspect.getmembers(viewsets):
+        if inspect.isclass(obj):
+            try:
+                permission_name = obj.serializer_class.Meta.model.__name__.lower()
+                logger.info('creating project permission %s' % permission_name)
+                try:
+                    ProjectPermission.objects.create(name=permission_name)
+                except IntegrityError as e:
+                    logger.debug('Skipping project permission creation for obj=%s: %s' % (obj, e))
+                extra_actions = obj.get_extra_actions()
+                if extra_actions:
+                    for action in extra_actions:
+                        action_permission_name = '%s-%s' % (permission_name, action.__name__)
+                        logger.info('creating project permission %s' % action_permission_name)
+                        try:
+                            ProjectPermission.objects.create(name=action_permission_name)
+                        except IntegrityError as e:
+                            logger.debug('Skipping project permission creation for obj=%s: %s' % (obj, e))
+
+            except Exception as e:
+                logger.debug('Skipping project permission creation for obj=%s: %s' % (obj, e))
+
+
+    # Project
+    perm = ProjectPermission.objects.get(name='project')
+    perm.GET.set([ProjectRole.objects.get(value='pi')])
+    perm.GET.set([ProjectRole.objects.get(value='co_i')])
+    perm.GET.set([ProjectRole.objects.get(value='contact_author')])
     perm.GET.set([ProjectRole.objects.get(value='shared_support_user')])
-    perm.POST.set([ProjectRole.objects.get(value='shared_support_user')])
+    perm.GET.set([ProjectRole.objects.get(value='friend_of_project')])
+    perm.PATCH.set([ProjectRole.objects.get(value='friend_of_project')])
     perm.save()
 
-    perm = ProjectPermission.objects.create(name="taskdraft-create_task_blueprint")
-    perm.GET.set([ProjectRole.objects.get(value='shared_support_user')])
+    # Subtask
+
+    # Subtask-schedule
+    perm = ProjectPermission.objects.get(name='subtask-schedule')
+    perm.GET.set([ProjectRole.objects.get(value='friend_of_project')])
     perm.save()
 
-    perm = ProjectPermission.objects.create(name='project')
+    # SchedulingUnitDraft
+    perm = ProjectPermission.objects.get(name='schedulingunitdraft')
     perm.GET.set([ProjectRole.objects.get(value='shared_support_user')])
+    perm.GET.set([ProjectRole.objects.get(value='friend_of_project')])
+    perm.GET.set([ProjectRole.objects.get(value='contact_author')])
     perm.POST.set([ProjectRole.objects.get(value='shared_support_user')])
+    perm.POST.set([ProjectRole.objects.get(value='friend_of_project')])
     perm.save()
 
-    populate_system_permissions()
-    populate_system_roles()
-    populate_system_test_users()
-
+    # SchedulingUnitBlueprint
+    perm = ProjectPermission.objects.get(name='schedulingunitblueprint')
+    perm.GET.set([ProjectRole.objects.get(value='shared_support_user')])
+    perm.GET.set([ProjectRole.objects.get(value='friend_of_project')])
+    perm.GET.set([ProjectRole.objects.get(value='contact_author')])
+    perm.POST.set([ProjectRole.objects.get(value='shared_support_user')])   # "Let's try, we may want to revoke this later and review"
+    perm.POST.set([ProjectRole.objects.get(value='friend_of_project')])
+    perm.save()
 
 
 def populate_system_permissions():
-- 
GitLab