From 1876927cbc8dde0943750e32b2482c522f778700 Mon Sep 17 00:00:00 2001 From: Ryan Cross Date: Fri, 9 Jun 2017 21:01:56 +0000 Subject: [PATCH] Create new script ietf/bin/set_admin_permissions to configure Django Admin group permissions. Fixes #2008. Commit ready for merge. - Legacy-Id: 13575 --- ietf/bin/set_admin_permissions | 78 ++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100755 ietf/bin/set_admin_permissions diff --git a/ietf/bin/set_admin_permissions b/ietf/bin/set_admin_permissions new file mode 100755 index 0000000000..795ddb3dc8 --- /dev/null +++ b/ietf/bin/set_admin_permissions @@ -0,0 +1,78 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# -*- Python -*- +# +''' +This script configures Django Admin permissions +''' + +# Set PYTHONPATH and load environment variables for standalone script ----------------- +import os, sys +basedir = os.path.abspath(os.path.join(os.path.dirname(__file__), "../..")) +sys.path = [ basedir ] + sys.path +os.environ["DJANGO_SETTINGS_MODULE"] = "ietf.settings" + +virtualenv_activation = os.path.join(basedir, "env", "bin", "activate_this.py") +if os.path.exists(virtualenv_activation): + execfile(virtualenv_activation, dict(__file__=virtualenv_activation)) + +import django +django.setup() +# ------------------------------------------------------------------------------------- + +from django.contrib.auth.models import Group as AuthGroup +from django.contrib.auth.models import Permission +from ietf.group.models import Group + + +def permission_names_to_objects(names): + """ + Given an iterable of permission names (e.g. 'app_label.add_model'), + return an iterable of Permission objects for them. The permission + must already exist, because a permission name is not enough information + to create a new permission. + """ + result = [] + for name in names: + app_label, codename = name.split(".", 1) + try: + result.append(Permission.objects.get(content_type__app_label=app_label, + codename=codename)) + except Permission.DoesNotExist: + print "NO SUCH PERMISSION: %s, %s" % (app_label, codename) + raise + + return result + + +def main(): + secretariat = Group.objects.get(acronym='secretariat') + users = [ r.person.user for r in secretariat.role_set.filter(name='secr') ] + + # Set Auth Group members + auth_group, _ = AuthGroup.objects.get_or_create(name='secretariat') + auth_group.user_set.set(users) + + # Set Auth Group Admin Permissions + names = ['auth.add_user','auth.change_user','auth.delete_user', + 'group.add_group','group.change_group','group.delete_group', + 'group.add_role','group.change_role','group.delete_role', + 'group.add_groupevent','group.change_groupevent','group.delete_groupevent', + 'iesg.add_telechatagendaitem','iesg.change_telechatagendaitem','iesg.delete_telechatagendaitem', + 'iesg.add_telechatdate','iesg.change_telechatdate','iesg.delete_telechatdate', + 'mailinglists.add_list','mailinglists.change_list','mailinglists.delete_list', + 'meeting.add_floorplan','meeting.change_floorplan','meeting.delete_floorplan', + 'meeting.add_room','meeting.change_room','meeting.delete_room', + 'meeting.add_urlresource','meeting.change_urlresource','meeting.delete_urlresource', + 'person.add_person','person.change_person','person.delete_person', + 'person.add_alias','person.change_alias','person.delete_alias', + 'person.add_email','person.change_email','person.delete_email', + 'submit.add_submission','submit.change_submission','submit.delete_submission', + ] + + permissions = permission_names_to_objects(names) + auth_group.permissions.set(permissions) + + +if __name__ == '__main__': + main()