[feature] Created default permissions for the default groups #55

Closes #55
openwisp · Dec 19, 2020 · 921be06 · 921be06
1 parent bcde169
commit 921be06
Show file tree

Hide file tree

Showing 4 changed files with 108 additions and 0 deletions.
diff --git a/openwisp_ipam/migrations/0005_default_groups_permissions.py b/openwisp_ipam/migrations/0005_default_groups_permissions.py
@@ -0,0 +1,17 @@
+from django.db import migrations
+
+from openwisp_ipam.migrations import assign_permissions_to_groups
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('openwisp_users', '0004_default_groups'),
+        ('openwisp_ipam', '0004_subnet_organization_unique_together'),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            assign_permissions_to_groups, reverse_code=migrations.RunPython.noop
+        ),
+    ]
diff --git a/openwisp_ipam/migrations/__init__.py b/openwisp_ipam/migrations/__init__.py
@@ -0,0 +1,46 @@
+from django.contrib.auth.management import create_permissions
+from django.contrib.auth.models import Permission
+
+
+def create_default_permissions(apps, schema_editor):
+    for app_config in apps.get_app_configs():
+        app_config.models_module = True
+        create_permissions(app_config, apps=apps, verbosity=0)
+        app_config.models_module = None
+
+
+def assign_permissions_to_groups(apps, schema_editor):
+    create_default_permissions(apps, schema_editor)
+    admins_can_manage = ['subnet', 'ipaddress']
+    operators_can_manage = ['ipaddress']
+    manage_operations = ['add', 'change', 'delete', 'view']
+    Group = apps.get_model('openwisp_users', 'Group')
+
+    try:
+        admin = Group.objects.get(name='Administrator')
+        operator = Group.objects.get(name='Operator')
+    except Group.DoesNotExist:
+        return
+
+    # Administrator - Can managae both ipaddress and subnet
+    for model_name in admins_can_manage:
+        for operation in manage_operations:
+            permission = Permission.objects.get(
+                codename='{}_{}'.format(operation, model_name)
+            )
+            admin.permissions.add(permission.pk)
+
+    # Operator - Can manage ipaddress but can only `view` subnet
+    for model_name in operators_can_manage:
+        for operation in manage_operations:
+            operator.permissions.add(
+                Permission.objects.get(
+                    codename='{}_{}'.format(operation, model_name)
+                ).pk
+            )
+
+    try:
+        permission = Permission.objects.get(codename='view_subnet')
+        operator.permissions.add(permission.pk)
+    except Permission.DoesNotExist:
+        pass
diff --git a/openwisp_ipam/tests/test_admin.py b/openwisp_ipam/tests/test_admin.py
@@ -1,6 +1,7 @@
 import json
 
 from django.contrib.auth import get_user_model
+from django.contrib.auth.models import Group
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.test import TestCase
 from django.urls import reverse
@@ -339,3 +340,32 @@ def test_change_view_master_multitenant(self):
         url = reverse(f'admin:{self.app_label}_subnet_change', args=[child1.pk])
         response = self.client.get(url)
         self.assertEqual(response.status_code, 200)
+
+    def test_admin_group_permission(self):
+        admin = Group.objects.get(name="Administrator")
+        admin_permissions = [
+            'add_ipaddress',
+            'change_ipaddress',
+            'delete_ipaddress',
+            'view_ipaddress',
+            'add_subnet',
+            'change_subnet',
+            'delete_subnet',
+            'view_subnet',
+        ]
+        perms = list(admin.permissions.values_list('codename', flat=True))
+        for p in admin_permissions:
+            self.assertIn(p, perms)
+
+    def test_operator_group_permission(self):
+        operator = Group.objects.get(name="Operator")
+        operator_permissions = [
+            'add_ipaddress',
+            'change_ipaddress',
+            'delete_ipaddress',
+            'view_ipaddress',
+            'view_subnet',
+        ]
+        perms = list(operator.permissions.values_list('codename', flat=True))
+        for p in operator_permissions:
+            self.assertIn(p, perms)
diff --git a/tests/openwisp2/sample_ipam/migrations/0004_default_groups_permissions.py b/tests/openwisp2/sample_ipam/migrations/0004_default_groups_permissions.py
@@ -0,0 +1,15 @@
+from django.db import migrations
+
+from openwisp_ipam.migrations import assign_permissions_to_groups
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('sample_ipam', '0003_fix_multitenancy'),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            assign_permissions_to_groups, reverse_code=migrations.RunPython.noop
+        ),
+    ]