Skip to content

Commit

Permalink
Use is_administrator instead of is_superuser
Browse files Browse the repository at this point in the history 
refs #259
  • Loading branch information
@rixx
rixx committed Jan 22, 2018
1 parent f61d919 commit 7159d15
Show file tree
Hide file tree
Showing 12 changed files with 55 additions and 15 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.rst
View file
Expand Up @@ -22,5 +22,6 @@ Features
Fixed bugs
~~~~~~~~~~~
- The schedule export could change project settings, requiring pretalx to be restarted to reset the settings.
- When running pretalx as (in-application) superuser, permission issues could arise. pretalx now warns and offers to migrate the account to an administrator account. (#259)

.. _releases: https://github.com/pretalx/pretalx/releases
6 changes: 3 additions & 3 deletions src/pretalx/common/middleware/event.py
View file
Expand Up @@ -26,7 +26,7 @@ def __init__(self, get_response):

def _set_orga_events(self, request):
if not request.user.is_anonymous:
if request.user.is_superuser:
if request.user.is_administrator:
request.orga_events = Event.objects.all()
else:
request.orga_events = Event.objects.filter(
Expand All @@ -53,12 +53,12 @@ def __call__(self, request):

if hasattr(request, 'event') and request.event:
if not request.user.is_anonymous:
request.is_orga = request.user.is_superuser or EventPermission.objects.filter(
request.is_orga = request.user.is_administrator or EventPermission.objects.filter(
user=request.user,
event=request.event,
is_orga=True
).exists()
request.is_reviewer = request.user.is_superuser or EventPermission.objects.filter(
request.is_reviewer = request.user.is_administrator or EventPermission.objects.filter(
user=request.user,
event=request.event,
is_reviewer=True
Expand Down
2 changes: 1 addition & 1 deletion src/pretalx/orga/management/commands/import_frab.py
View file
Expand Up @@ -32,7 +32,7 @@ def handle(self, *args, **options):
)
event.save()

for user in User.objects.filter(is_superuser=True):
for user in User.objects.filter(is_administrator=True):
EventPermission.objects.get_or_create(event=event, user=user, is_orga=True)

self.stdout.write(self.style.SUCCESS(process_frab(root, event)))
4 changes: 2 additions & 2 deletions src/pretalx/orga/permissions.py
View file
@@ -1,6 +1,6 @@
import rules

from pretalx.person.permissions import is_orga, is_reviewer, is_superuser
from pretalx.person.permissions import is_orga, is_reviewer, is_administrator
from pretalx.submission.permissions import is_review_author

rules.add_perm('orga.view_orga_area', is_orga | is_reviewer)
Expand All @@ -22,7 +22,7 @@
rules.add_perm('orga.edit_mail_templates', is_orga)
rules.add_perm('orga.view_review_dashboard', is_orga | is_reviewer)
rules.add_perm('orga.view_reviews', is_reviewer)
rules.add_perm('orga.remove_review', is_superuser | is_review_author)
rules.add_perm('orga.remove_review', is_administrator | is_review_author)
rules.add_perm('orga.view_schedule', is_orga)
rules.add_perm('orga.release_schedule', is_orga)
rules.add_perm('orga.edit_schedule', is_orga)
Expand Down
2 changes: 1 addition & 1 deletion src/pretalx/orga/templates/orga/base.html
View file
Expand Up @@ -67,7 +67,7 @@
<a class="dropdown-item" href="{{ e.orga_urls.base }}">{{ e.name }}</a>
{% endif %}
{% endfor %}
{% if request.user.is_superuser %}
{% if request.user.is_administrator %}
<a class="dropdown-item" href="{% url "orga:event.create" %}">
<span class="fa fa-plus"></span>
{% trans "New event" %}
Expand Down
2 changes: 1 addition & 1 deletion src/pretalx/orga/templates/orga/dashboard.html
View file
Expand Up @@ -14,7 +14,7 @@ <h1>{{ event.name }}</h1>
</span>
</a>
{% endfor %}
{% if request.user.is_superuser %}
{% if request.user.is_administrator %}
<a href="{% url "orga:event.create" %}" class="dashboard-block">
<h1><span class="fa fa-plus"></span>{% trans "New event" %}</h1>
<span class="dashboard-description">{% trans "Uh, a new event?<br>Head over here, please!" %}</span>
Expand Down
2 changes: 1 addition & 1 deletion src/pretalx/orga/views/event.py
View file
Expand Up @@ -44,7 +44,7 @@ def get_template_names(self):

def dispatch(self, request, *args, **kwargs):
if self._action == 'create':
if not request.user.is_anonymous and not request.user.is_superuser:
if not request.user.is_anonymous and not request.user.is_administrator:
raise PermissionDenied()
else:
if not request.user.has_perm('orga.change_settings', self.object):
Expand Down
18 changes: 18 additions & 0 deletions src/pretalx/person/migrations/0012_user_is_administrator.py
View file
@@ -0,0 +1,18 @@
# Generated by Django 2.0.1 on 2018-01-22 22:14

from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
('person', '0011_speakerprofile_has_arrived'),
]

operations = [
migrations.AddField(
model_name='user',
name='is_administrator',
field=models.BooleanField(default=False),
),
]
18 changes: 18 additions & 0 deletions src/pretalx/person/migrations/0013_auto_20180122_1615.py
View file
@@ -0,0 +1,18 @@
# Generated by Django 2.0.1 on 2018-01-22 22:15

from django.db import migrations


class Migration(migrations.Migration):

def create_administrators(apps, schema_editor):
User = apps.get_model("person", "User")
User.objects.filter(is_superuser=True).update(is_superuser=False, is_administrator=True)

dependencies = [
('person', '0012_user_is_administrator'),
]

operations = [
migrations.RunPython(create_administrators, migrations.RunPython.noop),
]
5 changes: 4 additions & 1 deletion src/pretalx/person/models/user.py
View file
Expand Up @@ -42,8 +42,9 @@ def create_user(self, nick: str, password: str=None, **kwargs):
def create_superuser(self, nick: str, password: str, **kwargs):
user = self.create_user(nick=nick, password=password, **kwargs)
user.is_staff = True
user.is_administrator = True
user.is_superuser = True
user.save(update_fields=['is_staff', 'is_superuser'])
user.save(update_fields=['is_staff', 'is_administrator', 'is_superuser'])
return user


Expand Down Expand Up @@ -89,6 +90,7 @@ class User(PermissionsMixin, AbstractBaseUser):
)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
is_administrator = models.BooleanField(default=False)
is_superuser = models.BooleanField(default=False)
locale = models.CharField(max_length=32, default=settings.LANGUAGE_CODE,
choices=settings.LANGUAGES,
Expand Down Expand Up @@ -163,6 +165,7 @@ def deactivate(self):
self.email = f'{self.nick}@localhost'
self.is_active = False
self.is_superuser = False
self.is_administrator = False
self.locale = 'en'
self.timezone = 'UTC'
self.pw_reset_token = None
Expand Down
8 changes: 4 additions & 4 deletions src/pretalx/person/permissions.py
View file
Expand Up @@ -6,7 +6,7 @@ def is_orga(user, obj):
if not user or user.is_anonymous or not obj:
return False
from pretalx.person.models import EventPermission
return user.is_superuser or EventPermission.objects.filter(
return user.is_administrator or EventPermission.objects.filter(
user=user, event=obj.event, is_orga=True
).exists()

Expand All @@ -16,11 +16,11 @@ def is_reviewer(user, obj):
if not user or user.is_anonymous or not obj:
return False
from pretalx.person.models import EventPermission
return user.is_superuser or EventPermission.objects.filter(
return user.is_administrator or EventPermission.objects.filter(
user=user, event=obj.event, is_reviewer=True
).exists()


@rules.predicate
def is_superuser(user, obj):
return user.is_superuser
def is_administrator(user, obj):
return user.is_administrator
2 changes: 1 addition & 1 deletion src/tests/functional/orga/test_access.py
View file
Expand Up @@ -56,7 +56,7 @@ def test_user_can_see_correct_events(orga_user, orga_client, speaker, event, oth
elif test_user == 'None':
orga_client.logout()
elif test_user == 'superuser':
orga_user.is_superuser = True
orga_user.is_administrator = True
orga_user.save()

response = orga_client.get(reverse('orga:event.dashboard', kwargs={'event': event.slug}), follow=True)
Expand Down

0 comments on commit 7159d15

Please sign in to comment.