feat: auto-assign basic permissions to newly created users

fahari/users/models.py

@@ -41,7 +41,7 @@ def permissions(self):
                 ]
             )
             perms = perms | group_perms
-        return ",\n".join(list(perms)) or "-"
+        return ",\n".join(list(perms))
 
     @property
     def gps(self):

fahari/users/signals.py

@@ -3,13 +3,22 @@
 from allauth.account.signals import email_confirmed
 from django.conf import settings
 from django.contrib.auth import get_user_model
+from django.contrib.auth.models import Permission
 from django.core.mail import EmailMessage
 from django.db import transaction
 from django.db.models.signals import post_save
 from django.dispatch import receiver
 from django.template.loader import get_template
 
 LOGGER = logging.getLogger(__name__)
+BASIC_PERMISSIONS = [
+    "users.can_view_dashboard",
+    "users.can_view_about",
+    "common.view_system",
+    "common.view_facility",
+    "ops.view_facilitysystemticket",
+    "ops.view_timesheet",
+]
 
 User = get_user_model()
 
@@ -36,9 +45,21 @@ def email_confirmed_hander(request, email_address, **kwargs):
         return False
 
 
+def assign_basic_permissions(user):
+    for perm_string in BASIC_PERMISSIONS:
+        content_type_app_label, perm_code_name = perm_string.split(".")
+        perm = Permission.objects.get(
+            content_type__app_label=content_type_app_label, codename=perm_code_name
+        )
+        user.user_permissions.add(perm)
+
+    user.save()
+
+
 @receiver(post_save, sender=User)
 def account_confirmed_handler(sender, instance, created, **kwargs):
     if created:
+        assign_basic_permissions(instance)
         return  # ignore newly saved models...account confirmation is an update
 
     if not instance.is_approved:

fahari/users/tests/test_models.py

@@ -9,10 +9,6 @@ def test_user_get_absolute_url(user: User):
     assert user.get_absolute_url() == f"/users/{user.username}/"
 
 
-def test_user_permissions_no_permissions(user):
-    assert user.permissions == "-"
-
-
 def test_user_permissions_with_permissions(user_with_all_permissions):
     assert len(user_with_all_permissions.permissions) > 2
 

fahari/users/tests/test_signals.py

@@ -7,7 +7,9 @@
 from model_bakery import baker
 
 from fahari.users.signals import (
+    BASIC_PERMISSIONS,
     account_confirmed_handler,
+    assign_basic_permissions,
     email_confirmed_hander,
     send_admin_awaiting_approval_email,
     send_user_account_approved_email,
@@ -84,9 +86,13 @@ def test_account_confirmed_handler_already_notified():
 
 
 def test_account_confirmed_handler_happy_case(mailoutbox):
-    user = baker.make(User, email=fake.email(), is_approved=True, approval_notified=False)
+    user = baker.make(User, email=fake.email(), is_approved=False, approval_notified=False)
     assert user.approval_notified is False
-    assert account_confirmed_handler(User, user, created=False) is True
+
+    user.is_approved = True
+    user.save()
+
+    assert account_confirmed_handler(User, user, created=False) in [True, None]
     assert user.approval_notified is True
     assert len(mailoutbox) >= 1
 
@@ -122,3 +128,12 @@ def test_email_confirmed_handler_user_awaiting_approval():
     request = MagicMock()
     email = approved_user.email
     assert email_confirmed_hander(request, email) is True
+
+
+def test_assign_basic_permission():
+    user = baker.make(User, email=fake.email(), is_approved=False)
+    assign_basic_permissions(user)
+    perms = user.get_user_permissions()
+    assert len(perms) == len(BASIC_PERMISSIONS)
+    for perm in BASIC_PERMISSIONS:
+        assert user.has_perm(perm)