From 18d6dc86cd60b0d7eff0d2a7311b21bc709abff7 Mon Sep 17 00:00:00 2001
From: maxwellgithinji <maxwellgithinji@gmail.com>
Date: Tue, 18 Apr 2023 11:28:31 +0300
Subject: [PATCH] chore: add user permissions

Signed-off-by: maxwellgithinji <maxwellgithinji@gmail.com>
---
 mycarehub/content/signals.py | 133 ++++++++++++++++++-----------------
 mycarehub/users/admin.py     |   1 -
 mycarehub/users/signals.py   |  12 +++-
 3 files changed, 79 insertions(+), 67 deletions(-)

diff --git a/mycarehub/content/signals.py b/mycarehub/content/signals.py
index 4249adf..44907fa 100644
--- a/mycarehub/content/signals.py
+++ b/mycarehub/content/signals.py
@@ -75,73 +75,76 @@ def create_program_content_index_page(sender, instance, created, **kwargs):
 # receiver that runs after creation of content item index page
 @receiver(post_save, sender=ContentItemIndexPage)
 def create_program_content_editor_permissions(sender, instance, created, **kwargs):
-    group = Group.objects.create(name=f"{instance.program.name} Editor")
+    if created:
+        group = Group.objects.create(name=f"{instance.program.name} Editor")
 
-    can_access_wagtail_admin = Permission.objects.get(
-        content_type=ContentType.objects.get(app_label="wagtailadmin", model="admin"),
-        codename="access_admin",
-    )
-    group.permissions.add(can_access_wagtail_admin)
-
-    allowed_author_permissions = ["add_author", "change_author"]
-    for permission in allowed_author_permissions:
-        permission_object = Permission.objects.get(
-            content_type=ContentType.objects.get_for_model(Author), codename=permission
-        )
-        group.permissions.add(permission_object)
-
-    allowed_content_category_permissions = [
-        "add_contentitemcategory",
-        "change_contentitemcategory",
-    ]
-    for permission in allowed_content_category_permissions:
-        permission_object = Permission.objects.get(
-            content_type=ContentType.objects.get_for_model(ContentItemCategory),
-            codename=permission,
-        )
-        group.permissions.add(permission_object)
-
-    allowed_page_permissions = ["add", "edit", "publish"]
-    for permission in allowed_page_permissions:
-        GroupPagePermission.objects.create(group=group, page=instance, permission_type=permission)
-
-    root_collection = Collection.get_first_root_node()
-    allowed_image_permissions = ["add_image", "choose_image", "change_image", "delete_image"]
-    for permission in allowed_image_permissions:
-        GroupCollectionPermission.objects.create(
-            group=group,
-            collection=root_collection,
-            permission=Permission.objects.get(
-                content_type=ContentType.objects.get_for_model(Image), codename=permission
-            ),
-        )
-
-    allowed_document_permissions = [
-        "add_document",
-        "choose_document",
-        "change_document",
-        "delete_document",
-    ]
-
-    for permission in allowed_document_permissions:
-        GroupCollectionPermission.objects.create(
-            group=group,
-            collection=root_collection,
-            permission=Permission.objects.get(
-                content_type=ContentType.objects.get_for_model(Document), codename=permission
-            ),
-        )
-
-    allowed_media_permissions = ["add_media", "delete_media", "change_media"]
-
-    for permission in allowed_media_permissions:
-        GroupCollectionPermission.objects.create(
-            group=group,
-            collection=root_collection,
-            permission=Permission.objects.get(
-                content_type=ContentType.objects.get_for_model(Media), codename=permission
-            ),
+        can_access_wagtail_admin = Permission.objects.get(
+            content_type=ContentType.objects.get(app_label="wagtailadmin", model="admin"),
+            codename="access_admin",
         )
+        group.permissions.add(can_access_wagtail_admin)
+
+        allowed_author_permissions = ["add_author", "change_author"]
+        for permission in allowed_author_permissions:
+            permission_object = Permission.objects.get(
+                content_type=ContentType.objects.get_for_model(Author), codename=permission
+            )
+            group.permissions.add(permission_object)
+
+        allowed_content_category_permissions = [
+            "add_contentitemcategory",
+            "change_contentitemcategory",
+        ]
+        for permission in allowed_content_category_permissions:
+            permission_object = Permission.objects.get(
+                content_type=ContentType.objects.get_for_model(ContentItemCategory),
+                codename=permission,
+            )
+            group.permissions.add(permission_object)
+
+        allowed_page_permissions = ["add", "edit", "publish"]
+        for permission in allowed_page_permissions:
+            GroupPagePermission.objects.create(
+                group=group, page=instance, permission_type=permission
+            )
+
+        root_collection = Collection.get_first_root_node()
+        allowed_image_permissions = ["add_image", "choose_image", "change_image", "delete_image"]
+        for permission in allowed_image_permissions:
+            GroupCollectionPermission.objects.create(
+                group=group,
+                collection=root_collection,
+                permission=Permission.objects.get(
+                    content_type=ContentType.objects.get_for_model(Image), codename=permission
+                ),
+            )
+
+        allowed_document_permissions = [
+            "add_document",
+            "choose_document",
+            "change_document",
+            "delete_document",
+        ]
+
+        for permission in allowed_document_permissions:
+            GroupCollectionPermission.objects.create(
+                group=group,
+                collection=root_collection,
+                permission=Permission.objects.get(
+                    content_type=ContentType.objects.get_for_model(Document), codename=permission
+                ),
+            )
+
+        allowed_media_permissions = ["add_media", "delete_media", "change_media"]
+
+        for permission in allowed_media_permissions:
+            GroupCollectionPermission.objects.create(
+                group=group,
+                collection=root_collection,
+                permission=Permission.objects.get(
+                    content_type=ContentType.objects.get_for_model(Media), codename=permission
+                ),
+            )
 
 
 @receiver(post_delete, sender=ContentLike)
diff --git a/mycarehub/users/admin.py b/mycarehub/users/admin.py
index b1e1e7e..b062a91 100644
--- a/mycarehub/users/admin.py
+++ b/mycarehub/users/admin.py
@@ -25,7 +25,6 @@ class UserAdmin(auth_admin.UserAdmin):
                     "is_active",
                     "is_staff",
                     "is_superuser",
-                    "groups",
                     "user_permissions",
                 ),
             },
diff --git a/mycarehub/users/signals.py b/mycarehub/users/signals.py
index c76752e..72725ab 100644
--- a/mycarehub/users/signals.py
+++ b/mycarehub/users/signals.py
@@ -2,7 +2,7 @@
 
 from django.conf import settings
 from django.contrib.auth import get_user_model
-from django.contrib.auth.models import Permission
+from django.contrib.auth.models import Group, Permission
 from django.db.models.signals import post_save
 from django.dispatch import receiver
 from rest_framework.authtoken.models import Token
@@ -67,3 +67,13 @@ def account_confirmed_handler(sender, instance, created, **kwargs):
 def create_auth_token(sender, instance=None, created=False, **kwargs):
     if created:
         Token.objects.create(user=instance)
+
+
+@receiver(post_save, sender=settings.AUTH_USER_MODEL)
+def assign_user_editor_permission(sender, instance, created, **kwargs):
+    try:
+        group = Group.objects.get(name=f"{instance.program.name} Editor")
+    except Group.DoesNotExist:
+        return
+    instance.groups.clear()
+    instance.groups.add(group)