diff --git a/README.md b/README.md
index 7cae97a9485381e0eb844751fd42d8e7ea039434..17cd5641e4be239f4c3dd597b77f82c5beace004 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ Je třeba definovat minimálně následující environment proměnné:
| `DEFAULT_CONTRACTEE_ZIP` | Defaultní PSČ naší podepisující strany |
| `DEFAULT_CONTRACTEE_DISTRICT` | Defaultní obec naší podepisující strany |
| `DEFAULT_CONTRACTEE_ICO_NUMBER` | Defaultní IČO naší podepisující strany |
+| `DEFAULT_STAFF_GROUP` | Defaultní skupina pro přihlášené uživatele, která bude mít přístup k vytváření smluv |
V produkci je potřeba:
| proměnná | popis |
diff --git a/contracts/admin.py b/contracts/admin.py
index ef8ee1950457a28a91705d435e0d6c3758811dad..5f218830333aefd679dd8305740aef508b367d46 100644
--- a/contracts/admin.py
+++ b/contracts/admin.py
@@ -4,11 +4,7 @@ from django.contrib import admin
from django.utils.html import format_html
from fieldsets_with_inlines import FieldsetsInlineMixin
from import_export import resources
-from nested_admin import (
- NestedModelAdmin,
- NestedStackedInline,
- NestedTabularInline,
-)
+from nested_admin import NestedModelAdmin, NestedStackedInline, NestedTabularInline
from rangefilter.filters import DateRangeFilter
from shared.admin import MarkdownxGuardedModelAdmin
@@ -306,14 +302,10 @@ class SigneeAdmin(MarkdownxGuardedModelAdmin):
"date_of_birth",
)
- if (
- obj is None # Allowed to create
- or request.user.has_perm("contracts.edit_signee", obj)
+ if obj is None or request.user.has_perm( # Allowed to create
+ "contracts.edit_signee", obj
):
- fields.insert(
- fields.index("ico_number"),
- "load_ares_data_button"
- )
+ fields.insert(fields.index("ico_number"), "load_ares_data_button")
return fields
diff --git a/contracts/migrations/0009_alter_contractfile_file.py b/contracts/migrations/0009_alter_contractfile_file.py
index 798582d85ee3d0b32f2e8a0d24362baa490905d6..001a84aca5edfda69e505393dbf822b7f816faf0 100644
--- a/contracts/migrations/0009_alter_contractfile_file.py
+++ b/contracts/migrations/0009_alter_contractfile_file.py
@@ -4,15 +4,14 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('contracts', '0008_alter_contracteesignaturerepresentative_options_and_more'),
+ ("contracts", "0008_alter_contracteesignaturerepresentative_options_and_more"),
]
operations = [
migrations.AlterField(
- model_name='contractfile',
- name='file',
- field=models.FileField(upload_to='_private/', verbose_name='Soubor'),
+ model_name="contractfile",
+ name="file",
+ field=models.FileField(upload_to="_private/", verbose_name="Soubor"),
),
]
diff --git a/contracts/migrations/0010_alter_contractee_address_country_and_more.py b/contracts/migrations/0010_alter_contractee_address_country_and_more.py
index 02a13a807101907d6e32bb2a3952f31d727aea1d..efd80315f9e63fcb8ea981ed946403da05bab24b 100644
--- a/contracts/migrations/0010_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0010_alter_contractee_address_country_and_more.py
@@ -4,20 +4,23 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('contracts', '0009_alter_contractfile_file'),
+ ("contracts", "0009_alter_contractfile_file"),
]
operations = [
migrations.AlterField(
- model_name='contractee',
- name='address_country',
- field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+ model_name="contractee",
+ name="address_country",
+ field=models.CharField(
+ default="Česká Republika", max_length=256, verbose_name="Země"
+ ),
),
migrations.AlterField(
- model_name='signee',
- name='address_country',
- field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+ model_name="signee",
+ name="address_country",
+ field=models.CharField(
+ default="Česká Republika", max_length=256, verbose_name="Země"
+ ),
),
]
diff --git a/contracts/migrations/0011_alter_contractee_address_country_and_more.py b/contracts/migrations/0011_alter_contractee_address_country_and_more.py
index 4534288ebfcc19bb00ebd631017947c70cfe0b38..ca2fa476a869c44c61439af3c29994c73ebaec64 100644
--- a/contracts/migrations/0011_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0011_alter_contractee_address_country_and_more.py
@@ -4,20 +4,19 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('contracts', '0010_alter_contractee_address_country_and_more'),
+ ("contracts", "0010_alter_contractee_address_country_and_more"),
]
operations = [
migrations.AlterField(
- model_name='contractee',
- name='address_country',
- field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+ model_name="contractee",
+ name="address_country",
+ field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
),
migrations.AlterField(
- model_name='signee',
- name='address_country',
- field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+ model_name="signee",
+ name="address_country",
+ field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
),
]
diff --git a/contracts/migrations/0012_alter_contractee_address_country_and_more.py b/contracts/migrations/0012_alter_contractee_address_country_and_more.py
index 357e466c1759b747ab0ac35f80b0c3144cd5fd67..7264112c5c786b307362aeb12ea8ba7a1eb551c0 100644
--- a/contracts/migrations/0012_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0012_alter_contractee_address_country_and_more.py
@@ -4,20 +4,23 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('contracts', '0011_alter_contractee_address_country_and_more'),
+ ("contracts", "0011_alter_contractee_address_country_and_more"),
]
operations = [
migrations.AlterField(
- model_name='contractee',
- name='address_country',
- field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+ model_name="contractee",
+ name="address_country",
+ field=models.CharField(
+ default="Česká Republika", max_length=256, verbose_name="Země"
+ ),
),
migrations.AlterField(
- model_name='signee',
- name='address_country',
- field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+ model_name="signee",
+ name="address_country",
+ field=models.CharField(
+ default="Česká Republika", max_length=256, verbose_name="Země"
+ ),
),
]
diff --git a/contracts/migrations/0013_alter_contractee_address_country_and_more.py b/contracts/migrations/0013_alter_contractee_address_country_and_more.py
index e2f5af7719a7b34749d68ee6066b62eb0d3b19ed..7360f236df9c021f9f06f3c1710859fe78030336 100644
--- a/contracts/migrations/0013_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0013_alter_contractee_address_country_and_more.py
@@ -4,20 +4,19 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('contracts', '0012_alter_contractee_address_country_and_more'),
+ ("contracts", "0012_alter_contractee_address_country_and_more"),
]
operations = [
migrations.AlterField(
- model_name='contractee',
- name='address_country',
- field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+ model_name="contractee",
+ name="address_country",
+ field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
),
migrations.AlterField(
- model_name='signee',
- name='address_country',
- field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+ model_name="signee",
+ name="address_country",
+ field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
),
]
diff --git a/contracts/templates/contracts/view_contract.html b/contracts/templates/contracts/view_contract.html
index 2dd519afa506d80dd656069ebfa6293c35d3dcfd..b533e30a10b2272036e3ade21afbc0af37f4ea24 100644
--- a/contracts/templates/contracts/view_contract.html
+++ b/contracts/templates/contracts/view_contract.html
@@ -407,7 +407,7 @@
{% if user.can_view_confidential %}
<div class="border !bg-red-100 border-red-200 p-1.5 rounded-md mt-1.5 mb-2 inline-block">
{% endif %}
-
+
<div>
{% if not signature.signee.entity_has_public_address %}
{% if user.can_view_confidential %}
diff --git a/contracts/templates/contracts/view_signee.html b/contracts/templates/contracts/view_signee.html
index 85f7d52c499be290ca500557d1114c87204284bc..00856b663c5863dca48626af3060843ea15a6ecd 100644
--- a/contracts/templates/contracts/view_signee.html
+++ b/contracts/templates/contracts/view_signee.html
@@ -29,7 +29,7 @@
{% if user.can_view_confidential %}
<div class="border !bg-red-100 border-red-200 p-1.5 rounded-md mt-1.5 mb-2 inline-block">
{% endif %}
-
+
<div>
{% if not signee.entity_has_public_address %}
{% if user.can_view_confidential %}
diff --git a/contracts/views.py b/contracts/views.py
index b502c93f211e7deef4a42e3eec333e2a862205b2..c2b4915607a99dc6a8d22195767536125c611a86 100644
--- a/contracts/views.py
+++ b/contracts/views.py
@@ -46,10 +46,7 @@ def get_pagination(request, objects) -> tuple:
return page, paginator
-def get_paginated_contracts(
- request,
- filter: typing.Union[None, dict] = None
-) -> tuple:
+def get_paginated_contracts(request, filter: typing.Union[None, dict] = None) -> tuple:
if filter is None:
filter = {}
@@ -268,18 +265,12 @@ def view_contract_issues(request):
**get_base_context(request),
"title": (
"Poznámky"
- if (
- request.user.is_anonymous
- or not request.user.can_view_confidential
- )
+ if (request.user.is_anonymous or not request.user.can_view_confidential)
else "Problémy"
),
"description": (
"Poznámky ke smlouvám."
- if (
- request.user.is_anonymous
- or not request.user.can_view_confidential
- )
+ if (request.user.is_anonymous or not request.user.can_view_confidential)
else "Problémy se smlouvami."
),
"page": page,
diff --git a/env.example b/env.example
index 3a72fc29c7ada2c915b6b9ef1323870869612732..38e326158c3f703a3db62b30070ee5f73507e5e3 100644
--- a/env.example
+++ b/env.example
@@ -15,3 +15,5 @@ DEFAULT_CONTRACTEE_STREET="Na Moráni 360/3"
DEFAULT_CONTRACTEE_ZIP="128 00"
DEFAULT_CONTRACTEE_DISTRICT="Praha 2"
DEFAULT_CONTRACTEE_ICO_NUMBER="71339698"
+
+DEFAULT_STAFF_GROUP="sso_cen:f"
diff --git a/media_server/apps.py b/media_server/apps.py
index 6a7dc443704f73901f1122bd07754e3c65df5cda..4aff1ea9e92371e7e70bb043a67dd347b60b3dce 100644
--- a/media_server/apps.py
+++ b/media_server/apps.py
@@ -2,5 +2,5 @@ from django.apps import AppConfig
class MediaServerConfig(AppConfig):
- default_auto_field = 'django.db.models.BigAutoField'
- name = 'media_server'
+ default_auto_field = "django.db.models.BigAutoField"
+ name = "media_server"
diff --git a/media_server/views.py b/media_server/views.py
index e803d5669fa1051af213c58faa18a018d9ece01b..370803dd04a396d2ee3c1946d80d853a84796d9e 100644
--- a/media_server/views.py
+++ b/media_server/views.py
@@ -4,7 +4,6 @@ from django.core.files.storage import FileSystemStorage
from django_downloadview import StorageDownloadView
from django_http_exceptions import HTTPExceptions
-
# Create your views here.
storage = FileSystemStorage()
diff --git a/oidc/auth.py b/oidc/auth.py
index 975d82757265c2d41f53ce7f6c6a345bfacc9252..78db0561d5e9aa27cf1230f4f386588976ac3d68 100644
--- a/oidc/auth.py
+++ b/oidc/auth.py
@@ -1,9 +1,9 @@
-import typing
import logging
+import typing
import jwt
-from django.contrib.auth.models import Group
from django.conf import settings
+from django.contrib.auth.models import Group
from pirates.auth import PiratesOIDCAuthenticationBackend
logging.basicConfig(level=logging.DEBUG)
@@ -11,10 +11,7 @@ logging.basicConfig(level=logging.DEBUG)
class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
def _assign_new_user_groups(
- self,
- user,
- access_token: dict,
- user_groups: typing.Union[None, list] = None
+ self, user, access_token: dict, user_groups: typing.Union[None, list] = None
) -> None:
if user_groups is None:
user_groups = user.groups.all()
@@ -37,10 +34,7 @@ class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
user.groups.add(group)
def _remove_old_user_groups(
- self,
- user,
- access_token: dict,
- user_groups: typing.Union[None, list] = None
+ self, user, access_token: dict, user_groups: typing.Union[None, list] = None
) -> None:
if user_groups is None:
user_groups = user.groups.all()
@@ -62,14 +56,10 @@ class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
user_groups = user.groups.all()
self._remove_old_user_groups(
- user,
- decoded_access_token,
- user_groups=user_groups
+ user, decoded_access_token, user_groups=user_groups
)
self._assign_new_user_groups(
- user,
- decoded_access_token,
- user_groups=user_groups
+ user, decoded_access_token, user_groups=user_groups
)
user.update_group_based_admin()
diff --git a/registry/settings/base.py b/registry/settings/base.py
index 6ff6fa8a11b23393ea659aa92ee0f88bc9d600c7..cab7789c654a8c2b3242f3c09eb8e806daa748d4 100644
--- a/registry/settings/base.py
+++ b/registry/settings/base.py
@@ -225,3 +225,5 @@ DEFAULT_CONTRACTEE_ZIP = env.str("DEFAULT_CONTRACTEE_ZIP")
DEFAULT_CONTRACTEE_DISTRICT = env.str("DEFAULT_CONTRACTEE_DISTRICT")
DEFAULT_COUNTRY = env.str("DEFAULT_COUNTRY")
DEFAULT_CONTRACTEE_ICO_NUMBER = env.str("DEFAULT_CONTRACTEE_ICO_NUMBER")
+
+DEFAULT_STAFF_GROUP = "sso_cen:f"
diff --git a/run.sh b/run.sh
index f9c9d4f10b89680873d203d95df033ca1f59f179..e0d1d7a7e9f84107e736c700cfc5225226ed8ee5 100644
--- a/run.sh
+++ b/run.sh
@@ -4,7 +4,6 @@
set -e
# Migrate database
-python manage.py makemigrations # Custom Group model
python manage.py migrate
# Start webserver
diff --git a/shared/templates/shared/includes/base.html b/shared/templates/shared/includes/base.html
index 22bcd06070029f355b850814685dacb94a9e5ebb..81c1643e1bb58085ada43b2058813e9fb1deec21 100644
--- a/shared/templates/shared/includes/base.html
+++ b/shared/templates/shared/includes/base.html
@@ -74,7 +74,7 @@
<ul class="navbar-menu text-white">
{% if user.is_staff %}
<li class="navbar-menu__item">
- <a
+ <a
href="{% url "admin:index" %}"
data-href="{% url "admin:index" %}"
class="navbar-menu__link flex items-center gap-2"
diff --git a/users/migrations/0002_user_is_staff_based_on_group.py b/users/migrations/0002_user_is_staff_based_on_group.py
index 2f3b12c3a6a264e05934c2ff99d18fb5c6fece10..69e8343010a11e39907faeb6deecd12e6d7c8938 100644
--- a/users/migrations/0002_user_is_staff_based_on_group.py
+++ b/users/migrations/0002_user_is_staff_based_on_group.py
@@ -4,15 +4,16 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('users', '0001_initial'),
+ ("users", "0001_initial"),
]
operations = [
migrations.AddField(
- model_name='user',
- name='is_staff_based_on_group',
- field=models.BooleanField(default=True, verbose_name='Admin přístup dle členství ve skupině'),
+ model_name="user",
+ name="is_staff_based_on_group",
+ field=models.BooleanField(
+ default=True, verbose_name="Admin přístup dle členství ve skupině"
+ ),
),
]
diff --git a/users/migrations/0003_alter_user_is_staff_based_on_group.py b/users/migrations/0003_alter_user_is_staff_based_on_group.py
index e08a2ff2bcb09d5c658a728a7894c8f868f3b3b3..fef5f63e13b313556a406edd72861379533278c6 100644
--- a/users/migrations/0003_alter_user_is_staff_based_on_group.py
+++ b/users/migrations/0003_alter_user_is_staff_based_on_group.py
@@ -4,15 +4,18 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('users', '0002_user_is_staff_based_on_group'),
+ ("users", "0002_user_is_staff_based_on_group"),
]
operations = [
migrations.AlterField(
- model_name='user',
- name='is_staff_based_on_group',
- field=models.BooleanField(default=True, help_text='Určuje, zda bude "Administrační přístup" uživatele definován dle členství ve skupinách, nebo podle speciálního nastavení zde.', verbose_name='Administrační přístup dle členství ve skupině'),
+ model_name="user",
+ name="is_staff_based_on_group",
+ field=models.BooleanField(
+ default=True,
+ help_text='Určuje, zda bude "Administrační přístup" uživatele definován dle členství ve skupinách, nebo podle speciálního nastavení zde.',
+ verbose_name="Administrační přístup dle členství ve skupině",
+ ),
),
]
diff --git a/users/models.py b/users/models.py
index 6683ec6c2ce806f900bda8f1cbf2c1b523711db0..2d39275f6dd35d51bef50bc48add16205b8f24e0 100644
--- a/users/models.py
+++ b/users/models.py
@@ -1,5 +1,6 @@
-from django.db import models
+from django.conf import settings
from django.contrib.auth.models import Group
+from django.db import models
from pirates import models as pirates_models
@@ -8,10 +9,10 @@ class User(pirates_models.AbstractUser):
default=True,
verbose_name="Administrační přístup dle členství ve skupině",
help_text=(
- "Určuje, zda bude \"Administrační přístup\" uživatele "
+ 'Určuje, zda bude "Administrační přístup" uživatele '
"definován dle členství ve skupinách, nebo podle "
"speciálního nastavení zde."
- )
+ ),
)
def set_unusable_password(self) -> None:
@@ -46,12 +47,7 @@ class User(pirates_models.AbstractUser):
# customization to store the original field values on the instance
instance._loaded_values = dict(
zip(
- field_names,
- (
- value
- for value in values
- if value is not models.DEFERRED
- )
+ field_names, (value for value in values if value is not models.DEFERRED)
)
)
@@ -72,7 +68,7 @@ class User(pirates_models.AbstractUser):
return
self.is_staff_based_on_group = True
- self.is_staff = self.groups.filter(is_staff=True).exists()
+ self.is_staff = self.groups.filter(name=settings.DEFAULT_STAFF_GROUP).exists()
@property
def can_approve_contracts(self) -> bool:
@@ -99,12 +95,3 @@ class User(pirates_models.AbstractUser):
app_label = "users"
verbose_name = "Uživatel"
verbose_name_plural = "Uživatelé"
-
-
-if not hasattr(Group, "is_staff"):
- is_staff = models.BooleanField(
- default=False,
- verbose_name="Administrační přístup",
- help_text="Určuje, zda se skupina může přihlásit do správy tohoto webu.",
- )
- is_staff.contribute_to_class(Group, "is_staff")