From 73507b7369702ccf288ea77847b3878f60496445 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Valenta?= <git@imaniti.org>
Date: Fri, 24 Mar 2023 14:03:14 +0100
Subject: [PATCH] stop using custom groups, use DEFAULT_STAFF_GROUP
---
README.md | 1 +
contracts/admin.py | 16 +++---------
.../0009_alter_contractfile_file.py | 9 +++----
...ter_contractee_address_country_and_more.py | 19 ++++++++------
...ter_contractee_address_country_and_more.py | 15 ++++++-----
...ter_contractee_address_country_and_more.py | 19 ++++++++------
...ter_contractee_address_country_and_more.py | 15 ++++++-----
.../templates/contracts/view_contract.html | 2 +-
.../templates/contracts/view_signee.html | 2 +-
contracts/views.py | 15 +++--------
env.example | 2 ++
media_server/apps.py | 4 +--
media_server/views.py | 1 -
oidc/auth.py | 22 +++++-----------
registry/settings/base.py | 2 ++
run.sh | 1 -
shared/templates/shared/includes/base.html | 2 +-
.../0002_user_is_staff_based_on_group.py | 11 ++++----
...0003_alter_user_is_staff_based_on_group.py | 13 ++++++----
users/models.py | 25 +++++--------------
20 files changed, 83 insertions(+), 113 deletions(-)
diff --git a/README.md b/README.md
index 7cae97a..17cd564 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ Je třeba definovat minimálně následující environment proměnné:
| `DEFAULT_CONTRACTEE_ZIP` | Defaultní PSČ naší podepisující strany |
| `DEFAULT_CONTRACTEE_DISTRICT` | Defaultní obec naší podepisující strany |
| `DEFAULT_CONTRACTEE_ICO_NUMBER` | Defaultní IČO naší podepisující strany |
+| `DEFAULT_STAFF_GROUP` | Defaultní skupina pro přihlášené uživatele, která bude mít přístup k vytváření smluv |
V produkci je potřeba:
| proměnná | popis |
diff --git a/contracts/admin.py b/contracts/admin.py
index ef8ee19..5f21883 100644
--- a/contracts/admin.py
+++ b/contracts/admin.py
@@ -4,11 +4,7 @@ from django.contrib import admin
from django.utils.html import format_html
from fieldsets_with_inlines import FieldsetsInlineMixin
from import_export import resources
-from nested_admin import (
- NestedModelAdmin,
- NestedStackedInline,
- NestedTabularInline,
-)
+from nested_admin import NestedModelAdmin, NestedStackedInline, NestedTabularInline
from rangefilter.filters import DateRangeFilter
from shared.admin import MarkdownxGuardedModelAdmin
@@ -306,14 +302,10 @@ class SigneeAdmin(MarkdownxGuardedModelAdmin):
"date_of_birth",
)
- if (
- obj is None # Allowed to create
- or request.user.has_perm("contracts.edit_signee", obj)
+ if obj is None or request.user.has_perm( # Allowed to create
+ "contracts.edit_signee", obj
):
- fields.insert(
- fields.index("ico_number"),
- "load_ares_data_button"
- )
+ fields.insert(fields.index("ico_number"), "load_ares_data_button")
return fields
diff --git a/contracts/migrations/0009_alter_contractfile_file.py b/contracts/migrations/0009_alter_contractfile_file.py
index 798582d..001a84a 100644
--- a/contracts/migrations/0009_alter_contractfile_file.py
+++ b/contracts/migrations/0009_alter_contractfile_file.py
@@ -4,15 +4,14 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('contracts', '0008_alter_contracteesignaturerepresentative_options_and_more'),
+ ("contracts", "0008_alter_contracteesignaturerepresentative_options_and_more"),
]
operations = [
migrations.AlterField(
- model_name='contractfile',
- name='file',
- field=models.FileField(upload_to='_private/', verbose_name='Soubor'),
+ model_name="contractfile",
+ name="file",
+ field=models.FileField(upload_to="_private/", verbose_name="Soubor"),
),
]
diff --git a/contracts/migrations/0010_alter_contractee_address_country_and_more.py b/contracts/migrations/0010_alter_contractee_address_country_and_more.py
index 02a13a8..efd8031 100644
--- a/contracts/migrations/0010_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0010_alter_contractee_address_country_and_more.py
@@ -4,20 +4,23 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('contracts', '0009_alter_contractfile_file'),
+ ("contracts", "0009_alter_contractfile_file"),
]
operations = [
migrations.AlterField(
- model_name='contractee',
- name='address_country',
- field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+ model_name="contractee",
+ name="address_country",
+ field=models.CharField(
+ default="Česká Republika", max_length=256, verbose_name="Země"
+ ),
),
migrations.AlterField(
- model_name='signee',
- name='address_country',
- field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+ model_name="signee",
+ name="address_country",
+ field=models.CharField(
+ default="Česká Republika", max_length=256, verbose_name="Země"
+ ),
),
]
diff --git a/contracts/migrations/0011_alter_contractee_address_country_and_more.py b/contracts/migrations/0011_alter_contractee_address_country_and_more.py
index 4534288..ca2fa47 100644
--- a/contracts/migrations/0011_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0011_alter_contractee_address_country_and_more.py
@@ -4,20 +4,19 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('contracts', '0010_alter_contractee_address_country_and_more'),
+ ("contracts", "0010_alter_contractee_address_country_and_more"),
]
operations = [
migrations.AlterField(
- model_name='contractee',
- name='address_country',
- field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+ model_name="contractee",
+ name="address_country",
+ field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
),
migrations.AlterField(
- model_name='signee',
- name='address_country',
- field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+ model_name="signee",
+ name="address_country",
+ field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
),
]
diff --git a/contracts/migrations/0012_alter_contractee_address_country_and_more.py b/contracts/migrations/0012_alter_contractee_address_country_and_more.py
index 357e466..7264112 100644
--- a/contracts/migrations/0012_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0012_alter_contractee_address_country_and_more.py
@@ -4,20 +4,23 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('contracts', '0011_alter_contractee_address_country_and_more'),
+ ("contracts", "0011_alter_contractee_address_country_and_more"),
]
operations = [
migrations.AlterField(
- model_name='contractee',
- name='address_country',
- field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+ model_name="contractee",
+ name="address_country",
+ field=models.CharField(
+ default="Česká Republika", max_length=256, verbose_name="Země"
+ ),
),
migrations.AlterField(
- model_name='signee',
- name='address_country',
- field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+ model_name="signee",
+ name="address_country",
+ field=models.CharField(
+ default="Česká Republika", max_length=256, verbose_name="Země"
+ ),
),
]
diff --git a/contracts/migrations/0013_alter_contractee_address_country_and_more.py b/contracts/migrations/0013_alter_contractee_address_country_and_more.py
index e2f5af7..7360f23 100644
--- a/contracts/migrations/0013_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0013_alter_contractee_address_country_and_more.py
@@ -4,20 +4,19 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('contracts', '0012_alter_contractee_address_country_and_more'),
+ ("contracts", "0012_alter_contractee_address_country_and_more"),
]
operations = [
migrations.AlterField(
- model_name='contractee',
- name='address_country',
- field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+ model_name="contractee",
+ name="address_country",
+ field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
),
migrations.AlterField(
- model_name='signee',
- name='address_country',
- field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+ model_name="signee",
+ name="address_country",
+ field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
),
]
diff --git a/contracts/templates/contracts/view_contract.html b/contracts/templates/contracts/view_contract.html
index 2dd519a..b533e30 100644
--- a/contracts/templates/contracts/view_contract.html
+++ b/contracts/templates/contracts/view_contract.html
@@ -407,7 +407,7 @@
{% if user.can_view_confidential %}
<div class="border !bg-red-100 border-red-200 p-1.5 rounded-md mt-1.5 mb-2 inline-block">
{% endif %}
-
+
<div>
{% if not signature.signee.entity_has_public_address %}
{% if user.can_view_confidential %}
diff --git a/contracts/templates/contracts/view_signee.html b/contracts/templates/contracts/view_signee.html
index 85f7d52..00856b6 100644
--- a/contracts/templates/contracts/view_signee.html
+++ b/contracts/templates/contracts/view_signee.html
@@ -29,7 +29,7 @@
{% if user.can_view_confidential %}
<div class="border !bg-red-100 border-red-200 p-1.5 rounded-md mt-1.5 mb-2 inline-block">
{% endif %}
-
+
<div>
{% if not signee.entity_has_public_address %}
{% if user.can_view_confidential %}
diff --git a/contracts/views.py b/contracts/views.py
index b502c93..c2b4915 100644
--- a/contracts/views.py
+++ b/contracts/views.py
@@ -46,10 +46,7 @@ def get_pagination(request, objects) -> tuple:
return page, paginator
-def get_paginated_contracts(
- request,
- filter: typing.Union[None, dict] = None
-) -> tuple:
+def get_paginated_contracts(request, filter: typing.Union[None, dict] = None) -> tuple:
if filter is None:
filter = {}
@@ -268,18 +265,12 @@ def view_contract_issues(request):
**get_base_context(request),
"title": (
"Poznámky"
- if (
- request.user.is_anonymous
- or not request.user.can_view_confidential
- )
+ if (request.user.is_anonymous or not request.user.can_view_confidential)
else "Problémy"
),
"description": (
"Poznámky ke smlouvám."
- if (
- request.user.is_anonymous
- or not request.user.can_view_confidential
- )
+ if (request.user.is_anonymous or not request.user.can_view_confidential)
else "Problémy se smlouvami."
),
"page": page,
diff --git a/env.example b/env.example
index 3a72fc2..38e3261 100644
--- a/env.example
+++ b/env.example
@@ -15,3 +15,5 @@ DEFAULT_CONTRACTEE_STREET="Na Moráni 360/3"
DEFAULT_CONTRACTEE_ZIP="128 00"
DEFAULT_CONTRACTEE_DISTRICT="Praha 2"
DEFAULT_CONTRACTEE_ICO_NUMBER="71339698"
+
+DEFAULT_STAFF_GROUP="sso_cen:f"
diff --git a/media_server/apps.py b/media_server/apps.py
index 6a7dc44..4aff1ea 100644
--- a/media_server/apps.py
+++ b/media_server/apps.py
@@ -2,5 +2,5 @@ from django.apps import AppConfig
class MediaServerConfig(AppConfig):
- default_auto_field = 'django.db.models.BigAutoField'
- name = 'media_server'
+ default_auto_field = "django.db.models.BigAutoField"
+ name = "media_server"
diff --git a/media_server/views.py b/media_server/views.py
index e803d56..370803d 100644
--- a/media_server/views.py
+++ b/media_server/views.py
@@ -4,7 +4,6 @@ from django.core.files.storage import FileSystemStorage
from django_downloadview import StorageDownloadView
from django_http_exceptions import HTTPExceptions
-
# Create your views here.
storage = FileSystemStorage()
diff --git a/oidc/auth.py b/oidc/auth.py
index 975d827..78db056 100644
--- a/oidc/auth.py
+++ b/oidc/auth.py
@@ -1,9 +1,9 @@
-import typing
import logging
+import typing
import jwt
-from django.contrib.auth.models import Group
from django.conf import settings
+from django.contrib.auth.models import Group
from pirates.auth import PiratesOIDCAuthenticationBackend
logging.basicConfig(level=logging.DEBUG)
@@ -11,10 +11,7 @@ logging.basicConfig(level=logging.DEBUG)
class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
def _assign_new_user_groups(
- self,
- user,
- access_token: dict,
- user_groups: typing.Union[None, list] = None
+ self, user, access_token: dict, user_groups: typing.Union[None, list] = None
) -> None:
if user_groups is None:
user_groups = user.groups.all()
@@ -37,10 +34,7 @@ class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
user.groups.add(group)
def _remove_old_user_groups(
- self,
- user,
- access_token: dict,
- user_groups: typing.Union[None, list] = None
+ self, user, access_token: dict, user_groups: typing.Union[None, list] = None
) -> None:
if user_groups is None:
user_groups = user.groups.all()
@@ -62,14 +56,10 @@ class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
user_groups = user.groups.all()
self._remove_old_user_groups(
- user,
- decoded_access_token,
- user_groups=user_groups
+ user, decoded_access_token, user_groups=user_groups
)
self._assign_new_user_groups(
- user,
- decoded_access_token,
- user_groups=user_groups
+ user, decoded_access_token, user_groups=user_groups
)
user.update_group_based_admin()
diff --git a/registry/settings/base.py b/registry/settings/base.py
index 6ff6fa8..cab7789 100644
--- a/registry/settings/base.py
+++ b/registry/settings/base.py
@@ -225,3 +225,5 @@ DEFAULT_CONTRACTEE_ZIP = env.str("DEFAULT_CONTRACTEE_ZIP")
DEFAULT_CONTRACTEE_DISTRICT = env.str("DEFAULT_CONTRACTEE_DISTRICT")
DEFAULT_COUNTRY = env.str("DEFAULT_COUNTRY")
DEFAULT_CONTRACTEE_ICO_NUMBER = env.str("DEFAULT_CONTRACTEE_ICO_NUMBER")
+
+DEFAULT_STAFF_GROUP = "sso_cen:f"
diff --git a/run.sh b/run.sh
index f9c9d4f..e0d1d7a 100644
--- a/run.sh
+++ b/run.sh
@@ -4,7 +4,6 @@
set -e
# Migrate database
-python manage.py makemigrations # Custom Group model
python manage.py migrate
# Start webserver
diff --git a/shared/templates/shared/includes/base.html b/shared/templates/shared/includes/base.html
index 22bcd06..81c1643 100644
--- a/shared/templates/shared/includes/base.html
+++ b/shared/templates/shared/includes/base.html
@@ -74,7 +74,7 @@
<ul class="navbar-menu text-white">
{% if user.is_staff %}
<li class="navbar-menu__item">
- <a
+ <a
href="{% url "admin:index" %}"
data-href="{% url "admin:index" %}"
class="navbar-menu__link flex items-center gap-2"
diff --git a/users/migrations/0002_user_is_staff_based_on_group.py b/users/migrations/0002_user_is_staff_based_on_group.py
index 2f3b12c..69e8343 100644
--- a/users/migrations/0002_user_is_staff_based_on_group.py
+++ b/users/migrations/0002_user_is_staff_based_on_group.py
@@ -4,15 +4,16 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('users', '0001_initial'),
+ ("users", "0001_initial"),
]
operations = [
migrations.AddField(
- model_name='user',
- name='is_staff_based_on_group',
- field=models.BooleanField(default=True, verbose_name='Admin přístup dle členství ve skupině'),
+ model_name="user",
+ name="is_staff_based_on_group",
+ field=models.BooleanField(
+ default=True, verbose_name="Admin přístup dle členství ve skupině"
+ ),
),
]
diff --git a/users/migrations/0003_alter_user_is_staff_based_on_group.py b/users/migrations/0003_alter_user_is_staff_based_on_group.py
index e08a2ff..fef5f63 100644
--- a/users/migrations/0003_alter_user_is_staff_based_on_group.py
+++ b/users/migrations/0003_alter_user_is_staff_based_on_group.py
@@ -4,15 +4,18 @@ from django.db import migrations, models
class Migration(migrations.Migration):
-
dependencies = [
- ('users', '0002_user_is_staff_based_on_group'),
+ ("users", "0002_user_is_staff_based_on_group"),
]
operations = [
migrations.AlterField(
- model_name='user',
- name='is_staff_based_on_group',
- field=models.BooleanField(default=True, help_text='Určuje, zda bude "Administrační přístup" uživatele definován dle členství ve skupinách, nebo podle speciálního nastavení zde.', verbose_name='Administrační přístup dle členství ve skupině'),
+ model_name="user",
+ name="is_staff_based_on_group",
+ field=models.BooleanField(
+ default=True,
+ help_text='Určuje, zda bude "Administrační přístup" uživatele definován dle členství ve skupinách, nebo podle speciálního nastavení zde.',
+ verbose_name="Administrační přístup dle členství ve skupině",
+ ),
),
]
diff --git a/users/models.py b/users/models.py
index 6683ec6..2d39275 100644
--- a/users/models.py
+++ b/users/models.py
@@ -1,5 +1,6 @@
-from django.db import models
+from django.conf import settings
from django.contrib.auth.models import Group
+from django.db import models
from pirates import models as pirates_models
@@ -8,10 +9,10 @@ class User(pirates_models.AbstractUser):
default=True,
verbose_name="Administrační přístup dle členství ve skupině",
help_text=(
- "Určuje, zda bude \"Administrační přístup\" uživatele "
+ 'Určuje, zda bude "Administrační přístup" uživatele '
"definován dle členství ve skupinách, nebo podle "
"speciálního nastavení zde."
- )
+ ),
)
def set_unusable_password(self) -> None:
@@ -46,12 +47,7 @@ class User(pirates_models.AbstractUser):
# customization to store the original field values on the instance
instance._loaded_values = dict(
zip(
- field_names,
- (
- value
- for value in values
- if value is not models.DEFERRED
- )
+ field_names, (value for value in values if value is not models.DEFERRED)
)
)
@@ -72,7 +68,7 @@ class User(pirates_models.AbstractUser):
return
self.is_staff_based_on_group = True
- self.is_staff = self.groups.filter(is_staff=True).exists()
+ self.is_staff = self.groups.filter(name=settings.DEFAULT_STAFF_GROUP).exists()
@property
def can_approve_contracts(self) -> bool:
@@ -99,12 +95,3 @@ class User(pirates_models.AbstractUser):
app_label = "users"
verbose_name = "Uživatel"
verbose_name_plural = "Uživatelé"
-
-
-if not hasattr(Group, "is_staff"):
- is_staff = models.BooleanField(
- default=False,
- verbose_name="Administrační přístup",
- help_text="Určuje, zda se skupina může přihlásit do správy tohoto webu.",
- )
- is_staff.contribute_to_class(Group, "is_staff")
--
GitLab