stop using custom groups, use DEFAULT_STAFF_GROUP

73507b73 · Tomáš Valenta · 31db16df · 73507b73 · 73507b73 · 73507b73
Commit 73507b73 authored Mar 24, 2023 by Tomáš Valenta
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ Je třeba definovat minimálně následující environment proměnné:
 | `DEFAULT_CONTRACTEE_ZIP` | Defaultní PSČ naší podepisující strany |
 | `DEFAULT_CONTRACTEE_DISTRICT` | Defaultní obec naší podepisující strany |
 | `DEFAULT_CONTRACTEE_ICO_NUMBER` | Defaultní IČO naší podepisující strany |
+| `DEFAULT_STAFF_GROUP` | Defaultní skupina pro přihlášené uživatele, která bude mít přístup k vytváření smluv |
 V produkci je potřeba:
 | proměnná | popis |

--- a/contracts/admin.py
+++ b/contracts/admin.py
@@ -4,11 +4,7 @@ from django.contrib import admin
 from django.utils.html import format_html
 from fieldsets_with_inlines import FieldsetsInlineMixin
 from import_export import resources
-from nested_admin import (
+from nested_admin import NestedModelAdmin, NestedStackedInline, NestedTabularInline
-    NestedModelAdmin,
-    NestedStackedInline,
-    NestedTabularInline,
-)
 from rangefilter.filters import DateRangeFilter
 from shared.admin import MarkdownxGuardedModelAdmin
@@ -306,14 +302,10 @@ class SigneeAdmin(MarkdownxGuardedModelAdmin):
                "date_of_birth",
            )
-        if (
+        if obj is None or request.user.has_perm(  # Allowed to create
-            obj is None  # Allowed to create
+            "contracts.edit_signee", obj
-            or request.user.has_perm("contracts.edit_signee", obj)
        ):
-            fields.insert(
+            fields.insert(fields.index("ico_number"), "load_ares_data_button")
-                fields.index("ico_number"),
-                "load_ares_data_button"
-            )
        return fields

--- a/contracts/migrations/0009_alter_contractfile_file.py
+++ b/contracts/migrations/0009_alter_contractfile_file.py
@@ -4,15 +4,14 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
-        ('contracts', '0008_alter_contracteesignaturerepresentative_options_and_more'),
+        ("contracts", "0008_alter_contracteesignaturerepresentative_options_and_more"),
    ]
    operations = [
        migrations.AlterField(
-            model_name='contractfile',
+            model_name="contractfile",
-            name='file',
+            name="file",
-            field=models.FileField(upload_to='_private/', verbose_name='Soubor'),
+            field=models.FileField(upload_to="_private/", verbose_name="Soubor"),
        ),
    ]
--- a/contracts/migrations/0010_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0010_alter_contractee_address_country_and_more.py
@@ -4,20 +4,23 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
-        ('contracts', '0009_alter_contractfile_file'),
+        ("contracts", "0009_alter_contractfile_file"),
    ]
    operations = [
        migrations.AlterField(
-            model_name='contractee',
+            model_name="contractee",
-            name='address_country',
+            name="address_country",
-            field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+            field=models.CharField(
+                default="Česká Republika", max_length=256, verbose_name="Země"
+            ),
        ),
        migrations.AlterField(
-            model_name='signee',
+            model_name="signee",
-            name='address_country',
+            name="address_country",
-            field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+            field=models.CharField(
+                default="Česká Republika", max_length=256, verbose_name="Země"
+            ),
        ),
    ]
--- a/contracts/migrations/0011_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0011_alter_contractee_address_country_and_more.py
@@ -4,20 +4,19 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
-        ('contracts', '0010_alter_contractee_address_country_and_more'),
+        ("contracts", "0010_alter_contractee_address_country_and_more"),
    ]
    operations = [
        migrations.AlterField(
-            model_name='contractee',
+            model_name="contractee",
-            name='address_country',
+            name="address_country",
-            field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+            field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
        ),
        migrations.AlterField(
-            model_name='signee',
+            model_name="signee",
-            name='address_country',
+            name="address_country",
-            field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+            field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
        ),
    ]
--- a/contracts/migrations/0012_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0012_alter_contractee_address_country_and_more.py
@@ -4,20 +4,23 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
-        ('contracts', '0011_alter_contractee_address_country_and_more'),
+        ("contracts", "0011_alter_contractee_address_country_and_more"),
    ]
    operations = [
        migrations.AlterField(
-            model_name='contractee',
+            model_name="contractee",
-            name='address_country',
+            name="address_country",
-            field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+            field=models.CharField(
+                default="Česká Republika", max_length=256, verbose_name="Země"
+            ),
        ),
        migrations.AlterField(
-            model_name='signee',
+            model_name="signee",
-            name='address_country',
+            name="address_country",
-            field=models.CharField(default='Česká Republika', max_length=256, verbose_name='Země'),
+            field=models.CharField(
+                default="Česká Republika", max_length=256, verbose_name="Země"
+            ),
        ),
    ]
--- a/contracts/migrations/0013_alter_contractee_address_country_and_more.py
+++ b/contracts/migrations/0013_alter_contractee_address_country_and_more.py
@@ -4,20 +4,19 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
-        ('contracts', '0012_alter_contractee_address_country_and_more'),
+        ("contracts", "0012_alter_contractee_address_country_and_more"),
    ]
    operations = [
        migrations.AlterField(
-            model_name='contractee',
+            model_name="contractee",
-            name='address_country',
+            name="address_country",
-            field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+            field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
        ),
        migrations.AlterField(
-            model_name='signee',
+            model_name="signee",
-            name='address_country',
+            name="address_country",
-            field=models.CharField(default='CZ', max_length=256, verbose_name='Země'),
+            field=models.CharField(default="CZ", max_length=256, verbose_name="Země"),
        ),
    ]
--- a/contracts/templates/contracts/view_contract.html
+++ b/contracts/templates/contracts/view_contract.html
--- a/contracts/templates/contracts/view_signee.html
+++ b/contracts/templates/contracts/view_signee.html
--- a/contracts/views.py
+++ b/contracts/views.py
@@ -46,10 +46,7 @@ def get_pagination(request, objects) -> tuple:
    return page, paginator
-def get_paginated_contracts(
+def get_paginated_contracts(request, filter: typing.Union[None, dict] = None) -> tuple:
-    request,
-    filter: typing.Union[None, dict] = None
-) -> tuple:
    if filter is None:
        filter = {}
@@ -268,18 +265,12 @@ def view_contract_issues(request):
            **get_base_context(request),
            "title": (
                "Poznámky"
-                if (
+                if (request.user.is_anonymous or not request.user.can_view_confidential)
-                    request.user.is_anonymous
-                    or not request.user.can_view_confidential
-                )
                else "Problémy"
            ),
            "description": (
                "Poznámky ke smlouvám."
-                if (
+                if (request.user.is_anonymous or not request.user.can_view_confidential)
-                    request.user.is_anonymous
-                    or not request.user.can_view_confidential
-                )
                else "Problémy se smlouvami."
            ),
            "page": page,

--- a/env.example
+++ b/env.example
@@ -15,3 +15,5 @@ DEFAULT_CONTRACTEE_STREET="Na Moráni 360/3"
 DEFAULT_CONTRACTEE_ZIP="128 00"
 DEFAULT_CONTRACTEE_DISTRICT="Praha 2"
 DEFAULT_CONTRACTEE_ICO_NUMBER="71339698"
+DEFAULT_STAFF_GROUP="sso_cen:f"
--- a/media_server/apps.py
+++ b/media_server/apps.py
@@ -2,5 +2,5 @@ from django.apps import AppConfig
 class MediaServerConfig(AppConfig):
-    default_auto_field = 'django.db.models.BigAutoField'
+    default_auto_field = "django.db.models.BigAutoField"
-    name = 'media_server'
+    name = "media_server"
--- a/media_server/views.py
+++ b/media_server/views.py
@@ -4,7 +4,6 @@ from django.core.files.storage import FileSystemStorage
 from django_downloadview import StorageDownloadView
 from django_http_exceptions import HTTPExceptions
 # Create your views here.
 storage = FileSystemStorage()

--- a/oidc/auth.py
+++ b/oidc/auth.py
-import typing
 import logging
+import typing
 import jwt
-from django.contrib.auth.models import Group
 from django.conf import settings
+from django.contrib.auth.models import Group
 from pirates.auth import PiratesOIDCAuthenticationBackend
 logging.basicConfig(level=logging.DEBUG)
@@ -11,10 +11,7 @@ logging.basicConfig(level=logging.DEBUG)
 class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
    def _assign_new_user_groups(
-        self,
+        self, user, access_token: dict, user_groups: typing.Union[None, list] = None
-        user,
-        access_token: dict,
-        user_groups: typing.Union[None, list] = None
    ) -> None:
        if user_groups is None:
            user_groups = user.groups.all()
@@ -37,10 +34,7 @@ class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
                user.groups.add(group)
    def _remove_old_user_groups(
-        self,
+        self, user, access_token: dict, user_groups: typing.Union[None, list] = None
-        user,
-        access_token: dict,
-        user_groups: typing.Union[None, list] = None
    ) -> None:
        if user_groups is None:
            user_groups = user.groups.all()
@@ -62,14 +56,10 @@ class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
        user_groups = user.groups.all()
        self._remove_old_user_groups(
-            user,
+            user, decoded_access_token, user_groups=user_groups
-            decoded_access_token,
-            user_groups=user_groups
        )
        self._assign_new_user_groups(
-            user,
+            user, decoded_access_token, user_groups=user_groups
-            decoded_access_token,
-            user_groups=user_groups
        )
        user.update_group_based_admin()

--- a/registry/settings/base.py
+++ b/registry/settings/base.py
@@ -225,3 +225,5 @@ DEFAULT_CONTRACTEE_ZIP = env.str("DEFAULT_CONTRACTEE_ZIP")
 DEFAULT_CONTRACTEE_DISTRICT = env.str("DEFAULT_CONTRACTEE_DISTRICT")
 DEFAULT_COUNTRY = env.str("DEFAULT_COUNTRY")
 DEFAULT_CONTRACTEE_ICO_NUMBER = env.str("DEFAULT_CONTRACTEE_ICO_NUMBER")
+DEFAULT_STAFF_GROUP = "sso_cen:f"
--- a/run.sh
+++ b/run.sh
@@ -4,7 +4,6 @@
 set -e
 # Migrate database
-python manage.py makemigrations  # Custom Group model
 python manage.py migrate
 # Start webserver

--- a/shared/templates/shared/includes/base.html
+++ b/shared/templates/shared/includes/base.html
--- a/users/migrations/0002_user_is_staff_based_on_group.py
+++ b/users/migrations/0002_user_is_staff_based_on_group.py
@@ -4,15 +4,16 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
-        ('users', '0001_initial'),
+        ("users", "0001_initial"),
    ]
    operations = [
        migrations.AddField(
-            model_name='user',
+            model_name="user",
-            name='is_staff_based_on_group',
+            name="is_staff_based_on_group",
-            field=models.BooleanField(default=True, verbose_name='Admin přístup dle členství ve skupině'),
+            field=models.BooleanField(
+                default=True, verbose_name="Admin přístup dle členství ve skupině"
+            ),
        ),
    ]
--- a/users/migrations/0003_alter_user_is_staff_based_on_group.py
+++ b/users/migrations/0003_alter_user_is_staff_based_on_group.py
@@ -4,15 +4,18 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
-        ('users', '0002_user_is_staff_based_on_group'),
+        ("users", "0002_user_is_staff_based_on_group"),
    ]
    operations = [
        migrations.AlterField(
-            model_name='user',
+            model_name="user",
-            name='is_staff_based_on_group',
+            name="is_staff_based_on_group",
-            field=models.BooleanField(default=True, help_text='Určuje, zda bude "Administrační přístup" uživatele definován dle členství ve skupinách, nebo podle speciálního nastavení zde.', verbose_name='Administrační přístup dle členství ve skupině'),
+            field=models.BooleanField(
+                default=True,
+                help_text='Určuje, zda bude "Administrační přístup" uživatele definován dle členství ve skupinách, nebo podle speciálního nastavení zde.',
+                verbose_name="Administrační přístup dle členství ve skupině",
+            ),
        ),
    ]
--- a/users/models.py
+++ b/users/models.py
-from django.db import models
+from django.conf import settings
 from django.contrib.auth.models import Group
+from django.db import models
 from pirates import models as pirates_models
@@ -8,10 +9,10 @@ class User(pirates_models.AbstractUser):
        default=True,
        verbose_name="Administrační přístup dle členství ve skupině",
        help_text=(
-            "Určuje, zda bude \"Administrační přístup\" uživatele "
+            'Určuje, zda bude "Administrační přístup" uživatele '
            "definován dle členství ve skupinách, nebo podle "
            "speciálního nastavení zde."
-        )
+        ),
    )
    def set_unusable_password(self) -> None:
@@ -46,12 +47,7 @@ class User(pirates_models.AbstractUser):
        # customization to store the original field values on the instance
        instance._loaded_values = dict(
            zip(
-                field_names,
+                field_names, (value for value in values if value is not models.DEFERRED)
-                (
-                    value
-                    for value in values
-                    if value is not models.DEFERRED
-                )
            )
        )
@@ -72,7 +68,7 @@ class User(pirates_models.AbstractUser):
            return
        self.is_staff_based_on_group = True
-        self.is_staff = self.groups.filter(is_staff=True).exists()
+        self.is_staff = self.groups.filter(name=settings.DEFAULT_STAFF_GROUP).exists()
    @property
    def can_approve_contracts(self) -> bool:
@@ -99,12 +95,3 @@ class User(pirates_models.AbstractUser):
        app_label = "users"
        verbose_name = "Uživatel"
        verbose_name_plural = "Uživatelé"
-if not hasattr(Group, "is_staff"):
-    is_staff = models.BooleanField(
-        default=False,
-        verbose_name="Administrační přístup",
-        help_text="Určuje, zda se skupina může přihlásit do správy tohoto webu.",
-    )
-    is_staff.contribute_to_class(Group, "is_staff")