def execute(self, *args, **options): logger.info("Synchronize django permissions") for app_config in apps.get_app_configs(): create_permissions(app_config, verbosity=options['verbosity']) logger.info("Done.") logger.info("Synchronize mapentity permissions") # Make sure apps are registered at this point import_module(settings.ROOT_URLCONF) # Tests reset DB so we have to reset this cache too clear_internal_user_cache() # For all models registered, add missing bits for model in registry.registry.keys(): if not model._meta.abstract: create_mapentity_model_permissions(model) logger.info("Done.") logger.info("Synchronize geotrek permissions") for content_type in ContentType.objects.all(): model = content_type.model_class() if model and issubclass(model, BasePublishableMixin) and not model._meta.abstract: Permission.objects.get_or_create( codename='publish_%s' % content_type.model, content_type=content_type, defaults={'name': 'Can publish %s' % content_type.name} ) logger.info("Done.")
def add_admin_perms(models, perm_parts=('add', 'change', 'delete')): """Designed to be run from a data migration script, adds create, edit and delete permissions to the site admin group""" from django.contrib.contenttypes.management import update_contenttypes from django.contrib.contenttypes.models import ContentType from django.contrib.auth.management import create_permissions from django.apps import apps from django.contrib.auth.models import Group, Permission if not isinstance(models, tuple): # Allow single model to be passed in models = (models,) # First, we need to create permissions in case this hasn't run yet # http://andrewingram.net/2012/dec/ \ # common-pitfalls-django-south/#contenttypes-and-permissions app_set = set([model._meta.app_label for model in models]) for app in app_set: app_config = apps.get_app_config(app) update_contenttypes(app_config) create_permissions(app_config) # Get group for site admin group, created = Group.objects.get_or_create(name='site admin') # Add permissions to the site admin for model in models: for perm_part in perm_parts: codename = "%s_%s" % (perm_part, model._meta.model_name) content_type = ContentType.objects.get_for_model(model) permission = Permission.objects.get(codename=codename, content_type=content_type) group.permissions.add(permission) group.save()
def lazy_permission_creation(**kwargs): from .models import PermissionsMixin if issubclass(auth.get_user_model(), PermissionsMixin): return # Call through to Django's create_permissions create_permissions(**kwargs)
def create_realtime_rest_group(apps, schema_editor): """Populate Groups for realtime group. :param apps: App registry. :type apps: django.apps.apps :param schema_editor: Django db abstraction for turning model into db. :type schema_editor: django.db.backends.schema """ # import apps registry, somehow it was only loaded fully from import realtime_app_config = apps_registry.get_app_config('realtime') # update content types update_contenttypes(realtime_app_config, interactive=False) # update permissions create_permissions(realtime_app_config, interactive=False) Group = apps.get_model('auth', 'Group') try: realtime_group = Group.objects.get(name=REST_GROUP) except Group.DoesNotExist: realtime_group = Group.objects.create(name=REST_GROUP) Permission = apps.get_model('auth', 'Permission') realtime_permissions = Permission.objects.filter( content_type__app_label='realtime') realtime_group.permissions.add(*realtime_permissions) realtime_group.save()
def test_duplicated_permissions(self): """ Test that we show proper error message if we are trying to create duplicate permissions. """ # check duplicated default permission models.Permission._meta.permissions = [ ('change_permission', 'Can edit permission (duplicate)')] six.assertRaisesRegex(self, CommandError, "The permission codename 'change_permission' clashes with a " "builtin permission for model 'auth.Permission'.", create_permissions, models, [], verbosity=0) # check duplicated custom permissions models.Permission._meta.permissions = [ ('my_custom_permission', 'Some permission'), ('other_one', 'Some other permission'), ('my_custom_permission', 'Some permission with duplicate permission code'), ] six.assertRaisesRegex(self, CommandError, "The permission codename 'my_custom_permission' is duplicated for model " "'auth.Permission'.", create_permissions, models, [], verbosity=0) # should not raise anything models.Permission._meta.permissions = [ ('my_custom_permission', 'Some permission'), ('other_one', 'Some other permission'), ] create_permissions(models, [], verbosity=0)
def handle(self, *args, **options): # Add any missing content types update_all_contenttypes() # Add any missing permissions for app in get_apps(): create_permissions(app, None, 2)
def add_permissions(apps, schema_editor, with_create_permissions=True): teachers = Group.objects.get(name='teachers') students = Group.objects.get(name='students') try: can_add_booking = Permission.objects.get(name='Can add booking') can_delete_booking = Permission.objects.get(name='Can delete booking') can_change_booking = Permission.objects.get(name='Can change booking') teachers.permissions.add( can_add_booking, can_delete_booking, can_change_booking, ) except Permission.DoesNotExist: if with_create_permissions: # Manually run create_permissions from django.contrib.auth.management import create_permissions assert not getattr(apps, 'models_module', None) apps.models_module = True create_permissions(apps, verbosity=0) apps.models_module = None return add_permissions( apps, schema_editor, with_create_permissions=False) else: raise teachers.save() students.save()
def create_default_permissions_group(apps, schema_editor): ''' Create the 'mydata-default-permissions' group ''' # First, we need to ensure that permissions have been created, # then we can create a group and assign those permissions to it: for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, apps=apps, verbosity=0) app_config.models_module = None group = Group.objects.create(name='mydata-default-permissions') tardis_portal_app_permissions = [ 'add_instrument', 'change_instrument', 'add_experiment', 'change_experiment', 'add_experimentparameterset', 'add_objectacl', 'add_dataset', 'change_dataset', 'add_datafile'] for perm in tardis_portal_app_permissions: group.permissions.add( Permission.objects.get( codename=perm, content_type__app_label='tardis_portal')) mydata_app_permissions = [ 'add_uploader', 'change_uploader', 'add_uploaderregistrationrequest', 'change_uploaderregistrationrequest', 'add_uploadersetting', 'change_uploadersetting'] for perm in mydata_app_permissions: group.permissions.add( Permission.objects.get( codename=perm, content_type__app_label='mydata'))
def make_groups(apps, schema_editor): # Create the default set of user groups and # assign the correct permissions. # Permissions aren't created until after all migrations # are run so lets create them now! app_configs = apps.get_app_configs() for app in app_configs: app.models_module = True create_permissions(app, verbosity=0) app.models_module = None Group = apps.get_model('auth', 'Group') Permission = apps.get_model('auth', 'Permission') for group in settings.DEFAULT_GROUPS: g,created = Group.objects.get_or_create(name=group) if group == 'admin': # Assign all available permissions to the admin group p = list(Permission.objects.all()) g.permissions.add(*p) elif group == 'staff': for perm in settings.DEFAULT_STAFF_PERMISSIONS: p = Permission.objects.get(name=perm) g.permissions.add(p) elif group == 'user': # Default permissions for users are store in # the settings.py file for perm in settings.DEFAULT_USER_PERMISSIONS: p = Permission.objects.get(name=perm) g.permissions.add(p)
def update_permissions_after_migration(app, **kwargs): """ Update app permission just after every migration. """ create_permissions( get_app(app), get_models(), 2 if settings.DEBUG else 0)
def step2(request): if request.method == 'POST': # If the form has been submitted... form = WorkspaceCreationForm(request.POST) # A form bound to the POST data if form.is_valid(): # All validation rules pass name = form.cleaned_data['name'] workspace = MyTenantModel.objects.create(name=name) Employee.objects.create(user=request.user, workspace=workspace) from django.contrib.contenttypes.models import ContentType from django.contrib.auth.management import create_permissions from django.contrib.auth.models import Permission from django.db.models import get_app, get_models create_permissions(get_app('deleteissue'), get_models(), 0) ### should optimize by calling only the new models instead of get_models #user = TenantUser.for_tenant(workspace).objects.create_user("*****@*****.**", "max") user = request.user ct = ContentType.objects.get_for_model(Project.for_tenant(workspace)) perm = Permission.objects.filter(content_type=ct) for i in perm: user.user_permissions.add(i) register_models_for_tenant(workspace) return HttpResponseRedirect('/admin/') # Redirect after POST else: form = WorkspaceCreationForm() # An unbound form return render(request, 'step2.html', {'form': form, 'form_action': "/deleteissue/step2/"})
def execute(self, *args, **options): logger.info("Synchronize django permissions") for app in get_apps(): create_permissions(app, [], int(options.get('verbosity', 1))) logger.info("Done.") logger.info("Synchronize mapentity permissions") # Make sure apps are registered at this point import_module(settings.ROOT_URLCONF) # For all models registered, add missing bits for model in registry.registry.keys(): create_mapentity_model_permissions(model) logger.info("Done.") logger.info("Synchronize geotrek permissions") for content_type in ContentType.objects.all(): model = content_type.model_class() if model and issubclass(model, BasePublishableMixin): Permission.objects.get_or_create( codename='publish_%s' % content_type.model, name='Can publish %s' % content_type.name, content_type=content_type) logger.info("Done.")
def update_permissions_after_migration(app, **kwargs): from django.conf import settings from django.db.models import get_app, get_models from django.contrib.auth.management import create_permissions create_permissions(get_app(app), get_models(), 2 if settings.DEBUG else 0) if app == "heliosinstitution": """ Permissions must exist in app model, otherwise an error will be thrown """ heliosinstitution_group_permissions = { "Institution Admin" : [ "delegate_institution_mngt", "revoke_institution_mngt", "delegate_election_mngt", "revoke_election_mngt" ], "Election Admin": [ ], } if verbosity>0: print "Initialising data post_migrate" for group in heliosinstitution_group_permissions: role, created = Group.objects.get_or_create(name=group) if verbosity > 1 and created: print 'Creating group', group for perm in heliosinstitution_group_permissions[group]: role.permissions.add(Permission.objects.get(codename=perm)) if verbosity > 1: print 'Permitting', group, 'to', perm role.save()
def create_verifier_group(apps, schema, with_create_permissions=True): """ Create a "verifiers" group that has the "can_verify" permission. All user created before July 11th 2015 are automatically added to this group. """ Group = apps.get_model('auth', 'Group') Permission = apps.get_model('auth', 'Permission') User = apps.get_model('auth', 'User') ContentType = apps.get_model('contenttypes', 'ContentType') mp_content_type = ContentType.objects.get(app_label='campaigns', model='mp') try: # Workaround for #23422 can_verify = Permission.objects.get(codename='can_verify', content_type=mp_content_type) except Permission.DoesNotExist: if with_create_permissions: from django.contrib.auth.management import create_permissions assert not getattr(apps, 'models_module', None) apps.models_module = True create_permissions(apps, verbosity=0) apps.models_module = None return create_verifier_group( apps, schema, with_create_permissions=False) else: raise cutoff_date = timezone.make_aware(datetime(2015, 7, 11, 23, 59, 59)) verifier_group = Group.objects.create(name="Verifiers") verifier_group.permissions.add(can_verify) for user in User.objects.filter(date_joined__lte=cutoff_date): user.groups.add(verifier_group)
def update_permissions_after_migration(app, **kwargs): """ Create permissions for apps synced with South even when do not change. Django creates new custom permissions (defined in a model's Meta class) when the app of that model gives a post_syncdb signal. South only fires that signal, however, when new migrations are applied to that app. So if any new permissions are added without any models changing (or, I suppose, a dummy migration is added), those new permission will not be created. Hooking to the post_migrate signal ensures that such new permissions will be created, along with the project specific permissions created from management.update_project_permissions. South bug: http://south.aeracode.org/ticket/211 Adapted solution: http://devwithpassion.com/felipe/south-django-permissions/ """ from django.conf import settings from django.db.models import get_app, get_models from django.contrib.auth.management import create_permissions from .management import update_project_permissions create_permissions(get_app(app), get_models(), 2 if settings.DEBUG else 0) update_project_permissions()
def handle(self, *args, **options): if not args: apps = [get_app(model._meta.app_label) for model in get_models()] else: apps = [get_app(arg) for arg in args] for app in apps: create_permissions(app, get_models(), options.get('verbosity', 0))
def add_groups(apps, schema_editor, with_create_permissions=True): Group = apps.get_model('auth', 'Group') Permission = apps.get_model('auth', 'Permission') User = apps.get_model('auth', 'User') try: perms = dict( [(codename, Permission.objects.get(codename=codename)) for codename in set(chain(*group_perms.values()))]) except Permission.DoesNotExist: if with_create_permissions: # create_permissions runs in the post_migrate signal, at the end of # all migrations. If migrating a fresh database (such as during # tests), then manually run create_permissions. from django.contrib.auth.management import create_permissions assert not getattr(apps, 'models_module', None) apps.models_module = True create_permissions(apps, verbosity=0) apps.models_module = None return add_groups( apps, schema_editor, with_create_permissions=False) else: raise for group_name in sorted(group_perms.keys()): group = Group.objects.create(name=group_name) perm_list = [ perms[codename] for codename in group_perms[group_name]] group.permissions.add(*perm_list) change_group = Group.objects.get(name='change-resource') for user in User.objects.all(): user.groups.add(change_group)
def migrate_service_enabled(apps, schema_editor): for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, apps=apps, verbosity=0) app_config.models_module = None Group = apps.get_model("auth", "Group") Permission = apps.get_model("auth", "Permission") Teamspeak3User = apps.get_model("teamspeak3", "Teamspeak3User") perm = Permission.objects.get(codename='access_teamspeak3') member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member') blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue') # Migrate members if Teamspeak3User.objects.filter(user__groups__name=member_group_name).exists() or \ getattr(settings, str('ENABLE_AUTH_TEAMSPEAK3'), False): try: group = Group.objects.get(name=member_group_name) group.permissions.add(perm) except ObjectDoesNotExist: logger.warning('Failed to migrate ENABLE_AUTH_TEAMSPEAK3 setting') # Migrate blues if Teamspeak3User.objects.filter(user__groups__name=blue_group_name).exists() or \ getattr(settings, str('ENABLE_BLUE_TEAMSPEAK3'), False): try: group = Group.objects.get(name=blue_group_name) group.permissions.add(perm) except ObjectDoesNotExist: logger.warning('Failed to migrate ENABLE_BLUE_TEAMSPEAK3 setting')
def make_permissions(apps, schema_editor, with_create_permissions=True): db_alias = schema_editor.connection.alias Group = apps.get_model("auth", "Group") User = apps.get_model("auth", "User") Permission = apps.get_model("auth", "Permission") try: read_perm = Permission.objects.get(codename='read_nodegroup', content_type__app_label='models', content_type__model='nodegroup') write_perm = Permission.objects.using(db_alias).get(codename='write_nodegroup', content_type__app_label='models', content_type__model='nodegroup') delete_perm = Permission.objects.using(db_alias).get(codename='delete_nodegroup', content_type__app_label='models', content_type__model='nodegroup') except Permission.DoesNotExist: if with_create_permissions: # Manually run create_permissions from django.contrib.auth.management import create_permissions assert not getattr(apps, 'models_module', None) apps.models_module = True create_permissions(apps, verbosity=0) apps.models_module = None return make_permissions( apps, schema_editor, with_create_permissions=False) else: raise edit_group = Group.objects.using(db_alias).create(name='edit') edit_group.permissions.add(read_perm, write_perm, delete_perm) read_group = Group.objects.using(db_alias).create(name='read') read_group.permissions.add(read_perm) admin_user = User.objects.using(db_alias).get(username='******') admin_user.groups.add(edit_group) admin_user.groups.add(read_group) anonymous_user = User.objects.using(db_alias).get(username='******') anonymous_user.groups.add(read_group)
def handle(self, *args, **options): apps = [] for arg in args: apps.append(get_app(arg)) for app in apps: create_permissions(app, None, options.get('verbosity', 0))
def forwards(self, orm): "Write your forwards methods here." # Note: Don't use "from appname.models import ModelName". # Use orm.ModelName to refer to models in this application, # and orm['appname.ModelName'] for models in other applications. update_contenttypes(get_app('activities'), get_models()) create_permissions(get_app('activities'), get_models(), 0)
def handle(self, *args, **options): from django.contrib.auth.management import create_permissions from django.db.models import get_apps, get_models verbosity = int(options['verbosity']) for app in get_apps(): create_permissions(app, None, verbosity)
def _make_permissions(apps, schema_editor): apps.models_module = True create_permissions(apps, verbosity=0) apps.models_module = None Group = apps.get_model("auth", "Group") create_farmers_group(Group)
def create_all_permissions(**kwargs): create_permissions(**kwargs) for p in Permission.objects.filter(codename__startswith='change_'): res= Permission.objects.get_or_create( content_type=p.content_type, codename=p.codename.replace('change_','changeall_',1), name=p.name.replace('change','change ALL',1), )
def handle(self, *args, **options): setup_environ(Poem.settings) from django.contrib.auth.management import create_permissions from django.db.models import get_apps for app in get_apps(): create_permissions(app, None, 2) logger.info('Permissions were successfully updated.')
def _make_permissions(apps, schema_editor): apps.models_module = True create_permissions(apps, verbosity=0) apps.models_module = None Group = apps.get_model("auth", "Group") Permission = apps.get_model("auth", "Permission") add_delivery_related_permissions(Group, Permission)
def update_permissions_after_migration(app, **kwargs): """ Update app permission just after every migration. This is based on the django_extensions' update_permissions management command. """ from django.db.models import get_app, get_models from django.contrib.auth.management import create_permissions create_permissions(get_app(app), get_models(), 2)
def handle(self, *args, **options): self.stdout.write("Create permissions for:") verbosity=int(options.get('verbosity', 0)) app_configs = apps.get_app_configs() for app_config in app_configs: app_label = app_config.label self.stdout.write(" * %s" % app_label) create_permissions(app_config, verbosity=verbosity)
def create_permissions_compat(app, **kwargs): ''' Creates permissions like syncdb would if we were not using South See http://south.aeracode.org/ticket/211 ''' from django.db.models import get_app from django.contrib.auth.management import create_permissions create_permissions(get_app(app), (), 0)
def update_permissions_after_migration(app,**kwargs): """ Update app permission just after every migration. """ from django.conf import settings from django.db.models import get_app, get_models from django.contrib.auth.management import create_permissions create_permissions(get_app(app), get_models(), 2 if settings.DEBUG else 0)
def create_groups(apps, schema_editor): """ Create groups and assign the permissions.""" Group = apps.get_model('auth', 'Group') Permission = apps.get_model('auth', 'Permission') apps.models_module = True create_permissions(apps, verbosity=0) apps.models_module = None group, __ = Group.objects.get_or_create(name=Role.ADMINS) for codename in ['add_usercredential', 'change_usercredential']: permission = Permission.objects.get(codename=codename) group.permissions.add(permission)
def test_unavailable_models(self): """ #24075 - Permissions shouldn't be created or deleted if the ContentType or Permission models aren't available. """ state = migrations.state.ProjectState() # Unavailable contenttypes.ContentType with self.assertNumQueries(0): create_permissions(self.app_config, verbosity=0, apps=state.apps) # Unavailable auth.Permission state = migrations.state.ProjectState(real_apps=['contenttypes']) with self.assertNumQueries(0): create_permissions(self.app_config, verbosity=0, apps=state.apps)
def test_create_permissions_checks_contenttypes_created(self): """ `post_migrate` handler ordering isn't guaranteed. Simulate a case where create_permissions() is called before create_contenttypes(). """ # Warm the manager cache. ContentType.objects.get_for_model(Group) # Apply a deletion as if e.g. a database 'flush' had been executed. ContentType.objects.filter(app_label='auth', model='group').delete() # This fails with a foreign key constraint without the fix. create_permissions(apps.get_app_config('auth'), interactive=False, verbosity=0)
def forwards(self, orm): app = get_app('imagestore') create_permissions(app, (), 2) add_image_permission = Permission.objects.get_by_natural_key('add_image', 'imagestore', 'image') add_album_permission = Permission.objects.get_by_natural_key('add_album', 'imagestore', 'album') change_image_permission = Permission.objects.get_by_natural_key('change_image', 'imagestore', 'image') change_album_permission = Permission.objects.get_by_natural_key('change_album', 'imagestore', 'album') delete_image_permission = Permission.objects.get_by_natural_key('delete_image', 'imagestore','image') delete_album_permission = Permission.objects.get_by_natural_key('delete_album', 'imagestore', 'album') for user in User.objects.all(): user.user_permissions.add(add_image_permission, add_album_permission,) user.user_permissions.add(change_image_permission, change_album_permission,) user.user_permissions.add(delete_image_permission, delete_album_permission,) user.save()
def add_all_permissions(): """Enforce loading of perms See: https://stackoverflow.com/questions/29296757/django-data-migrate-permissions https://code.djangoproject.com/ticket/23422 """ from django.apps import apps from django.contrib.auth.management import create_permissions for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, verbosity=0) app_config.models_module = None
def handle(self, *args, **options): if not args: apps = [] for model in get_models(): try: apps.append(get_app(model._meta.app_label)) except ImproperlyConfigured: pass else: apps = [] for arg in args: apps.append(get_app(arg)) for app in apps: create_permissions(app, get_models(), options.get('verbosity', 0))
def create_default_groups(apps, schema_editor): group = apps.get_model('openwisp_users', 'group') # To populate all the permissions for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, apps=apps, verbosity=0) app_config.models_module = None operator = group.objects.filter(name='Operator') if operator.count() == 0: operator = group.objects.create(name='Operator') admin = group.objects.filter(name='Administrator') if admin.count() == 0: admin = group.objects.create(name='Administrator') permissions = [ Permission.objects.get(content_type__app_label="openwisp_users", codename='add_user').pk, Permission.objects.get(content_type__app_label="openwisp_users", codename='change_user').pk, Permission.objects.get( content_type__app_label="openwisp_users", codename='change_organizationuser', ).pk, Permission.objects.get( content_type__app_label="openwisp_users", codename='delete_organizationuser', ).pk, Permission.objects.get( content_type__app_label="openwisp_users", codename='add_organizationuser', ).pk, ] try: permissions += [ Permission.objects.get( content_type__app_label="openwisp_users", codename='view_user').pk, Permission.objects.get( content_type__app_label="openwisp_users", codename='view_group').pk, Permission.objects.get( content_type__app_label="openwisp_users", codename='view_organizationuser', ).pk, ] except Permission.DoesNotExist: pass admin.permissions.set(permissions)
def add_permissions_to_groups(app, permissions): """Assign permissions to groups.""" # Make sure that all app permissions are created. # Related to South bug http://south.aeracode.org/ticket/211 app_obj = get_app(app) create_permissions(app_obj, get_models(app_mod=app_obj), verbosity=2) for perm_name, groups in permissions.iteritems(): for group_name in groups: group, created = Group.objects.get_or_create(name=group_name) permission = Permission.objects.get(codename=perm_name, content_type__app_label=app) group.permissions.add(permission)
def manage(apps, schema_editor): from django.contrib.auth.models import Group, Permission from django.contrib.auth.management import create_permissions # Necessary to get the auto-gen model perms in place for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, apps=apps, verbosity=0) app_config.models_module = None # This group may or may not exist, depending on our context (tests, prod, etc.) g, _ = Group.objects.get_or_create(name='forum_trust_level_1') p = Permission.objects.get(codename='add_plugin') g.permissions.add(p)
def create_groups(apps, schema_editor): """ Create groups and assign the permissions.""" Group = apps.get_model("auth", "Group") Permission = apps.get_model("auth", "Permission") for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, verbosity=0, apps=apps) app_config.models_module = None group, __ = Group.objects.get_or_create(name=Role.ADMINS) for codename in ["add_usercredential", "change_usercredential"]: permission = Permission.objects.get(codename=codename) group.permissions.add(permission)
def forwards_func(apps, schema_editor): Group = apps.get_model('auth', 'Group') Perm = apps.get_model('auth', 'Permission') ContentType = apps.get_model('contenttypes', 'ContentType') for custom in MODELS: ContentType.objects.get(app_label='xds_api', model=custom.replace(" ", "")).delete() ct = ContentType.objects.filter(model=custom.replace(" ", "")) if ct.exists(): ct.delete() for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, verbosity=0) app_config.models_module = None for app_config in apps.get_app_configs(): app_config.models_module = True create_contenttypes(app_config, verbosity=0) app_config.models_module = None for group in GROUPS: new_group, created = Group.objects.get_or_create(name=group) for model in MODELS: for permission in PERMISSIONS: name = 'Can {} {}'.format(permission, model) print("Creating {}".format(name)) model_comb = model value = model_comb.replace(" ", "") codename = '{}_{}'.format(permission, value) try: content_type = \ ContentType.objects.get(model=value) model_add_perm, created = \ Perm.objects.get_or_create(codename=codename, name=name, content_type=content_type) except Perm.DoesNotExist: logging.warning( "Permission not found with name '{}'.".format(name)) continue new_group.permissions.add(model_add_perm) print("Updated Course Information Mapping permissions.")
def add_trash_user_group(apps, schema_editor): ''' Create the '__trashuser__' ''' # First, we need to ensure that permissions have been created, # then we can create a group and assign those permissions to it: for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, apps=apps, verbosity=0) app_config.models_module = None group = Group.objects.create(name='__trashcan__') user = User.objects.create(is_active=True, is_superuser=False, is_staff=False, email='*****@*****.**', date_joined='1970-01-01T00:00:00Z', last_login='******', name='__trashuser__') group.user_set.add(user)
def test_custom_permission_name_length(self): auth_app_config = apps.get_app_config('auth') ContentType.objects.get_by_natural_key('auth', 'permission') custom_perm_name = 'a' * 256 Permission._meta.permissions = [ ('my_custom_permission', custom_perm_name), ] try: msg = ("The permission name %s of auth.permission is longer than " "255 characters" % custom_perm_name) with self.assertRaisesMessage(exceptions.ValidationError, msg): create_permissions(auth_app_config, verbosity=0) finally: Permission._meta.permissions = []
def add_in_progress_perm(apps, schema_editor): return try: permission = Permission.objects.get(codename="can_save_in_progress") except Permission.DoesNotExist: app_config = apps.get_app_config("qa") app_config.models_module = True create_permissions(app_config, verbosity=0) app_config.models_module = None permission = Permission.objects.get(codename="can_save_in_progress") for group in Group.objects.all(): group.permissions.add(permission)
def handle(self, *args, **options): if not args: apps = [] for model in get_models(): apps.append(get_app(model._meta.app_label)) else: apps = [] for arg in args: apps.append(get_app(arg)) for app in apps: update_contenttypes(app, None, options.get('verbosity', 2), interactive=True) create_permissions(app, get_models(), options.get('verbosity', 0))
def handle(self, *args, **options): if not args: apps = [] for model in get_models(): try: apps.append(get_app(model._meta.app_label)) except ImproperlyConfigured: # Ok, the app is not installed, jump to the next app continue else: apps = [] for arg in args: apps.append(get_app(arg)) for app in apps: create_permissions(app, get_models(), options.get('verbosity', 0))
def create_user_groups(apps, schema_editor): for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, verbosity=0) app_config.models_module = None Group = apps.get_model('auth', 'Group') Permission = apps.get_model('auth', 'Permission') GROUPS = ['admins', 'editors', 'users'] for group in GROUPS: new_group = Group.objects.create(name=group) if group == 'users': continue model_add_perm = Permission.objects.get(name='Can change publication') new_group.permissions.add(model_add_perm)
def generate_permissions(apps, schema_editor): Permission = apps.get_model( 'auth', 'Permission') try: Permission.objects.get( codename='add_post', content_type__app_label='blog') except Permission.DoesNotExist: models_module = getattr( apps, 'models_module', None) if models_module is None: apps.models_module = True create_permissions(apps, verbosity=0) apps.models_module = None else: raise
def create_permissions_compat(app, **kwargs): ''' Creates permissions like syncdb would if we were not using South See http://south.aeracode.org/ticket/211 ''' from django.db.models import get_app, get_models from django.conf import settings from django.contrib.auth.management import create_permissions if app in ('trans', 'lang', 'accounts'): try: create_permissions(get_app(app), get_models(), 2 if settings.DEBUG else 0) except AttributeError as error: # See https://code.djangoproject.com/ticket/20442 print 'Failed to create permission objects: {0}'.format(error)
def update_read_meta_dataset_permissions(apps, schema_editor): """Assign the `read_meta_dataset` permission to Datasets that existed in the system with the `read_dataset` permission""" # Permissions are only created after all migrations are run. Since this # data migration needs access to said permissions we manually trigger # their creation here. apps.models_module = True create_permissions(apps, verbosity=0) apps.models_module = None for dataset in DataSet.objects.all(): for queryset in [User.objects.all(), Group.objects.all()]: for obj in queryset: permission_checker = ObjectPermissionChecker(obj) if permission_checker.has_perm("core.read_dataset", dataset): assign_perm("core.read_meta_dataset", obj, dataset)
def forwards(self, orm): "Write your forwards methods here." # Note: Don't use "from appname.models import ModelName". # Use orm.ModelName to refer to models in this application, # and orm['appname.ModelName'] for models in other applications. update_contenttypes(get_app('notes'), get_models()) create_permissions(get_app('notes'), get_models(), 0) students = orm['auth.Group'].objects.get(name="students") students.permissions.add(orm['auth.Permission'].objects.get(content_type__app_label="notes", codename="add_note")) students.permissions.add(orm['auth.Permission'].objects.get(content_type__app_label="notes", codename="change_note")) students.permissions.add(orm['auth.Permission'].objects.get(content_type__app_label="notes", codename="delete_note")) students.save() professors = orm['auth.Group'].objects.get(name="professors") professors.permissions.add(orm['auth.Permission'].objects.get(content_type__app_label="core", codename="add_course")) professors.save()
def create_group(apps, **_kwargs): for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, verbosity=0) app_config.models_module = None add_activity = Permission.objects.get(codename='add_activity') change_activity = Permission.objects.get(codename='change_activity') delete_activity = Permission.objects.get(codename='delete_activity') group, created = Group.objects.get_or_create(name='staff') if created: group.permissions.add(add_activity, change_activity, delete_activity) group, created = Group.objects.get_or_create(name='admin') if created: group.permissions.add(add_activity, change_activity, delete_activity)
def create_data(apps, schema_editor): for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, apps=apps, verbosity=0) app_config.models_module = False # 添加app appname = settings.SAMPLEAPPNAME appid = input("please enter your appid: ").strip() or appname appsecret = input("please enter your appsecret: ").strip() or "secret" app = WeChatApp.objects.create(title="sample app", name=appname, appid=appid, appsecret=appsecret) # 增加user perm = "{prefix}{appname}".format(prefix=WECHATPERM_PREFIX, appname=appname) if not User.objects.filter(username="******").first(): User.objects.create_superuser("admin", "", "123456") content_type = ContentType.objects.get_for_model(WeChatApp) permission = Permission.objects.get(content_type=content_type, codename=perm) try: user = User.objects.get(username="******") except: user = User.objects.create_user("wechat_admin", "", "123456", is_staff=True) user.user_permissions.add(permission) user.save() # 增加一个示例handler MessageHandler.objects.create_handler( app=app, name="debug custom reply", flags=MsgLogFlag.LOG_MESSAGE, rules=[Rule(type=Rule.Type.CONTAIN, pattern="ab")], replies=[ Reply(type=Reply.MsgType.CUSTOM, program="wechat.views.custom_business"), Reply(type=Reply.MsgType.TEXT, content="hello!") ])
def handle(self, *args, **options): if options['apps']: app_names = options['apps'].split(',') apps = [django_apps.get_app_config(x) for x in app_names] else: apps = django_apps.get_app_configs() if options['create_only']: do_create, do_update = True, False elif options['update_only']: do_create, do_update = False, True else: do_create, do_update = True, True for app in apps: if DJANGO_VERSION < (2, 2): # see https://github.com/django/django/commit/bec651a427fc032d9115d30c8c5d0e702d754f6c # Ensure that contenttypes are created for this app. Needed if # 'django.contrib.auth' is in INSTALLED_APPS before # 'django.contrib.contenttypes'. from django.contrib.contenttypes.management import create_contenttypes create_contenttypes(app, verbosity=options['verbosity']) if do_create: # create permissions if they do not exist create_permissions(app, options['verbosity']) if do_update: # update permission name's if changed for model in app.get_models(): content_type = ContentType.objects.get_for_model(model) for codename, name in _get_all_permissions(model._meta): try: permission = Permission.objects.get( codename=codename, content_type=content_type) except Permission.DoesNotExist: continue if permission.name != name: old_str = str(permission) permission.name = name if options['verbosity'] >= 2: self.stdout.write( self.style.SUCCESS( "Update permission '%s' to '%s'" % (old_str, permission))) permission.save()
def migrate_up(manager): """ If the auth tables don't exist, we shouldn't try to set the permissions. See migration 059 """ if db_utils.auth_tables_exist(manager): management.setup_environ(settings) # These have to be imported after the environment is set up from django.contrib.contenttypes import management as content_management from django.contrib.auth import management as auth_management from django.db import models as db_models content_management.update_all_contenttypes() for app in db_models.get_apps(): auth_management.create_permissions(app, None, 2) manager.execute_script(migration_059.UP_SQL)
def add_groups(apps, schema_editor): app_config = apps.app_configs['loan_app'] app_config.models_module = True create_permissions(app_config, verbosity=1) permission_codename_list = set( reduce(lambda acc, el: acc + el, groups.values())) Group = apps.get_model('auth', 'Group') Permission = apps.get_model('auth', 'Permission') permissions_dict = { permission_codename: Permission.objects.get(codename=permission_codename) for permission_codename in permission_codename_list } for group_name, permission_codenames in groups.items(): group_object = Group.objects.create(name=group_name) for permission_codename in permission_codenames: permission = permissions_dict[permission_codename] group_object.permissions.add(permission)
def add_default_member_permission(apps, schema_editor): for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, apps=apps, verbosity=0) app_config.models_module = None Group = apps.get_model("auth", "Group") Permission = apps.get_model("auth", "Permission") try: perm = Permission.objects.get(codename='request_groups', name='Can request non-public groups') group = Group.objects.get( name=getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')) group.permissions.add(perm) except ObjectDoesNotExist: logger.warning( 'Failed to add default request_groups permission to Member group')
def permissions(apps, schema_editor): try: # Django <= 1.10 from django.contrib.contenttypes.management import update_contenttypes except ImportError: # Django 1.11 and over from django.contrib.contenttypes.management import \ create_contenttypes as update_contenttypes from django.apps import apps as configured_apps for app in configured_apps.get_app_configs(): update_contenttypes(app, interactive=True, verbosity=0) from django.contrib.auth.management import create_permissions for app in configured_apps.get_app_configs(): create_permissions(app, verbosity=0) create_perms(apps)
def update_group_permissions(label, group_perms, apps): for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, apps=apps, verbosity=0) app_config.models_module = None for group_name, permissions in list(group_perms.items()): group, _ = Group.objects.get_or_create(name=group_name) for perm_codename in permissions['perms']: try: permissions = Permission.objects.filter(codename=perm_codename) permissions = permissions.filter(content_type__app_label=label) group.permissions.add(permissions.get()) except Permission.DoesNotExist as err: logging.debug(err) raise Exception('Could not add permission: {}: {}'.format( perm_codename, err)) group.save()
def insert_permissions_to_employees_group(apps, schema_editor): for app_config in apps.get_app_configs(): app_config.models_module = True create_permissions(app_config, verbosity=0) app_config.models_module = None Customer = apps.get_model('users', 'Customer') Group = apps.get_model('auth', 'Group') Permission = apps.get_model('auth', 'Permission') ContentType = apps.get_model("contenttypes", "ContentType") customer_content_type = ContentType.objects.get_for_model(Customer) employees_group, _ = Group.objects.get_or_create(name='Employees') permission_can_view = Permission.objects.get( name='Can view customers', codename='can_view', content_type=customer_content_type) employees_group.permissions.add(permission_can_view)