FossilRepo

fossilrepo / organization / management / commands / seed_roles.py
Source Blame History 98 lines
c588255… ragelink 1 from django.contrib.auth.models import Permission
c588255… ragelink 2 from django.core.management.base import BaseCommand
c588255… ragelink 3
c588255… ragelink 4 from organization.models import OrgRole
c588255… ragelink 5
c588255… ragelink 6 ROLE_DEFINITIONS = {
c588255… ragelink 7 "Admin": {
c588255… ragelink 8 "description": "Full access to all features",
c588255… ragelink 9 "is_default": False,
c588255… ragelink 10 "permissions": "__all__",
c588255… ragelink 11 },
c588255… ragelink 12 "Manager": {
c588255… ragelink 13 "description": "Manage projects, teams, and members",
c588255… ragelink 14 "is_default": False,
c588255… ragelink 15 "permissions": [
c588255… ragelink 16 "view_project",
c588255… ragelink 17 "add_project",
c588255… ragelink 18 "change_project",
c588255… ragelink 19 "delete_project",
c588255… ragelink 20 "view_projectteam",
c588255… ragelink 21 "add_projectteam",
c588255… ragelink 22 "change_projectteam",
c588255… ragelink 23 "delete_projectteam",
c588255… ragelink 24 "view_team",
c588255… ragelink 25 "add_team",
c588255… ragelink 26 "change_team",
c588255… ragelink 27 "delete_team",
c588255… ragelink 28 "view_organizationmember",
c588255… ragelink 29 "add_organizationmember",
c588255… ragelink 30 "change_organizationmember",
c588255… ragelink 31 "view_organization",
c588255… ragelink 32 "change_organization",
c588255… ragelink 33 "view_page",
c588255… ragelink 34 "add_page",
c588255… ragelink 35 "change_page",
c588255… ragelink 36 "delete_page",
c588255… ragelink 37 "view_fossilrepository",
c588255… ragelink 38 ],
c588255… ragelink 39 },
c588255… ragelink 40 "Developer": {
c588255… ragelink 41 "description": "Contribute code, create tickets and wiki pages",
c588255… ragelink 42 "is_default": False,
c588255… ragelink 43 "permissions": [
c588255… ragelink 44 "view_project",
c588255… ragelink 45 "add_project",
c588255… ragelink 46 "view_team",
c588255… ragelink 47 "view_organizationmember",
c588255… ragelink 48 "view_organization",
c588255… ragelink 49 "view_fossilrepository",
c588255… ragelink 50 "view_page",
c588255… ragelink 51 "add_page",
c588255… ragelink 52 ],
c588255… ragelink 53 },
c588255… ragelink 54 "Viewer": {
c588255… ragelink 55 "description": "Read-only access to all content",
c588255… ragelink 56 "is_default": True,
c588255… ragelink 57 "permissions": [
c588255… ragelink 58 "view_project",
c588255… ragelink 59 "view_projectteam",
c588255… ragelink 60 "view_team",
c588255… ragelink 61 "view_organizationmember",
c588255… ragelink 62 "view_organization",
c588255… ragelink 63 "view_fossilrepository",
c588255… ragelink 64 "view_page",
c588255… ragelink 65 ],
c588255… ragelink 66 },
c588255… ragelink 67 }
c588255… ragelink 68
c588255… ragelink 69
c588255… ragelink 70 class Command(BaseCommand):
c588255… ragelink 71 help = "Create default organization roles"
c588255… ragelink 72
c588255… ragelink 73 def handle(self, *args, **options):
c588255… ragelink 74 for name, config in ROLE_DEFINITIONS.items():
c588255… ragelink 75 role, created = OrgRole.objects.get_or_create(
c588255… ragelink 76 slug=name.lower(),
c588255… ragelink 77 defaults={
c588255… ragelink 78 "name": name,
c588255… ragelink 79 "description": config["description"],
c588255… ragelink 80 "is_default": config["is_default"],
c588255… ragelink 81 },
c588255… ragelink 82 )
c588255… ragelink 83
c588255… ragelink 84 if not created:
c588255… ragelink 85 role.description = config["description"]
c588255… ragelink 86 role.is_default = config["is_default"]
c588255… ragelink 87 role.save()
c588255… ragelink 88
c588255… ragelink 89 if config["permissions"] == "__all__":
c588255… ragelink 90 perms = Permission.objects.filter(content_type__app_label__in=["organization", "projects", "pages", "fossil"])
c588255… ragelink 91 else:
c588255… ragelink 92 perms = Permission.objects.filter(codename__in=config["permissions"])
c588255… ragelink 93
c588255… ragelink 94 role.permissions.set(perms)
c588255… ragelink 95 status = "created" if created else "updated"
c588255… ragelink 96 self.stdout.write(f" {status}: {name} ({role.permissions.count()} permissions)")
c588255… ragelink 97
c588255… ragelink 98 self.stdout.write(self.style.SUCCESS("Done."))

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button