|
1
|
from django.contrib.auth.models import Permission |
|
2
|
from django.core.management.base import BaseCommand |
|
3
|
|
|
4
|
from organization.models import OrgRole |
|
5
|
|
|
6
|
ROLE_DEFINITIONS = { |
|
7
|
"Admin": { |
|
8
|
"description": "Full access to all features", |
|
9
|
"is_default": False, |
|
10
|
"permissions": "__all__", |
|
11
|
}, |
|
12
|
"Manager": { |
|
13
|
"description": "Manage projects, teams, and members", |
|
14
|
"is_default": False, |
|
15
|
"permissions": [ |
|
16
|
"view_project", |
|
17
|
"add_project", |
|
18
|
"change_project", |
|
19
|
"delete_project", |
|
20
|
"view_projectteam", |
|
21
|
"add_projectteam", |
|
22
|
"change_projectteam", |
|
23
|
"delete_projectteam", |
|
24
|
"view_team", |
|
25
|
"add_team", |
|
26
|
"change_team", |
|
27
|
"delete_team", |
|
28
|
"view_organizationmember", |
|
29
|
"add_organizationmember", |
|
30
|
"change_organizationmember", |
|
31
|
"view_organization", |
|
32
|
"change_organization", |
|
33
|
"view_page", |
|
34
|
"add_page", |
|
35
|
"change_page", |
|
36
|
"delete_page", |
|
37
|
"view_fossilrepository", |
|
38
|
], |
|
39
|
}, |
|
40
|
"Developer": { |
|
41
|
"description": "Contribute code, create tickets and wiki pages", |
|
42
|
"is_default": False, |
|
43
|
"permissions": [ |
|
44
|
"view_project", |
|
45
|
"add_project", |
|
46
|
"view_team", |
|
47
|
"view_organizationmember", |
|
48
|
"view_organization", |
|
49
|
"view_fossilrepository", |
|
50
|
"view_page", |
|
51
|
"add_page", |
|
52
|
], |
|
53
|
}, |
|
54
|
"Viewer": { |
|
55
|
"description": "Read-only access to all content", |
|
56
|
"is_default": True, |
|
57
|
"permissions": [ |
|
58
|
"view_project", |
|
59
|
"view_projectteam", |
|
60
|
"view_team", |
|
61
|
"view_organizationmember", |
|
62
|
"view_organization", |
|
63
|
"view_fossilrepository", |
|
64
|
"view_page", |
|
65
|
], |
|
66
|
}, |
|
67
|
} |
|
68
|
|
|
69
|
|
|
70
|
class Command(BaseCommand): |
|
71
|
help = "Create default organization roles" |
|
72
|
|
|
73
|
def handle(self, *args, **options): |
|
74
|
for name, config in ROLE_DEFINITIONS.items(): |
|
75
|
role, created = OrgRole.objects.get_or_create( |
|
76
|
slug=name.lower(), |
|
77
|
defaults={ |
|
78
|
"name": name, |
|
79
|
"description": config["description"], |
|
80
|
"is_default": config["is_default"], |
|
81
|
}, |
|
82
|
) |
|
83
|
|
|
84
|
if not created: |
|
85
|
role.description = config["description"] |
|
86
|
role.is_default = config["is_default"] |
|
87
|
role.save() |
|
88
|
|
|
89
|
if config["permissions"] == "__all__": |
|
90
|
perms = Permission.objects.filter(content_type__app_label__in=["organization", "projects", "pages", "fossil"]) |
|
91
|
else: |
|
92
|
perms = Permission.objects.filter(codename__in=config["permissions"]) |
|
93
|
|
|
94
|
role.permissions.set(perms) |
|
95
|
status = "created" if created else "updated" |
|
96
|
self.stdout.write(f" {status}: {name} ({role.permissions.count()} permissions)") |
|
97
|
|
|
98
|
self.stdout.write(self.style.SUCCESS("Done.")) |
|
99
|
|