Create new script ietf/bin/set_admin_permissions to configure Django Admin group permissions. Fixes ietf-tools#2008. Commit ready for merge.

rpcross · rpcross · commit 1876927cbc8d · 2017-06-09T21:01:56.000Z
- Legacy-Id: 13575
diff --git a/ietf/bin/set_admin_permissions b/ietf/bin/set_admin_permissions
@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# -*- Python -*-
+#
+'''
+This script configures Django Admin permissions
+'''
+
+# Set PYTHONPATH and load environment variables for standalone script -----------------
+import os, sys
+basedir = os.path.abspath(os.path.join(os.path.dirname(__file__), "../.."))
+sys.path = [ basedir ] + sys.path
+os.environ["DJANGO_SETTINGS_MODULE"] = "ietf.settings"
+
+virtualenv_activation = os.path.join(basedir, "env", "bin", "activate_this.py")
+if os.path.exists(virtualenv_activation):
+    execfile(virtualenv_activation, dict(__file__=virtualenv_activation))
+
+import django
+django.setup()
+# -------------------------------------------------------------------------------------
+
+from django.contrib.auth.models import Group as AuthGroup
+from django.contrib.auth.models import Permission
+from ietf.group.models import Group
+
+
+def permission_names_to_objects(names):
+    """
+    Given an iterable of permission names (e.g. 'app_label.add_model'),
+    return an iterable of Permission objects for them.  The permission
+    must already exist, because a permission name is not enough information
+    to create a new permission.
+    """
+    result = []
+    for name in names:
+        app_label, codename = name.split(".", 1)
+        try:
+            result.append(Permission.objects.get(content_type__app_label=app_label,
+                                                 codename=codename))
+        except Permission.DoesNotExist:
+            print "NO SUCH PERMISSION: %s, %s" % (app_label, codename)
+            raise
+
+    return result
+
+
+def main():
+    secretariat = Group.objects.get(acronym='secretariat')
+    users = [ r.person.user for r in secretariat.role_set.filter(name='secr') ]
+
+    # Set Auth Group members
+    auth_group, _ = AuthGroup.objects.get_or_create(name='secretariat') 
+    auth_group.user_set.set(users)
+
+    # Set Auth Group Admin Permissions
+    names = ['auth.add_user','auth.change_user','auth.delete_user',
+             'group.add_group','group.change_group','group.delete_group',
+             'group.add_role','group.change_role','group.delete_role',
+             'group.add_groupevent','group.change_groupevent','group.delete_groupevent',
+             'iesg.add_telechatagendaitem','iesg.change_telechatagendaitem','iesg.delete_telechatagendaitem',
+             'iesg.add_telechatdate','iesg.change_telechatdate','iesg.delete_telechatdate',
+             'mailinglists.add_list','mailinglists.change_list','mailinglists.delete_list',
+             'meeting.add_floorplan','meeting.change_floorplan','meeting.delete_floorplan',
+             'meeting.add_room','meeting.change_room','meeting.delete_room',
+             'meeting.add_urlresource','meeting.change_urlresource','meeting.delete_urlresource',
+             'person.add_person','person.change_person','person.delete_person',
+             'person.add_alias','person.change_alias','person.delete_alias',
+             'person.add_email','person.change_email','person.delete_email',
+             'submit.add_submission','submit.change_submission','submit.delete_submission',
+            ]
+
+    permissions = permission_names_to_objects(names)
+    auth_group.permissions.set(permissions)
+
+
+if __name__ == '__main__':
+    main()
