Verified Commit 34ec869c authored by Eliot Berriot's avatar Eliot Berriot
Browse files

Removed obsolete permissions, added a new moderation permission

parent af53ee7c
...@@ -10,7 +10,6 @@ from funkwhale_api.users import models ...@@ -10,7 +10,6 @@ from funkwhale_api.users import models
mapping = { mapping = {
"dynamic_preferences.change_globalpreferencemodel": "settings", "dynamic_preferences.change_globalpreferencemodel": "settings",
"music.add_importbatch": "library", "music.add_importbatch": "library",
"federation.change_library": "federation",
} }
......
...@@ -31,10 +31,9 @@ class ManageUserFilterSet(filters.FilterSet): ...@@ -31,10 +31,9 @@ class ManageUserFilterSet(filters.FilterSet):
"privacy_level", "privacy_level",
"is_staff", "is_staff",
"is_superuser", "is_superuser",
"permission_upload",
"permission_library", "permission_library",
"permission_settings", "permission_settings",
"permission_federation", "permission_moderation",
] ]
......
...@@ -51,7 +51,7 @@ class UserAdmin(AuthUserAdmin): ...@@ -51,7 +51,7 @@ class UserAdmin(AuthUserAdmin):
"privacy_level", "privacy_level",
"permission_settings", "permission_settings",
"permission_library", "permission_library",
"permission_federation", "permission_moderation",
] ]
fieldsets = ( fieldsets = (
...@@ -67,10 +67,9 @@ class UserAdmin(AuthUserAdmin): ...@@ -67,10 +67,9 @@ class UserAdmin(AuthUserAdmin):
"is_active", "is_active",
"is_staff", "is_staff",
"is_superuser", "is_superuser",
"permission_upload",
"permission_library", "permission_library",
"permission_settings", "permission_settings",
"permission_federation", "permission_moderation",
) )
}, },
), ),
......
# Generated by Django 2.0.9 on 2018-12-06 10:08
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('users', '0012_user_upload_quota'),
]
operations = [
migrations.RemoveField(
model_name='user',
name='permission_federation',
),
migrations.RemoveField(
model_name='user',
name='permission_upload',
),
migrations.AddField(
model_name='user',
name='permission_moderation',
field=models.BooleanField(default=False, help_text='Block/mute/remove domains, users and content', verbose_name='Moderation'),
),
]
...@@ -34,16 +34,15 @@ def get_token(): ...@@ -34,16 +34,15 @@ def get_token():
PERMISSIONS_CONFIGURATION = { PERMISSIONS_CONFIGURATION = {
"federation": { "moderation": {
"label": "Manage library federation", "label": "Moderation",
"help_text": "Follow other instances, accept/deny library follow requests...", "help_text": "Block/mute/remove domains, users and content",
}, },
"library": { "library": {
"label": "Manage library", "label": "Manage library",
"help_text": "Manage library, delete files, tracks, artists, albums...", "help_text": "Manage library, delete files, tracks, artists, albums...",
}, },
"settings": {"label": "Manage instance-level settings", "help_text": ""}, "settings": {"label": "Manage instance-level settings", "help_text": ""},
"upload": {"label": "Upload new content to the library", "help_text": ""},
} }
PERMISSIONS = sorted(PERMISSIONS_CONFIGURATION.keys()) PERMISSIONS = sorted(PERMISSIONS_CONFIGURATION.keys())
...@@ -71,9 +70,9 @@ class User(AbstractUser): ...@@ -71,9 +70,9 @@ class User(AbstractUser):
subsonic_api_token = models.CharField(blank=True, null=True, max_length=255) subsonic_api_token = models.CharField(blank=True, null=True, max_length=255)
# permissions # permissions
permission_federation = models.BooleanField( permission_moderation = models.BooleanField(
PERMISSIONS_CONFIGURATION["federation"]["label"], PERMISSIONS_CONFIGURATION["moderation"]["label"],
help_text=PERMISSIONS_CONFIGURATION["federation"]["help_text"], help_text=PERMISSIONS_CONFIGURATION["moderation"]["help_text"],
default=False, default=False,
) )
permission_library = models.BooleanField( permission_library = models.BooleanField(
...@@ -86,11 +85,6 @@ class User(AbstractUser): ...@@ -86,11 +85,6 @@ class User(AbstractUser):
help_text=PERMISSIONS_CONFIGURATION["settings"]["help_text"], help_text=PERMISSIONS_CONFIGURATION["settings"]["help_text"],
default=False, default=False,
) )
permission_upload = models.BooleanField(
PERMISSIONS_CONFIGURATION["upload"]["label"],
help_text=PERMISSIONS_CONFIGURATION["upload"]["help_text"],
default=False,
)
last_activity = models.DateTimeField(default=None, null=True, blank=True) last_activity = models.DateTimeField(default=None, null=True, blank=True)
......
...@@ -22,30 +22,6 @@ def test_script_command_list(command, script_name, mocker): ...@@ -22,30 +22,6 @@ def test_script_command_list(command, script_name, mocker):
mocked.assert_called_once_with(command, script_name=script_name, interactive=False) mocked.assert_called_once_with(command, script_name=script_name, interactive=False)
def test_django_permissions_to_user_permissions(factories, command):
group = factories["auth.Group"](perms=["federation.change_library"])
user1 = factories["users.User"](
perms=[
"dynamic_preferences.change_globalpreferencemodel",
"music.add_importbatch",
]
)
user2 = factories["users.User"](perms=["music.add_importbatch"], groups=[group])
scripts.django_permissions_to_user_permissions.main(command)
user1.refresh_from_db()
user2.refresh_from_db()
assert user1.permission_settings is True
assert user1.permission_library is True
assert user1.permission_federation is False
assert user2.permission_settings is False
assert user2.permission_library is True
assert user2.permission_federation is True
@pytest.mark.parametrize( @pytest.mark.parametrize(
"open_api,expected_visibility", [(True, "everyone"), (False, "instance")] "open_api,expected_visibility", [(True, "everyone"), (False, "instance")]
) )
......
...@@ -13,8 +13,7 @@ def test_manage_upload_action_delete(factories): ...@@ -13,8 +13,7 @@ def test_manage_upload_action_delete(factories):
def test_user_update_permission(factories): def test_user_update_permission(factories):
user = factories["users.User"]( user = factories["users.User"](
permission_library=False, permission_library=False,
permission_upload=False, permission_moderation=False,
permission_federation=True,
permission_settings=True, permission_settings=True,
is_active=True, is_active=True,
) )
...@@ -32,7 +31,6 @@ def test_user_update_permission(factories): ...@@ -32,7 +31,6 @@ def test_user_update_permission(factories):
assert user.is_active is False assert user.is_active is False
assert user.upload_quota == 12 assert user.upload_quota == 12
assert user.permission_federation is False assert user.permission_moderation is True
assert user.permission_upload is True
assert user.permission_library is False assert user.permission_library is False
assert user.permission_settings is True assert user.permission_settings is True
...@@ -46,23 +46,22 @@ def test_get_permissions_regular(factories): ...@@ -46,23 +46,22 @@ def test_get_permissions_regular(factories):
def test_get_permissions_default(factories, preferences): def test_get_permissions_default(factories, preferences):
preferences["users__default_permissions"] = ["upload", "federation"] preferences["users__default_permissions"] = ["library", "moderation"]
user = factories["users.User"]() user = factories["users.User"]()
perms = user.get_permissions() perms = user.get_permissions()
assert perms["upload"] is True assert perms["moderation"] is True
assert perms["federation"] is True assert perms["library"] is True
assert perms["library"] is False
assert perms["settings"] is False assert perms["settings"] is False
@pytest.mark.parametrize( @pytest.mark.parametrize(
"args,perms,expected", "args,perms,expected",
[ [
({"is_superuser": True}, ["federation", "library"], True), ({"is_superuser": True}, ["moderation", "library"], True),
({"is_superuser": False}, ["federation"], False), ({"is_superuser": False}, ["moderation"], False),
({"permission_library": True}, ["library"], True), ({"permission_library": True}, ["library"], True),
({"permission_library": True}, ["library", "federation"], False), ({"permission_library": True}, ["library", "moderation"], False),
], ],
) )
def test_has_permissions_and(args, perms, expected, factories): def test_has_permissions_and(args, perms, expected, factories):
...@@ -73,10 +72,10 @@ def test_has_permissions_and(args, perms, expected, factories): ...@@ -73,10 +72,10 @@ def test_has_permissions_and(args, perms, expected, factories):
@pytest.mark.parametrize( @pytest.mark.parametrize(
"args,perms,expected", "args,perms,expected",
[ [
({"is_superuser": True}, ["federation", "library"], True), ({"is_superuser": True}, ["moderation", "library"], True),
({"is_superuser": False}, ["federation"], False), ({"is_superuser": False}, ["moderation"], False),
({"permission_library": True}, ["library", "federation"], True), ({"permission_library": True}, ["library", "moderation"], True),
({"permission_library": True}, ["federation"], False), ({"permission_library": True}, ["moderation"], False),
], ],
) )
def test_has_permissions_or(args, perms, expected, factories): def test_has_permissions_or(args, perms, expected, factories):
......
...@@ -21,21 +21,21 @@ def test_has_user_permission_anonymous(anonymous_user, api_request): ...@@ -21,21 +21,21 @@ def test_has_user_permission_anonymous(anonymous_user, api_request):
@pytest.mark.parametrize("value", [True, False]) @pytest.mark.parametrize("value", [True, False])
def test_has_user_permission_logged_in_single(value, factories, api_request): def test_has_user_permission_logged_in_single(value, factories, api_request):
user = factories["users.User"](permission_federation=value) user = factories["users.User"](permission_moderation=value)
class View(APIView): class View(APIView):
required_permissions = ["federation"] required_permissions = ["moderation"]
view = View() view = View()
permission = permissions.HasUserPermission() permission = permissions.HasUserPermission()
request = api_request.get("/") request = api_request.get("/")
setattr(request, "user", user) setattr(request, "user", user)
result = permission.has_permission(request, view) result = permission.has_permission(request, view)
assert result == user.has_permissions("federation") == value assert result == user.has_permissions("moderation") == value
@pytest.mark.parametrize( @pytest.mark.parametrize(
"federation,library,expected", "moderation,library,expected",
[ [
(True, False, False), (True, False, False),
(False, True, False), (False, True, False),
...@@ -44,14 +44,14 @@ def test_has_user_permission_logged_in_single(value, factories, api_request): ...@@ -44,14 +44,14 @@ def test_has_user_permission_logged_in_single(value, factories, api_request):
], ],
) )
def test_has_user_permission_logged_in_multiple_and( def test_has_user_permission_logged_in_multiple_and(
federation, library, expected, factories, api_request moderation, library, expected, factories, api_request
): ):
user = factories["users.User"]( user = factories["users.User"](
permission_federation=federation, permission_library=library permission_moderation=moderation, permission_library=library
) )
class View(APIView): class View(APIView):
required_permissions = ["federation", "library"] required_permissions = ["moderation", "library"]
permission_operator = "and" permission_operator = "and"
view = View() view = View()
...@@ -59,11 +59,11 @@ def test_has_user_permission_logged_in_multiple_and( ...@@ -59,11 +59,11 @@ def test_has_user_permission_logged_in_multiple_and(
request = api_request.get("/") request = api_request.get("/")
setattr(request, "user", user) setattr(request, "user", user)
result = permission.has_permission(request, view) result = permission.has_permission(request, view)
assert result == user.has_permissions("federation", "library") == expected assert result == user.has_permissions("moderation", "library") == expected
@pytest.mark.parametrize( @pytest.mark.parametrize(
"federation,library,expected", "moderation,library,expected",
[ [
(True, False, True), (True, False, True),
(False, True, True), (False, True, True),
...@@ -72,14 +72,14 @@ def test_has_user_permission_logged_in_multiple_and( ...@@ -72,14 +72,14 @@ def test_has_user_permission_logged_in_multiple_and(
], ],
) )
def test_has_user_permission_logged_in_multiple_or( def test_has_user_permission_logged_in_multiple_or(
federation, library, expected, factories, api_request moderation, library, expected, factories, api_request
): ):
user = factories["users.User"]( user = factories["users.User"](
permission_federation=federation, permission_library=library permission_moderation=moderation, permission_library=library
) )
class View(APIView): class View(APIView):
required_permissions = ["federation", "library"] required_permissions = ["moderation", "library"]
permission_operator = "or" permission_operator = "or"
view = View() view = View()
...@@ -87,6 +87,6 @@ def test_has_user_permission_logged_in_multiple_or( ...@@ -87,6 +87,6 @@ def test_has_user_permission_logged_in_multiple_or(
request = api_request.get("/") request = api_request.get("/")
setattr(request, "user", user) setattr(request, "user", user)
result = permission.has_permission(request, view) result = permission.has_permission(request, view)
has_permission_result = user.has_permissions("federation", "library", operator="or") has_permission_result = user.has_permissions("moderation", "library", operator="or")
assert result == has_permission_result == expected assert result == has_permission_result == expected
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment