Fix: add permissions for custom fields with migration (#4513)

src/documents/migrations/1040_customfield_customfieldinstance_and_more.py

@@ -2,8 +2,44 @@
 
 import django.db.models.deletion
 import django.utils.timezone
+from django.contrib.auth.management import create_permissions
+from django.contrib.auth.models import Group
+from django.contrib.auth.models import Permission
+from django.contrib.auth.models import User
 from django.db import migrations
 from django.db import models
+from django.db.models import Q
+
+
+def add_customfield_permissions(apps, schema_editor):
+    # create permissions without waiting for post_migrate signal
+    for app_config in apps.get_app_configs():
+        app_config.models_module = True
+        create_permissions(app_config, apps=apps, verbosity=0)
+        app_config.models_module = None
+
+    add_permission = Permission.objects.get(codename="add_document")
+    customfield_permissions = Permission.objects.filter(
+        codename__contains="customfield",
+    )
+
+    for user in User.objects.filter(Q(user_permissions=add_permission)).distinct():
+        user.user_permissions.add(*customfield_permissions)
+
+    for group in Group.objects.filter(Q(permissions=add_permission)).distinct():
+        group.permissions.add(*customfield_permissions)
+
+
+def remove_customfield_permissions(apps, schema_editor):
+    customfield_permissions = Permission.objects.filter(
+        codename__contains="customfield",
+    )
+
+    for user in User.objects.all():
+        user.user_permissions.remove(*customfield_permissions)
+
+    for group in Group.objects.all():
+        group.permissions.remove(*customfield_permissions)
 
 
 class Migration(migrations.Migration):
@@ -128,4 +164,8 @@ class Migration(migrations.Migration):
                 name="documents_customfieldinstance_unique_document_field",
             ),
         ),
+        migrations.RunPython(
+            add_customfield_permissions,
+            remove_customfield_permissions,
+        ),
     ]

src/documents/tests/test_migration_customfields.py

@@ -0,0 +1,43 @@
+from django.contrib.auth import get_user_model
+
+from documents.tests.utils import TestMigrations
+
+
+class TestMigrateCustomFields(TestMigrations):
+    migrate_from = "1039_consumptiontemplate"
+    migrate_to = "1040_customfield_customfieldinstance_and_more"
+
+    def setUpBeforeMigration(self, apps):
+        User = get_user_model()
+        Group = apps.get_model("auth.Group")
+        self.Permission = apps.get_model("auth", "Permission")
+        self.user = User.objects.create(username="user1")
+        self.group = Group.objects.create(name="group1")
+        permission = self.Permission.objects.get(codename="add_document")
+        self.user.user_permissions.add(permission.id)
+        self.group.permissions.add(permission.id)
+
+    def test_users_with_add_documents_get_add_customfields(self):
+        permission = self.Permission.objects.get(codename="add_customfield")
+        self.assertTrue(self.user.has_perm(f"documents.{permission.codename}"))
+        self.assertTrue(permission in self.group.permissions.all())
+
+
+class TestReverseMigrateCustomFields(TestMigrations):
+    migrate_from = "1040_customfield_customfieldinstance_and_more"
+    migrate_to = "1039_consumptiontemplate"
+
+    def setUpBeforeMigration(self, apps):
+        User = get_user_model()
+        Group = apps.get_model("auth.Group")
+        self.Permission = apps.get_model("auth", "Permission")
+        self.user = User.objects.create(username="user1")
+        self.group = Group.objects.create(name="group1")
+        permission = self.Permission.objects.get(codename="add_customfield")
+        self.user.user_permissions.add(permission.id)
+        self.group.permissions.add(permission.id)
+
+    def test_remove_consumptiontemplate_permissions(self):
+        permission = self.Permission.objects.get(codename="add_customfield")
+        self.assertFalse(self.user.has_perm(f"documents.{permission.codename}"))
+        self.assertFalse(permission in self.group.permissions.all())