diff --git a/src/documents/migrations/1040_customfield_customfieldinstance_and_more.py b/src/documents/migrations/1040_customfield_customfieldinstance_and_more.py index eb644b50f..ecd715a57 100644 --- a/src/documents/migrations/1040_customfield_customfieldinstance_and_more.py +++ b/src/documents/migrations/1040_customfield_customfieldinstance_and_more.py @@ -2,8 +2,44 @@ import django.db.models.deletion import django.utils.timezone +from django.contrib.auth.management import create_permissions +from django.contrib.auth.models import Group +from django.contrib.auth.models import Permission +from django.contrib.auth.models import User from django.db import migrations from django.db import models +from django.db.models import Q + + +def add_customfield_permissions(apps, schema_editor): + # create permissions without waiting for post_migrate signal + for app_config in apps.get_app_configs(): + app_config.models_module = True + create_permissions(app_config, apps=apps, verbosity=0) + app_config.models_module = None + + add_permission = Permission.objects.get(codename="add_document") + customfield_permissions = Permission.objects.filter( + codename__contains="customfield", + ) + + for user in User.objects.filter(Q(user_permissions=add_permission)).distinct(): + user.user_permissions.add(*customfield_permissions) + + for group in Group.objects.filter(Q(permissions=add_permission)).distinct(): + group.permissions.add(*customfield_permissions) + + +def remove_customfield_permissions(apps, schema_editor): + customfield_permissions = Permission.objects.filter( + codename__contains="customfield", + ) + + for user in User.objects.all(): + user.user_permissions.remove(*customfield_permissions) + + for group in Group.objects.all(): + group.permissions.remove(*customfield_permissions) class Migration(migrations.Migration): @@ -128,4 +164,8 @@ class Migration(migrations.Migration): name="documents_customfieldinstance_unique_document_field", ), ), + migrations.RunPython( + add_customfield_permissions, + remove_customfield_permissions, + ), ] diff --git a/src/documents/tests/test_migration_customfields.py b/src/documents/tests/test_migration_customfields.py new file mode 100644 index 000000000..79308bceb --- /dev/null +++ b/src/documents/tests/test_migration_customfields.py @@ -0,0 +1,43 @@ +from django.contrib.auth import get_user_model + +from documents.tests.utils import TestMigrations + + +class TestMigrateCustomFields(TestMigrations): + migrate_from = "1039_consumptiontemplate" + migrate_to = "1040_customfield_customfieldinstance_and_more" + + def setUpBeforeMigration(self, apps): + User = get_user_model() + Group = apps.get_model("auth.Group") + self.Permission = apps.get_model("auth", "Permission") + self.user = User.objects.create(username="user1") + self.group = Group.objects.create(name="group1") + permission = self.Permission.objects.get(codename="add_document") + self.user.user_permissions.add(permission.id) + self.group.permissions.add(permission.id) + + def test_users_with_add_documents_get_add_customfields(self): + permission = self.Permission.objects.get(codename="add_customfield") + self.assertTrue(self.user.has_perm(f"documents.{permission.codename}")) + self.assertTrue(permission in self.group.permissions.all()) + + +class TestReverseMigrateCustomFields(TestMigrations): + migrate_from = "1040_customfield_customfieldinstance_and_more" + migrate_to = "1039_consumptiontemplate" + + def setUpBeforeMigration(self, apps): + User = get_user_model() + Group = apps.get_model("auth.Group") + self.Permission = apps.get_model("auth", "Permission") + self.user = User.objects.create(username="user1") + self.group = Group.objects.create(name="group1") + permission = self.Permission.objects.get(codename="add_customfield") + self.user.user_permissions.add(permission.id) + self.group.permissions.add(permission.id) + + def test_remove_consumptiontemplate_permissions(self): + permission = self.Permission.objects.get(codename="add_customfield") + self.assertFalse(self.user.has_perm(f"documents.{permission.codename}")) + self.assertFalse(permission in self.group.permissions.all())