Merge branch '344-reinvestigate-how-to-do-global-permissions' into 'master'

Resolve "Reinvestigate how to do global permissions"

Closes #344

See merge request AlekSIS/official/AlekSIS-Core!453

aleksis/core/checks.py

@@ -3,7 +3,7 @@ from typing import Optional
 import django.apps
 from django.core.checks import Tags, Warning, register
 
-from .mixins import ExtensibleModel, PureDjangoModel
+from .mixins import ExtensibleModel, GlobalPermissionModel, PureDjangoModel
 from .util.apps import AppConfig
 
 
@@ -39,7 +39,10 @@ def check_app_configs_base_class(
 def check_app_models_base_class(
     app_configs: Optional[django.apps.registry.Apps] = None, **kwargs
 ) -> list:
-    """Check whether all app models derive from AlekSIS's base ExtensibleModel."""
+    """Check whether all app models derive from AlekSIS's allowed base models.
+
+    Does only allow ExtensibleModel, GlobalPermissionModel and PureDjangoModel.
+    """
     results = []
 
     if app_configs is None:
@@ -47,14 +50,19 @@ def check_app_models_base_class(
 
     for app_config in filter(lambda c: c.name.startswith("aleksis."), app_configs):
         for model in app_config.get_models():
-            if ExtensibleModel not in model.__mro__ and PureDjangoModel not in model.__mro__:
+            if not (
+                set(model.__mro__) & set((ExtensibleModel, PureDjangoModel, GlobalPermissionModel))
+            ):
                 results.append(
                     Warning(
-                        f"Model {model._meta.object_name} in app config {app_config.name} does"
-                        "not derive from aleksis.core.mixins.ExtensibleModel.",
+                        f"Model {model._meta.object_name} in app config {app_config.name} does "
+                        "not derive from aleksis.core.mixins.ExtensibleModel "
+                        "or aleksis.core.mixins.GlobalPermissionModel.",
                         hint=(
-                            "Ensure all models in AlekSIS use ExtensibleModel as base."
-                            "If your deviation is intentional, you can add the PureDjangoModel"
+                            "Ensure all models in AlekSIS use ExtensibleModel (or "
+                            "GlobalPermissionModel, if you want to define global permissions) "
+                            "as base. "
+                            "If your deviation is intentional, you can add the PureDjangoModel "
                             "mixin instead to silence this warning."
                         ),
                         obj=model,

aleksis/core/migrations/0001_initial.py

@@ -26,15 +26,12 @@ class Migration(migrations.Migration):
             name='GlobalPermissions',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('extended_data', django.contrib.postgres.fields.jsonb.JSONField(default=dict, editable=False)),
             ],
             options={
-                'permissions': (('view_system_status', 'Can view system status'), ('link_persons_accounts', 'Can link persons to accounts'), ('manage_data', 'Can manage data'), ('impersonate', 'Can impersonate'), ('search', 'Can use search'), ('change_site_preferences', 'Can change site preferences'), ('change_person_preferences', 'Can change person preferences'), ('change_group_preferences', 'Can change group preferences')),
+                'default_permissions': (),
+                'permissions': (('view_system_status', 'Can view system status'), ('link_persons_accounts', 'Can link persos to accounts'), ('manage_data', 'Can manage data'), ('impersonate', 'Can impersonate'), ('search', 'Can use search'), ('change_site_preferences', 'Can change site preferences'), ('change_person_preferences', 'Can change person preferences'), ('change_group_preferences', 'Can change group preferences')),
                 'managed': False,
             },
-            managers=[
-                ('objects', django.contrib.sites.managers.CurrentSiteManager()),
-            ],
         ),
         migrations.CreateModel(
             name='AdditionalField',

aleksis/core/mixins.py

@@ -354,6 +354,17 @@ class PureDjangoModel(object):
     pass
 
 
+class GlobalPermissionModel(models.Model):
+    """Base model for global permissions.
+
+    This base model ensures that global permissions are not managed."""
+
+    class Meta:
+        default_permissions = ()
+        abstract = True
+        managed = False
+
+
 class _ExtensibleFormMetaclass(ModelFormMetaclass):
     def __new__(cls, name, bases, dct):
         x = super().__new__(cls, name, bases, dct)

aleksis/core/models.py

@@ -34,7 +34,12 @@ from .managers import (
     GroupQuerySet,
     SchoolTermQuerySet,
 )
-from .mixins import ExtensibleModel, PureDjangoModel, SchoolTermRelatedExtensibleModel
+from .mixins import (
+    ExtensibleModel,
+    GlobalPermissionModel,
+    PureDjangoModel,
+    SchoolTermRelatedExtensibleModel,
+)
 from .tasks import send_notification
 from .util.core_helpers import get_site_preferences, now_tomorrow
 from .util.model_helpers import ICONS
@@ -830,11 +835,10 @@ class GroupType(ExtensibleModel):
         verbose_name_plural = _("Group types")
 
 
-class GlobalPermissions(ExtensibleModel):
+class GlobalPermissions(GlobalPermissionModel):
     """Container for global permissions."""
 
-    class Meta:
-        managed = False
+    class Meta(GlobalPermissionModel.Meta):
         permissions = (
             ("view_system_status", _("Can view system status")),
             ("link_persons_accounts", _("Can link persons to accounts")),