from django.core.management import call_command from django.core.management.base import BaseCommand from django.db.models import Q from wagtail.wagtailcore.models import ( GroupCollectionPermission, GroupPagePermission, Page, Site, ) from kfet.models import Group, Permission from ...utils import get_kfet_root_collection, get_kfet_root_page class Command(BaseCommand): help = "Importe des données pour Wagtail" def add_arguments(self, parser): parser.add_argument('--file', default='kfet_wagtail_17_05') def handle(self, *args, **options): self.stdout.write("Import des données wagtail") # Nettoyage des données initiales posées par Wagtail dans la migration # wagtailcore/0002 Group.objects.filter(name__in=('Moderators', 'Editors')).delete() try: homepage = Page.objects.get( title="Welcome to your new Wagtail site!" ) homepage.delete() Site.objects.filter(root_page=homepage).delete() except Page.DoesNotExist: pass # Import des données # Par défaut, il s'agit d'une copie du site K-Fêt (17-05) call_command('loaddata', options['file']) # Si les groupes K-Fêt existent, certaines permissions du CMS leur sont # données. try: group_chef = Group.objects.get(name='K-Fêt César') except Group.DoesNotExist: pass else: self.add_admin_access(group_chef) try: group_boy = Group.objects.get(name='K-Fêt Légionnaire') except Group.DoesNotExist: pass else: self.add_staff_access(group_boy) def add_admin_access(self, group): """ Add all cms-related permissions to `group`. Explicitly, permissions added are: - access admin of Wagtail, - all permissions for the kfet root page (by inheritance, this applies to all its descendants), - all permissions on the MemberTeam snippet, - add/change documents, - add/change images. To avoid bugs related to permissions not added by this method, it is guaranteed the group has more or the same permissions than at the beginning. """ group.permissions.add( Permission.objects.get( content_type__app_label='wagtailadmin', codename='access_admin', ), # Snippets permissions *Permission.kfetcms.all(), ) # Page permissions: set all for the kfet root page. root_page = get_kfet_root_page() p_types = ('add', 'edit', 'publish', 'bulk_delete', 'lock') GroupPagePermission.objects.filter( group=group, page=root_page, permission_type__in=p_types, ).delete() GroupPagePermission.objects.bulk_create([ GroupPagePermission( group=group, page=root_page, permission_type=p_type, ) for p_type in p_types ]) # Collection-based permissions: set all for the kfet root collection # for each known collection-based model (docs, images). root_collection = get_kfet_root_collection() collection_perms = Permission.objects.filter( Q( content_type__app_label='wagtaildocs', codename__in=['add_document', 'change_document'], ) | Q( content_type__app_label='wagtailimages', codename__in=['add_image', 'change_image'], ) ) GroupCollectionPermission.objects.filter( group=group, collection=root_collection, permission__in=collection_perms, ).delete() GroupCollectionPermission.objects.bulk_create([ GroupCollectionPermission( group=group, collection=root_collection, permission=perm, ) for perm in collection_perms ]) def add_staff_access(self, group): """ Add a subset of cms-related permissions to `group`. Permissions added are: - access admin of Wagtail, - add/edit permissions for the kfet root page (by inheritance, this applies to all its descendants), - all permissions on the MemberTeam snippet, - add/change own documents, - add/change own images. Because 'publish' page permission type is not given, group members can only create or change pages as drafts. To avoid bugs related to permissions not added by this method, it is guaranteed the group has more or the same permissions than at the beginning. """ group.permissions.add( Permission.objects.get( content_type__app_label='wagtailadmin', codename='access_admin', ), *Permission.kfetcms.filter(codename__in=[ 'add_memberteam', ]), ) # Give 'safe' operations permissions for the kfet root page. root_page = get_kfet_root_page() p_types = ('add', 'edit') GroupPagePermission.objects.filter( group=group, page=root_page, permission_type__in=p_types, ).delete() GroupPagePermission.objects.bulk_create([ GroupPagePermission( group=group, page=root_page, permission_type=p_type, ) for p_type in p_types ]) # Give 'safe' operations permissions for the collection-based models. root_collection = get_kfet_root_collection() collection_perms = Permission.objects.filter( Q( content_type__app_label='wagtaildocs', codename__in=['add_document'], ) | Q( content_type__app_label='wagtailimages', codename__in=['add_image'], ) ) GroupCollectionPermission.objects.filter( group=group, collection=root_collection, permission__in=collection_perms, ).delete() GroupCollectionPermission.objects.bulk_create([ GroupCollectionPermission( group=group, collection=root_collection, permission=perm, ) for perm in collection_perms ])