kpsul/kfet/cms/management/commands/kfet_loadwagtail.py

from django.core.management import call_command
from django.core.management.base import BaseCommand
from django.db.models import Q

from wagtail.wagtailcore.models import (
    GroupCollectionPermission, GroupPagePermission, Page, Site,
)

from kfet.models import Group, Permission

from ...utils import get_kfet_root_collection, get_kfet_root_page


class Command(BaseCommand):
    help = "Importe des données pour Wagtail"

    def add_arguments(self, parser):
        parser.add_argument('--file', default='kfet_wagtail_17_05')

    def handle(self, *args, **options):

        self.stdout.write("Import des données wagtail")

        # Nettoyage des données initiales posées par Wagtail dans la migration
        # wagtailcore/0002

        Group.objects.filter(name__in=('Moderators', 'Editors')).delete()

        try:
            homepage = Page.objects.get(
                title="Welcome to your new Wagtail site!"
            )
            homepage.delete()
            Site.objects.filter(root_page=homepage).delete()
        except Page.DoesNotExist:
            pass

        # Import des données
        # Par défaut, il s'agit d'une copie du site K-Fêt (17-05)

        call_command('loaddata', options['file'])

        # Si les groupes K-Fêt existent, certaines permissions du CMS leur sont
        # données.

        try:
            group_chef = Group.objects.get(name='K-Fêt César')
        except Group.DoesNotExist:
            pass
        else:
            self.add_admin_access(group_chef)

        try:
            group_boy = Group.objects.get(name='K-Fêt Légionnaire')
        except Group.DoesNotExist:
            pass
        else:
            self.add_staff_access(group_boy)

    def add_admin_access(self, group):
        """
        Add all cms-related permissions to `group`.

        Explicitly, permissions added are:
        - access admin of Wagtail,
        - all permissions for the kfet root page (by inheritance, this applies
            to all its descendants),
        - all permissions on the MemberTeam snippet,
        - add/change documents,
        - add/change images.

        To avoid bugs related to permissions not added by this method, it is
        guaranteed the group has more or the same permissions than at the
        beginning.
        """
        group.permissions.add(
            Permission.objects.get(
                content_type__app_label='wagtailadmin',
                codename='access_admin',
            ),
            # Snippets permissions
            *Permission.kfetcms.all(),
        )

        # Page permissions: set all for the kfet root page.

        root_page = get_kfet_root_page()

        p_types = ('add', 'edit', 'publish', 'bulk_delete', 'lock')

        GroupPagePermission.objects.filter(
            group=group, page=root_page,
            permission_type__in=p_types,
        ).delete()

        GroupPagePermission.objects.bulk_create([
            GroupPagePermission(
                group=group, page=root_page,
                permission_type=p_type,
            )
            for p_type in p_types
        ])

        # Collection-based permissions: set all for the kfet root collection
        # for each known collection-based model (docs, images).

        root_collection = get_kfet_root_collection()

        collection_perms = Permission.objects.filter(
            Q(
                content_type__app_label='wagtaildocs',
                codename__in=['add_document', 'change_document'],
            ) |
            Q(
                content_type__app_label='wagtailimages',
                codename__in=['add_image', 'change_image'],
            )
        )

        GroupCollectionPermission.objects.filter(
            group=group, collection=root_collection,
            permission__in=collection_perms,
        ).delete()

        GroupCollectionPermission.objects.bulk_create([
            GroupCollectionPermission(
                group=group, collection=root_collection,
                permission=perm,
            )
            for perm in collection_perms
        ])

    def add_staff_access(self, group):
        """
        Add a subset of cms-related permissions to `group`.

        Permissions added are:
        - access admin of Wagtail,
        - add/edit permissions for the kfet root page (by inheritance, this
            applies to all its descendants),
        - all permissions on the MemberTeam snippet,
        - add/change own documents,
        - add/change own images.

        Because 'publish' page permission type is not given, group members can
        only create or change pages as drafts.

        To avoid bugs related to permissions not added by this method, it is
        guaranteed the group has more or the same permissions than at the
        beginning.
        """
        group.permissions.add(
            Permission.objects.get(
                content_type__app_label='wagtailadmin',
                codename='access_admin',
            ),
            *Permission.kfetcms.filter(codename__in=[
                'add_memberteam',
            ]),
        )

        # Give 'safe' operations permissions for the kfet root page.

        root_page = get_kfet_root_page()

        p_types = ('add', 'edit')

        GroupPagePermission.objects.filter(
            group=group, page=root_page,
            permission_type__in=p_types,
        ).delete()

        GroupPagePermission.objects.bulk_create([
            GroupPagePermission(
                group=group, page=root_page,
                permission_type=p_type,
            )
            for p_type in p_types
        ])

        # Give 'safe' operations permissions for the collection-based models.

        root_collection = get_kfet_root_collection()

        collection_perms = Permission.objects.filter(
            Q(
                content_type__app_label='wagtaildocs',
                codename__in=['add_document'],
            ) |
            Q(
                content_type__app_label='wagtailimages',
                codename__in=['add_image'],
            )
        )

        GroupCollectionPermission.objects.filter(
            group=group, collection=root_collection,
            permission__in=collection_perms,
        ).delete()

        GroupCollectionPermission.objects.bulk_create([
            GroupCollectionPermission(
                group=group, collection=root_collection,
                permission=perm,
            )
            for perm in collection_perms
        ])