From 120c0617c0ae4c02655d6c976f6bb115c0ec8398 Mon Sep 17 00:00:00 2001
From: Tanner Prestegard <tanner.prestegard@ligo.org>
Date: Thu, 8 Aug 2019 12:33:31 -0500
Subject: [PATCH] ligoauth: create authgroup for grb managers

Users in this group have permission to "T90", or update certain
parameters of GrbEvents in GraceDB
---
 .../0050_create_grb_managers_authgroup.py     | 52 +++++++++++++++++++
 .../0051_populate_grb_managers_authgroup.py   | 37 +++++++++++++
 2 files changed, 89 insertions(+)
 create mode 100644 gracedb/ligoauth/migrations/0050_create_grb_managers_authgroup.py
 create mode 100644 gracedb/ligoauth/migrations/0051_populate_grb_managers_authgroup.py

diff --git a/gracedb/ligoauth/migrations/0050_create_grb_managers_authgroup.py b/gracedb/ligoauth/migrations/0050_create_grb_managers_authgroup.py
new file mode 100644
index 000000000..6d983147b
--- /dev/null
+++ b/gracedb/ligoauth/migrations/0050_create_grb_managers_authgroup.py
@@ -0,0 +1,52 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.23 on 2019-08-09 18:21
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+AUTHGROUP_INFO = {
+    'name': 'grb_managers',
+    'description': ('LIGO/Virgo members in the GRB subgroup who have '
+        'permission to update external GRB events in GraceDB'),
+}
+
+
+def create_authgroup(apps, schema_editor):
+    AuthGroup = apps.get_model('ligoauth', 'AuthGroup')
+    Permission = apps.get_model('auth', 'Permission')
+
+    # Create AuthGroup
+    ag = AuthGroup.objects.create(**AUTHGROUP_INFO)
+
+    # Get permissions for "T90"-ing a grbevent
+    perm = Permission.objects.get(
+        content_type__app_label='events',
+        codename='t90_grbevent'
+    )
+
+    # *IMPORTANT*: clear all current users who have this
+    # permission.  It should only be assigned to groups
+    # going forward.
+    perm.user_set.clear()
+
+    # Add this permission to the new AuthGroup
+    ag.permissions.add(perm)
+
+
+def delete_authgroup(apps, schema_editor):
+    AuthGroup = apps.get_model('ligoauth', 'AuthGroup')
+
+    # Delete AuthGroup
+    ag = AuthGroup.objects.get(name=AUTHGROUP_INFO['name'])
+    ag.delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('ligoauth', '0049_update_access_managers_membership'),
+    ]
+
+    operations = [
+        migrations.RunPython(create_authgroup, delete_authgroup),
+    ]
diff --git a/gracedb/ligoauth/migrations/0051_populate_grb_managers_authgroup.py b/gracedb/ligoauth/migrations/0051_populate_grb_managers_authgroup.py
new file mode 100644
index 000000000..c9fb800ed
--- /dev/null
+++ b/gracedb/ligoauth/migrations/0051_populate_grb_managers_authgroup.py
@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.20 on 2019-08-08 18:27
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+GROUP_NAME = 'grb_managers'
+USERS = [
+    'robert.coyne@LIGO.ORG',
+    'ryan.fisher@LIGO.ORG',
+    'francesco.pannarale@LIGO.ORG',
+    'jordan.palamos@LIGO.ORG',
+    'ronaldas.macas@LIGO.ORG',
+    'andrew.williamson@LIGO.ORG',
+    'iain.dorrington@LIGO.ORG',
+]
+
+
+def add_users(apps, schema_editor):
+    AuthGroup = apps.get_model('ligoauth', 'AuthGroup')
+    User = apps.get_model('auth', 'User')
+
+    group = AuthGroup.objects.get(name=GROUP_NAME)
+    for username in USERS:
+        user, _ = User.objects.get_or_create(username=username)
+        group.user_set.add(user)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('ligoauth', '0050_create_grb_managers_authgroup'),
+    ]
+
+    operations = [
+        migrations.RunPython(add_users, migrations.RunPython.noop),
+    ]
-- 
GitLab