From 47a043562d85d384e3eb2e4adcdc84fbcadf30e0 Mon Sep 17 00:00:00 2001
From: Tanner Prestegard <tanner.prestegard@ligo.org>
Date: Wed, 8 May 2019 13:05:48 -0500
Subject: [PATCH] Group for RAVEN users
Create a group for the RAVEN pipeline, add users, and give the group
specific permissions. Right now, they are just allowed to populate
the Fermi, SNEWS, and Swift pipelines for uploading external events.
---
.../auth/0021_create_raven_users_group.py | 29 +++++++++
.../auth/0022_populate_raven_users_group.py | 49 ++++++++++++++
...orize_raven_users_to_populate_pipelines.py | 65 +++++++++++++++++++
3 files changed, 143 insertions(+)
create mode 100644 gracedb/migrations/auth/0021_create_raven_users_group.py
create mode 100644 gracedb/migrations/auth/0022_populate_raven_users_group.py
create mode 100644 gracedb/migrations/guardian/0005_authorize_raven_users_to_populate_pipelines.py
diff --git a/gracedb/migrations/auth/0021_create_raven_users_group.py b/gracedb/migrations/auth/0021_create_raven_users_group.py
new file mode 100644
index 000000000..f65f211eb
--- /dev/null
+++ b/gracedb/migrations/auth/0021_create_raven_users_group.py
@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.18 on 2019-05-08 16:19
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+GROUP_NAME = 'raven_users'
+
+
+def create_group(apps, schema_editor):
+ Group = apps.get_model('auth', 'Group')
+ Group.objects.create(name=GROUP_NAME)
+
+
+def delete_group(apps, schema_editor):
+ Group = apps.get_model('auth', 'Group')
+ g = Group.objects.get(name=GROUP_NAME)
+ g.delete()
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('auth', '0020_populate_priority_users_group'),
+ ]
+
+ operations = [
+ migrations.RunPython(create_group, delete_group),
+ ]
diff --git a/gracedb/migrations/auth/0022_populate_raven_users_group.py b/gracedb/migrations/auth/0022_populate_raven_users_group.py
new file mode 100644
index 000000000..44a8e6935
--- /dev/null
+++ b/gracedb/migrations/auth/0022_populate_raven_users_group.py
@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.18 on 2019-05-08 16:22
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+GROUP_NAME = 'raven_users'
+USERS = [
+ 'brandon.piotrzkowski@LIGO.ORG',
+]
+
+
+def add_users(apps, schema_editor):
+ Group = apps.get_model('auth', 'Group')
+ User = apps.get_model('auth', 'User')
+
+ # Get group
+ pg = Group.objects.get(name=GROUP_NAME)
+
+ # Get users
+ users = User.objects.filter(username__in=USERS)
+
+ # Add users
+ pg.user_set.add(*users)
+
+
+def remove_users(apps, schema_editor):
+ Group = apps.get_model('auth', 'Group')
+ User = apps.get_model('auth', 'User')
+
+ # Get group
+ pg = Group.objects.get(name=GROUP_NAME)
+
+ # Get users
+ users = User.objects.filter(username__in=USERS)
+
+ # Remove users
+ pg.user_set.remove(*users)
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('auth', '0021_create_raven_users_group'),
+ ]
+
+ operations = [
+ migrations.RunPython(add_users, remove_users),
+ ]
diff --git a/gracedb/migrations/guardian/0005_authorize_raven_users_to_populate_pipelines.py b/gracedb/migrations/guardian/0005_authorize_raven_users_to_populate_pipelines.py
new file mode 100644
index 000000000..73787d144
--- /dev/null
+++ b/gracedb/migrations/guardian/0005_authorize_raven_users_to_populate_pipelines.py
@@ -0,0 +1,65 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.18 on 2019-05-08 16:27
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+GROUP_NAME = 'raven_users'
+PIPELINES = [
+ 'Fermi',
+ 'Swift',
+ 'SNEWS',
+]
+
+
+def add_permissions(apps, schema_editor):
+ Group = apps.get_model('auth', 'Group')
+ Permission = apps.get_model('auth', 'Permission')
+ GroupObjectPermission = apps.get_model('guardian', 'GroupObjectPermission')
+ Pipeline = apps.get_model('events', 'Pipeline')
+ ContentType = apps.get_model('contenttypes', 'ContentType')
+
+ # Get group
+ group = Group.objects.get(name=GROUP_NAME)
+
+ perm = Permission.objects.get(codename='populate_pipeline')
+ ctype = ContentType.objects.get_for_model(Pipeline)
+ for pipeline in PIPELINES:
+ pipeline = Pipeline.objects.get(name=pipeline)
+
+ # Create GroupObjectPermission
+ gop = GroupObjectPermission.objects.create(group=group,
+ permission=perm, content_type=ctype, object_pk=pipeline.id)
+
+
+def remove_permissions(apps, schema_editor):
+ Group = apps.get_model('auth', 'Group')
+ Permission = apps.get_model('auth', 'Permission')
+ GroupObjectPermission = apps.get_model('guardian', 'GroupObjectPermission')
+ Pipeline = apps.get_model('events', 'Pipeline')
+ ContentType = apps.get_model('contenttypes', 'ContentType')
+
+ # Get group
+ group = Group.objects.get(name=GROUP_NAME)
+
+ perm = Permission.objects.get(codename='populate_pipeline')
+ ctype = ContentType.objects.get_for_model(Pipeline)
+ for pipeline in PIPELINES:
+ pipeline = Pipeline.objects.get(name=pipeline)
+
+ # Get GroupObjectPermission and delete
+ gop = GroupObjectPermission.objects.get(group=group,
+ permission=perm, content_type=ctype, object_pk=pipeline.id)
+ gop.delete()
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('auth', '0021_create_raven_users_group'),
+ ('guardian', '0004_add_guardian_anonymoususer_to_public_group'),
+ ]
+
+ operations = [
+ migrations.RunPython(add_permissions, remove_permissions),
+ ]
--
GitLab