* create new command for inital data / remove fixtures / deps fix

f543c4e1 · Benjamin Ledel · 1ee0488e · f543c4e1 · f543c4e1 · f543c4e1
Commit f543c4e1 authored 1 month ago by Benjamin Ledel
--- a/src/README.md
+++ b/src/README.md
@@ -78,32 +78,6 @@ $ python3 manage.py create_user provider@polaris.com polaris321 -p -m -a
 $ python3 manage.py create_user user1@polaris.com polaris321
 ```

-## Create fixtures (seeds)
-
-```console
-$ python3 manage.py dumpdata --natural-foreign --natural-primary --indent 4 > fixtures/initial_db.json
-```
-
-```console
-$ python3 manage.py dumpdata --indent 4 > fixtures/initial_db.json
-```
-
-| E-Mail               | Password   | Superuser | Provider | Provider Manage | Analyst |
-| -------------------- | ---------- | --------- | -------- | --------------- | ------- |
-| admin@polaris.com    | polaris321 | x         | x        | x               | x       |
-| provider@polaris.com | polaris321 | -         | x        | x               | x       |
-| user1@polaris.com    | polaris321 | -         | -        | -               | -       |
-| user2@polaris.com    | polaris321 | -         | -        | -               | -       |
-| user3@polaris.com    | polaris321 | -         | -        | -               | -       |
-| user4@polaris.com    | polaris321 | -         | -        | -               | -       |
-| user5@polaris.com    | polaris321 | -         | -        | -               | -       |
-
-## Load fixtures
-
-```console
-$ python3 manage.py loaddata fixtures/initial_db.json
-```
-
 ## Clear database

 ```console

--- a/src/backend/management/commands/check_and_apply_migrations.py
+++ b/src/backend/management/commands/check_and_apply_migrations.py
+from django.core.management.base import BaseCommand
+from django.core.management import call_command
+from django.db import connections
+from django.db.migrations.executor import MigrationExecutor
+from django.contrib.auth.models import Permission, ContentType, Group
+from rolepermissions.roles import get_roles
+from users.models import CustomUser  # Adjust this import based on your actual user model
+
+class Command(BaseCommand):
+    help = 'Check and apply necessary migrations and ensure roles, permissions, and groups are set up correctly'
+
+    def handle(self, *args, **kwargs):
+        self.stdout.write(self.style.NOTICE('Checking for pending migrations...'))
+
+        connection = connections['default']
+        executor = MigrationExecutor(connection)
+        targets = executor.loader.graph.leaf_nodes()
+        
+        if executor.migration_plan(targets):
+            self.stdout.write(self.style.WARNING('Pending migrations found. Applying migrations...'))
+            call_command('migrate')
+            self.stdout.write(self.style.SUCCESS('All migrations applied successfully.'))
+        else:
+            self.stdout.write(self.style.SUCCESS('No pending migrations found.'))
+
+        self.stdout.write(self.style.NOTICE('Checking roles and permissions...'))
+
+        # Ensure necessary permissions exist
+        permissions = {
+            "create_user": "Create User",
+            "edit_user": "Edit User"
+            "create_provider": "Create Provider",
+            "manage_provider_keys": "Manage Provider Keys",
+            "manage_analytics_tokens": "Manage Analytics Tokens",
+            "create_user_consent": "Create User Consent",
+            "request_user_data": "Request User Data"
+        }
+        
+        content_type, created = ContentType.objects.get_or_create(app_label='users', model='customuser')
+        
+        permission_objects = {}
+        for codename, name in permissions.items():
+            permission, created = Permission.objects.get_or_create(
+                codename=codename,
+                content_type=content_type,
+                defaults={'name': name}
+            )
+            permission_objects[codename] = permission
+            if created:
+                self.stdout.write(self.style.SUCCESS(f'Permission created: {name}'))
+            else:
+                self.stdout.write(self.style.NOTICE(f'Permission already exists: {name}'))
+        
+        # Ensure roles exist
+        for role in get_roles():
+            self.stdout.write(self.style.SUCCESS(f'Role found: {role.__name__} with permissions: {role.available_permissions}'))
+        
+        # Ensure auth groups exist and assign permissions
+        groups_permissions = {
+            "polaris_administrator": ["create_user","edit_user","create_provider","change_provider","manage_provider_keys","manage_analytics_tokens","create_user_consent","request_user_data"]
+            "provider": ["manage_provider_keys"],‚
+            "analyst": ["manage_analytics_tokens"],
+            "user": ["create_user_consent"]
+        }
+        
+        for group_name, perms in groups_permissions.items():
+            group, created = Group.objects.get_or_create(name=group_name)
+            if created:
+                self.stdout.write(self.style.SUCCESS(f'Group created: {group_name}'))
+            else:
+                self.stdout.write(self.style.NOTICE(f'Group already exists: {group_name}'))
+            
+            # Assign permissions to group
+            for perm in perms:
+                if perm in permission_objects:
+                    group.permissions.add(permission_objects[perm])
+                    self.stdout.write(self.style.SUCCESS(f'Assigned permission {perm} to group {group_name}'))
+        
+        self.stdout.write(self.style.SUCCESS('Roles, permissions, and groups check completed.'))
--- a/src/backend/roles.py
+++ b/src/backend/roles.py
@@ -4,18 +4,23 @@ from strenum import StrEnum

 class Roles(StrEnum):
    CREATE_USER = 'create_user',
+    EDIT_USER = 'edit_user',
    CREATE_PROVIDER = 'create_provider',
    CHANGE_PROVIDER = 'change_provider',
    MANAGE_PROVIDER_KEYS = 'manage_provider_keys',
    MANAGE_ANALYTICS_TOKENS = 'manage_analytics_tokens',
-    CREATE_USER_CONSENT = 'create_user_consent'
+    CREATE_USER_CONSENT = 'create_user_consent',
+    REQUEST_USER_DATA = 'request_user_data',


-class Provider(AbstractUserRole):
+class PolarisAdministrator(AbstractUserRole):
    available_permissions = {
        Roles.CREATE_PROVIDER: True,
        Roles.CHANGE_PROVIDER: True,
        Roles.CREATE_USER: True,
+        Roles.MANAGE_PROVIDER_KEYS: True,
+        Roles.MANAGE_ANALYTICS_TOKENS: True,
+        Roles.REQUEST_USER_DATA: True,
    }

 class ProviderManager(AbstractUserRole):

--- a/src/fixtures/initial_db.json
+++ b/src/fixtures/initial_db.json
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -54,6 +54,7 @@ kombu==5.3.4
 launchpadlib==1.10.16
 lazr.restfulclient==0.14.4
 lazr.uri==1.0.6
+lxml==5.2.1
 Markdown==3.3.7
 MarkupSafe==2.1.2
 mergedeep==1.3.4

--- a/src/users/views.py
+++ b/src/users/views.py
@@ -158,12 +158,13 @@ class MergeDataView(APIView):


 class UserListView(APIView):
-    permission_classes = (IsAuthenticated, IsAdminUser)
+    permission_classes = (IsAuthenticated,)

    def get(self, request):
-        users = CustomUser.objects.all()
-        users = UserSerializer(users, many=True).data
-        return JsonResponse(users,
+        if has_permission(request.user, Roles.EDIT_USER):
+            users = CustomUser.objects.all()
+            users = UserSerializer(users, many=True).data
+            return JsonResponse(users,
                            safe=False,
                            status=status.HTTP_200_OK)

@@ -195,9 +196,12 @@ class PermissionsUpdateView(APIView):
    """
    Save permissions for a user.
    """
-    permission_classes = (IsAuthenticated, IsAdminUser)
+    permission_classes = (IsAuthenticated,)

-    def post(self, request, user_id):
+    def post(self, request, user_id): 
+        if not has_permission(request.user, Roles.EDIT_USER):
+            return JsonResponse({"status": "error", "message": 'not permissions'},
+                                status=status.HTTP_401_UNAUTHORIZED)
        try:
            user = CustomUser.objects.get(pk=user_id)
        except ObjectDoesNotExist: