diff --git a/src/README.md b/src/README.md
index f853623adcdb9a2f888dc757fe050f2526e57e89..f421390dd2d71810a817dc832d00b2e40a8135e0 100644
--- a/src/README.md
+++ b/src/README.md
@@ -78,32 +78,6 @@ $ python3 manage.py create_user provider@polaris.com polaris321 -p -m -a
$ python3 manage.py create_user user1@polaris.com polaris321
```
-## Create fixtures (seeds)
-
-```console
-$ python3 manage.py dumpdata --natural-foreign --natural-primary --indent 4 > fixtures/initial_db.json
-```
-
-```console
-$ python3 manage.py dumpdata --indent 4 > fixtures/initial_db.json
-```
-
-| E-Mail | Password | Superuser | Provider | Provider Manage | Analyst |
-| -------------------- | ---------- | --------- | -------- | --------------- | ------- |
-| admin@polaris.com | polaris321 | x | x | x | x |
-| provider@polaris.com | polaris321 | - | x | x | x |
-| user1@polaris.com | polaris321 | - | - | - | - |
-| user2@polaris.com | polaris321 | - | - | - | - |
-| user3@polaris.com | polaris321 | - | - | - | - |
-| user4@polaris.com | polaris321 | - | - | - | - |
-| user5@polaris.com | polaris321 | - | - | - | - |
-
-## Load fixtures
-
-```console
-$ python3 manage.py loaddata fixtures/initial_db.json
-```
-
## Clear database
```console
diff --git a/src/backend/management/commands/check_and_apply_migrations.py b/src/backend/management/commands/check_and_apply_migrations.py
new file mode 100644
index 0000000000000000000000000000000000000000..c8733cd5e4b1c4d0ce3541888462f9e9cbf4989a
--- /dev/null
+++ b/src/backend/management/commands/check_and_apply_migrations.py
@@ -0,0 +1,79 @@
+from django.core.management.base import BaseCommand
+from django.core.management import call_command
+from django.db import connections
+from django.db.migrations.executor import MigrationExecutor
+from django.contrib.auth.models import Permission, ContentType, Group
+from rolepermissions.roles import get_roles
+from users.models import CustomUser # Adjust this import based on your actual user model
+
+class Command(BaseCommand):
+ help = 'Check and apply necessary migrations and ensure roles, permissions, and groups are set up correctly'
+
+ def handle(self, *args, **kwargs):
+ self.stdout.write(self.style.NOTICE('Checking for pending migrations...'))
+
+ connection = connections['default']
+ executor = MigrationExecutor(connection)
+ targets = executor.loader.graph.leaf_nodes()
+
+ if executor.migration_plan(targets):
+ self.stdout.write(self.style.WARNING('Pending migrations found. Applying migrations...'))
+ call_command('migrate')
+ self.stdout.write(self.style.SUCCESS('All migrations applied successfully.'))
+ else:
+ self.stdout.write(self.style.SUCCESS('No pending migrations found.'))
+
+ self.stdout.write(self.style.NOTICE('Checking roles and permissions...'))
+
+ # Ensure necessary permissions exist
+ permissions = {
+ "create_user": "Create User",
+ "edit_user": "Edit User"
+ "create_provider": "Create Provider",
+ "manage_provider_keys": "Manage Provider Keys",
+ "manage_analytics_tokens": "Manage Analytics Tokens",
+ "create_user_consent": "Create User Consent",
+ "request_user_data": "Request User Data"
+ }
+
+ content_type, created = ContentType.objects.get_or_create(app_label='users', model='customuser')
+
+ permission_objects = {}
+ for codename, name in permissions.items():
+ permission, created = Permission.objects.get_or_create(
+ codename=codename,
+ content_type=content_type,
+ defaults={'name': name}
+ )
+ permission_objects[codename] = permission
+ if created:
+ self.stdout.write(self.style.SUCCESS(f'Permission created: {name}'))
+ else:
+ self.stdout.write(self.style.NOTICE(f'Permission already exists: {name}'))
+
+ # Ensure roles exist
+ for role in get_roles():
+ self.stdout.write(self.style.SUCCESS(f'Role found: {role.__name__} with permissions: {role.available_permissions}'))
+
+ # Ensure auth groups exist and assign permissions
+ groups_permissions = {
+ "polaris_administrator": ["create_user","edit_user","create_provider","change_provider","manage_provider_keys","manage_analytics_tokens","create_user_consent","request_user_data"]
+ "provider": ["manage_provider_keys"],‚
+ "analyst": ["manage_analytics_tokens"],
+ "user": ["create_user_consent"]
+ }
+
+ for group_name, perms in groups_permissions.items():
+ group, created = Group.objects.get_or_create(name=group_name)
+ if created:
+ self.stdout.write(self.style.SUCCESS(f'Group created: {group_name}'))
+ else:
+ self.stdout.write(self.style.NOTICE(f'Group already exists: {group_name}'))
+
+ # Assign permissions to group
+ for perm in perms:
+ if perm in permission_objects:
+ group.permissions.add(permission_objects[perm])
+ self.stdout.write(self.style.SUCCESS(f'Assigned permission {perm} to group {group_name}'))
+
+ self.stdout.write(self.style.SUCCESS('Roles, permissions, and groups check completed.'))
diff --git a/src/backend/roles.py b/src/backend/roles.py
index c6857b335ba0b569b8e49d0be8fb8737e6112a49..d31aebab3e4a9fc9b8383d7a50b62f4160a2461a 100644
--- a/src/backend/roles.py
+++ b/src/backend/roles.py
@@ -4,18 +4,23 @@ from strenum import StrEnum
class Roles(StrEnum):
CREATE_USER = 'create_user',
+ EDIT_USER = 'edit_user',
CREATE_PROVIDER = 'create_provider',
CHANGE_PROVIDER = 'change_provider',
MANAGE_PROVIDER_KEYS = 'manage_provider_keys',
MANAGE_ANALYTICS_TOKENS = 'manage_analytics_tokens',
- CREATE_USER_CONSENT = 'create_user_consent'
+ CREATE_USER_CONSENT = 'create_user_consent',
+ REQUEST_USER_DATA = 'request_user_data',
-class Provider(AbstractUserRole):
+class PolarisAdministrator(AbstractUserRole):
available_permissions = {
Roles.CREATE_PROVIDER: True,
Roles.CHANGE_PROVIDER: True,
Roles.CREATE_USER: True,
+ Roles.MANAGE_PROVIDER_KEYS: True,
+ Roles.MANAGE_ANALYTICS_TOKENS: True,
+ Roles.REQUEST_USER_DATA: True,
}
class ProviderManager(AbstractUserRole):
diff --git a/src/fixtures/initial_db.json b/src/fixtures/initial_db.json
deleted file mode 100644
index 4c28364e1e4797b336ad39526bcf0c2f8303755f..0000000000000000000000000000000000000000
--- a/src/fixtures/initial_db.json
+++ /dev/null
@@ -1,1597 +0,0 @@
-[
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"admin",
- "model":"logentry"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"auth",
- "model":"permission"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"auth",
- "model":"group"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"contenttypes",
- "model":"contenttype"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"sessions",
- "model":"session"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"django_celery_results",
- "model":"taskresult"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"django_celery_results",
- "model":"chordcounter"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"django_celery_results",
- "model":"groupresult"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"django_celery_beat",
- "model":"crontabschedule"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"django_celery_beat",
- "model":"intervalschedule"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"django_celery_beat",
- "model":"periodictask"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"django_celery_beat",
- "model":"periodictasks"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"django_celery_beat",
- "model":"solarschedule"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"django_celery_beat",
- "model":"clockedschedule"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"users",
- "model":"customuser"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"consents",
- "model":"userconsents"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"providers",
- "model":"provider"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"providers",
- "model":"providerschema"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"providers",
- "model":"providerauthorization"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"providers",
- "model":"analyticstoken"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"data_disclosure",
- "model":"datadisclosure"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"data_removal",
- "model":"dataremovaljob"
- }
- },
- {
- "model":"contenttypes.contenttype",
- "fields":{
- "app_label":"ssoauth",
- "model":"usermapping"
- }
- },
- {
- "model":"providers.provider",
- "pk":1,
- "fields":{
- "definition_id":"provider_1",
- "name":"Example Provider",
- "description":"An example provider for data collection.",
- "updated":"2023-03-16T09:02:08.898Z",
- "created":"2023-03-16T09:02:08.898Z"
- }
- },
- {
- "model":"providers.providerschema",
- "pk":1,
- "fields":{
- "provider":1,
- "superseded_by":null,
- "additional_lrs":[
-
- ],
- "updated":"2023-03-16T09:02:08.898Z",
- "created":"2023-03-16T09:02:08.898Z"
- }
- },
- {
- "model":"providers.providerverbgroup",
- "pk":1,
- "fields":{
- "provider":1,
- "provider_schema":1,
- "group_id":"general_data_collection",
- "label":"General data collection",
- "description":"We would like to collect the following data to understand and support our users' behavior.",
- "purpose_of_collection":"The data collected generally helps us to better understand the behavior of our users.",
- "requires_consent":true,
- "updated":"2023-03-16T09:02:08.898Z",
- "created":"2023-03-16T09:02:08.898Z"
- }
- },
- {
- "model":"providers.verb",
- "pk":1,
- "fields":{
- "provider":1,
- "provider_schema":1,
- "verb_id":"https://xapi.elearn.rwth-aachen.de/definitions/lms/verbs/accepted",
- "label":"Accepted",
- "description":"Accepted",
- "default_consent":false,
- "active":true,
- "essential":false,
- "allow_anonymized_collection":false
- }
- },
- {
- "model":"providers.verbobject",
- "pk":1,
- "fields":{
- "verb":1,
- "object_id":"https://xapi.elearn.rwth-aachen.de/definitions/lms/activities/assign",
- "object_type":"assignment",
- "matching":"definitionType",
- "label":"Assignment",
- "definition":{
- "type":"https://xapi.elearn.rwth-aachen.de/definitions/lms/activities/assign",
- "name":{
- "enUS":"An assignment object. Provides the students with a task description and further needed materials and allows to upload a submission."
- }
- }
- }
- },
- {
- "model":"providers.providerauthorization",
- "pk":1,
- "fields":{
- "provider":1,
- "key":"example-key-123",
- "updated":"2023-03-16T09:02:08.898Z",
- "created":"2023-03-16T09:02:08.898Z"
- }
- },
- {
- "model":"providers.analyticstoken",
- "pk":1,
- "fields":{
- "name":"Example Token",
- "description":"This is a sample analytics token.",
- "creator":1,
- "key":"analytics-key-123",
- "expires":null,
- "image_path":null,
- "created":"2023-03-16T09:02:08.898Z"
- }
- },
- {
- "model":"providers.analyticstokenverb",
- "pk":1,
- "fields":{
- "verb":"https://xapi.elearn.rwth-aachen.de/definitions/lms/verbs/accepted",
- "analytics_token":1,
- "provider":1,
- "created":"2023-03-16T09:02:08.898Z"
- }
- },
- {
- "model":"providers.providerauthorization",
- "pk":1,
- "fields":{
- "provider":1,
- "key":"27dd35314d73c7618945af9ac3152ecfcb9d1992ead2bdc562409d01ed456f6d",
- "updated":"2023-03-16T09:02:08.893Z",
- "created":"2023-03-16T09:02:08.893Z"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add log entry",
- "content_type":[
- "admin",
- "logentry"
- ],
- "codename":"add_logentry"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change log entry",
- "content_type":[
- "admin",
- "logentry"
- ],
- "codename":"change_logentry"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete log entry",
- "content_type":[
- "admin",
- "logentry"
- ],
- "codename":"delete_logentry"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view log entry",
- "content_type":[
- "admin",
- "logentry"
- ],
- "codename":"view_logentry"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add permission",
- "content_type":[
- "auth",
- "permission"
- ],
- "codename":"add_permission"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change permission",
- "content_type":[
- "auth",
- "permission"
- ],
- "codename":"change_permission"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete permission",
- "content_type":[
- "auth",
- "permission"
- ],
- "codename":"delete_permission"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view permission",
- "content_type":[
- "auth",
- "permission"
- ],
- "codename":"view_permission"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add group",
- "content_type":[
- "auth",
- "group"
- ],
- "codename":"add_group"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change group",
- "content_type":[
- "auth",
- "group"
- ],
- "codename":"change_group"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete group",
- "content_type":[
- "auth",
- "group"
- ],
- "codename":"delete_group"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view group",
- "content_type":[
- "auth",
- "group"
- ],
- "codename":"view_group"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add content type",
- "content_type":[
- "contenttypes",
- "contenttype"
- ],
- "codename":"add_contenttype"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change content type",
- "content_type":[
- "contenttypes",
- "contenttype"
- ],
- "codename":"change_contenttype"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete content type",
- "content_type":[
- "contenttypes",
- "contenttype"
- ],
- "codename":"delete_contenttype"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view content type",
- "content_type":[
- "contenttypes",
- "contenttype"
- ],
- "codename":"view_contenttype"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add session",
- "content_type":[
- "sessions",
- "session"
- ],
- "codename":"add_session"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change session",
- "content_type":[
- "sessions",
- "session"
- ],
- "codename":"change_session"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete session",
- "content_type":[
- "sessions",
- "session"
- ],
- "codename":"delete_session"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view session",
- "content_type":[
- "sessions",
- "session"
- ],
- "codename":"view_session"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add task result",
- "content_type":[
- "django_celery_results",
- "taskresult"
- ],
- "codename":"add_taskresult"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change task result",
- "content_type":[
- "django_celery_results",
- "taskresult"
- ],
- "codename":"change_taskresult"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete task result",
- "content_type":[
- "django_celery_results",
- "taskresult"
- ],
- "codename":"delete_taskresult"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view task result",
- "content_type":[
- "django_celery_results",
- "taskresult"
- ],
- "codename":"view_taskresult"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add chord counter",
- "content_type":[
- "django_celery_results",
- "chordcounter"
- ],
- "codename":"add_chordcounter"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change chord counter",
- "content_type":[
- "django_celery_results",
- "chordcounter"
- ],
- "codename":"change_chordcounter"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete chord counter",
- "content_type":[
- "django_celery_results",
- "chordcounter"
- ],
- "codename":"delete_chordcounter"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view chord counter",
- "content_type":[
- "django_celery_results",
- "chordcounter"
- ],
- "codename":"view_chordcounter"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add group result",
- "content_type":[
- "django_celery_results",
- "groupresult"
- ],
- "codename":"add_groupresult"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change group result",
- "content_type":[
- "django_celery_results",
- "groupresult"
- ],
- "codename":"change_groupresult"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete group result",
- "content_type":[
- "django_celery_results",
- "groupresult"
- ],
- "codename":"delete_groupresult"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view group result",
- "content_type":[
- "django_celery_results",
- "groupresult"
- ],
- "codename":"view_groupresult"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add crontab",
- "content_type":[
- "django_celery_beat",
- "crontabschedule"
- ],
- "codename":"add_crontabschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change crontab",
- "content_type":[
- "django_celery_beat",
- "crontabschedule"
- ],
- "codename":"change_crontabschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete crontab",
- "content_type":[
- "django_celery_beat",
- "crontabschedule"
- ],
- "codename":"delete_crontabschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view crontab",
- "content_type":[
- "django_celery_beat",
- "crontabschedule"
- ],
- "codename":"view_crontabschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add interval",
- "content_type":[
- "django_celery_beat",
- "intervalschedule"
- ],
- "codename":"add_intervalschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change interval",
- "content_type":[
- "django_celery_beat",
- "intervalschedule"
- ],
- "codename":"change_intervalschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete interval",
- "content_type":[
- "django_celery_beat",
- "intervalschedule"
- ],
- "codename":"delete_intervalschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view interval",
- "content_type":[
- "django_celery_beat",
- "intervalschedule"
- ],
- "codename":"view_intervalschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add periodic task",
- "content_type":[
- "django_celery_beat",
- "periodictask"
- ],
- "codename":"add_periodictask"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change periodic task",
- "content_type":[
- "django_celery_beat",
- "periodictask"
- ],
- "codename":"change_periodictask"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete periodic task",
- "content_type":[
- "django_celery_beat",
- "periodictask"
- ],
- "codename":"delete_periodictask"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view periodic task",
- "content_type":[
- "django_celery_beat",
- "periodictask"
- ],
- "codename":"view_periodictask"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add periodic tasks",
- "content_type":[
- "django_celery_beat",
- "periodictasks"
- ],
- "codename":"add_periodictasks"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change periodic tasks",
- "content_type":[
- "django_celery_beat",
- "periodictasks"
- ],
- "codename":"change_periodictasks"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete periodic tasks",
- "content_type":[
- "django_celery_beat",
- "periodictasks"
- ],
- "codename":"delete_periodictasks"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view periodic tasks",
- "content_type":[
- "django_celery_beat",
- "periodictasks"
- ],
- "codename":"view_periodictasks"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add solar event",
- "content_type":[
- "django_celery_beat",
- "solarschedule"
- ],
- "codename":"add_solarschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change solar event",
- "content_type":[
- "django_celery_beat",
- "solarschedule"
- ],
- "codename":"change_solarschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete solar event",
- "content_type":[
- "django_celery_beat",
- "solarschedule"
- ],
- "codename":"delete_solarschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view solar event",
- "content_type":[
- "django_celery_beat",
- "solarschedule"
- ],
- "codename":"view_solarschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add clocked",
- "content_type":[
- "django_celery_beat",
- "clockedschedule"
- ],
- "codename":"add_clockedschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change clocked",
- "content_type":[
- "django_celery_beat",
- "clockedschedule"
- ],
- "codename":"change_clockedschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete clocked",
- "content_type":[
- "django_celery_beat",
- "clockedschedule"
- ],
- "codename":"delete_clockedschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view clocked",
- "content_type":[
- "django_celery_beat",
- "clockedschedule"
- ],
- "codename":"view_clockedschedule"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add user",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"add_customuser"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change user",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"change_customuser"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete user",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"delete_customuser"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view user",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"view_customuser"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add user consents",
- "content_type":[
- "consents",
- "userconsents"
- ],
- "codename":"add_userconsents"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change user consents",
- "content_type":[
- "consents",
- "userconsents"
- ],
- "codename":"change_userconsents"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete user consents",
- "content_type":[
- "consents",
- "userconsents"
- ],
- "codename":"delete_userconsents"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view user consents",
- "content_type":[
- "consents",
- "userconsents"
- ],
- "codename":"view_userconsents"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add provider",
- "content_type":[
- "providers",
- "provider"
- ],
- "codename":"add_provider"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change provider",
- "content_type":[
- "providers",
- "provider"
- ],
- "codename":"change_provider"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete provider",
- "content_type":[
- "providers",
- "provider"
- ],
- "codename":"delete_provider"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view provider",
- "content_type":[
- "providers",
- "provider"
- ],
- "codename":"view_provider"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add provider schema",
- "content_type":[
- "providers",
- "providerschema"
- ],
- "codename":"add_providerschema"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change provider schema",
- "content_type":[
- "providers",
- "providerschema"
- ],
- "codename":"change_providerschema"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete provider schema",
- "content_type":[
- "providers",
- "providerschema"
- ],
- "codename":"delete_providerschema"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view provider schema",
- "content_type":[
- "providers",
- "providerschema"
- ],
- "codename":"view_providerschema"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add provider authorization",
- "content_type":[
- "providers",
- "providerauthorization"
- ],
- "codename":"add_providerauthorization"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change provider authorization",
- "content_type":[
- "providers",
- "providerauthorization"
- ],
- "codename":"change_providerauthorization"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete provider authorization",
- "content_type":[
- "providers",
- "providerauthorization"
- ],
- "codename":"delete_providerauthorization"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view provider authorization",
- "content_type":[
- "providers",
- "providerauthorization"
- ],
- "codename":"view_providerauthorization"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add analytics token",
- "content_type":[
- "providers",
- "analyticstoken"
- ],
- "codename":"add_analyticstoken"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change analytics token",
- "content_type":[
- "providers",
- "analyticstoken"
- ],
- "codename":"change_analyticstoken"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete analytics token",
- "content_type":[
- "providers",
- "analyticstoken"
- ],
- "codename":"delete_analyticstoken"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view analytics token",
- "content_type":[
- "providers",
- "analyticstoken"
- ],
- "codename":"view_analyticstoken"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add data disclosure",
- "content_type":[
- "data_disclosure",
- "datadisclosure"
- ],
- "codename":"add_datadisclosure"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change data disclosure",
- "content_type":[
- "data_disclosure",
- "datadisclosure"
- ],
- "codename":"change_datadisclosure"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete data disclosure",
- "content_type":[
- "data_disclosure",
- "datadisclosure"
- ],
- "codename":"delete_datadisclosure"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view data disclosure",
- "content_type":[
- "data_disclosure",
- "datadisclosure"
- ],
- "codename":"view_datadisclosure"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add data removal job",
- "content_type":[
- "data_removal",
- "dataremovaljob"
- ],
- "codename":"add_dataremovaljob"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change data removal job",
- "content_type":[
- "data_removal",
- "dataremovaljob"
- ],
- "codename":"change_dataremovaljob"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete data removal job",
- "content_type":[
- "data_removal",
- "dataremovaljob"
- ],
- "codename":"delete_dataremovaljob"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view data removal job",
- "content_type":[
- "data_removal",
- "dataremovaljob"
- ],
- "codename":"view_dataremovaljob"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can add user mapping",
- "content_type":[
- "ssoauth",
- "usermapping"
- ],
- "codename":"add_usermapping"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can change user mapping",
- "content_type":[
- "ssoauth",
- "usermapping"
- ],
- "codename":"change_usermapping"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can delete user mapping",
- "content_type":[
- "ssoauth",
- "usermapping"
- ],
- "codename":"delete_usermapping"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Can view user mapping",
- "content_type":[
- "ssoauth",
- "usermapping"
- ],
- "codename":"view_usermapping"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"superuser (SSO)",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"superuser"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"staff (SSO)",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"staff"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Create User Consent",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"create_user_consent"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Create Provider",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"create_provider"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Create User",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"create_user"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Change Provider",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"change_provider"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Manage Provider Keys",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"manage_provider_keys"
- }
- },
- {
- "model":"auth.permission",
- "fields":{
- "name":"Manage Analytics Tokens",
- "content_type":[
- "users",
- "customuser"
- ],
- "codename":"manage_analytics_tokens"
- }
- },
- {
- "model":"auth.group",
- "fields":{
- "name":"user",
- "permissions":[
-
- ]
- }
- },
- {
- "model":"auth.group",
- "fields":{
- "name":"provider",
- "permissions":[
-
- ]
- }
- },
- {
- "model":"auth.group",
- "fields":{
- "name":"provider_manager",
- "permissions":[
-
- ]
- }
- },
- {
- "model":"auth.group",
- "fields":{
- "name":"analyst",
- "permissions":[
-
- ]
- }
- },
- {
- "model":"users.customuser",
- "fields":{
- "password":"pbkdf2_sha256$390000$RfvUY9MTv955237sb0zyXD$adqAFax3+5SSNMSEgnkWF2fWY2ru1iXQ9h7SlnO1kP0=",
- "last_login":null,
- "is_superuser":false,
- "first_name":"",
- "last_name":"",
- "is_staff":false,
- "is_active":true,
- "date_joined":"2023-03-16T09:01:04.332Z",
- "email":"user1@polaris.com",
- "paused_data_recording":false,
- "groups":[
- [
- "user"
- ]
- ],
- "user_permissions":[
- [
- "create_user_consent",
- "users",
- "customuser"
- ]
- ],
- "accepted_provider_schemas":[
-
- ]
- }
- },
- {
- "model":"users.customuser",
- "fields":{
- "password":"pbkdf2_sha256$390000$hXBDrIi5D33MxcqICL2N5l$o/Hmd9prUCy7QJfq73jzTKAaLrm7nP+5kmN+eHWzSXM=",
- "last_login":null,
- "is_superuser":false,
- "first_name":"",
- "last_name":"",
- "is_staff":false,
- "is_active":true,
- "date_joined":"2023-03-16T09:01:08.575Z",
- "email":"user2@polaris.com",
- "paused_data_recording":false,
- "groups":[
- [
- "user"
- ]
- ],
- "user_permissions":[
- [
- "create_user_consent",
- "users",
- "customuser"
- ]
- ],
- "accepted_provider_schemas":[
-
- ]
- }
- },
- {
- "model":"users.customuser",
- "fields":{
- "password":"pbkdf2_sha256$390000$Jk0guNI6Il3aDEzrwK6eig$SZBjknBwgIegQqyi2i4FnesKcnvECwNU96mDJVlx+RQ=",
- "last_login":null,
- "is_superuser":false,
- "first_name":"",
- "last_name":"",
- "is_staff":false,
- "is_active":true,
- "date_joined":"2023-03-16T09:01:13.276Z",
- "email":"user3@polaris.com",
- "paused_data_recording":false,
- "groups":[
- [
- "user"
- ]
- ],
- "user_permissions":[
- [
- "create_user_consent",
- "users",
- "customuser"
- ]
- ],
- "accepted_provider_schemas":[
-
- ]
- }
- },
- {
- "model":"users.customuser",
- "fields":{
- "password":"pbkdf2_sha256$390000$jaNQw9Z2RJCFOjJlDT6oyo$0vF9wpQGqt2sJEI6UnkjIdtHCd3aINOgojXcYcBoXXE=",
- "last_login":null,
- "is_superuser":false,
- "first_name":"",
- "last_name":"",
- "is_staff":false,
- "is_active":true,
- "date_joined":"2023-03-16T09:01:18.285Z",
- "email":"user4@polaris.com",
- "paused_data_recording":false,
- "groups":[
- [
- "user"
- ]
- ],
- "user_permissions":[
- [
- "create_user_consent",
- "users",
- "customuser"
- ]
- ],
- "accepted_provider_schemas":[
-
- ]
- }
- },
- {
- "model":"users.customuser",
- "fields":{
- "password":"pbkdf2_sha256$390000$SeVl7RR6ReMt9iLJb9Wsx3$1O5xcI1xPGY38AoxogdOuYMYmzLATk0wMa9hmTwWu9g=",
- "last_login":null,
- "is_superuser":false,
- "first_name":"",
- "last_name":"",
- "is_staff":false,
- "is_active":true,
- "date_joined":"2023-03-16T09:01:31.051Z",
- "email":"provider@polaris.com",
- "paused_data_recording":false,
- "groups":[
- [
- "user"
- ],
- [
- "provider"
- ],
- [
- "provider_manager"
- ],
- [
- "analyst"
- ]
- ],
- "user_permissions":[
- [
- "change_provider",
- "users",
- "customuser"
- ],
- [
- "create_provider",
- "users",
- "customuser"
- ],
- [
- "create_user",
- "users",
- "customuser"
- ],
- [
- "create_user_consent",
- "users",
- "customuser"
- ],
- [
- "manage_analytics_tokens",
- "users",
- "customuser"
- ],
- [
- "manage_provider_keys",
- "users",
- "customuser"
- ]
- ],
- "accepted_provider_schemas":[
-
- ]
- }
- }
- ]
\ No newline at end of file
diff --git a/src/requirements.txt b/src/requirements.txt
index 6d74e2f143b0c3c476ec8d2b8c26cfb02fc52f5b..66b80ae5be66e250260714abb68b6ea38472215e 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -54,6 +54,7 @@ kombu==5.3.4
launchpadlib==1.10.16
lazr.restfulclient==0.14.4
lazr.uri==1.0.6
+lxml==5.2.1
Markdown==3.3.7
MarkupSafe==2.1.2
mergedeep==1.3.4
diff --git a/src/users/views.py b/src/users/views.py
index 6841e669abb16bf54b7583768942107a54adb745..d4927929d4e8d3cd28e4fb0ae79ff15ed253b100 100644
--- a/src/users/views.py
+++ b/src/users/views.py
@@ -158,12 +158,13 @@ class MergeDataView(APIView):
class UserListView(APIView):
- permission_classes = (IsAuthenticated, IsAdminUser)
+ permission_classes = (IsAuthenticated,)
def get(self, request):
- users = CustomUser.objects.all()
- users = UserSerializer(users, many=True).data
- return JsonResponse(users,
+ if has_permission(request.user, Roles.EDIT_USER):
+ users = CustomUser.objects.all()
+ users = UserSerializer(users, many=True).data
+ return JsonResponse(users,
safe=False,
status=status.HTTP_200_OK)
@@ -195,9 +196,12 @@ class PermissionsUpdateView(APIView):
"""
Save permissions for a user.
"""
- permission_classes = (IsAuthenticated, IsAdminUser)
+ permission_classes = (IsAuthenticated,)
- def post(self, request, user_id):
+ def post(self, request, user_id):
+ if not has_permission(request.user, Roles.EDIT_USER):
+ return JsonResponse({"status": "error", "message": 'not permissions'},
+ status=status.HTTP_401_UNAUTHORIZED)
try:
user = CustomUser.objects.get(pk=user_id)
except ObjectDoesNotExist: