From 3befcb52eece1284020834434edd75669d48c0e1 Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Tue, 12 Dec 2023 15:53:34 -0400
Subject: [PATCH] fix: use management command to add permissions

---
 Makefile                                      |  5 ++-
 program/management/commands/addpermissions.py | 42 +++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 program/management/commands/addpermissions.py

diff --git a/Makefile b/Makefile
index e17ab421..d3c8cef1 100644
--- a/Makefile
+++ b/Makefile
@@ -18,7 +18,7 @@ create_oidc_client.dashboard:
 create_oidc_client.tank:
 	$(POETRY_RUN_MANAGE) create_oidc_client tank confidential --client-id ${TANK_OIDC_CLIENT_ID} --client-secret ${TANK_OIDC_CLIENT_SECRET} -r "code" -u ${TANK_CALLBACK_BASE_URL}/tank/auth/oidc/callback
 
-initialize: migrate collectstatic loaddata.program create_oidc_client.dashboard create_oidc_client.tank
+initialize: migrate collectstatic loaddata.program create_oidc_client.dashboard create_oidc_client.tank addpermissions
 	$(POETRY_RUN_MANAGE) createsuperuser --no-input
 	$(POETRY_RUN_MANAGE) creatersakey
 
@@ -43,6 +43,9 @@ loaddata.custom:
 loaddata.test:
 	$(POETRY_RUN_MANAGE) loaddata fixtures/test/*.json
 
+addpermissions:
+	$(POETRY_RUN_MANAGE) addpermissions
+
 removestaleimages:
 	$(POETRY_RUN_MANAGE) removestaleimages
 
diff --git a/program/management/commands/addpermissions.py b/program/management/commands/addpermissions.py
new file mode 100644
index 00000000..f4cb3a0e
--- /dev/null
+++ b/program/management/commands/addpermissions.py
@@ -0,0 +1,42 @@
+from django.conf import settings
+from django.contrib.auth.models import Group, Permission
+from django.core.management.base import BaseCommand
+
+
+class Command(BaseCommand):
+    help = "add permissions"
+
+    def handle(self, *args, **options):
+        program_group = Group.objects.get(name=settings.PRIVILEGED_GROUP)
+        program_permissions = Permission.objects.filter(content_type__app_label="program")
+        self.stdout.write(
+            "  Adding program permissions to the privileged group... ",
+            ending="",
+        )
+        self.stdout.flush()
+        program_group.permissions.add(*program_permissions)
+        self.stdout.write(self.style.SUCCESS(len(program_permissions)))
+
+        broadcast_group = Group.objects.get(name=settings.ENTITLED_GROUPS[0])
+        note_notelink_permissions = Permission.objects.filter(
+            content_type__model__in=["note", "notelink"]
+        )
+        self.stdout.write(
+            "  Adding note & notelink permissions to the first entitled group... ",
+            ending="",
+        )
+        self.stdout.flush()
+        broadcast_group.permissions.add(*note_notelink_permissions)
+        self.stdout.write(self.style.SUCCESS(len(note_notelink_permissions)))
+
+        broadcast_plus_group = Group.objects.get(name=settings.ENTITLED_GROUPS[1])
+        change_host_show_permissions = Permission.objects.filter(
+            codename__startswith="change", content_type__model__in=["host", "show"]
+        )
+        self.stdout.write(
+            "  Adding change host & show permissions to second the entitled group... ",
+            ending="",
+        )
+        self.stdout.flush()
+        broadcast_plus_group.permissions.add(*change_host_show_permissions)
+        self.stdout.write(self.style.SUCCESS(len(change_host_show_permissions)))
-- 
GitLab