Merge pull request #2478 from bookwyrm-social/admin-roles

Adds "owner" role

bookwyrm/forms/admin.py

@@ -55,11 +55,45 @@ class CreateInviteForm(CustomForm):
 class SiteForm(CustomForm):
     class Meta:
         model = models.SiteSettings
-        exclude = ["admin_code", "install_mode", "imports_enabled"]
+        fields = [
+            "name",
+            "instance_tagline",
+            "instance_description",
+            "instance_short_description",
+            "default_theme",
+            "code_of_conduct",
+            "privacy_policy",
+            "impressum",
+            "show_impressum",
+            "logo",
+            "logo_small",
+            "favicon",
+            "support_link",
+            "support_title",
+            "admin_email",
+            "footer_item",
+        ]
         widgets = {
             "instance_short_description": forms.TextInput(
                 attrs={"aria-describedby": "desc_instance_short_description"}
             ),
+        }
+
+
+class RegistrationForm(CustomForm):
+    class Meta:
+        model = models.SiteSettings
+        fields = [
+            "allow_registration",
+            "allow_invite_requests",
+            "registration_closed_text",
+            "invite_request_text",
+            "invite_request_question",
+            "invite_question_text",
+            "require_confirm_email",
+        ]
+
+        widgets = {
             "require_confirm_email": forms.CheckboxInput(
                 attrs={"aria-describedby": "desc_require_confirm_email"}
             ),
@@ -69,6 +103,23 @@ class SiteForm(CustomForm):
         }
 
 
+class RegistrationLimitedForm(CustomForm):
+    class Meta:
+        model = models.SiteSettings
+        fields = [
+            "registration_closed_text",
+            "invite_request_text",
+            "invite_request_question",
+            "invite_question_text",
+        ]
+
+        widgets = {
+            "invite_request_text": forms.Textarea(
+                attrs={"aria-describedby": "desc_invite_request_text"}
+            ),
+        }
+
+
 class ThemeForm(CustomForm):
     class Meta:
         model = models.Theme

bookwyrm/management/commands/initdb.py

@@ -8,54 +8,64 @@ from bookwyrm import models
 
 def init_groups():
     """permission levels"""
-    groups = ["admin", "moderator", "editor"]
+    groups = ["admin", "owner", "moderator", "editor"]
     for group in groups:
-        Group.objects.create(name=group)
+        Group.objects.get_or_create(name=group)
 
 
 def init_permissions():
     """permission types"""
     permissions = [
+        {
+            "codename": "manage_registration",
+            "name": "allow or prevent user registration",
+            "groups": ["admin"],
+        },
+        {
+            "codename": "system_administration",
+            "name": "technical controls",
+            "groups": ["admin"],
+        },
         {
             "codename": "edit_instance_settings",
             "name": "change the instance info",
-            "groups": ["admin"],
+            "groups": ["admin", "owner"],
         },
         {
             "codename": "set_user_group",
             "name": "change what group a user is in",
-            "groups": ["admin", "moderator"],
+            "groups": ["admin", "owner", "moderator"],
         },
         {
             "codename": "control_federation",
             "name": "control who to federate with",
-            "groups": ["admin", "moderator"],
+            "groups": ["admin", "owner", "moderator"],
         },
         {
             "codename": "create_invites",
             "name": "issue invitations to join",
-            "groups": ["admin", "moderator"],
+            "groups": ["admin", "owner", "moderator"],
         },
         {
             "codename": "moderate_user",
             "name": "deactivate or silence a user",
-            "groups": ["admin", "moderator"],
+            "groups": ["admin", "owner", "moderator"],
         },
         {
             "codename": "moderate_post",
             "name": "delete other users' posts",
-            "groups": ["admin", "moderator"],
+            "groups": ["admin", "owner", "moderator"],
         },
         {
             "codename": "edit_book",
             "name": "edit book info",
-            "groups": ["admin", "moderator", "editor"],
+            "groups": ["admin", "owner", "moderator", "editor"],
         },
     ]
 
     content_type = ContentType.objects.get_for_model(models.User)
     for permission in permissions:
-        permission_obj = Permission.objects.create(
+        permission_obj, _ = Permission.objects.get_or_create(
             codename=permission["codename"],
             name=permission["name"],
             content_type=content_type,

bookwyrm/migrations/0168_auto_20221205_2331.py

@@ -0,0 +1,63 @@
+""" I added two new permission types and a new group to the management command that
+creates the database on install, this creates them for existing instances """
+# Generated by Django 3.2.16 on 2022-12-05 23:31
+
+from django.db import migrations
+
+
+def create_groups_and_perms(apps, schema_editor):
+    """create the new "owner" group and "system admin" permission"""
+    db_alias = schema_editor.connection.alias
+    group_model = apps.get_model("auth", "Group")
+    # Add the "owner" group, if needed
+    owner_group, group_created = group_model.objects.using(db_alias).get_or_create(
+        name="owner"
+    )
+
+    # Create perms, if needed
+    user_model = apps.get_model("bookwyrm", "User")
+    content_type_model = apps.get_model("contenttypes", "ContentType")
+    content_type = content_type_model.objects.get_for_model(user_model)
+    perms_model = apps.get_model("auth", "Permission")
+    reg_perm, perm_created = perms_model.objects.using(db_alias).get_or_create(
+        codename="manage_registration",
+        name="allow or prevent user registration",
+        content_type=content_type,
+    )
+    admin_perm, admin_perm_created = perms_model.objects.using(db_alias).get_or_create(
+        codename="system_administration",
+        name="technical controls",
+        content_type=content_type,
+    )
+
+    # Add perms to the group if anything was created
+    if group_created or perm_created or admin_perm_created:
+        perms = [
+            "edit_instance_settings",
+            "set_user_group",
+            "control_federation",
+            "create_invites",
+            "moderate_user",
+            "moderate_post",
+            "edit_book",
+        ]
+        owner_group.permissions.set(
+            perms_model.objects.using(db_alias).filter(codename__in=perms).all()
+        )
+
+        # also extend these perms to admins
+        # This is get or create so the tests don't fail -- it should already exist
+        admin_group, _ = group_model.objects.using(db_alias).get_or_create(name="admin")
+        admin_group.permissions.add(reg_perm)
+        admin_group.permissions.add(admin_perm)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("bookwyrm", "0167_auto_20221125_1900"),
+    ]
+
+    operations = [
+        migrations.RunPython(create_groups_and_perms, migrations.RunPython.noop)
+    ]

bookwyrm/migrations/0170_merge_0168_auto_20221205_2331_0169_auto_20221206_0902.py

@@ -0,0 +1,13 @@
+# Generated by Django 3.2.16 on 2022-12-11 20:00
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("bookwyrm", "0168_auto_20221205_2331"),
+        ("bookwyrm", "0169_auto_20221206_0902"),
+    ]
+
+    operations = []

bookwyrm/templates/settings/layout.html

@@ -103,10 +103,21 @@
                 <a href="{{ url }}"{% if url in request.path %} class="is-active" aria-selected="true"{% endif %}>{% trans "Site Settings" %}</a>
                 {% block site-subtabs %}{% endblock %}
             </li>
+            <li>
+            {% if perms.bookwyrm.manage_registration %}
+                {% url 'settings-registration' as url %}
+                <a href="{{ url }}"{% if url in request.path %} class="is-active" aria-selected="true"{% endif %}>{% trans "Registration" %}</a>
+            {% else %}
+                {% url 'settings-registration-limited' as url %}
+                <a href="{{ url }}"{% if url in request.path %} class="is-active" aria-selected="true"{% endif %}>{% trans "Registration" %}</a>
+            {% endif %}
+            </li>
+            {% if perms.bookwyrm.system_administration %}
             <li>
                 {% url 'settings-themes' as url %}
                 <a href="{{ url }}"{% if url in request.path %} class="is-active" aria-selected="true"{% endif %}>{% trans "Themes" %}</a>
             </li>
+            {% endif %}
         </ul>
         {% endif %}
     </nav>

bookwyrm/templates/settings/registration.html

@@ -0,0 +1,83 @@
+{% extends 'settings/layout.html' %}
+{% load i18n %}
+
+{% block title %}{% trans "Registration" %}{% endblock %}
+
+{% block header %}{% trans "Registration" %}{% endblock %}
+
+{% block panel %}
+{% if success %}
+<div class="notification is-success is-light">
+    <span class="icon icon-check" aria-hidden="true"></span>
+    <span>
+        {% trans "Settings saved" %}
+    </span>
+</div>
+{% endif %}
+
+{% if form.errors %}
+<div class="notification is-danger is-light">
+    <span class="icon icon-x" aria-hidden="true"></span>
+    <span>
+        {% trans "Unable to save settings" %}
+    </span>
+</div>
+{% endif %}
+
+<form
+    action="{% url 'settings-registration' %}"
+    method="POST"
+    class="content"
+    enctype="multipart/form-data"
+>
+    {% csrf_token %}
+    <section class="block box" id="registration">
+        <div class="field">
+            <label class="label" for="id_allow_registration">
+                {{ form.allow_registration }}
+                {% trans "Allow registration" %}
+            </label>
+        </div>
+        <div class="field">
+            <label class="label mb-0" for="id_require_confirm_email">
+                {{ form.require_confirm_email }}
+                {% trans "Require users to confirm email address" %}
+            </label>
+            <p class="help" id="desc_require_confirm_email">{% trans "(Recommended if registration is open)" %}</p>
+        </div>
+        <div class="field">
+            <label class="label" for="id_allow_invite_requests">
+                {{ form.allow_invite_requests }}
+                {% trans "Allow invite requests" %}
+            </label>
+        </div>
+        <div class="field">
+            <label class="label" for="id_invite_request_text">{% trans "Invite request text:" %}</label>
+            {{ form.invite_request_text }}
+
+            {% include 'snippets/form_errors.html' with errors_list=form.invite_request_text.errors id="desc_invite_request_text" %}
+        </div>
+        <div class="field">
+            <label class="label" for="id_invite_requests_question">
+                {{ form.invite_request_question }}
+                {% trans "Set a question for invite requests" %}
+            </label>
+        </div>
+        <div class="field">
+            <label class="label" for="id_invite_question_text">
+                {% trans "Question:" %}
+                {{ form.invite_question_text }}
+            </label>
+        </div>
+        <div class="field">
+            <label class="label" for="id_registration_closed_text">{% trans "Registration closed text:" %}</label>
+            {{ form.registration_closed_text }}
+        </div>
+    </section>
+
+    <footer class="block">
+        <button class="button is-primary" type="submit">{% trans "Save" %}</button>
+    </footer>
+</form>
+{% endblock %}
+

bookwyrm/templates/settings/registration_limited.html

@@ -0,0 +1,81 @@
+{% extends 'settings/layout.html' %}
+{% load i18n %}
+
+{% block title %}{% trans "Registration" %}{% endblock %}
+
+{% block header %}{% trans "Registration" %}{% endblock %}
+
+{% block panel %}
+{% if success %}
+<div class="notification is-success is-light">
+    <span class="icon icon-check" aria-hidden="true"></span>
+    <span>
+        {% trans "Settings saved" %}
+    </span>
+</div>
+{% endif %}
+
+{% if form.errors %}
+<div class="notification is-danger is-light">
+    <span class="icon icon-x" aria-hidden="true"></span>
+    <span>
+        {% trans "Unable to save settings" %}
+    </span>
+</div>
+{% endif %}
+
+{% if site.allow_registration %}
+<div class="notification">
+    {% trans "Registration is enabled on this instance" %}
+</div>
+{% else %}
+<form
+    action="{% url 'settings-registration-limited' %}"
+    method="POST"
+    class="content"
+    enctype="multipart/form-data"
+>
+    {% csrf_token %}
+    <section class="block box" id="registration">
+        {% if site.allow_invite_requests %}
+        <div class="field">
+            <label class="label" for="id_invite_request_text">{% trans "Invite request text:" %}</label>
+            {{ form.invite_request_text }}
+
+            {% include 'snippets/form_errors.html' with errors_list=form.invite_request_text.errors id="desc_invite_request_text" %}
+        </div>
+        <div class="field">
+            <label class="label" for="id_invite_requests_question">
+                {{ form.invite_request_question }}
+                {% trans "Set a question for invite requests" %}
+            </label>
+        </div>
+        <div class="field">
+            <label class="label" for="id_invite_question_text">
+                {% trans "Question:" %}
+                {{ form.invite_question_text }}
+            </label>
+        </div>
+        {% else %}
+        <input type="hidden" name="invite_request_text" value="{{ form.invite_request_text.value }}">
+        <input type="hidden" name="invite_request_question" value="{{ form.invite_request_question.value }}">
+        <input type="hidden" name="invite_question_text" value="{{ form.invite_question_text.value }}">
+        {% endif %}
+
+        {% if not site.allow_invite_requests and not site.allow_registration %}
+        <div class="field">
+            <label class="label" for="id_registration_closed_text">{% trans "Registration closed text:" %}</label>
+            {{ form.registration_closed_text }}
+        </div>
+        {% else %}
+        <input type="hidden" name="registration_closed_text" value="{{ form.registration_closed_text.value }}">
+        {% endif %}
+    </section>
+
+    <footer class="block">
+        <button class="button is-primary" type="submit">{% trans "Save" %}</button>
+    </footer>
+</form>
+{% endif %}
+{% endblock %}
+

bookwyrm/templates/settings/site.html

@@ -10,7 +10,6 @@
     <li><a href="#instance-info">{% trans "Instance Info" %}</a></li>
     <li><a href="#display">{% trans "Display" %}</a></li>
     <li><a href="#footer">{% trans "Footer Content" %}</a></li>
-    <li><a href="#registration">{% trans "Registration" %}</a></li>
 </ul>
 {% endblock %}
 
@@ -141,55 +140,6 @@
         </div>
     </section>
 
-    <hr aria-hidden="true">
-
-    <section class="block" id="registration">
-        <h2 class="title is-4">{% trans "Registration" %}</h2>
-        <div class="box">
-            <div class="field">
-                <label class="label" for="id_allow_registration">
-                    {{ site_form.allow_registration }}
-                    {% trans "Allow registration" %}
-                </label>
-            </div>
-            <div class="field">
-                <label class="label mb-0" for="id_require_confirm_email">
-                    {{ site_form.require_confirm_email }}
-                    {% trans "Require users to confirm email address" %}
-                </label>
-                <p class="help" id="desc_require_confirm_email">{% trans "(Recommended if registration is open)" %}</p>
-            </div>
-            <div class="field">
-                <label class="label" for="id_allow_invite_requests">
-                    {{ site_form.allow_invite_requests }}
-                    {% trans "Allow invite requests" %}
-                </label>
-            </div>
-            <div class="field">
-                <label class="label" for="id_invite_requests_question">
-                    {{ site_form.invite_request_question }}
-                    {% trans "Set a question for invite requests" %}
-                </label>
-            </div>
-                <div class="field">
-                    <label class="label" for="id_invite_question_text">
-                        {% trans "Question:" %}
-                        {{ site_form.invite_question_text }}
-                    </label>
-                </div>
-            <div class="field">
-                <label class="label" for="id_registration_closed_text">{% trans "Registration closed text:" %}</label>
-                {{ site_form.registration_closed_text }}
-            </div>
-            <div class="field">
-                <label class="label" for="id_invite_request_text">{% trans "Invite request text:" %}</label>
-                {{ site_form.invite_request_text }}
-
-                {% include 'snippets/form_errors.html' with errors_list=site_form.invite_request_text.errors id="desc_invite_request_text" %}
-            </div>
-        </div>
-    </section>
-
     <footer class="block">
         <button class="button is-primary" type="submit">{% trans "Save" %}</button>
     </footer>

bookwyrm/tests/management/test_initdb.py

@@ -12,7 +12,7 @@ class InitDB(TestCase):
     def test_init_groups(self):
         """Create groups"""
         initdb.init_groups()
-        self.assertEqual(Group.objects.count(), 3)
+        self.assertEqual(Group.objects.count(), 4)
         self.assertTrue(Group.objects.filter(name="admin").exists())
         self.assertTrue(Group.objects.filter(name="moderator").exists())
         self.assertTrue(Group.objects.filter(name="editor").exists())
@@ -87,7 +87,7 @@ class InitDB(TestCase):
         command.handle()
 
         # everything should have been called
-        self.assertEqual(Group.objects.count(), 3)
+        self.assertEqual(Group.objects.count(), 4)
         self.assertTrue(Permission.objects.exists())
         self.assertEqual(models.Connector.objects.count(), 3)
         self.assertEqual(models.SiteSettings.objects.count(), 1)
@@ -99,7 +99,7 @@ class InitDB(TestCase):
         command.handle(limit="group")
 
         # everything should have been called
-        self.assertEqual(Group.objects.count(), 3)
+        self.assertEqual(Group.objects.count(), 4)
         self.assertEqual(models.Connector.objects.count(), 0)
         self.assertEqual(models.SiteSettings.objects.count(), 0)
         self.assertEqual(models.LinkDomain.objects.count(), 0)

bookwyrm/urls.py

@@ -86,6 +86,16 @@ urlpatterns = [
         r"^settings/dashboard/?$", views.Dashboard.as_view(), name="settings-dashboard"
     ),
     re_path(r"^settings/site-settings/?$", views.Site.as_view(), name="settings-site"),
+    re_path(
+        r"^settings/site-registration/?$",
+        views.RegistrationLimited.as_view(),
+        name="settings-registration-limited",
+    ),
+    re_path(
+        r"^settings/site-registration-admin/?$",
+        views.Registration.as_view(),
+        name="settings-registration",
+    ),
     re_path(r"^settings/themes/?$", views.Themes.as_view(), name="settings-themes"),
     re_path(
         r"^settings/themes/(?P<theme_id>\d+)/delete/?$",

bookwyrm/views/__init__.py

@@ -24,7 +24,7 @@ from .admin.reports import (
     unsuspend_user,
     moderator_delete_user,
 )
-from .admin.site import Site
+from .admin.site import Site, Registration, RegistrationLimited
 from .admin.themes import Themes, delete_theme
 from .admin.user_admin import UserAdmin, UserAdminList
 

bookwyrm/views/admin/site.py

@@ -33,3 +33,57 @@ class Site(View):
 
         data = {"site_form": forms.SiteForm(instance=site), "success": True}
         return TemplateResponse(request, "settings/site.html", data)
+
+
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.edit_instance_settings", raise_exception=True),
+    name="dispatch",
+)
+class RegistrationLimited(View):
+    """Things related to registering that non-admins owners can change"""
+
+    def get(self, request):
+        """edit form"""
+        site = models.SiteSettings.objects.get()
+        data = {"form": forms.RegistrationLimitedForm(instance=site)}
+        return TemplateResponse(request, "settings/registration_limited.html", data)
+
+    def post(self, request):
+        """edit the site settings"""
+        site = models.SiteSettings.objects.get()
+        form = forms.RegistrationLimitedForm(request.POST, request.FILES, instance=site)
+        if not form.is_valid():
+            data = {"form": form}
+            return TemplateResponse(request, "settings/registration_limited.html", data)
+        site = form.save(request)
+
+        data = {"form": forms.RegistrationLimitedForm(instance=site), "success": True}
+        return TemplateResponse(request, "settings/registration_limited.html", data)
+
+
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.manage_registration", raise_exception=True),
+    name="dispatch",
+)
+class Registration(View):
+    """Control everything about registration"""
+
+    def get(self, request):
+        """edit form"""
+        site = models.SiteSettings.objects.get()
+        data = {"form": forms.RegistrationForm(instance=site)}
+        return TemplateResponse(request, "settings/registration.html", data)
+
+    def post(self, request):
+        """edit the site settings"""
+        site = models.SiteSettings.objects.get()
+        form = forms.RegistrationForm(request.POST, request.FILES, instance=site)
+        if not form.is_valid():
+            data = {"form": form}
+            return TemplateResponse(request, "settings/registration.html", data)
+        site = form.save(request)
+
+        data = {"form": forms.RegistrationForm(instance=site), "success": True}
+        return TemplateResponse(request, "settings/registration.html", data)

bookwyrm/views/admin/themes.py

@@ -12,7 +12,7 @@ from bookwyrm import forms, models
 # pylint: disable= no-self-use
 @method_decorator(login_required, name="dispatch")
 @method_decorator(
-    permission_required("bookwyrm.edit_instance_settings", raise_exception=True),
+    permission_required("bookwyrm.system_administration", raise_exception=True),
     name="dispatch",
 )
 class Themes(View):
@@ -46,7 +46,7 @@ def get_view_data():
 
 
 @require_POST
-@permission_required("bookwyrm.edit_instance_settings", raise_exception=True)
+@permission_required("bookwyrm.system_administration", raise_exception=True)
 # pylint: disable=unused-argument
 def delete_theme(request, theme_id):
     """Remove a theme"""