Merge pull request #2554 from chdorner/feat/registration-default-user-auth-group

Allow to set default user auth group

bookwyrm/forms/admin.py

@@ -91,6 +91,7 @@ class RegistrationForm(CustomForm):
             "invite_request_question",
             "invite_question_text",
             "require_confirm_email",
+            "default_user_auth_group",
         ]
 
         widgets = {

bookwyrm/management/commands/initdb.py

@@ -117,10 +117,12 @@ def init_connectors():
 
 def init_settings():
     """info about the instance"""
+    group_editor = Group.objects.filter(name="editor").first()
     models.SiteSettings.objects.create(
         support_link="https://www.patreon.com/bookwyrm",
         support_title="Patreon",
         install_mode=True,
+        default_user_auth_group=group_editor,
     )
 
 

bookwyrm/migrations/0173_default_user_auth_group_setting.py

@@ -0,0 +1,34 @@
+# Generated by Django 3.2.16 on 2022-12-27 21:34
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+def backfill_sitesettings(apps, schema_editor):
+    db_alias = schema_editor.connection.alias
+    group_model = apps.get_model("auth", "Group")
+    editor_group = group_model.objects.using(db_alias).filter(name="editor").first()
+
+    sitesettings_model = apps.get_model("bookwyrm", "SiteSettings")
+    sitesettings_model.objects.update(default_user_auth_group=editor_group)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("bookwyrm", "0175_merge_0173_author_website_0174_merge_20230111_1523"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="sitesettings",
+            name="default_user_auth_group",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.RESTRICT,
+                to="auth.group",
+            ),
+        ),
+        migrations.RunPython(backfill_sitesettings, migrations.RunPython.noop),
+    ]

bookwyrm/models/site.py

@@ -3,6 +3,7 @@ import datetime
 from urllib.parse import urljoin
 import uuid
 
+import django.contrib.auth.models as auth_models
 from django.core.exceptions import PermissionDenied
 from django.db import models, IntegrityError
 from django.dispatch import receiver
@@ -70,6 +71,9 @@ class SiteSettings(SiteModel):
     allow_invite_requests = models.BooleanField(default=True)
     invite_request_question = models.BooleanField(default=False)
     require_confirm_email = models.BooleanField(default=True)
+    default_user_auth_group = models.ForeignKey(
+        auth_models.Group, null=True, blank=True, on_delete=models.PROTECT
+    )
 
     invite_question_text = models.CharField(
         max_length=255, blank=True, default="What is your favourite book?"

bookwyrm/models/user.py

@@ -3,9 +3,9 @@ import re
 from urllib.parse import urlparse
 
 from django.apps import apps
-from django.contrib.auth.models import AbstractUser, Group
+from django.contrib.auth.models import AbstractUser
 from django.contrib.postgres.fields import ArrayField, CICharField
-from django.core.exceptions import PermissionDenied
+from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
 from django.dispatch import receiver
 from django.db import models, transaction
 from django.utils import timezone
@@ -356,8 +356,14 @@ class User(OrderedCollectionPageMixin, AbstractUser):
 
             # make users editors by default
             try:
-                self.groups.add(Group.objects.get(name="editor"))
+                group = (
-            except Group.DoesNotExist:
+                    apps.get_model("bookwyrm.SiteSettings")
+                    .objects.get()
+                    .default_user_auth_group
+                )
+                if group:
+                    self.groups.add(group)
+            except ObjectDoesNotExist:
                 # this should only happen in tests
                 pass
 

bookwyrm/templates/settings/registration.html

@@ -38,6 +38,23 @@
                 {% trans "Allow registration" %}
             </label>
         </div>
+        <div class="block">
+            <label class="label" for="id_default_user_auth_group">
+                {% trans "Default access level:" %}
+            </label>
+            <div class="select">
+                <select name="default_user_auth_group" id="id_default_user_auth_group" desc_default_user_auth_group="desc_default_user_auth_group">
+                    {% for instance in form.default_user_auth_group.field.queryset %}
+                    <option value="{{ instance.pk }}" {% if instance.pk == form.default_user_auth_group.value %}selected{% endif %}>
+                        {{ instance.name|title }}
+                    </option>
+                    {% endfor %}
+                    <option value="" {% if not form.default_user_auth_group.value %}selected{% endif %}>
+                        User
+                    </option>
+                </select>
+            </div>
+        </div>
         <div class="field">
             <label class="label mb-0" for="id_require_confirm_email">
                 {{ form.require_confirm_email }}

bookwyrm/tests/management/test_initdb.py

@@ -63,9 +63,19 @@ class InitDB(TestCase):
 
     def test_init_settings(self):
         """Create the settings file"""
+        initdb.init_groups()
+        group_editor = Group.objects.get(name="editor")
+
         initdb.init_settings()
         settings = models.SiteSettings.objects.get()
         self.assertEqual(settings.name, "BookWyrm")
+        self.assertEqual(settings.default_user_auth_group, group_editor)
+
+    def test_init_settings_without_groups(self):
+        """Create the settings, but without groups existing already"""
+        initdb.init_settings()
+        settings = models.SiteSettings.objects.get()
+        self.assertIsNone(settings.default_user_auth_group)
 
     def test_init_link_domains(self):
         """Common trusted domains for links"""

bookwyrm/tests/models/test_user_model.py

@@ -109,6 +109,36 @@ class User(TestCase):
         self.assertEqual(activity["id"], self.user.outbox)
         self.assertEqual(activity["totalItems"], 0)
 
+    def test_save_auth_group(self):
+        user_attrs = {"local": True}
+        site = models.SiteSettings.get()
+
+        site.default_user_auth_group = Group.objects.get(name="editor")
+        site.save()
+        with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"), patch(
+            "bookwyrm.activitystreams.populate_stream_task.delay"
+        ), patch("bookwyrm.lists_stream.populate_lists_task.delay"):
+            user = models.User.objects.create_user(
+                f"test2{DOMAIN}",
+                "test2@bookwyrm.test",
+                localname="test2",
+                **user_attrs,
+            )
+        self.assertEqual(list(user.groups.all()), [Group.objects.get(name="editor")])
+
+        site.default_user_auth_group = None
+        site.save()
+        with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"), patch(
+            "bookwyrm.activitystreams.populate_stream_task.delay"
+        ), patch("bookwyrm.lists_stream.populate_lists_task.delay"):
+            user = models.User.objects.create_user(
+                f"test1{DOMAIN}",
+                "test1@bookwyrm.test",
+                localname="test1",
+                **user_attrs,
+            )
+        self.assertEqual(len(user.groups.all()), 0)
+
     def test_set_remote_server(self):
         server = models.FederatedServer.objects.create(
             server_name=DOMAIN, application_type="test type", application_version=3