diff --git a/bookwyrm/templates/book.html b/bookwyrm/templates/book.html
index 1d511184e..5e9696fac 100644
--- a/bookwyrm/templates/book.html
+++ b/bookwyrm/templates/book.html
@@ -9,7 +9,7 @@
{% include 'snippets/book_titleby.html' with book=book %}
- {% if request.user.is_authenticated %}
+ {% if request.user.is_authenticated and perms.bookwyrm.edit_book %}
edit
diff --git a/bookwyrm/templates/layout.html b/bookwyrm/templates/layout.html
index a11da5265..f14b76aae 100644
--- a/bookwyrm/templates/layout.html
+++ b/bookwyrm/templates/layout.html
@@ -70,12 +70,14 @@
Settings
-
- Invites
-
Import books
+ {% if perms.bookwyrm.create_invites %}
+
+ Invites
+
+ {% endif %}
Log out
diff --git a/bookwyrm/view_actions.py b/bookwyrm/view_actions.py
index c574d224a..c87c36b2c 100644
--- a/bookwyrm/view_actions.py
+++ b/bookwyrm/view_actions.py
@@ -3,7 +3,7 @@ from io import BytesIO, TextIOWrapper
from PIL import Image
from django.contrib.auth import authenticate, login, logout
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
from django.core.files.base import ContentFile
from django.http import HttpResponseBadRequest, HttpResponseNotFound
from django.shortcuts import redirect
@@ -187,6 +187,7 @@ def resolve_book(request):
@login_required
+@permission_required('bookwyrm.edit_book', raise_exception=True)
def edit_book(request, book_id):
''' edit a book cool '''
if not request.method == 'POST':
@@ -479,7 +480,9 @@ def import_data(request):
return redirect('/import_status/%d' % (job.id,))
return HttpResponseBadRequest()
+
@login_required
+@permission_required('bookwyrm.create_invites', raise_exception=True)
def create_invite(request):
''' creates a user invite database entry '''
form = forms.CreateInviteForm(request.POST)
diff --git a/bookwyrm/views.py b/bookwyrm/views.py
index fe66c460b..098914645 100644
--- a/bookwyrm/views.py
+++ b/bookwyrm/views.py
@@ -1,7 +1,7 @@
''' views for pages you can go to in the application '''
import re
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
from django.db.models import Avg, Count, Q
from django.http import HttpResponseBadRequest, HttpResponseNotFound,\
JsonResponse
@@ -246,6 +246,7 @@ def invite_page(request, code):
return TemplateResponse(request, 'invite.html', data)
@login_required
+@permission_required('bookwyrm.create_invites', raise_exception=True)
def manage_invites(request):
''' invite management page '''
data = {
@@ -471,6 +472,7 @@ def book_page(request, book_id):
@login_required
+@permission_required('bookwyrm.edit_book', raise_exception=True)
def edit_book_page(request, book_id):
''' info about a book '''
book = books_manager.get_edition(book_id)
diff --git a/init_db.py b/init_db.py
index 8f51473ab..ef11f8c5f 100644
--- a/init_db.py
+++ b/init_db.py
@@ -1,24 +1,60 @@
''' starter data '''
+from django.contrib.auth.models import Group, Permission
+from django.contrib.contenttypes.models import ContentType
+
from bookwyrm.models import Connector, User
from bookwyrm.settings import DOMAIN
-User.objects.create_user('mouse', 'mouse.reeve@gmail.com', 'password123')
-User.objects.create_user(
- 'rat', 'rat@rat.com', 'ratword',
- manually_approves_followers=True
-)
-User.objects.get(id=1).followers.add(User.objects.get(id=2))
+groups = ['admin', 'moderator', 'editor']
+for group in groups:
+ Group.objects.create(name=group)
+
+permissions = [{
+ 'codename': 'edit_instance_settings',
+ 'name': 'change the instance info',
+ 'groups': ['admin',]
+ }, {
+ 'codename': 'set_user_group',
+ 'name': 'change what group a user is in',
+ 'groups': ['admin', 'moderator']
+ }, {
+ 'codename': 'control_federation',
+ 'name': 'control who to federate with',
+ 'groups': ['admin', 'moderator']
+ }, {
+ 'codename': 'create_invites',
+ 'name': 'issue invitations to join',
+ 'groups': ['admin', 'moderator']
+ }, {
+ 'codename': 'moderate_user',
+ 'name': 'deactivate or silence a user',
+ 'groups': ['admin', 'moderator']
+ }, {
+ 'codename': 'moderate_post',
+ 'name': 'delete other users\' posts',
+ 'groups': ['admin', 'moderator']
+ }, {
+ 'codename': 'edit_book',
+ 'name': 'edit book info',
+ 'groups': ['admin', 'moderator', 'editor']
+ }]
+
+content_type = ContentType.objects.get_for_model(User)
+for permission in permissions:
+ permission_obj = Permission.objects.create(
+ codename=permission['codename'],
+ name=permission['name'],
+ content_type=content_type,
+ )
+ # add the permission to the appropriate groups
+ for group_name in permission['groups']:
+ Group.objects.get(name=group_name).permissions.add(permission_obj)
+
+# while the groups and permissions shouldn't be changed because the code
+# depends on them, what permissions go with what groups should be editable
+
-Connector.objects.create(
- identifier='openlibrary.org',
- name='OpenLibrary',
- connector_file='openlibrary',
- base_url='https://openlibrary.org',
- books_url='https://openlibrary.org',
- covers_url='https://covers.openlibrary.org',
- search_url='https://openlibrary.org/search?q=',
-)
Connector.objects.create(
identifier=DOMAIN,
@@ -31,3 +67,13 @@ Connector.objects.create(
search_url='https://%s/search?q=' % DOMAIN,
priority=1,
)
+
+Connector.objects.create(
+ identifier='openlibrary.org',
+ name='OpenLibrary',
+ connector_file='openlibrary',
+ base_url='https://openlibrary.org',
+ books_url='https://openlibrary.org',
+ covers_url='https://covers.openlibrary.org',
+ search_url='https://openlibrary.org/search?q=',
+)