kers/users/migrations/0002_auto_20200724_2340.py
Midgard 17650b72ba
Allow admin password to be set from environment
Require password to be different from "admin" in production.
2020-07-25 11:35:43 +02:00

72 lines
2 KiB
Python

# Created manually
import logging
import os
from django.conf import settings
from django.contrib.auth import get_user_model
from django.core.management.sql import emit_post_migrate_signal
from django.db import migrations
from django.utils import timezone
logger = logging.getLogger(__name__)
ENV_USERNAME = 'KERS_ADMIN_USERNAME'
ENV_PASSWORD = 'KERS_ADMIN_PASSWORD'
def create_superuser(apps, schema_editor):
superuser = get_user_model()(
is_superuser=True,
is_staff=True,
username=os.environ.get(ENV_USERNAME, 'admin'),
last_login=timezone.now(),
)
dev_password = 'admin'
password = os.environ.get(ENV_PASSWORD, dev_password)
if password == dev_password:
log = logger.warning if settings.DEBUG else logger.error
log(f"Admin password is '{password}'. This is not for use in production. Set environment variable {ENV_PASSWORD} to choose a different password.")
if not settings.DEBUG:
raise Exception("Development admin password used in production")
superuser.set_password(password)
superuser.save()
kers_group_permissions = {
"Bestuur": [
"add_event",
"delete_event",
"change_event",
]
}
def add_group_permissions(apps, schema_editor):
db_alias = schema_editor.connection.alias
emit_post_migrate_signal(2, False, db_alias)
Group = apps.get_model('auth', 'Group')
Permission = apps.get_model('auth', 'Permission')
for group in kers_group_permissions:
role, created = Group.objects.get_or_create(name=group)
logger.info(f'{group} Group {"created" if created else "exists"}')
for perm in kers_group_permissions[group]:
role.permissions.add(Permission.objects.get(codename=perm))
logger.info(f'Permitting {group} to {perm}')
role.save()
class Migration(migrations.Migration):
dependencies = [
('users', '0001_initial'),
]
operations = [
migrations.RunPython(create_superuser),
migrations.RunPython(add_group_permissions),
]