See #236: backend for users default permissions

api/funkwhale_api/users/dynamic_preferences_registry.py

@@ -1,6 +1,10 @@
 from dynamic_preferences import types
 from dynamic_preferences.registries import global_preferences_registry
 
+from funkwhale_api.common import preferences as common_preferences
+
+from . import models
+
 users = types.Section('users')
 
 
@@ -14,3 +18,23 @@ class RegistrationEnabled(types.BooleanPreference):
     help_text = (
         'When enabled, new users will be able to register on this instance.'
     )
+
+
+@global_preferences_registry.register
+class DefaultPermissions(common_preferences.StringListPreference):
+    show_in_api = True
+    section = users
+    name = 'default_permissions'
+    default = []
+    verbose_name = 'Default permissions'
+    help_text = (
+        'A list of default preferences to give to all registered users.'
+    )
+    choices = [
+        (k, c['label'])
+        for k, c in models.PERMISSIONS_CONFIGURATION.items()
+    ]
+    field_kwargs = {
+        'choices': choices,
+        'required': False,
+    }

api/funkwhale_api/users/models.py

@@ -13,18 +13,33 @@ from django.utils.encoding import python_2_unicode_compatible
 from django.utils.translation import ugettext_lazy as _
 
 from funkwhale_api.common import fields
+from funkwhale_api.common import preferences
 
 
 def get_token():
     return binascii.b2a_hex(os.urandom(15)).decode('utf-8')
 
 
-PERMISSIONS = [
-    'federation',
-    'library',
-    'settings',
-    'upload',
-]
+PERMISSIONS_CONFIGURATION = {
+    'federation': {
+        'label': 'Manage library federation',
+        'help_text': 'Follow other instances, accept/deny library follow requests...',
+    },
+    'library': {
+        'label': 'Manage library',
+        'help_text': 'Manage library',
+    },
+    'settings': {
+        'label': 'Manage instance-level settings',
+        'help_text': '',
+    },
+    'upload': {
+        'label': 'Upload new content to the library',
+        'help_text': '',
+    },
+}
+
+PERMISSIONS = sorted(PERMISSIONS_CONFIGURATION.keys())
 
 
 @python_2_unicode_compatible
@@ -48,27 +63,34 @@ class User(AbstractUser):
 
     # permissions
     permission_federation = models.BooleanField(
-        'Manage library federation',
-        help_text='Follow other instances, accept/deny library follow requests...',
+        PERMISSIONS_CONFIGURATION['federation']['label'],
+        help_text=PERMISSIONS_CONFIGURATION['federation']['help_text'],
         default=False)
     permission_library = models.BooleanField(
-        'Manage library',
-        help_text='Manage library',
+        PERMISSIONS_CONFIGURATION['library']['label'],
+        help_text=PERMISSIONS_CONFIGURATION['library']['help_text'],
         default=False)
     permission_settings = models.BooleanField(
-        'Manage instance-level settings',
+        PERMISSIONS_CONFIGURATION['settings']['label'],
+        help_text=PERMISSIONS_CONFIGURATION['settings']['help_text'],
         default=False)
     permission_upload = models.BooleanField(
-        'Upload new content to the library',
+        PERMISSIONS_CONFIGURATION['upload']['label'],
+        help_text=PERMISSIONS_CONFIGURATION['upload']['help_text'],
         default=False)
 
     def __str__(self):
         return self.username
 
     def get_permissions(self):
+        defaults = preferences.get('users__default_permissions')
         perms = {}
         for p in PERMISSIONS:
-            v = self.is_superuser or getattr(self, 'permission_{}'.format(p))
+            v = (
+                self.is_superuser or
+                getattr(self, 'permission_{}'.format(p)) or
+                p in defaults
+            )
             perms[p] = v
         return perms
 

api/tests/users/test_models.py

@@ -41,6 +41,17 @@ def test_get_permissions_regular(factories):
             assert perms[p] is False
 
 
+def test_get_permissions_default(factories, preferences):
+    preferences['users__default_permissions'] = ['upload', 'federation']
+    user = factories['users.User']()
+
+    perms = user.get_permissions()
+    assert perms['upload'] is True
+    assert perms['federation'] is True
+    assert perms['library'] is False
+    assert perms['settings'] is False
+
+
 @pytest.mark.parametrize('args,perms,expected', [
     ({'is_superuser': True}, ['federation', 'library'], True),
     ({'is_superuser': False}, ['federation'], False),