#382: Change misago user perms from django admin

misago/users/admin.py

@@ -2,8 +2,11 @@ from django.conf.urls import url
 from django.conf.urls import url
 from django.contrib import admin as djadmin
 from django.contrib.auth import get_user_model
+from django.db import transaction
 from django.utils.translation import ugettext_lazy as _
 
+from misago.acl.models import Role
+
 from misago.users.views.admin.bans import BansList, NewBan, EditBan, DeleteBan
 from misago.users.views.admin.ranks import (RanksList, NewRank, EditRank,
                                             DeleteRank, MoveDownRank,
@@ -23,6 +26,8 @@ class UserAdmin(djadmin.ModelAdmin):
     fieldsets = (
         (_('User data'),
          {'fields': ('username', 'email', 'is_staff', 'is_superuser')}),
+        (_('Misago permissions'),
+         {'fields': ('rank', 'roles')}),
         (_('Change Django Permissions'),
          {'fields': ('groups', 'user_permissions')}),
     )
@@ -33,8 +38,30 @@ class UserAdmin(djadmin.ModelAdmin):
     def has_delete_permission(self, request, obj=None):
         return False
 
-djadmin.site.register(get_user_model(), UserAdmin)
+    def save_related(self, request, form, formsets, change):
+        with transaction.atomic():
+            obj = form.instance
+
+            obj.roles.clear()
+            obj.roles.add(*form.cleaned_data['roles'])
+
+            member_role = Role.objects.get(special_role='authenticated')
+            if not member_role.pk in [r.pk for r in form.cleaned_data['roles']]:
+                obj.roles.add(member_role)
 
+            # Update ACL key
+            obj.update_acl_key()
+            obj.save(update_fields=['acl_key'])
+
+            obj.groups.clear()
+            if form.cleaned_data['groups']:
+                obj.groups.add(*form.cleaned_data['groups'])
+
+            obj.user_permissions.clear()
+            if form.cleaned_data['user_permissions']:
+                obj.user_permissions.add(*form.cleaned_data['user_permissions'])
+
+djadmin.site.register(get_user_model(), UserAdmin)
 
 
 class MisagoAdminExtension(object):

misago/users/migrations/0001_initial.py

@@ -117,7 +117,7 @@ class Migration(migrations.Migration):
         migrations.AddField(
             model_name='user',
             name='rank',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to_field='id', blank=True, to='misago_users.Rank', null=True),
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to_field='id', to='misago_users.Rank'),
             preserve_default=True,
         ),
         migrations.CreateModel(

misago/users/models/user.py

@@ -165,15 +165,16 @@ class User(AbstractBaseUser, PermissionsMixin):
 
     timezone = models.CharField(max_length=255, default='utc')
 
-    rank = models.ForeignKey(
-        'Rank', null=True, blank=True, on_delete=models.PROTECT)
+    rank = models.ForeignKey('Rank', on_delete=models.PROTECT)
     title = models.CharField(max_length=255, null=True, blank=True)
     requires_activation = models.PositiveIntegerField(
         default=ACTIVATION_REQUIRED_NONE)
     is_staff = models.BooleanField(
         _('staff status'), default=False,
         help_text=_('Designates whether the user can log into admin sites.'))
-    roles = models.ManyToManyField('misago_acl.Role')
+    roles = models.ManyToManyField(
+        'misago_acl.Role',
+        help_text=_('Users always have "Member" role.'))
     acl_key = models.CharField(max_length=12, null=True, blank=True)
 
     is_avatar_banned = models.BooleanField(default=False)