#593: move acl roles to jsons

misago/acl/migrations/0001_initial.py

@@ -1,8 +1,11 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals
 
+from django.contrib.postgres.fields import JSONField
 from django.db import migrations, models
 
+from misago.acl.models import permissions_default
+
 
 class Migration(migrations.Migration):
 
@@ -16,7 +19,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                 ('name', models.CharField(max_length=255)),
                 ('special_role', models.CharField(max_length=255, null=True, blank=True)),
-                ('pickled_permissions', models.TextField(null=True, blank=True)),
+                ('permissions', JSONField(default=permissions_default)),
             ],
             options={
                 'abstract': False,

misago/acl/migrations/0003_default_roles.py

@@ -4,20 +4,14 @@ from __future__ import unicode_literals
 from django.db import migrations
 from django.utils.translation import ugettext as _
 
-from misago.core import serializer
-
-
-def pickle_permissions(role, permissions):
-    role.pickled_permissions = serializer.dumps(permissions)
-
 
 def create_default_roles(apps, schema_editor):
     Role = apps.get_model('misago_acl', 'Role')
 
-    role = Role(name=_("Member"), special_role='authenticated')
-    pickle_permissions(
-        role,
-        {
+    Role.objects.create(
+        name=_("Member"),
+        special_role='authenticated',
+        permissions={
             # account
             'misago.users.permissions.account': {
                 'name_changes_allowed': 2,
@@ -55,13 +49,13 @@ def create_default_roles(apps, schema_editor):
             'misago.search.permissions': {
                 'can_search': 1,
             },
-        })
-    role.save()
+        }
+    )
 
-    role = Role(name=_("Guest"), special_role='anonymous')
-    pickle_permissions(
-        role,
-        {
+    Role.objects.create(
+        name=_("Guest"),
+        special_role='anonymous',
+        permissions={
             # account
             'misago.users.permissions.account': {
                 'name_changes_allowed': 0,
@@ -90,13 +84,12 @@ def create_default_roles(apps, schema_editor):
             'misago.search.permissions': {
                 'can_search': 1,
             },
-        })
-    role.save()
+        }
+    )
 
-    role = Role(name=_("Moderator"))
-    pickle_permissions(
-        role,
-        {
+    Role.objects.create(
+        name=_("Moderator"),
+        permissions={
             # account
             'misago.users.permissions.account': {
                 'name_changes_allowed': 5,
@@ -158,35 +151,32 @@ def create_default_roles(apps, schema_editor):
                 'can_delete_users_newer_than': 0,
                 'can_delete_users_with_less_posts_than': 0,
             },
-        })
-    role.save()
+        }
+    )
 
-    role = Role(name=_("See warnings"))
-    pickle_permissions(
-        role,
-        {
+    Role.objects.create(
+        name=_("See warnings"),
+        permissions={
             # warnings
             'misago.users.permissions.warnings': {
                 'can_see_other_users_warnings': 1,
             },
-        })
-    role.save()
+        }
+    )
 
-    role = Role(name=_("Renaming users"))
-    pickle_permissions(
-        role,
-        {
+    Role.objects.create(
+        name=_("Renaming users"),
+        permissions={
             # rename users
             'misago.users.permissions.moderation': {
                 'can_rename_users': 1,
             },
-        })
-    role.save()
+        }
+    )
 
-    role = Role(name=_("Banning users"))
-    pickle_permissions(
-        role,
-        {
+    Role.objects.create(
+        name=_("Banning users"),
+        permissions={
             # ban users
             'misago.users.permissions.profiles': {
                 'can_see_ban_details': 1,
@@ -198,36 +188,33 @@ def create_default_roles(apps, schema_editor):
                 'can_lift_bans': 1,
                 'max_lifted_ban_length': 14,
             },
-        })
-    role.save()
+        }
+    )
 
-    role = Role(name=_("Deleting users"))
-    pickle_permissions(
-        role,
-        {
+    Role.objects.create(
+        name=_("Deleting users"),
+        permissions={
             # delete users
             'misago.users.permissions.delete': {
                 'can_delete_users_newer_than': 3,
                 'can_delete_users_with_less_posts_than': 7,
             },
-        })
-    role.save()
+        }
+    )
 
-    role = Role(name=_("Can't be blocked"))
-    pickle_permissions(
-        role,
-        {
+    Role.objects.create(
+        name=_("Can't be blocked"),
+        permissions={
             # profiles
             'misago.users.permissions.profiles': {
                 'can_be_blocked': 0,
             },
-        })
-    role.save()
+        }
+    )
 
-    role = Role(name=_("Private threads"))
-    pickle_permissions(
-        role,
-        {
+    Role.objects.create(
+        name=_("Private threads"),
+        permissions={
             # private threads
             'misago.threads.permissions.privatethreads': {
                 'can_use_private_threads': 1,
@@ -237,13 +224,12 @@ def create_default_roles(apps, schema_editor):
                 'can_report_private_threads': 1,
                 'can_moderate_private_threads': 0,
             },
-        })
-    role.save()
+        }
+    )
 
-    role = Role(name=_("Private threads moderator"))
-    pickle_permissions(
-        role,
-        {
+    Role.objects.create(
+        name=_("Private threads moderator"),
+        permissions={
             # private threads
             'misago.threads.permissions.privatethreads': {
                 'can_use_private_threads': 1,
@@ -253,8 +239,8 @@ def create_default_roles(apps, schema_editor):
                 'can_report_private_threads': 1,
                 'can_moderate_private_threads': 1,
             },
-        })
-    role.save()
+        }
+    )
 
 
 class Migration(migrations.Migration):

misago/acl/models.py

@@ -1,19 +1,20 @@
 # pylint: disable=attribute-defined-outside-init,pointless-string-statement
+from django.contrib.postgres.fields import JSONField
 from django.db import models
-from django.dispatch import receiver
 from django.utils.encoding import python_2_unicode_compatible
 
-from misago.core import serializer
-from misago.core.signals import secret_key_changed
-
 from . import version as acl_version
 
 
+def permissions_default():
+    return {}
+
+
 @python_2_unicode_compatible
 class BaseRole(models.Model):
     name = models.CharField(max_length=255)
     special_role = models.CharField(max_length=255, null=True, blank=True)
-    pickled_permissions = models.TextField(null=True, blank=True)
+    permissions = JSONField(default=permissions_default)
 
     class Meta:
         abstract = True
@@ -30,35 +31,6 @@ class BaseRole(models.Model):
         acl_version.invalidate()
         return super(BaseRole, self).delete(*args, **kwargs)
 
-    @property
-    def permissions(self):
-        try:
-            return self.permissions_cache
-        except AttributeError:
-            if self.pickled_permissions:
-                self.permissions_cache = serializer.loads(
-                    self.pickled_permissions)
-            else:
-                self.permissions_cache = {}
-        return self.permissions_cache
-
-    @permissions.setter
-    def permissions(self, permissions):
-        self.permissions_cache = permissions
-        self.pickled_permissions = serializer.dumps(permissions)
-
 
 class Role(BaseRole):
     pass
-
-
-"""
-Signal handlers
-"""
-@receiver(secret_key_changed)
-def update_roles_pickles(sender, **kwargs):
-    for role in Role.objects.iterator():
-        if role.pickled_permissions:
-            role.pickled_permissions = serializer.regenerate_checksum(
-                role.pickled_permissions)
-            role.save(update_fields=['pickled_permissions'])

misago/categories/migrations/0001_initial.py

@@ -3,10 +3,13 @@ from __future__ import unicode_literals
 
 import mptt.fields
 
-import django.db.models.deletion
 from django.conf import settings
+from django.contrib.postgres.fields import JSONField
+import django.db.models.deletion
 from django.db import migrations, models
 
+from misago.acl.models import permissions_default
+
 
 class Migration(migrations.Migration):
 
@@ -54,7 +57,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                 ('name', models.CharField(max_length=255)),
                 ('special_role', models.CharField(max_length=255, null=True, blank=True)),
-                ('pickled_permissions', models.TextField(null=True, blank=True)),
+                ('permissions', JSONField(default=permissions_default)),
             ],
             options={
                 'abstract': False,

misago/categories/migrations/0003_categories_roles.py

@@ -4,12 +4,6 @@ from __future__ import unicode_literals
 from django.db import migrations, models
 from django.utils.translation import ugettext as _
 
-from misago.core import serializer
-
-
-def pickle_permissions(role, permissions):
-    role.pickled_permissions = serializer.dumps(permissions)
-
 
 def create_default_categories_roles(apps, schema_editor):
     """
@@ -17,20 +11,20 @@ def create_default_categories_roles(apps, schema_editor):
     """
     CategoryRole = apps.get_model('misago_categories', 'CategoryRole')
 
-    see_only = CategoryRole(name=_('See only'))
-    pickle_permissions(see_only,
-        {
+    see_only = CategoryRole.objects.create(
+        name=_('See only'),
+        permissions={
             # categories perms
             'misago.categories.permissions': {
                 'can_see': 1,
                 'can_browse': 0
             },
-        })
-    see_only.save()
+        }
+    )
 
-    read_only = CategoryRole(name=_('Read only'))
-    pickle_permissions(read_only,
-        {
+    read_only = CategoryRole.objects.create(
+        name=_('Read only'),
+        permissions={
             # categories perms
             'misago.categories.permissions': {
                 'can_see': 1,
@@ -44,12 +38,12 @@ def create_default_categories_roles(apps, schema_editor):
                 'can_download_other_users_attachments': 1,
                 'can_like_posts': 1
             },
-        })
-    read_only.save()
+        }
+    )
 
-    reply_only = CategoryRole(name=_('Reply to threads'))
-    pickle_permissions(reply_only,
-        {
+    reply_only = CategoryRole.objects.create(
+        name=_('Reply to threads'),
+        permissions={
             # categories perms
             'misago.categories.permissions': {
                 'can_see': 1,
@@ -66,12 +60,12 @@ def create_default_categories_roles(apps, schema_editor):
                 'can_see_posts_likes': 2,
                 'can_like_posts': 1
             },
-        })
-    reply_only.save()
+        }
+    )
 
-    standard = CategoryRole(name=_('Start and reply threads'))
-    pickle_permissions(standard,
-        {
+    standard = CategoryRole.objects.create(
+        name=_('Start and reply threads'),
+        permissions={
             # categories perms
             'misago.categories.permissions': {
                 'can_see': 1,
@@ -90,12 +84,12 @@ def create_default_categories_roles(apps, schema_editor):
                 'can_see_posts_likes': 2,
                 'can_like_posts': 1
             },
-        })
-    standard.save()
+        }
+    )
 
-    standard_with_polls = CategoryRole(name=_('Start and reply threads, make polls'))
-    pickle_permissions(standard_with_polls,
-        {
+    standard_with_polls = CategoryRole.objects.create(
+        name=_('Start and reply threads, make polls'),
+        permissions={
             # categories perms
             'misago.categories.permissions': {
                 'can_see': 1,
@@ -114,12 +108,12 @@ def create_default_categories_roles(apps, schema_editor):
                 'can_see_posts_likes': 2,
                 'can_like_posts': 1
             },
-        })
-    standard_with_polls.save()
+        }
+    )
 
-    moderator = CategoryRole(name=_('Moderator'))
-    pickle_permissions(moderator,
-        {
+    moderator = CategoryRole.objects.create(
+        name=_('Moderator'),
+        permissions={
             # categories perms
             'misago.categories.permissions': {
                 'can_see': 1,
@@ -157,41 +151,33 @@ def create_default_categories_roles(apps, schema_editor):
                 'can_see_reports': 1,
                 'can_hide_events': 2
             },
-        })
-    moderator.save()
+        }
+    )
 
-    """
-    Assign category roles to roles
-    """
+    # assign category roles to roles
     Category = apps.get_model('misago_categories', 'Category')
     Role = apps.get_model('misago_acl', 'Role')
     RoleCategoryACL = apps.get_model('misago_categories', 'RoleCategoryACL')
 
-    moderators = Role.objects.get(name=_('Moderator'))
-    members = Role.objects.get(special_role='authenticated')
-    guests = Role.objects.get(special_role='anonymous')
-
     category = Category.objects.get(tree_id=1, level=1)
 
-    RoleCategoryACL.objects.bulk_create([
-        RoleCategoryACL(
-            role=moderators,
-            category=category,
-            category_role=moderator
-        ),
-
-        RoleCategoryACL(
-            role=members,
-            category=category,
-            category_role=standard
-        ),
-
-        RoleCategoryACL(
-            role=guests,
-            category=category,
-            category_role=read_only
-        ),
-    ])
+    RoleCategoryACL.objects.create(
+        role=Role.objects.get(name=_('Moderator')),
+        category=category,
+        category_role=moderator
+    )
+
+    RoleCategoryACL.objects.create(
+        role=Role.objects.get(special_role='authenticated'),
+        category=category,
+        category_role=standard
+    )
+
+    RoleCategoryACL.objects.create(
+        role=Role.objects.get(special_role='anonymous'),
+        category=category,
+        category_role=read_only
+    )
 
 
 class Migration(migrations.Migration):