users: Create an ACL group for Pilotage

itou/users/management/commands/sync_group_and_perms.py

@@ -8,6 +8,7 @@
 PERMS_DELETE = {"change", "delete", "view"}
 PERMS_ADD = {"add", "change", "view"}
 PERMS_EDIT = {"change", "view"}
+PERMS_HIJACK = {"view", "hijack"}
 PERMS_READ = {"view"}
 
 
@@ -82,6 +83,23 @@ def get_permissions_dict():
         users_models.User: PERMS_ADD,
         users_models.JobSeekerProfile: PERMS_EDIT,
     }
+    group_pilotage_admin_permissions = {
+        analytics_models.StatsDashboardVisit: PERMS_READ,
+        approvals_models.Approval: PERMS_READ,
+        approvals_models.CancelledApproval: PERMS_READ,
+        approvals_models.PoleEmploiApproval: PERMS_READ,
+        approvals_models.Prolongation: PERMS_READ,
+        approvals_models.Suspension: PERMS_READ,
+        companies_models.Company: PERMS_READ,
+        companies_models.CompanyMembership: PERMS_READ,
+        institution_models.Institution: PERMS_ADD,
+        institution_models.InstitutionMembership: PERMS_ADD,
+        job_applications_models.JobApplication: PERMS_READ,
+        job_applications_models.JobApplicationTransitionLog: PERMS_READ,
+        prescribers_models.PrescriberOrganization: PERMS_READ,
+        prescribers_models.PrescriberMembership: PERMS_READ,
+        users_models.User: PERMS_HIJACK,
+    }
 
     return {
         "itou-admin": {
@@ -100,6 +118,14 @@ def get_permissions_dict():
             **{model: PERMS_READ for model in group_gps_admin_permissions},
             **{model: PERMS_READ for model in always_read_only_models if model in group_gps_admin_permissions},
         },
+        "pilotage-admin": {
+            **group_pilotage_admin_permissions,
+            **{model: PERMS_READ for model in always_read_only_models if model in group_pilotage_admin_permissions},
+        },
+        "pilotage-admin-readonly": {
+            **{model: PERMS_READ for model in group_pilotage_admin_permissions},
+            **{model: PERMS_READ for model in always_read_only_models if model in group_pilotage_admin_permissions},
+        },
     }
 
 

tests/users/__snapshots__/test_sync_group_and_perms.ambr

@@ -160,12 +160,57 @@
     'view_user',
   ])
 # ---
+# name: test_command[pilotage-admin-readonly]
+  list([
+    'view_statsdashboardvisit',
+    'view_approval',
+    'view_cancelledapproval',
+    'view_poleemploiapproval',
+    'view_prolongation',
+    'view_suspension',
+    'view_company',
+    'view_companymembership',
+    'view_institution',
+    'view_institutionmembership',
+    'view_jobapplication',
+    'view_jobapplicationtransitionlog',
+    'view_prescribermembership',
+    'view_prescriberorganization',
+    'view_user',
+  ])
+# ---
+# name: test_command[pilotage-admin]
+  list([
+    'view_statsdashboardvisit',
+    'view_approval',
+    'view_cancelledapproval',
+    'view_poleemploiapproval',
+    'view_prolongation',
+    'view_suspension',
+    'view_company',
+    'view_companymembership',
+    'add_institution',
+    'change_institution',
+    'view_institution',
+    'add_institutionmembership',
+    'change_institutionmembership',
+    'view_institutionmembership',
+    'view_jobapplication',
+    'view_jobapplicationtransitionlog',
+    'view_prescribermembership',
+    'view_prescriberorganization',
+    'hijack_user',
+    'view_user',
+  ])
+# ---
 # name: test_command[stdout]
   '''
   group name=gps-admin created
   group name=gps-admin-readonly created
   group name=itou-admin created
   group name=itou-admin-readonly created
+  group name=pilotage-admin created
+  group name=pilotage-admin-readonly created
   All done!
 
   '''