migrations: Add migration to create system groups for internal realms.

There may be some internal realms which were created after applying "0382_create_role_based_system_groups.py" migration and this migration is used to create system groups for those realms.
2025-11-03 21:43:21 +00:00 · 2022-07-12 17:24:38 +05:30
parent 150f77aea2
commit aef0b6fad4
1 changed files with 168 additions and 0 deletions
--- a/zerver/migrations/0403_create_role_based_groups_for_internal_realms.py
+++ b/zerver/migrations/0403_create_role_based_groups_for_internal_realms.py
@@ -0,0 +1,168 @@
 # Generated by Django 3.2.13 on 2022-06-28 17:36
 from django.conf import settings
 from django.db import migrations, transaction
 from django.db.backends.postgresql.schema import BaseDatabaseSchemaEditor
 from django.db.migrations.state import StateApps
 from django.utils.timezone import now as timezone_now
 # This migration is a copy of
 # zerver/migrations/0402_alter_usertopic_visibility_policy.py" run
 # for the internal realm only.
 def create_role_based_system_groups_for_internal_realms(
    apps: StateApps, schema_editor: BaseDatabaseSchemaEditor
 ) -> None:
    Realm = apps.get_model("zerver", "Realm")
    UserProfile = apps.get_model("zerver", "UserProfile")
    UserGroup = apps.get_model("zerver", "UserGroup")
    GroupGroupMembership = apps.get_model("zerver", "GroupGroupMembership")
    UserGroupMembership = apps.get_model("zerver", "UserGroupMembership")
    UserProfile.ROLE_REALM_OWNER = 100
    UserProfile.ROLE_REALM_ADMINISTRATOR = 200
    UserProfile.ROLE_MODERATOR = 300
    UserProfile.ROLE_MEMBER = 400
    UserProfile.ROLE_GUEST = 600
    try:
        realm = Realm.objects.get(string_id=settings.SYSTEM_BOT_REALM)
    except Realm.DoesNotExist:
        # Server not initialized, or no system bot realm. Either way,
        # we shouldn't do anything.
        return
    SYSTEM_USER_GROUP_ROLE_MAP = {
        UserProfile.ROLE_REALM_OWNER: {
            "name": "@role:owners",
            "description": "Owners of this organization",
        },
        UserProfile.ROLE_REALM_ADMINISTRATOR: {
            "name": "@role:administrators",
            "description": "Administrators of this organization, including owners",
        },
        UserProfile.ROLE_MODERATOR: {
            "name": "@role:moderators",
            "description": "Moderators of this organization, including administrators",
        },
        UserProfile.ROLE_MEMBER: {
            "name": "@role:members",
            "description": "Members of this organization, not including guests",
        },
        UserProfile.ROLE_GUEST: {
            "name": "@role:everyone",
            "description": "Everyone in this organization, including guests",
        },
    }
    with transaction.atomic():
        if UserGroup.objects.filter(
            realm=realm, name="@role:internet", is_system_group=True
        ).exists():
            # Handle the case where we are rerunning after a
            # failure, and had already created groups.
            return
        role_system_groups_dict = {}
        for role in SYSTEM_USER_GROUP_ROLE_MAP.keys():
            user_group_params = SYSTEM_USER_GROUP_ROLE_MAP[role]
            user_group = UserGroup(
                name=user_group_params["name"],
                description=user_group_params["description"],
                realm=realm,
                is_system_group=True,
            )
            role_system_groups_dict[role] = user_group
        full_members_system_group = UserGroup(
            name="@role:fullmembers",
            description="Members of this organization, not including new accounts and guests",
            realm=realm,
            is_system_group=True,
        )
        everyone_on_internet_system_group = UserGroup(
            name="@role:internet",
            description="Everyone on the Internet",
            realm=realm,
            is_system_group=True,
        )
        system_user_groups_list = [
            role_system_groups_dict[UserProfile.ROLE_REALM_OWNER],
            role_system_groups_dict[UserProfile.ROLE_REALM_ADMINISTRATOR],
            role_system_groups_dict[UserProfile.ROLE_MODERATOR],
            full_members_system_group,
            role_system_groups_dict[UserProfile.ROLE_MEMBER],
            role_system_groups_dict[UserProfile.ROLE_GUEST],
            everyone_on_internet_system_group,
        ]
        UserGroup.objects.bulk_create(system_user_groups_list)
        subgroup_objects = []
        subgroup, remaining_groups = system_user_groups_list[0], system_user_groups_list[1:]
        for supergroup in remaining_groups:
            subgroup_objects.append(GroupGroupMembership(subgroup=subgroup, supergroup=supergroup))
            subgroup = supergroup
        GroupGroupMembership.objects.bulk_create(subgroup_objects)
        users = UserProfile.objects.filter(realm=realm).only("id", "role", "date_joined")
        group_membership_objects = []
        for user in users:
            system_group = role_system_groups_dict[user.role]
            group_membership_objects.append(
                UserGroupMembership(user_profile=user, user_group=system_group)
            )
            if (
                user.role == UserProfile.ROLE_MEMBER
                and (timezone_now() - user.date_joined).days >= realm.waiting_period_threshold
            ):
                group_membership_objects.append(
                    UserGroupMembership(user_profile=user, user_group=full_members_system_group)
                )
        UserGroupMembership.objects.bulk_create(group_membership_objects)
 def delete_role_based_system_groups_for_internal_realms(
    apps: StateApps, schema_editor: BaseDatabaseSchemaEditor
 ) -> None:
    UserGroup = apps.get_model("zerver", "UserGroup")
    GroupGroupMembership = apps.get_model("zerver", "GroupGroupMembership")
    UserGroupMembership = apps.get_model("zerver", "UserGroupMembership")
    Realm = apps.get_model("zerver", "Realm")
    try:
        realm = Realm.objects.get(string_id=settings.SYSTEM_BOT_REALM)
    except Realm.DoesNotExist:
        # Server not initialized, or no system bot realm. Either way, we shouldn't do anything.
        return
    with transaction.atomic():
        GroupGroupMembership.objects.filter(subgroup__realm=realm).delete()
        UserGroupMembership.objects.filter(
            user_group__realm=realm, user_group__is_system_group=True
        ).delete()
        UserGroup.objects.filter(realm=realm, is_system_group=True).delete()
 class Migration(migrations.Migration):
    """This migration is a copy of
    "zerver/migrations/0402_alter_usertopic_visibility_policy.py" run
    for the internal realm only.
    """
    dependencies = [
        ("zerver", "0402_alter_usertopic_visibility_policy"),
    ]
    operations = [
        migrations.RunPython(
            create_role_based_system_groups_for_internal_realms,
            reverse_code=delete_role_based_system_groups_for_internal_realms,
            elidable=True,
        ),
    ]