paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 14:03:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c9d527603164b580c3ba96cbb6eea32b7c61991f
zulip/zerver/migrations/0602_remap_can_manage_all_groups.py
Shubham Padia c9d5276031 user_groups: Set can_manage_all_groups to administrator group. 
Earlier we use to restrict admins, moderators or members of a group to
manage that group if they were part of the realm wide
`can_manage_all_groups`. We will not do that anymore and even
non-members of a group regardless of role can manage a group if they are
part of `can_manage_all_groups`.

See
https://chat.zulip.org/#narrow/stream/101-design/topic/Group.20add.20members.20dropdown/near/1952902
to check more about the migration plan for which this is the last step.
2024-10-11 16:31:18 -07:00

57 lines
2.0 KiB
Python
Raw Blame History

# Generated by Django 5.0.9 on 2024-10-10 10:41
from django.db import migrations, transaction
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
from django.db.migrations.state import StateApps
from django.db.models import Max, Min, OuterRef
def remap_can_manage_all_groups_for_existing_realms(
apps: StateApps, schema_editor: BaseDatabaseSchemaEditor
) -> None:
Realm = apps.get_model("zerver", "Realm")
NamedUserGroup = apps.get_model("zerver", "NamedUserGroup")
BATCH_SIZE = 1000
max_id = NamedUserGroup.objects.aggregate(Max("id"))["id__max"]
if max_id is None:
# Do nothing if there are no user groups on the server.
return
lower_bound = NamedUserGroup.objects.aggregate(Min("id"))["id__min"]
while lower_bound <= max_id:
upper_bound = lower_bound + BATCH_SIZE - 1
print(f"Processing batch {lower_bound} to {upper_bound} for NamedUserGroup")
with transaction.atomic():
# Since can_manage_group, can_add_members_group, etc. have
# migrated to the nearest possible value from
# user_group_edit_policy, we want to set
# can_manage_all_groups to the most restrictive setting
# previously possible. We've chosen administrators as the
# value here since the highest possible
# user_group_edit_policy was with role administrators.
Realm.objects.update(
can_manage_all_groups=NamedUserGroup.objects.filter(
name="role:administrators", realm=OuterRef("id"), is_system_group=True
).values("pk")
)
lower_bound += BATCH_SIZE
class Migration(migrations.Migration):
atomic = False
dependencies = [
("zerver", "0601_alter_namedusergroup_can_add_members_group"),
]
operations = [
migrations.RunPython(
remap_can_manage_all_groups_for_existing_realms,
elidable=True,
reverse_code=migrations.RunPython.noop,
)
]
Reference in New Issue View Git Blame Copy Permalink