From dc6555e31b5447fd2e0bdc2527a1efdc123b4389 Mon Sep 17 00:00:00 2001 From: Vladimir D Date: Thu, 25 Jul 2024 13:58:36 +0400 Subject: [PATCH] ability to add permissions on signup via social providers #7307 --- docs/configuration.md | 10 ++++++++++ src/paperless/adapter.py | 13 +++++++++++++ src/paperless/settings.py | 8 ++++++++ 3 files changed, 31 insertions(+) diff --git a/docs/configuration.md b/docs/configuration.md index 6f47c25be..ed50622c2 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -568,6 +568,16 @@ system. See the corresponding Defaults to True +#### [`SOCIALACCOUNT_DEFAULT_PERMISSIONS=`](#SOCIALACCOUNT_DEFAULT_PERMISSIONS) {#SOCIALACCOUNT_DEFAULT_PERMISSIONS} + +: By default, paperless doesn't add any permissions to users signed up via social account providers. + + This can be adjusted by configuring a custom json array with + codenames of permissions being added to users on the signup via social account providers. + + Defaults to `["view_uisettings"]`. + + #### [`PAPERLESS_ACCOUNT_ALLOW_SIGNUPS=`](#PAPERLESS_ACCOUNT_ALLOW_SIGNUPS) {#PAPERLESS_ACCOUNT_ALLOW_SIGNUPS} : Allow users to signup for a new Paperless-ngx account. diff --git a/src/paperless/adapter.py b/src/paperless/adapter.py index add2bf45d..c40c2dee3 100644 --- a/src/paperless/adapter.py +++ b/src/paperless/adapter.py @@ -7,6 +7,8 @@ from django.conf import settings from django.forms import ValidationError from django.urls import reverse +from django.apps import apps +from django.contrib.auth.models import Permission class CustomAccountAdapter(DefaultAccountAdapter): def is_open_for_signup(self, request): @@ -87,3 +89,14 @@ class CustomSocialAccountAdapter(DefaultSocialAccountAdapter): """ # TODO: If default global permissions are implemented, should also be here return super().populate_user(request, sociallogin, data) # pragma: no cover + + def save_user(self, request, sociallogin, form=None): + """ + Add the default permissions to users on signup + """ + user = super().save_user(request, sociallogin, form) + default_permission_codenames = getattr(settings, "SOCIALACCOUNT_DEFAULT_PERMISSIONS", []) + permissions = apps.get_model("auth", "Permission").objects.filter( codename__in=default_permission_codenames ) + for permission in permissions: + user.user_permissions.add(permission.id) + return user diff --git a/src/paperless/settings.py b/src/paperless/settings.py index 000904aef..9cb67457d 100644 --- a/src/paperless/settings.py +++ b/src/paperless/settings.py @@ -459,6 +459,14 @@ SOCIALACCOUNT_AUTO_SIGNUP = __get_boolean("PAPERLESS_SOCIAL_AUTO_SIGNUP") SOCIALACCOUNT_PROVIDERS = json.loads( os.getenv("PAPERLESS_SOCIALACCOUNT_PROVIDERS", "{}"), ) +SOCIALACCOUNT_DEFAULT_PERMISSIONS = list( + json.loads( + os.getenv( + "PAPERLESS_SOCIALACCOUNT_DEFAULT_PERMISSIONS", + '["view_uisettings"]', + ), + ), +) ACCOUNT_EMAIL_SUBJECT_PREFIX = "[Paperless-ngx] "