guilan-ace-backend/apps/blog/management/commands/sync_blog_roles.py

from django.contrib.auth.models import Group, Permission
from django.contrib.contenttypes.models import ContentType
from django.core.management.base import BaseCommand

from apps.blog.models import Category, Post, Tag
from apps.blog.permissions import (
    ASSOCIATION_ADMIN_GROUP,
    BLOG_EDITOR_GROUP,
    BLOG_SUPERVISOR_GROUP,
)


class Command(BaseCommand):
    help = "Create or refresh blog role groups and their permissions."

    def handle(self, *args, **options):
        post_ct = ContentType.objects.get_for_model(Post)
        category_ct = ContentType.objects.get_for_model(Category)
        tag_ct = ContentType.objects.get_for_model(Tag)

        specs = [
            (post_ct, "add_post", "Can add post"),
            (post_ct, "change_post", "Can change post"),
            (post_ct, "access_blog_admin", "Can access blog admin"),
            (post_ct, "upload_blog_asset", "Can upload blog assets"),
            (post_ct, "review_blog_post", "Can review blog posts"),
            (post_ct, "publish_blog_post", "Can publish blog posts"),
            (post_ct, "moderate_blog_comment", "Can moderate blog comments"),
            (category_ct, "add_category", "Can add category"),
            (category_ct, "change_category", "Can change category"),
            (tag_ct, "add_tag", "Can add tag"),
            (tag_ct, "change_tag", "Can change tag"),
        ]

        permissions = {}
        for content_type, codename, name in specs:
            permission, _ = Permission.objects.get_or_create(
                content_type=content_type,
                codename=codename,
                defaults={"name": name},
            )
            permissions[codename] = permission

        editor, _ = Group.objects.get_or_create(name=BLOG_EDITOR_GROUP)
        editor.permissions.set(
            [
                permissions["add_post"],
                permissions["change_post"],
                permissions["access_blog_admin"],
                permissions["upload_blog_asset"],
            ]
        )

        supervisor, _ = Group.objects.get_or_create(name=BLOG_SUPERVISOR_GROUP)
        supervisor.permissions.set(
            [
                permissions["add_post"],
                permissions["change_post"],
                permissions["access_blog_admin"],
                permissions["upload_blog_asset"],
                permissions["review_blog_post"],
                permissions["publish_blog_post"],
                permissions["moderate_blog_comment"],
                permissions["add_category"],
                permissions["change_category"],
                permissions["add_tag"],
                permissions["change_tag"],
            ]
        )

        Group.objects.get_or_create(name=ASSOCIATION_ADMIN_GROUP)
        self.stdout.write(self.style.SUCCESS("Blog role groups synchronized."))