Removing some permissions on listing and on default permissions of default roles

taiga/base/users/api.py

@@ -25,8 +25,26 @@ from .serializers import UserSerializer, RecoverySerializer, PermissionSerialize
 class PermissionsViewSet(ModelListViewSet):
     permission_classes = (IsAuthenticated,)
     serializer_class = PermissionSerializer
-    queryset = Permission.objects.all()
     paginate_by = 0
+    excluded_codenames = [
+        "add_logentry", "change_logentry", "delete_logentry",
+        "add_group", "change_group", "delete_group",
+        "add_permission", "change_permission", "delete_permission",
+        "add_contenttype", "change_contenttype", "delete_contenttype",
+        "add_message", "change_message", "delete_message",
+        "add_domain", "change_domain", "delete_domain",
+        "add_session", "change_session", "delete_session",
+        "add_migrationhistory", "change_migrationhistory", "delete_migrationhistory",
+        "add_version", "change_version", "delete_version",
+        "add_revision", "change_revision", "delete_revision",
+        "add_questionstatus", "change_questionstatus", "delete_questionstatus", "view_questionstatus",
+        "add_user", "delete_user",
+        "add_project",
+        "add_domainmember", "change_domainmember", "delete_domainmember",
+    ]
+
+    def get_queryset(self):
+        return Permission.objects.exclude(codename__in=self.excluded_codenames)
 
 
 class UsersViewSet(ModelCrudViewSet):

taiga/projects/choices.py

@@ -67,9 +67,6 @@ QUESTION_STATUS = (
 
 ROLES = (
     (10, "ux", "UX", True, [
-        [ "add_message", "djmail", "message" ],
-        [ "change_message", "djmail", "message" ],
-        [ "delete_message", "djmail", "message" ],
         [ "add_issue", "issues", "issue" ],
         [ "change_issue", "issues", "issue" ],
         [ "delete_issue", "issues", "issue" ],
@@ -106,10 +103,6 @@ ROLES = (
         [ "change_project", "projects", "project" ],
         [ "delete_project", "projects", "project" ],
         [ "view_project", "projects", "project" ],
-        [ "add_questionstatus", "projects", "questionstatus" ],
-        [ "change_questionstatus", "projects", "questionstatus" ],
-        [ "delete_questionstatus", "projects", "questionstatus" ],
-        [ "view_questionstatus", "projects", "questionstatus" ],
         [ "add_severity", "projects", "severity" ],
         [ "change_severity", "projects", "severity" ],
         [ "delete_severity", "projects", "severity" ],
@@ -130,9 +123,7 @@ ROLES = (
         [ "change_role", "users", "role" ],
         [ "delete_role", "users", "role" ],
         [ "view_role", "users", "role" ],
-        [ "add_user", "users", "user" ],
         [ "change_user", "users", "user" ],
-        [ "delete_user", "users", "user" ],
         [ "view_user", "users", "user" ],
         [ "add_rolepoints", "userstories", "rolepoints" ],
         [ "change_rolepoints", "userstories", "rolepoints" ],
@@ -148,9 +139,6 @@ ROLES = (
         [ "view_wikipage", "wiki", "wikipage" ]
     ]),
     (20, "design", "Design", True, [
-        [ "add_message", "djmail", "message" ],
-        [ "change_message", "djmail", "message" ],
-        [ "delete_message", "djmail", "message" ],
         [ "add_issue", "issues", "issue" ],
         [ "change_issue", "issues", "issue" ],
         [ "delete_issue", "issues", "issue" ],
@@ -187,10 +175,6 @@ ROLES = (
         [ "change_project", "projects", "project" ],
         [ "delete_project", "projects", "project" ],
         [ "view_project", "projects", "project" ],
-        [ "add_questionstatus", "projects", "questionstatus" ],
-        [ "change_questionstatus", "projects", "questionstatus" ],
-        [ "delete_questionstatus", "projects", "questionstatus" ],
-        [ "view_questionstatus", "projects", "questionstatus" ],
         [ "add_severity", "projects", "severity" ],
         [ "change_severity", "projects", "severity" ],
         [ "delete_severity", "projects", "severity" ],
@@ -211,9 +195,7 @@ ROLES = (
         [ "change_role", "users", "role" ],
         [ "delete_role", "users", "role" ],
         [ "view_role", "users", "role" ],
-        [ "add_user", "users", "user" ],
         [ "change_user", "users", "user" ],
-        [ "delete_user", "users", "user" ],
         [ "view_user", "users", "user" ],
         [ "add_rolepoints", "userstories", "rolepoints" ],
         [ "change_rolepoints", "userstories", "rolepoints" ],
@@ -229,9 +211,6 @@ ROLES = (
         [ "view_wikipage", "wiki", "wikipage" ]
     ]),
     (30, "front", "Front", True, [
-        [ "add_message", "djmail", "message" ],
-        [ "change_message", "djmail", "message" ],
-        [ "delete_message", "djmail", "message" ],
         [ "add_issue", "issues", "issue" ],
         [ "change_issue", "issues", "issue" ],
         [ "delete_issue", "issues", "issue" ],
@@ -268,10 +247,6 @@ ROLES = (
         [ "change_project", "projects", "project" ],
         [ "delete_project", "projects", "project" ],
         [ "view_project", "projects", "project" ],
-        [ "add_questionstatus", "projects", "questionstatus" ],
-        [ "change_questionstatus", "projects", "questionstatus" ],
-        [ "delete_questionstatus", "projects", "questionstatus" ],
-        [ "view_questionstatus", "projects", "questionstatus" ],
         [ "add_severity", "projects", "severity" ],
         [ "change_severity", "projects", "severity" ],
         [ "delete_severity", "projects", "severity" ],
@@ -292,9 +267,7 @@ ROLES = (
         [ "change_role", "users", "role" ],
         [ "delete_role", "users", "role" ],
         [ "view_role", "users", "role" ],
-        [ "add_user", "users", "user" ],
         [ "change_user", "users", "user" ],
-        [ "delete_user", "users", "user" ],
         [ "view_user", "users", "user" ],
         [ "add_rolepoints", "userstories", "rolepoints" ],
         [ "change_rolepoints", "userstories", "rolepoints" ],
@@ -310,9 +283,6 @@ ROLES = (
         [ "view_wikipage", "wiki", "wikipage" ]
     ]),
     (40, "back", "Back", True, [
-        [ "add_message", "djmail", "message" ],
-        [ "change_message", "djmail", "message" ],
-        [ "delete_message", "djmail", "message" ],
         [ "add_issue", "issues", "issue" ],
         [ "change_issue", "issues", "issue" ],
         [ "delete_issue", "issues", "issue" ],
@@ -349,10 +319,6 @@ ROLES = (
         [ "change_project", "projects", "project" ],
         [ "delete_project", "projects", "project" ],
         [ "view_project", "projects", "project" ],
-        [ "add_questionstatus", "projects", "questionstatus" ],
-        [ "change_questionstatus", "projects", "questionstatus" ],
-        [ "delete_questionstatus", "projects", "questionstatus" ],
-        [ "view_questionstatus", "projects", "questionstatus" ],
         [ "add_severity", "projects", "severity" ],
         [ "change_severity", "projects", "severity" ],
         [ "delete_severity", "projects", "severity" ],
@@ -373,9 +339,7 @@ ROLES = (
         [ "change_role", "users", "role" ],
         [ "delete_role", "users", "role" ],
         [ "view_role", "users", "role" ],
-        [ "add_user", "users", "user" ],
         [ "change_user", "users", "user" ],
-        [ "delete_user", "users", "user" ],
         [ "view_user", "users", "user" ],
         [ "add_rolepoints", "userstories", "rolepoints" ],
         [ "change_rolepoints", "userstories", "rolepoints" ],
@@ -391,9 +355,6 @@ ROLES = (
         [ "view_wikipage", "wiki", "wikipage" ]
     ]),
     (50, "product-ouner", "Product Owner", False, [
-        [ "add_message", "djmail", "message" ],
-        [ "change_message", "djmail", "message" ],
-        [ "delete_message", "djmail", "message" ],
         [ "add_issue", "issues", "issue" ],
         [ "change_issue", "issues", "issue" ],
         [ "delete_issue", "issues", "issue" ],
@@ -430,10 +391,6 @@ ROLES = (
         [ "change_project", "projects", "project" ],
         [ "delete_project", "projects", "project" ],
         [ "view_project", "projects", "project" ],
-        [ "add_questionstatus", "projects", "questionstatus" ],
-        [ "change_questionstatus", "projects", "questionstatus" ],
-        [ "delete_questionstatus", "projects", "questionstatus" ],
-        [ "view_questionstatus", "projects", "questionstatus" ],
         [ "add_severity", "projects", "severity" ],
         [ "change_severity", "projects", "severity" ],
         [ "delete_severity", "projects", "severity" ],
@@ -454,9 +411,7 @@ ROLES = (
         [ "change_role", "users", "role" ],
         [ "delete_role", "users", "role" ],
         [ "view_role", "users", "role" ],
-        [ "add_user", "users", "user" ],
         [ "change_user", "users", "user" ],
-        [ "delete_user", "users", "user" ],
         [ "view_user", "users", "user" ],
         [ "add_rolepoints", "userstories", "rolepoints" ],
         [ "change_rolepoints", "userstories", "rolepoints" ],
@@ -487,10 +442,6 @@ ROLES = (
         [ "view_points", "projects", "points" ],
         [ "view_priority", "projects", "priority" ],
         [ "view_project", "projects", "project" ],
-        [ "add_questionstatus", "projects", "questionstatus" ],
-        [ "change_questionstatus", "projects", "questionstatus" ],
-        [ "delete_questionstatus", "projects", "questionstatus" ],
-        [ "view_questionstatus", "projects", "questionstatus" ],
         [ "view_severity", "projects", "severity" ],
         [ "view_taskstatus", "projects", "taskstatus" ],
         [ "view_userstorystatus", "projects", "userstorystatus" ],