Use normal user authentication to control access to /admin

- Adds is_superuser flag to User - Logged-in user must be a superuser or have from_body set in order to access anything within /admin - has_permission_to on a superuser will always return true - Only superusers can create/grant superusers - New `createsuperuser` command for creating superusers
author: Matthew Somerville <matthew-github@dracos.co.uk> 2016-07-06 18:07:22 +0100
committer: Dave Arter <davea@mysociety.org> 2016-07-19 17:56:22 +0100
commit: 6afbfe45183412e35e8e846fd0d4a9d846c8644b (patch)
tree: 3f5cb6173c08a571811f0a31508b45acf31d69f7 /db
parent: 65545553b5171f1ef1d611ea93c38f138451fb31 (diff)
3 files changed, 7 insertions, 0 deletions
diff --git a/db/downgrade_0040---0039.sql b/db/downgrade_0040---0039.sql
new file mode 100644
index 000000000..8ab45ab24
--- /dev/null
+++ b/db/downgrade_0040---0039.sql
@@ -0,0 +1,3 @@
+begin;
+alter table users drop column is_superuser;
+commit;
diff --git a/db/schema.sql b/db/schema.sql
index 3761553a5..3f73d2325 100644
--- a/db/schema.sql
+++ b/db/schema.sql
@@ -27,6 +27,7 @@ create table users (
     password        text    not null default '',
     from_body       integer,
     flagged         boolean not null default 'f',
+    is_superuser    boolean not null default 'f',
     title           text,
     twitter_id      bigint  unique,
     facebook_id     bigint  unique
diff --git a/db/schema_0040-superuser_flag.sql b/db/schema_0040-superuser_flag.sql
new file mode 100644
index 000000000..e440257ba
--- /dev/null
+++ b/db/schema_0040-superuser_flag.sql
@@ -0,0 +1,3 @@
+begin;
+alter table users add column is_superuser boolean not null default 'f';
+commit;
author	Matthew Somerville <matthew-github@dracos.co.uk>	2016-07-06 18:07:22 +0100
committer	Dave Arter <davea@mysociety.org>	2016-07-19 17:56:22 +0100
commit	6afbfe45183412e35e8e846fd0d4a9d846c8644b (patch)
tree	3f5cb6173c08a571811f0a31508b45acf31d69f7 /db
parent	65545553b5171f1ef1d611ea93c38f138451fb31 (diff)