Refactor query and assignment usages of old permissions

src/tests/api/conftest.py

@@ -106,17 +106,8 @@ def team(organizer):
     return Team.objects.create(
         organizer=organizer,
         name="Test-Team",
-        can_change_teams=True,
-        can_manage_gift_cards=True,
-        can_change_items=True,
-        can_create_events=True,
-        can_change_event_settings=True,
-        can_change_vouchers=True,
-        can_view_vouchers=True,
-        can_change_orders=True,
-        can_manage_customers=True,
-        can_manage_reusable_media=True,
-        can_change_organizer_settings=True
+        all_event_permissions=True,
+        all_organizer_permissions=True,
     )
 
 
@@ -140,8 +131,8 @@ def user():
 @pytest.fixture
 @scopes_disabled()
 def user_client(client, team, user):
-    team.can_view_orders = True
-    team.can_view_vouchers = True
+    team.limit_event_permissions["event.orders:read"] = True
+    team.limit_event_permissions["event.vouchers:read"] = True
     team.all_events = True
     team.save()
     team.members.add(user)
@@ -152,8 +143,8 @@ def user_client(client, team, user):
 @pytest.fixture
 @scopes_disabled()
 def token_client(client, team):
-    team.can_view_orders = True
-    team.can_view_vouchers = True
+    team.limit_event_permissions["event.orders:read"] = True
+    team.limit_event_permissions["event.vouchers:read"] = True
     team.all_events = True
     team.save()
     t = team.tokens.create(name='Foo')

src/tests/api/test_checkin.py

@@ -1382,9 +1382,8 @@ def test_checkin_pdf_data_requires_permission(token_client, event, team, organiz
     ))
     assert resp.data['results'][0].get('pdf_data')
     with scopes_disabled():
-        team.can_view_orders = False
-        team.can_change_orders = False
-        team.can_checkin_orders = True
+        team.limit_event_permissions = {"event.orders:checkin": True}
+        team.all_event_permissions = False
         team.save()
     resp = token_client.get('/api/v1/organizers/{}/events/{}/checkinlists/{}/positions/?search=z3fsn8jyu&pdf_data=true'.format(
         organizer.slug, event.slug, clist_all.pk

src/tests/api/test_checkinrpc.py

@@ -984,9 +984,8 @@ def test_search_multiple_lists(token_client, organizer, clist_all, clist_event2,
 @pytest.mark.django_db
 def test_without_permission(token_client, event, team, organizer, clist_all, order):
     with scopes_disabled():
-        team.can_view_orders = False
-        team.can_change_orders = False
-        team.can_checkin_orders = False
+        team.limit_event_permissions = {}
+        team.all_event_permissions = False
         team.save()
     resp = token_client.get(
         '/api/v1/organizers/{}/checkinrpc/search/?list={}&search=dummy.test&ordering=attendee_name'.format(organizer.slug, clist_all.pk))
@@ -1043,9 +1042,8 @@ def test_checkin_only_permission(token_client, event, team, organizer, clist_all
     assert resp.data['position'].get('pdf_data')
 
     with scopes_disabled():
-        team.can_view_orders = False
-        team.can_change_orders = False
-        team.can_checkin_orders = True
+        team.limit_event_permissions = {"event.orders:checkin": True}
+        team.all_event_permissions = False
         team.save()
 
     # With limited permissions, I can not search with a 2-character query

src/tests/api/test_events.py

@@ -243,7 +243,8 @@ def test_event_create(team, token_client, organizer, event, meta_prop):
         {"key": "Workshop", "label": {"en": "Workshop"}},
     ]
     meta_prop.save()
-    team.can_change_organizer_settings = False
+    team.limit_organizer_permissions = {"organizer.events:create": True}
+    team.all_organizer_permissions = False
     team.save()
     organizer.meta_properties.create(
         name="protected", protected=True
@@ -581,16 +582,8 @@ def test_event_create_with_clone_across_organizers(user, user_client, organizer,
         target_org = Organizer.objects.create(name='Dummy', slug='dummy2')
         team = target_org.teams.create(
             name="Test-Team",
-            can_change_teams=True,
-            can_manage_gift_cards=True,
-            can_change_items=True,
-            can_create_events=True,
-            can_change_event_settings=True,
-            can_change_vouchers=True,
-            can_view_vouchers=True,
-            can_change_orders=True,
-            can_manage_customers=True,
-            can_change_organizer_settings=True
+            all_event_permissions=True,
+            all_organizer_permissions=True,
         )
         team.members.add(user)
 

src/tests/api/test_exporters.py

@@ -280,7 +280,8 @@ def test_org_level_export(token_client, organizer, team, event):
     }, format='json')
     assert resp.status_code == 202
 
-    team.can_manage_gift_cards = False
+    team.limit_organizer_permissions = {"organizer.events:create": True}
+    team.all_organizer_permissions = False
     team.save()
 
     resp = token_client.post('/api/v1/organizers/{}/exporters/giftcardlist/run/'.format(organizer.slug), data={
@@ -339,7 +340,8 @@ def test_event_scheduled_export_list_token(token_client, organizer, event, user,
     assert resp.status_code == 200
     assert [res] == resp.data['results']
 
-    team.can_change_event_settings = False
+    team.limit_organizer_permissions = {"organizer.events:create": True}
+    team.all_organizer_permissions = False
     team.save()
 
     # Token can no longer sees it an gets error message
@@ -361,7 +363,7 @@ def test_event_scheduled_export_list_user(user_client, organizer, event, user, t
     resp = user_client.get('/api/v1/organizers/{}/events/{}/scheduled_exports/'.format(organizer.slug, event.slug))
     assert [res] == resp.data['results']
 
-    team.can_change_event_settings = False
+    team.limit_event_permissions["event.settings.general:write"] = False
     team.save()
 
     # Owner still can
@@ -498,7 +500,8 @@ def test_org_scheduled_export_list_token(token_client, organizer, user, team, or
     assert resp.status_code == 200
     assert [res] == resp.data['results']
 
-    team.can_change_organizer_settings = False
+    team.limit_organizer_permissions = {"organizer.events:create": True}
+    team.all_organizer_permissions = False
     team.save()
 
     # Token can no longer sees it an gets error message
@@ -521,7 +524,8 @@ def test_org_scheduled_export_list_user(user_client, organizer, user, team, org_
     resp = user_client.get('/api/v1/organizers/{}/scheduled_exports/'.format(organizer.slug))
     assert [res] == resp.data['results']
 
-    team.can_change_organizer_settings = False
+    team.limit_organizer_permissions = {"organizer.events:create": True}
+    team.all_organizer_permissions = False
     team.save()
 
     # Owner still can

src/tests/api/test_oauth.py

@@ -53,8 +53,13 @@ def organizer():
 
 @pytest.fixture
 def admin_team(organizer):
-    return Team.objects.create(organizer=organizer, can_change_teams=True, name='Admin team', all_events=True,
-                               can_create_events=True)
+    return Team.objects.create(
+        organizer=organizer,
+        name='Admin team',
+        all_events=True,
+        all_event_permissions=True,
+        all_organizer_permissions=True,
+    )
 
 
 @pytest.fixture
@@ -387,7 +392,7 @@ def test_token_from_code(client, admin_user, organizer, application: OAuthApplic
 @pytest.mark.django_db
 def test_use_token_for_access_one_organizer(client, admin_user, organizer, application: OAuthApplication):
     o2 = Organizer.objects.create(name='A', slug='a')
-    t2 = Team.objects.create(organizer=o2, can_change_teams=True, name='Admin team', all_events=True)
+    t2 = Team.objects.create(organizer=o2, all_organizer_permissions=True, name='Admin team', all_events=True)
     t2.members.add(admin_user)
 
     client.login(email='dummy@dummy.dummy', password='dummy')
@@ -434,7 +439,13 @@ def test_use_token_for_access_one_organizer(client, admin_user, organizer, appli
 @pytest.mark.django_db
 def test_use_token_for_access_two_organizers(client, admin_user, organizer, application: OAuthApplication):
     o2 = Organizer.objects.create(name='A', slug='a')
-    t2 = Team.objects.create(organizer=o2, can_change_teams=True, name='Admin team', all_events=True)
+    t2 = Team.objects.create(
+        organizer=o2,
+        all_event_permissions=True,
+        all_organizer_permissions=True,
+        name='Admin team',
+        all_events=True
+    )
     t2.members.add(admin_user)
 
     client.login(email='dummy@dummy.dummy', password='dummy')

src/tests/api/test_permissions.py

@@ -281,9 +281,9 @@ event_permission_root_urls = [
 
 @pytest.fixture
 def token_client(client, team):
-    team.can_view_orders = True
-    team.can_view_vouchers = True
-    team.can_change_items = True
+    team.limit_event_permissions["event.orders:read"] = True
+    team.limit_event_permissions["event.vouchers:read"] = True
+    team.limit_event_permissions["event.items:write"] = True
     team.save()
     t = team.tokens.create(name='Foo')
     client.credentials(HTTP_AUTHORIZATION='Token ' + t.token)

src/tests/api/test_subevents.py

@@ -260,7 +260,8 @@ def test_all_subevents_list_filter(token_client, organizer, event, subevent):
 def test_subevent_create(team, token_client, organizer, event, subevent, meta_prop, item):
     meta_prop.choices = [{"key": "Conference", "label": {"en": "Conference"}}, {"key": "Workshop", "label": {"en": "Workshop"}}]
     meta_prop.save()
-    team.can_change_organizer_settings = False
+    team.limit_organizer_permissions = {"organizer.events:create": True}
+    team.all_organizer_permissions = False
     team.save()
     organizer.meta_properties.create(
         name="protected", protected=True

src/tests/api/test_transactions.py

@@ -242,7 +242,8 @@ def test_organizer_list(token_client, team, organizer, event, order, item, taxru
     assert resp.data["count"] == 0
 
     team.all_events = True
-    team.can_view_orders = False
+    team.limit_organizer_permissions = {"event.vouchers:read": True}
+    team.all_organizer_permissions = False
     team.save()
 
     resp = token_client.get(