Rename CoreDeveloper Role

DEVELOPERS.md

@@ -232,17 +232,18 @@ In that situation you can follow the steps below to set up your local copy of th
    * The other fields don't matter too much for local development.
 1. Register a user account on your local version of job-server by clicking Login
 1. Set the `SOCIAL_AUTH_GITHUB_KEY` (aka "Client ID") and `SOCIAL_AUTH_GITHUB_SECRET` environment variables with values from that OAuth application.
-1. Give your user the `CoreDeveloper` role by running:
+1. Give your user the `StaffAreaAdministrator` role by running:
+
    ```sh
    > python3 manage.py shell_plus
    ```
 
    and then running in the `shell_plus` shell:
 
    ```
-   >>> from jobserver.authorization import CoreDeveloper
+   >>> from jobserver.authorization import StaffAreaAdministrator
    >>> user = User.objects.get(username="<your_username>")
-   >>> user.roles.append(CoreDeveloper)
+   >>> user.roles.append(StaffAreaAdministrator)
    >>> user.save()
    ```
 1. Click on your avatar in the top right-hand corner of the site to access the Staff Area.

applications/views.py

@@ -8,7 +8,12 @@
 from django.utils.decorators import method_decorator
 from django.views.generic import CreateView, RedirectView, UpdateView, View
 
-from jobserver.authorization import CoreDeveloper, has_permission, has_role, permissions
+from jobserver.authorization import (
+    StaffAreaAdministrator,
+    has_permission,
+    has_role,
+    permissions,
+)
 from jobserver.hash_utils import unhash_or_404
 from jobserver.slacks import notify_application
 
@@ -187,7 +192,7 @@ def page(request, pk_hash, key):
     # check the user can access this application
     validate_application_access(request.user, application)
 
-    if application.approved_at and not has_role(request.user, CoreDeveloper):
+    if application.approved_at and not has_role(request.user, StaffAreaAdministrator):
         messages.warning(
             request, "This application has been approved and can no longer be edited"
         )

interactive/models.py

@@ -5,7 +5,7 @@
 from django.utils.text import slugify
 from ulid import ULID
 
-from jobserver.authorization import CoreDeveloper, has_role
+from jobserver.authorization import StaffAreaAdministrator, has_role
 from jobserver.models.common import new_ulid_str
 
 
@@ -173,4 +173,4 @@ def ulid(self):
         return ULID.from_str(self.id)
 
     def visible_to(self, user):
-        return self.created_by == user or has_role(user, CoreDeveloper)
+        return self.created_by == user or has_role(user, StaffAreaAdministrator)

jobserver/authorization/__init__.py

@@ -1,16 +1,16 @@
 from .roles import (
-    CoreDeveloper,
     InteractiveReporter,
     OutputChecker,
     OutputPublisher,
     ProjectCollaborator,
     ProjectDeveloper,
+    StaffAreaAdministrator,
 )
 from .utils import has_permission, has_role, roles_for, strings_to_roles
 
 
 __all__ = [
-    "CoreDeveloper",
+    "StaffAreaAdministrator",
     "InteractiveReporter",
     "OutputChecker",
     "OutputPublisher",

jobserver/authorization/roles.py

@@ -20,20 +20,17 @@
 )
 
 
-class CoreDeveloper:
+class StaffAreaAdministrator:
     """
     Bennett staff member with administrator access to Job Server.
 
     Note the name is misleading here as this does not imply what we generally mean by
-    "core developer". We plan to rename this role as part of a more general permissions
+    "Staff Area Administrator". We plan to rename this role as part of a more general permissions
     revamp.
     """
 
-    display_name = "Core Developer"
-    description = (
-        "Bennett staff member with administrator access to Job Server. "
-        "(Not necessarily a developer – this role will be renamed eventually.)"
-    )
+    display_name = "Staff Area Administrator"
+    description = "Bennett staff member with administrator access to Job Server."
     models = [
         "jobserver.models.user.User",
     ]

jobserver/context_processors.py

@@ -5,7 +5,7 @@
 from django.urls import reverse
 from furl import furl
 
-from .authorization import CoreDeveloper, has_role
+from .authorization import StaffAreaAdministrator, has_role
 from .nav import NavItem, iter_nav
 
 
@@ -17,7 +17,7 @@ def _is_active(request, prefix):
 
 
 def can_view_staff_area(request):
-    can_view_staff_area = has_role(request.user, CoreDeveloper)
+    can_view_staff_area = has_role(request.user, StaffAreaAdministrator)
 
     return {"user_can_view_staff_area": can_view_staff_area}
 

jobserver/management/commands/create_user.py

@@ -2,8 +2,8 @@
 from django.db import transaction
 
 from jobserver.authorization.roles import (
-    CoreDeveloper,
     OutputChecker,
+    StaffAreaAdministrator,
 )
 from jobserver.models import get_or_create_user
 
@@ -28,7 +28,7 @@ def add_arguments(self, parser):
         parser.add_argument(
             "--core-developer",
             action="store_true",
-            help="Make user global CoreDeveloper",
+            help="Make user global StaffAreaAdministrator",
         )
 
     @transaction.atomic()
@@ -53,7 +53,7 @@ def handle(self, *args, **options):
         if options["output_checker"]:
             roles.append(OutputChecker)
         if options["core_developer"]:
-            roles.append(CoreDeveloper)
+            roles.append(StaffAreaAdministrator)
 
         updated = False
         for role in roles:

jobserver/models/user.py

@@ -14,7 +14,7 @@
 from django.utils.functional import cached_property
 from sentry_sdk import capture_message
 
-from ..authorization import CoreDeveloper, InteractiveReporter
+from ..authorization import InteractiveReporter, StaffAreaAdministrator
 from ..authorization.fields import RolesArrayField
 from ..hash_utils import hash_user_pat
 
@@ -50,7 +50,7 @@ class UserManager(DjangoUserManager.from_queryset(UserQuerySet)):
     def create_superuser(self, email, password, **extra_fields):
         username = email
         return super().create_superuser(
-            username, email, password, roles=[CoreDeveloper]
+            username, email, password, roles=[StaffAreaAdministrator]
         )
 
 

jobserver/views/job_requests.py

@@ -14,7 +14,12 @@
 from pipeline import load_pipeline
 
 from .. import honeycomb
-from ..authorization import CoreDeveloper, has_permission, has_role, permissions
+from ..authorization import (
+    StaffAreaAdministrator,
+    has_permission,
+    has_role,
+    permissions,
+)
 from ..backends import backends_to_choices
 from ..forms import JobRequestCreateForm
 from ..github import _get_github_api
@@ -221,7 +226,7 @@ def get(self, request, *args, **kwargs):
         can_cancel_jobs = job_request.created_by == request.user or has_permission(
             request.user, permissions.job_cancel, project=job_request.workspace.project
         )
-        honeycomb_can_view_links = has_role(self.request.user, CoreDeveloper)
+        honeycomb_can_view_links = has_role(self.request.user, StaffAreaAdministrator)
 
         # build up is_missing_updates to define if we've not seen the backend
         # running this JobRequest for a while.

jobserver/views/jobs.py

@@ -6,7 +6,12 @@
 from django.views.generic import RedirectView, View
 
 from .. import honeycomb
-from ..authorization import CoreDeveloper, has_permission, has_role, permissions
+from ..authorization import (
+    StaffAreaAdministrator,
+    has_permission,
+    has_role,
+    permissions,
+)
 from ..models import Job, JobRequest
 
 
@@ -59,7 +64,7 @@ def get(self, request, *args, **kwargs):
             project=job.job_request.workspace.project,
         )
 
-        honeycomb_can_view_links = has_role(self.request.user, CoreDeveloper)
+        honeycomb_can_view_links = has_role(self.request.user, StaffAreaAdministrator)
 
         # we need all HTML to be in HTML files, so we built this here and make
         # use of it in the template rather than looking it up with a templatetag

jobserver/views/workspaces.py

@@ -16,7 +16,12 @@
 
 from interactive.models import AnalysisRequest
 
-from ..authorization import CoreDeveloper, has_permission, has_role, permissions
+from ..authorization import (
+    StaffAreaAdministrator,
+    has_permission,
+    has_role,
+    permissions,
+)
 from ..forms import (
     WorkspaceArchiveToggleForm,
     WorkspaceCreateForm,
@@ -296,7 +301,7 @@ def get(self, request, *args, **kwargs):
         # should we show the admin section in the UI?
         show_admin = can_archive_workspace or can_toggle_notifications
 
-        honeycomb_can_view_links = has_role(self.request.user, CoreDeveloper)
+        honeycomb_can_view_links = has_role(self.request.user, StaffAreaAdministrator)
 
         is_interactive_user = has_permission(
             request.user, permissions.analysis_request_create, project=workspace.project

staff/views/analysis_requests.py

@@ -5,15 +5,15 @@
 
 from interactive.models import AnalysisRequest
 from interactive.submit import resubmit_analysis
-from jobserver.authorization import CoreDeveloper
+from jobserver.authorization import StaffAreaAdministrator
 from jobserver.authorization.decorators import require_role
 from jobserver.github import _get_github_api
 from jobserver.models import Project, User
 
 from .qwargs_tools import qwargs
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 class AnalysisRequestDetail(DetailView):
     context_object_name = "analysis_request"
     model = AnalysisRequest
@@ -32,7 +32,7 @@ def get_queryset(self):
         return super().get_queryset().select_related("created_by", "project")
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 class AnalysisRequestResubmit(View):
     get_github_api = staticmethod(_get_github_api)
 
@@ -42,7 +42,7 @@ def post(self, request, slug, *args, **kwargs):
         return redirect(analysis_request.get_staff_url())
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 class AnalysisRequestList(ListView):
     context_object_name = "analysis_request"
     model = AnalysisRequest

staff/views/applications.py

@@ -12,7 +12,7 @@
 from applications.form_specs import form_specs
 from applications.models import Application
 from applications.wizard import Wizard
-from jobserver.authorization import CoreDeveloper
+from jobserver.authorization import StaffAreaAdministrator
 from jobserver.authorization.decorators import require_role
 from jobserver.commands import projects
 from jobserver.hash_utils import unhash, unhash_or_404
@@ -21,7 +21,7 @@
 from ..forms import ApplicationApproveForm
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 class ApplicationApprove(FormView):
     form_class = ApplicationApproveForm
     model = Application
@@ -97,7 +97,7 @@ def get_initial(self):
         return initial
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 class ApplicationDetail(View):
     def dispatch(self, request, *args, **kwargs):
         self.application = get_object_or_404(
@@ -144,7 +144,7 @@ def post(self, request, *args, **kwargs):
         return redirect("staff:application-detail", self.application.pk_hash)
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 class ApplicationEdit(UpdateView):
     fields = [
         "status",
@@ -176,7 +176,7 @@ def get_success_url(self):
         return self.object.get_staff_url()
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 class ApplicationList(ListView):
     response_class = TemplateResponse
     ordering = "-created_at"
@@ -232,7 +232,7 @@ def get_queryset(self):
         return qs.distinct()
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 class ApplicationRemove(View):
     def post(self, request, *args, **kwargs):
         application = get_object_or_404(
@@ -255,7 +255,7 @@ def post(self, request, *args, **kwargs):
         return redirect("staff:application-list")
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 class ApplicationRestore(View):
     def post(self, request, *args, **kwargs):
         application = get_object_or_404(

staff/views/dashboards/copiloting.py

@@ -10,7 +10,7 @@
 from django.utils.decorators import method_decorator
 from django.views.generic import TemplateView
 
-from jobserver.authorization import CoreDeveloper
+from jobserver.authorization import StaffAreaAdministrator
 from jobserver.authorization.decorators import require_role
 from jobserver.github import _get_github_api
 from jobserver.models import Project, ReleaseFile, Repo
@@ -79,7 +79,7 @@ def build_repos_by_project(projects, get_github_api=_get_github_api):
     return {p.pk: [r for r in repos if r["pk"] in p.repo_ids] for p in projects}
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 @method_decorator(csp_exempt, name="dispatch")
 class Copiloting(TemplateView):
     get_github_api = staticmethod(_get_github_api)

staff/views/dashboards/index.py

@@ -1,10 +1,10 @@
 from django.utils.decorators import method_decorator
 from django.views.generic import TemplateView
 
-from jobserver.authorization import CoreDeveloper
+from jobserver.authorization import StaffAreaAdministrator
 from jobserver.authorization.decorators import require_role
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 class DashboardIndex(TemplateView):
     template_name = "staff/dashboards/index.html"

staff/views/dashboards/projects.py

@@ -6,12 +6,12 @@
 from django.utils.decorators import method_decorator
 from django.views.generic import TemplateView
 
-from jobserver.authorization import CoreDeveloper
+from jobserver.authorization import StaffAreaAdministrator
 from jobserver.authorization.decorators import require_role
 from jobserver.models import Org, Project, ReleaseFile
 
 
-@method_decorator(require_role(CoreDeveloper), name="dispatch")
+@method_decorator(require_role(StaffAreaAdministrator), name="dispatch")
 @method_decorator(csp_exempt, name="dispatch")
 class ProjectsDashboard(TemplateView):
     template_name = "staff/dashboards/projects.html"