feat(authorization): exclude default_group RBAC fields from System Settings form/serializer

default_group, default_group_role, and default_group_email_pattern auto-
assign new users to a Dojo_Group at login — Dojo_Group_Member is inert
under legacy authorization, so these fields drive nothing. Strip them
from SystemSettingsForm.Meta and SystemSettingsSerializer.Meta via
exclude=, drop the now-orphaned validation in
dojo/system_settings/views.py and the queryset-init for
default_group_role in the form __init__. The model fields remain so Pro
can subclass / runtime-shadow the form & serializer to re-add them.

Author: devGregA

dojo/api_v2/serializers.py

@@ -3025,25 +3025,10 @@ class TagSerializer(serializers.Serializer):
 class SystemSettingsSerializer(serializers.ModelSerializer):
     class Meta:
         model = System_Settings
-        fields = "__all__"
-
-    def validate(self, data):
-        if self.instance is not None:
-            default_group = self.instance.default_group
-            default_group_role = self.instance.default_group_role
-
-        if "default_group" in data:
-            default_group = data["default_group"]
-        if "default_group_role" in data:
-            default_group_role = data["default_group_role"]
-
-        if (default_group is None and default_group_role is not None) or (
-            default_group is not None and default_group_role is None
-        ):
-            msg = "default_group and default_group_role must either both be set or both be empty."
-            raise ValidationError(msg)
-
-        return data
+        # default_group / default_group_role / default_group_email_pattern
+        # are RBAC-only auto-assignment knobs and inert under legacy
+        # authorization. Pro re-adds them via a subclass / runtime hook.
+        exclude = ("default_group", "default_group_role", "default_group_email_pattern")
 
 
 class CeleryStatusSerializer(serializers.Serializer):

dojo/forms.py

@@ -3145,7 +3145,6 @@ class SystemSettingsForm(forms.ModelForm):
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        self.fields["default_group_role"].queryset = get_group_member_roles()
 
         self.fields["enable_product_tracking_files"].label = labels.SETTINGS_TRACKED_FILES_ENABLE_LABEL
         self.fields["enable_product_tracking_files"].help_text = labels.SETTINGS_TRACKED_FILES_ENABLE_HELP
@@ -3173,7 +3172,11 @@ def clean(self):
 
     class Meta:
         model = System_Settings
-        fields = "__all__"
+        # default_group / default_group_role / default_group_email_pattern
+        # auto-assign new users to a Dojo_Group at login, which is inert
+        # under legacy authorization. Pro re-adds these fields via a
+        # subclass / runtime hook.
+        exclude = ("default_group", "default_group_role", "default_group_email_pattern")
 
 
 class BenchmarkForm(forms.ModelForm):

dojo/system_settings/views.py

@@ -54,14 +54,7 @@ def validate_form(
         context: dict,
     ) -> tuple[HttpRequest, bool]:
         if context["form"].is_valid():
-            if (context["form"].cleaned_data["default_group"] is None and context["form"].cleaned_data["default_group_role"] is not None) or \
-               (context["form"].cleaned_data["default_group"] is not None and context["form"].cleaned_data["default_group_role"] is None):
-                messages.add_message(
-                    request,
-                    messages.WARNING,
-                    "Settings cannot be saved: Default group and Default group role must either both be set or both be empty.",
-                    extra_tags="alert-warning")
-            elif context["form"].cleaned_data["minimum_password_length"] >= context["form"].cleaned_data["maximum_password_length"]:
+            if context["form"].cleaned_data["minimum_password_length"] >= context["form"].cleaned_data["maximum_password_length"]:
                 messages.add_message(
                     request,
                     messages.WARNING,