fix hitobito/issues/133 and hitobito/issues/134

app/models/group/dachverband.rb

@@ -20,6 +20,7 @@ class Group::Dachverband < Group
 
   class Administrator < ::Role
     self.permissions = [:admin, :layer_and_below_full, :impersonation]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Administrator

app/models/group/dachverband_geschaeftsstelle.rb

@@ -8,14 +8,17 @@ class Group::DachverbandGeschaeftsstelle < Group::Geschaeftsstelle
 
   class Geschaeftsleiter < ::Role
     self.permissions = [:layer_full, :contact_data, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   class Angestellter < ::Role
     self.permissions = [:layer_full, :contact_data, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   class Finanzverantwortlicher < ::Role
     self.permissions = [:layer_full, :finance, :financials, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Geschaeftsleiter,

app/models/group/dachverband_gremium.rb

@@ -5,26 +5,31 @@
 
 class Group::DachverbandGremium < Group::Gremium
   children Group::DachverbandGremium
+  children Group::DachverbandExterne
 
   ### ROLES
 
   class Leitung < ::Role
     self.permissions = [:layer_read, :group_and_below_full, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   # get the group_and_below_full permission as they should also be able to create events
   class Mitglied < ::Role
     self.permissions = [:layer_read, :group_and_below_full]
+    self.two_factor_authentication_enforced = true
   end
 
   # get the group_and_below_full permission as they should also be able to create events
   class AktiverKursleiter < ::Role
     self.permissions = [:layer_read, :group_and_below_full]
+    self.two_factor_authentication_enforced = true
   end
 
   # get the group_and_below_full permission as they should also be able to create events
   class Kassier < ::Role
     self.permissions = [:layer_read, :group_and_below_full, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Leitung,

app/models/group/dachverband_vorstand.rb

@@ -8,14 +8,17 @@ class Group::DachverbandVorstand < Group::Vorstand
 
   class Praesidium < ::Role
     self.permissions = [:layer_read, :group_and_below_full, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class Finanzverantwortlicher < ::Role
     self.permissions = [:layer_read, :finance, :financials, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class Mitglied < ::Role
     self.permissions = [:layer_read, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Praesidium,

app/models/group/mitgliederorganisation.rb

@@ -23,6 +23,7 @@ class Group::Mitgliederorganisation < Group
 
   class Administrator < ::Role
     self.permissions = [:layer_and_below_full]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Administrator

app/models/group/mitgliederorganisation_geschaeftsstelle.rb

@@ -8,18 +8,22 @@ class Group::MitgliederorganisationGeschaeftsstelle < Group::Geschaeftsstelle
 
   class Geschaeftsleiter < ::Role
     self.permissions = [:layer_and_below_full, :contact_data, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   class Angestellter < ::Role
     self.permissions = [:layer_and_below_full, :contact_data, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   class Finanzverantwortlicher < ::Role
     self.permissions = [:layer_and_below_full, :finance, :financials, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class AdminOrtsgruppen < ::Role
     self.permissions = [:layer_and_below_full, :see_invisible_from_above, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Geschaeftsleiter,

app/models/group/mitgliederorganisation_gremium.rb

@@ -5,27 +5,33 @@
 
 class Group::MitgliederorganisationGremium < Group::Gremium
   children Group::MitgliederorganisationGremium
+  children Group::MitgliederorganisationExterne
 
   ### ROLES
 
   class Leitung < ::Role
     self.permissions = [:layer_and_below_read, :group_and_below_full, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class Mitglied < ::Role
     self.permissions = [:layer_and_below_read]
+    self.two_factor_authentication_enforced = true
   end
 
   class AktiverKursleiter < ::Role
     self.permissions = [:layer_and_below_read]
+    self.two_factor_authentication_enforced = true
   end
 
   class Ausbildungsmitglied < ::Role
     self.permissions = [:layer_and_below_read]
+    self.two_factor_authentication_enforced = true
   end
 
   class Kassier < ::Role
     self.permissions = [:layer_and_below_read, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Leitung,

app/models/group/mitgliederorganisation_vorstand.rb

@@ -8,14 +8,17 @@ class Group::MitgliederorganisationVorstand < Group::Vorstand
 
   class Praesidium < ::Role
     self.permissions = [:layer_and_below_read, :group_and_below_full, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class Finanzverantwortlicher < ::Role
     self.permissions = [:layer_and_below_read, :finance, :financials, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class Mitglied < ::Role
     self.permissions = [:layer_and_below_read, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Praesidium,

app/models/group/sektion.rb

@@ -12,6 +12,7 @@ class Group::Sektion < Group
 
   class Administrator < ::Role
     self.permissions = [:layer_and_below_full, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Administrator