Split Permission and StoredPermission class and model into different modules. Simplified the Permission class.
This commit is contained in:
Roberto Rosario
@@ -11,7 +11,8 @@ from django.db.models import Q
|
|||||||
from django.utils.translation import ugettext
|
from django.utils.translation import ugettext
|
||||||
|
|
||||||
from common.models import AnonymousUserSingleton
|
from common.models import AnonymousUserSingleton
|
||||||
from permissions.models import Permission, RoleMember
|
from permissions import Permission
|
||||||
|
from permissions.models import RoleMember
|
||||||
|
|
||||||
from .classes import AccessHolder, ClassAccessHolder, get_source_object
|
from .classes import AccessHolder, ClassAccessHolder, get_source_object
|
||||||
|
|
||||||
@@ -82,7 +83,7 @@ class AccessEntryManager(models.Manager):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
self.model.objects.get(
|
self.model.objects.get(
|
||||||
permission=permission.get_stored_permission(),
|
permission=permission.stored_permission,
|
||||||
holder_type=ContentType.objects.get_for_model(actor),
|
holder_type=ContentType.objects.get_for_model(actor),
|
||||||
holder_id=actor.pk,
|
holder_id=actor.pk,
|
||||||
content_type=content_type,
|
content_type=content_type,
|
||||||
@@ -209,7 +210,7 @@ class AccessEntryManager(models.Manager):
|
|||||||
|
|
||||||
if isinstance(actor, User) and not db_only:
|
if isinstance(actor, User) and not db_only:
|
||||||
if actor.is_superuser or actor.is_staff:
|
if actor.is_superuser or actor.is_staff:
|
||||||
return Permission.objects.all()
|
return Permission.all()
|
||||||
|
|
||||||
actor_type = ContentType.objects.get_for_model(actor)
|
actor_type = ContentType.objects.get_for_model(actor)
|
||||||
content_type = ContentType.objects.get_for_model(obj)
|
content_type = ContentType.objects.get_for_model(obj)
|
||||||
@@ -282,7 +283,7 @@ class DefaultAccessEntryManager(models.Manager):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
self.model.objects.get(
|
self.model.objects.get(
|
||||||
permission=permission.get_stored_permission(),
|
permission=permission.stored_permission,
|
||||||
holder_type=ContentType.objects.get_for_model(actor),
|
holder_type=ContentType.objects.get_for_model(actor),
|
||||||
holder_id=actor.pk,
|
holder_id=actor.pk,
|
||||||
content_type=ContentType.objects.get_for_model(cls),
|
content_type=ContentType.objects.get_for_model(cls),
|
||||||
@@ -323,7 +324,7 @@ class DefaultAccessEntryManager(models.Manager):
|
|||||||
def get_holder_permissions_for(self, cls, actor):
|
def get_holder_permissions_for(self, cls, actor):
|
||||||
if isinstance(actor, User):
|
if isinstance(actor, User):
|
||||||
if actor.is_superuser or actor.is_staff:
|
if actor.is_superuser or actor.is_staff:
|
||||||
return Permission.objects.all()
|
return Permission.all()
|
||||||
|
|
||||||
actor_type = ContentType.objects.get_for_model(actor)
|
actor_type = ContentType.objects.get_for_model(actor)
|
||||||
content_type = ContentType.objects.get_for_model(cls)
|
content_type = ContentType.objects.get_for_model(cls)
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
acls_namespace = PermissionNamespace('acls', _('Access control lists'))
|
acls_namespace = PermissionNamespace('acls', _('Access control lists'))
|
||||||
acls_setup_namespace = PermissionNamespace('acls_setup', _('Access control lists'))
|
acls_setup_namespace = PermissionNamespace('acls_setup', _('Access control lists'))
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||||||
|
|
||||||
from common.utils import encapsulate
|
from common.utils import encapsulate
|
||||||
from common.widgets import two_state_template
|
from common.widgets import two_state_template
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .api import get_class_permissions_for
|
from .api import get_class_permissions_for
|
||||||
from .classes import (
|
from .classes import (
|
||||||
@@ -38,7 +38,7 @@ def _permission_titles(permission_list):
|
|||||||
|
|
||||||
def acl_list_for(request, obj, extra_context=None):
|
def acl_list_for(request, obj, extra_context=None):
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [acls_view_acl])
|
Permission.check_permissions(request.user, [acls_view_acl])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(acls_view_acl, request.user, obj)
|
AccessEntry.objects.check_access(acls_view_acl, request.user, obj)
|
||||||
|
|
||||||
@@ -83,7 +83,7 @@ def acl_detail(request, access_object_gid, holder_object_gid):
|
|||||||
|
|
||||||
def acl_detail_for(request, actor, obj):
|
def acl_detail_for(request, actor, obj):
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [acls_view_acl])
|
Permission.check_permissions(request.user, [acls_view_acl])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_accesses([acls_view_acl], actor, obj)
|
AccessEntry.objects.check_accesses([acls_view_acl], actor, obj)
|
||||||
|
|
||||||
@@ -142,7 +142,7 @@ def acl_grant(request):
|
|||||||
|
|
||||||
for item_properties in items_property_list:
|
for item_properties in items_property_list:
|
||||||
try:
|
try:
|
||||||
permission = Permission.objects.get({'pk': item_properties['permission_pk']})
|
permission = Permission.get({'pk': item_properties['permission_pk']})
|
||||||
except Permission.DoesNotExist:
|
except Permission.DoesNotExist:
|
||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
@@ -153,7 +153,7 @@ def acl_grant(request):
|
|||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [acls_edit_acl])
|
Permission.check_permissions(request.user, [acls_edit_acl])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
try:
|
try:
|
||||||
AccessEntry.objects.check_access(acls_edit_acl, request.user, access_object)
|
AccessEntry.objects.check_access(acls_edit_acl, request.user, access_object)
|
||||||
@@ -233,7 +233,7 @@ def acl_revoke(request):
|
|||||||
|
|
||||||
for item_properties in items_property_list:
|
for item_properties in items_property_list:
|
||||||
try:
|
try:
|
||||||
permission = Permission.objects.get({'pk': item_properties['permission_pk']})
|
permission = Permission.get({'pk': item_properties['permission_pk']})
|
||||||
except Permission.DoesNotExist:
|
except Permission.DoesNotExist:
|
||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
@@ -244,7 +244,7 @@ def acl_revoke(request):
|
|||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [acls_edit_acl])
|
Permission.check_permissions(request.user, [acls_edit_acl])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
try:
|
try:
|
||||||
AccessEntry.objects.check_access(acls_edit_acl, request.user, access_object)
|
AccessEntry.objects.check_access(acls_edit_acl, request.user, access_object)
|
||||||
@@ -313,7 +313,7 @@ def acl_revoke(request):
|
|||||||
|
|
||||||
def acl_new_holder_for(request, obj, extra_context=None, navigation_object=None):
|
def acl_new_holder_for(request, obj, extra_context=None, navigation_object=None):
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [acls_edit_acl])
|
Permission.check_permissions(request.user, [acls_edit_acl])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(acls_edit_acl, request.user, obj)
|
AccessEntry.objects.check_access(acls_edit_acl, request.user, obj)
|
||||||
|
|
||||||
@@ -364,7 +364,7 @@ def acl_holder_new(request, access_object_gid):
|
|||||||
|
|
||||||
# Setup views
|
# Setup views
|
||||||
def acl_setup_valid_classes(request):
|
def acl_setup_valid_classes(request):
|
||||||
Permission.objects.check_permissions(request.user, [acls_class_view_acl])
|
Permission.check_permissions(request.user, [acls_class_view_acl])
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
'object_list': DefaultAccessEntry.get_classes(),
|
'object_list': DefaultAccessEntry.get_classes(),
|
||||||
@@ -382,7 +382,7 @@ def acl_setup_valid_classes(request):
|
|||||||
def acl_class_acl_list(request, access_object_class_gid):
|
def acl_class_acl_list(request, access_object_class_gid):
|
||||||
logger.debug('access_object_class_gid: %s', access_object_class_gid)
|
logger.debug('access_object_class_gid: %s', access_object_class_gid)
|
||||||
|
|
||||||
Permission.objects.check_permissions(request.user, [acls_class_view_acl])
|
Permission.check_permissions(request.user, [acls_class_view_acl])
|
||||||
|
|
||||||
access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
|
access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
|
||||||
logger.debug('access_object_class: %s', access_object_class)
|
logger.debug('access_object_class: %s', access_object_class)
|
||||||
@@ -404,7 +404,7 @@ def acl_class_acl_list(request, access_object_class_gid):
|
|||||||
|
|
||||||
|
|
||||||
def acl_class_acl_detail(request, access_object_class_gid, holder_object_gid):
|
def acl_class_acl_detail(request, access_object_class_gid, holder_object_gid):
|
||||||
Permission.objects.check_permissions(request.user, [acls_class_view_acl])
|
Permission.check_permissions(request.user, [acls_class_view_acl])
|
||||||
try:
|
try:
|
||||||
actor = AccessHolder.get(gid=holder_object_gid)
|
actor = AccessHolder.get(gid=holder_object_gid)
|
||||||
access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
|
access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
|
||||||
@@ -448,7 +448,7 @@ def acl_class_acl_detail(request, access_object_class_gid, holder_object_gid):
|
|||||||
|
|
||||||
|
|
||||||
def acl_class_new_holder_for(request, access_object_class_gid):
|
def acl_class_new_holder_for(request, access_object_class_gid):
|
||||||
Permission.objects.check_permissions(request.user, [acls_class_edit_acl])
|
Permission.check_permissions(request.user, [acls_class_edit_acl])
|
||||||
access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
|
access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
@@ -475,7 +475,7 @@ def acl_class_new_holder_for(request, access_object_class_gid):
|
|||||||
|
|
||||||
|
|
||||||
def acl_class_multiple_grant(request):
|
def acl_class_multiple_grant(request):
|
||||||
Permission.objects.check_permissions(request.user, [acls_class_edit_acl])
|
Permission.check_permissions(request.user, [acls_class_edit_acl])
|
||||||
items_property_list = loads(request.GET.get('items_property_list', []))
|
items_property_list = loads(request.GET.get('items_property_list', []))
|
||||||
|
|
||||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
@@ -488,7 +488,7 @@ def acl_class_multiple_grant(request):
|
|||||||
|
|
||||||
for item_properties in items_property_list:
|
for item_properties in items_property_list:
|
||||||
try:
|
try:
|
||||||
permission = Permission.objects.get({'pk': item_properties['permission_pk']})
|
permission = Permission.get({'pk': item_properties['permission_pk']})
|
||||||
except Permission.DoesNotExist:
|
except Permission.DoesNotExist:
|
||||||
raise Http404
|
raise Http404
|
||||||
try:
|
try:
|
||||||
@@ -552,7 +552,7 @@ def acl_class_multiple_grant(request):
|
|||||||
|
|
||||||
|
|
||||||
def acl_class_multiple_revoke(request):
|
def acl_class_multiple_revoke(request):
|
||||||
Permission.objects.check_permissions(request.user, [acls_class_edit_acl])
|
Permission.check_permissions(request.user, [acls_class_edit_acl])
|
||||||
items_property_list = loads(request.GET.get('items_property_list', []))
|
items_property_list = loads(request.GET.get('items_property_list', []))
|
||||||
|
|
||||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
@@ -565,7 +565,7 @@ def acl_class_multiple_revoke(request):
|
|||||||
|
|
||||||
for item_properties in items_property_list:
|
for item_properties in items_property_list:
|
||||||
try:
|
try:
|
||||||
permission = Permission.objects.get({'pk': item_properties['permission_pk']})
|
permission = Permission.get({'pk': item_properties['permission_pk']})
|
||||||
except Permission.DoesNotExist:
|
except Permission.DoesNotExist:
|
||||||
raise Http404
|
raise Http404
|
||||||
try:
|
try:
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ from rest_framework.response import Response
|
|||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from documents.permissions import permission_document_view
|
from documents.permissions import permission_document_view
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .models import DocumentCheckout
|
from .models import DocumentCheckout
|
||||||
from .permissions import permission_document_checkout, permission_document_checkin, permission_document_checkin_override
|
from .permissions import permission_document_checkout, permission_document_checkin, permission_document_checkin_override
|
||||||
@@ -29,7 +29,7 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
|
|||||||
documents = DocumentCheckout.objects.checked_out_documents()
|
documents = DocumentCheckout.objects.checked_out_documents()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_view])
|
Permission.check_permissions(self.request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
filtered_documents = AccessEntry.objects.filter_objects_by_access([permission_document_view], self.request.user, documents)
|
filtered_documents = AccessEntry.objects.filter_objects_by_access([permission_document_view], self.request.user, documents)
|
||||||
else:
|
else:
|
||||||
@@ -52,7 +52,7 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
|
|||||||
if serializer.is_valid():
|
if serializer.is_valid():
|
||||||
document = get_object_or_404(Document, pk=serializer.data['document'])
|
document = get_object_or_404(Document, pk=serializer.data['document'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_checkout])
|
Permission.check_permissions(request.user, [permission_document_checkout])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_checkout, request.user, document)
|
AccessEntry.objects.check_access(permission_document_checkout, request.user, document)
|
||||||
|
|
||||||
@@ -81,7 +81,7 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
|
|||||||
documents = DocumentCheckout.objects.checked_out_documents()
|
documents = DocumentCheckout.objects.checked_out_documents()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_view])
|
Permission.check_permissions(self.request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
filtered_documents = AccessEntry.objects.filter_objects_by_access([permission_document_view], self.request.user, documents)
|
filtered_documents = AccessEntry.objects.filter_objects_by_access([permission_document_view], self.request.user, documents)
|
||||||
else:
|
else:
|
||||||
@@ -107,12 +107,12 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
|
|||||||
|
|
||||||
if document.checkout_info().user == request.user:
|
if document.checkout_info().user == request.user:
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_checkin])
|
Permission.check_permissions(request.user, [permission_document_checkin])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_checkin, request.user, document)
|
AccessEntry.objects.check_access(permission_document_checkin, request.user, document)
|
||||||
else:
|
else:
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_checkin_override])
|
Permission.check_permissions(request.user, [permission_document_checkin_override])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_checkin_override, request.user, document)
|
AccessEntry.objects.check_access(permission_document_checkin_override, request.user, document)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('checkouts', _('Document checkout'))
|
namespace = PermissionNamespace('checkouts', _('Document checkout'))
|
||||||
|
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ from documents.views import DocumentListView
|
|||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from common.utils import encapsulate, get_object_name
|
from common.utils import encapsulate, get_object_name
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .exceptions import DocumentAlreadyCheckedOut, DocumentNotCheckedOut
|
from .exceptions import DocumentAlreadyCheckedOut, DocumentNotCheckedOut
|
||||||
from .forms import DocumentCheckoutForm
|
from .forms import DocumentCheckoutForm
|
||||||
@@ -43,7 +43,7 @@ class CheckoutListView(DocumentListView):
|
|||||||
def checkout_info(request, document_pk):
|
def checkout_info(request, document_pk):
|
||||||
document = get_object_or_404(Document, pk=document_pk)
|
document = get_object_or_404(Document, pk=document_pk)
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_checkout, permission_document_checkin])
|
Permission.check_permissions(request.user, [permission_document_checkout, permission_document_checkin])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_accesses([permission_document_checkout, permission_document_checkin], request.user, document)
|
AccessEntry.objects.check_accesses([permission_document_checkout, permission_document_checkin], request.user, document)
|
||||||
|
|
||||||
@@ -66,7 +66,7 @@ def checkout_info(request, document_pk):
|
|||||||
def checkout_document(request, document_pk):
|
def checkout_document(request, document_pk):
|
||||||
document = get_object_or_404(Document, pk=document_pk)
|
document = get_object_or_404(Document, pk=document_pk)
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_checkout])
|
Permission.check_permissions(request.user, [permission_document_checkout])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_checkout, request.user, document)
|
AccessEntry.objects.check_access(permission_document_checkout, request.user, document)
|
||||||
|
|
||||||
@@ -114,12 +114,12 @@ def checkin_document(request, document_pk):
|
|||||||
# checkin permission
|
# checkin permission
|
||||||
if document.checkout_info().user == request.user:
|
if document.checkout_info().user == request.user:
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_checkin])
|
Permission.check_permissions(request.user, [permission_document_checkin])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_checkin, request.user, document)
|
AccessEntry.objects.check_access(permission_document_checkin, request.user, document)
|
||||||
else:
|
else:
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_checkin_override])
|
Permission.check_permissions(request.user, [permission_document_checkin_override])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_checkin_override, request.user, document)
|
AccessEntry.objects.check_access(permission_document_checkin_override, request.user, document)
|
||||||
|
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ from django.core.exceptions import PermissionDenied
|
|||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
|
|
||||||
class ExtraContextMixin(object):
|
class ExtraContextMixin(object):
|
||||||
@@ -29,7 +29,7 @@ class ObjectListPermissionFilterMixin(object):
|
|||||||
if self.object_permission:
|
if self.object_permission:
|
||||||
try:
|
try:
|
||||||
# Check to see if the user has the permissions globally
|
# Check to see if the user has the permissions globally
|
||||||
Permission.objects.check_permissions(self.request.user, (self.object_permission,))
|
Permission.check_permissions(self.request.user, (self.object_permission,))
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
# No global permission, filter ther queryset per object + permission
|
# No global permission, filter ther queryset per object + permission
|
||||||
return AccessEntry.objects.filter_objects_by_access(self.object_permission, self.request.user, queryset)
|
return AccessEntry.objects.filter_objects_by_access(self.object_permission, self.request.user, queryset)
|
||||||
@@ -50,7 +50,7 @@ class ObjectPermissionCheckMixin(object):
|
|||||||
|
|
||||||
if self.object_permission:
|
if self.object_permission:
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, (self.object_permission,))
|
Permission.check_permissions(request.user, (self.object_permission,))
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(self.object_permission, request.user, self.get_permission_object())
|
AccessEntry.objects.check_access(self.object_permission, request.user, self.get_permission_object())
|
||||||
|
|
||||||
@@ -86,6 +86,6 @@ class ViewPermissionCheckMixin(object):
|
|||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
if self.view_permission:
|
if self.view_permission:
|
||||||
Permission.objects.check_permissions(self.request.user, (self.view_permission,))
|
Permission.check_permissions(self.request.user, (self.view_permission,))
|
||||||
|
|
||||||
return super(ViewPermissionCheckMixin, self).dispatch(request, *args, **kwargs)
|
return super(ViewPermissionCheckMixin, self).dispatch(request, *args, **kwargs)
|
||||||
|
|||||||
@@ -2,10 +2,11 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import Permission, PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('converter', _('Converter'))
|
namespace = PermissionNamespace('converter', _('Converter'))
|
||||||
permission_transformation_create = Permission.objects.register(namespace, 'transformation_create', _('Create new transformations'))
|
|
||||||
permission_transformation_delete = Permission.objects.register(namespace, 'transformation_delete', _('Delete transformations'))
|
permission_transformation_create = namespace.add_permission(name='transformation_create', label=_('Create new transformations'))
|
||||||
permission_transformation_edit = Permission.objects.register(namespace, 'transformation_edit', _('Edit transformations'))
|
permission_transformation_delete = namespace.add_permission(name='transformation_delete', label=_('Delete transformations'))
|
||||||
permission_transformation_view = Permission.objects.register(namespace, 'transformation_view', _('View existing transformations'))
|
permission_transformation_edit = namespace.add_permission(name='transformation_edit', label=_('Edit transformations'))
|
||||||
|
permission_transformation_view = namespace.add_permission(name='transformation_view', label=_('View existing transformations'))
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from common.utils import encapsulate
|
from common.utils import encapsulate
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import TransformationForm
|
from .forms import TransformationForm
|
||||||
from .models import Transformation
|
from .models import Transformation
|
||||||
@@ -34,7 +34,7 @@ def transformation_list(request, app_label, model, object_id):
|
|||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_transformation_view])
|
Permission.check_permissions(request.user, [permission_transformation_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_transformation_view, request.user, content_object)
|
AccessEntry.objects.check_access(permission_transformation_view, request.user, content_object)
|
||||||
|
|
||||||
@@ -65,7 +65,7 @@ def transformation_create(request, app_label, model, object_id):
|
|||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_transformation_create])
|
Permission.check_permissions(request.user, [permission_transformation_create])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_transformation_create, request.user, content_object)
|
AccessEntry.objects.check_access(permission_transformation_create, request.user, content_object)
|
||||||
|
|
||||||
@@ -92,7 +92,7 @@ def transformation_delete(request, object_id):
|
|||||||
transformation = get_object_or_404(Transformation, pk=object_id)
|
transformation = get_object_or_404(Transformation, pk=object_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_transformation_delete])
|
Permission.check_permissions(request.user, [permission_transformation_delete])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_transformation_delete, request.user, transformation.content_object)
|
AccessEntry.objects.check_access(permission_transformation_delete, request.user, transformation.content_object)
|
||||||
|
|
||||||
@@ -117,7 +117,7 @@ def transformation_edit(request, object_id):
|
|||||||
transformation = get_object_or_404(Transformation, pk=object_id)
|
transformation = get_object_or_404(Transformation, pk=object_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_transformation_edit])
|
Permission.check_permissions(request.user, [permission_transformation_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_transformation_edit, request.user, transformation.content_object)
|
AccessEntry.objects.check_access(permission_transformation_edit, request.user, transformation.content_object)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('django_gpg', _('Key management'))
|
namespace = PermissionNamespace('django_gpg', _('Key management'))
|
||||||
|
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ from django.template import RequestContext
|
|||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from common.utils import encapsulate
|
from common.utils import encapsulate
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .api import Key
|
from .api import Key
|
||||||
from .forms import KeySearchForm
|
from .forms import KeySearchForm
|
||||||
@@ -26,7 +26,7 @@ logger = logging.getLogger(__name__)
|
|||||||
|
|
||||||
|
|
||||||
def key_receive(request, key_id):
|
def key_receive(request, key_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_key_receive])
|
Permission.check_permissions(request.user, [permission_key_receive])
|
||||||
|
|
||||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
|
|
||||||
@@ -64,7 +64,7 @@ def key_receive(request, key_id):
|
|||||||
|
|
||||||
|
|
||||||
def key_list(request, secret=True):
|
def key_list(request, secret=True):
|
||||||
Permission.objects.check_permissions(request.user, [permission_key_view])
|
Permission.check_permissions(request.user, [permission_key_view])
|
||||||
|
|
||||||
if secret:
|
if secret:
|
||||||
object_list = Key.get_all(gpg, secret=True)
|
object_list = Key.get_all(gpg, secret=True)
|
||||||
@@ -91,7 +91,7 @@ def key_list(request, secret=True):
|
|||||||
|
|
||||||
|
|
||||||
def key_delete(request, fingerprint, key_type):
|
def key_delete(request, fingerprint, key_type):
|
||||||
Permission.objects.check_permissions(request.user, [permission_key_delete])
|
Permission.check_permissions(request.user, [permission_key_delete])
|
||||||
|
|
||||||
secret = key_type == 'sec'
|
secret = key_type == 'sec'
|
||||||
key = Key.get(gpg, fingerprint, secret=secret)
|
key = Key.get(gpg, fingerprint, secret=secret)
|
||||||
@@ -119,7 +119,7 @@ def key_delete(request, fingerprint, key_type):
|
|||||||
|
|
||||||
|
|
||||||
def key_query(request):
|
def key_query(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_keyserver_query])
|
Permission.check_permissions(request.user, [permission_keyserver_query])
|
||||||
|
|
||||||
subtemplates_list = []
|
subtemplates_list = []
|
||||||
term = request.GET.get('term')
|
term = request.GET.get('term')
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('comments', _('Comments'))
|
namespace = PermissionNamespace('comments', _('Comments'))
|
||||||
|
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import CommentForm
|
from .forms import CommentForm
|
||||||
from .permissions import (
|
from .permissions import (
|
||||||
@@ -32,7 +32,7 @@ def comment_delete(request, comment_id=None, comment_id_list=None):
|
|||||||
comments = [get_object_or_404(Comment, pk=comment_id) for comment_id in comment_id_list.split(',')]
|
comments = [get_object_or_404(Comment, pk=comment_id) for comment_id in comment_id_list.split(',')]
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_comment_delete])
|
Permission.check_permissions(request.user, [permission_comment_delete])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
comments = AccessEntry.objects.filter_objects_by_access(permission_comment_delete, request.user, comments, related='content_object')
|
comments = AccessEntry.objects.filter_objects_by_access(permission_comment_delete, request.user, comments, related='content_object')
|
||||||
|
|
||||||
@@ -80,7 +80,7 @@ def comment_add(request, document_id):
|
|||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_comment_create])
|
Permission.check_permissions(request.user, [permission_comment_create])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_comment_create, request.user, document)
|
AccessEntry.objects.check_access(permission_comment_create, request.user, document)
|
||||||
|
|
||||||
@@ -118,7 +118,7 @@ def comments_for_document(request, document_id):
|
|||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_comment_view])
|
Permission.check_permissions(request.user, [permission_comment_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_comment_view, request.user, document)
|
AccessEntry.objects.check_access(permission_comment_view, request.user, document)
|
||||||
|
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ from rest_framework import generics
|
|||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from documents.permissions import permission_document_view
|
from documents.permissions import permission_document_view
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
from rest_api.filters import MayanObjectPermissionsFilter
|
from rest_api.filters import MayanObjectPermissionsFilter
|
||||||
from rest_api.permissions import MayanPermission
|
from rest_api.permissions import MayanPermission
|
||||||
|
|
||||||
@@ -82,7 +82,7 @@ class APIIndexNodeInstanceDocumentListView(generics.ListAPIView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
index_node_instance = get_object_or_404(IndexInstanceNode, pk=self.kwargs['pk'])
|
index_node_instance = get_object_or_404(IndexInstanceNode, pk=self.kwargs['pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_indexing_view])
|
Permission.check_permissions(self.request.user, [permission_document_indexing_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_indexing_view, self.request.user, index_node_instance.index)
|
AccessEntry.objects.check_access(permission_document_indexing_view, self.request.user, index_node_instance.index)
|
||||||
|
|
||||||
@@ -142,7 +142,7 @@ class APIDocumentIndexListView(generics.ListAPIView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
document = get_object_or_404(Document, pk=self.kwargs['pk'])
|
document = get_object_or_404(Document, pk=self.kwargs['pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_view])
|
Permission.check_permissions(self.request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
|
AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('document_indexing', _('Indexing'))
|
namespace = PermissionNamespace('document_indexing', _('Indexing'))
|
||||||
|
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ from common.widgets import two_state_template
|
|||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from documents.permissions import permission_document_view
|
from documents.permissions import permission_document_view
|
||||||
from documents.views import document_list
|
from documents.views import document_list
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import IndexForm, IndexTemplateNodeForm
|
from .forms import IndexForm, IndexTemplateNodeForm
|
||||||
from .models import Index, IndexInstanceNode, IndexTemplateNode
|
from .models import Index, IndexInstanceNode, IndexTemplateNode
|
||||||
@@ -48,7 +48,7 @@ def index_setup_list(request):
|
|||||||
queryset = Index.objects.all()
|
queryset = Index.objects.all()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_setup])
|
Permission.check_permissions(request.user, [permission_document_indexing_setup])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_setup, request.user, queryset)
|
queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_setup, request.user, queryset)
|
||||||
|
|
||||||
@@ -59,7 +59,7 @@ def index_setup_list(request):
|
|||||||
|
|
||||||
|
|
||||||
def index_setup_create(request):
|
def index_setup_create(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_create])
|
Permission.check_permissions(request.user, [permission_document_indexing_create])
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
form = IndexForm(request.POST)
|
form = IndexForm(request.POST)
|
||||||
@@ -81,7 +81,7 @@ def index_setup_edit(request, index_pk):
|
|||||||
index = get_object_or_404(Index, pk=index_pk)
|
index = get_object_or_404(Index, pk=index_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_edit])
|
Permission.check_permissions(request.user, [permission_document_indexing_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_indexing_create, request.user, index)
|
AccessEntry.objects.check_access(permission_document_indexing_create, request.user, index)
|
||||||
|
|
||||||
@@ -106,7 +106,7 @@ def index_setup_delete(request, index_pk):
|
|||||||
index = get_object_or_404(Index, pk=index_pk)
|
index = get_object_or_404(Index, pk=index_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_delete])
|
Permission.check_permissions(request.user, [permission_document_indexing_delete])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_indexing_delete, request.user, index)
|
AccessEntry.objects.check_access(permission_document_indexing_delete, request.user, index)
|
||||||
|
|
||||||
@@ -142,7 +142,7 @@ def index_setup_view(request, index_pk):
|
|||||||
index = get_object_or_404(Index, pk=index_pk)
|
index = get_object_or_404(Index, pk=index_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_setup])
|
Permission.check_permissions(request.user, [permission_document_indexing_setup])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_indexing_setup, request.user, index)
|
AccessEntry.objects.check_access(permission_document_indexing_setup, request.user, index)
|
||||||
|
|
||||||
@@ -175,7 +175,7 @@ class SetupIndexDocumentTypesView(AssignRemoveView):
|
|||||||
self.index = get_object_or_404(Index, pk=self.kwargs['index_pk'])
|
self.index = get_object_or_404(Index, pk=self.kwargs['index_pk'])
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_edit])
|
Permission.check_permissions(request.user, [permission_document_indexing_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, self.index)
|
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, self.index)
|
||||||
|
|
||||||
@@ -208,7 +208,7 @@ def template_node_create(request, parent_pk):
|
|||||||
parent_node = get_object_or_404(IndexTemplateNode, pk=parent_pk)
|
parent_node = get_object_or_404(IndexTemplateNode, pk=parent_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_edit])
|
Permission.check_permissions(request.user, [permission_document_indexing_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, parent_node.index)
|
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, parent_node.index)
|
||||||
|
|
||||||
@@ -233,7 +233,7 @@ def template_node_edit(request, node_pk):
|
|||||||
node = get_object_or_404(IndexTemplateNode, pk=node_pk)
|
node = get_object_or_404(IndexTemplateNode, pk=node_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_edit])
|
Permission.check_permissions(request.user, [permission_document_indexing_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, node.index)
|
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, node.index)
|
||||||
|
|
||||||
@@ -259,7 +259,7 @@ def template_node_delete(request, node_pk):
|
|||||||
node = get_object_or_404(IndexTemplateNode, pk=node_pk)
|
node = get_object_or_404(IndexTemplateNode, pk=node_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_edit])
|
Permission.check_permissions(request.user, [permission_document_indexing_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, node.index)
|
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, node.index)
|
||||||
|
|
||||||
@@ -309,7 +309,7 @@ def index_list(request):
|
|||||||
queryset = Index.objects.filter(enabled=True)
|
queryset = Index.objects.filter(enabled=True)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_view])
|
Permission.check_permissions(request.user, [permission_document_indexing_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_view, request.user, queryset)
|
queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_view, request.user, queryset)
|
||||||
|
|
||||||
@@ -329,7 +329,7 @@ def index_instance_node_view(request, index_instance_node_pk):
|
|||||||
breadcrumbs = get_breadcrumbs(index_instance)
|
breadcrumbs = get_breadcrumbs(index_instance)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_view])
|
Permission.check_permissions(request.user, [permission_document_indexing_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_indexing_view, request.user, index_instance.index)
|
AccessEntry.objects.check_access(permission_document_indexing_view, request.user, index_instance.index)
|
||||||
|
|
||||||
@@ -371,7 +371,7 @@ def rebuild_index_instances(request):
|
|||||||
"""
|
"""
|
||||||
Confirmation view to execute the tool: do_rebuild_all_indexes
|
Confirmation view to execute the tool: do_rebuild_all_indexes
|
||||||
"""
|
"""
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_indexing_rebuild_indexes])
|
Permission.check_permissions(request.user, [permission_document_indexing_rebuild_indexes])
|
||||||
|
|
||||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
@@ -399,7 +399,7 @@ def document_index_list(request, document_id):
|
|||||||
queryset = document.node_instances.all()
|
queryset = document.node_instances.all()
|
||||||
try:
|
try:
|
||||||
# TODO: should be AND not OR
|
# TODO: should be AND not OR
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view, permission_document_indexing_view])
|
Permission.check_permissions(request.user, [permission_document_view, permission_document_indexing_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_view, request.user, queryset, related='index')
|
queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_view, request.user, queryset, related='index')
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('document_signatures', _('Document signatures'))
|
namespace = PermissionNamespace('document_signatures', _('Document signatures'))
|
||||||
|
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ from acls.models import AccessEntry
|
|||||||
from django_gpg.literals import SIGNATURE_STATE_NONE, SIGNATURE_STATES
|
from django_gpg.literals import SIGNATURE_STATE_NONE, SIGNATURE_STATES
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from filetransfers.api import serve_file
|
from filetransfers.api import serve_file
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import DetachedSignatureForm
|
from .forms import DetachedSignatureForm
|
||||||
from .models import DocumentVersionSignature
|
from .models import DocumentVersionSignature
|
||||||
@@ -33,7 +33,7 @@ def document_verify(request, document_pk):
|
|||||||
document = get_object_or_404(Document, pk=document_pk)
|
document = get_object_or_404(Document, pk=document_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_verify])
|
Permission.check_permissions(request.user, [permission_document_verify])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_verify, request.user, document)
|
AccessEntry.objects.check_access(permission_document_verify, request.user, document)
|
||||||
|
|
||||||
@@ -80,7 +80,7 @@ def document_signature_upload(request, document_pk):
|
|||||||
document = get_object_or_404(Document, pk=document_pk)
|
document = get_object_or_404(Document, pk=document_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_signature_upload])
|
Permission.check_permissions(request.user, [permission_signature_upload])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_signature_upload, request.user, document)
|
AccessEntry.objects.check_access(permission_signature_upload, request.user, document)
|
||||||
|
|
||||||
@@ -116,7 +116,7 @@ def document_signature_download(request, document_pk):
|
|||||||
document = get_object_or_404(Document, pk=document_pk)
|
document = get_object_or_404(Document, pk=document_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_signature_download])
|
Permission.check_permissions(request.user, [permission_signature_download])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_signature_download, request.user, document)
|
AccessEntry.objects.check_access(permission_signature_download, request.user, document)
|
||||||
|
|
||||||
@@ -140,7 +140,7 @@ def document_signature_delete(request, document_pk):
|
|||||||
document = get_object_or_404(Document, pk=document_pk)
|
document = get_object_or_404(Document, pk=document_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_signature_delete])
|
Permission.check_permissions(request.user, [permission_signature_delete])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_signature_delete, request.user, document)
|
AccessEntry.objects.check_access(permission_signature_delete, request.user, document)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('document_states', _('States'))
|
namespace = PermissionNamespace('document_states', _('States'))
|
||||||
|
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ from common.views import (
|
|||||||
SingleObjectEditView, SingleObjectListView
|
SingleObjectEditView, SingleObjectListView
|
||||||
)
|
)
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import (
|
from .forms import (
|
||||||
WorkflowForm, WorkflowInstanceTransitionForm, WorkflowStateForm,
|
WorkflowForm, WorkflowInstanceTransitionForm, WorkflowStateForm,
|
||||||
@@ -32,7 +32,7 @@ from .permissions import (
|
|||||||
class DocumentWorkflowInstanceListView(SingleObjectListView):
|
class DocumentWorkflowInstanceListView(SingleObjectListView):
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_workflow_view])
|
Permission.check_permissions(request.user, [permission_document_workflow_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_workflow_view, request.user, self.get_document())
|
AccessEntry.objects.check_access(permission_document_workflow_view, request.user, self.get_document())
|
||||||
|
|
||||||
@@ -60,7 +60,7 @@ class DocumentWorkflowInstanceListView(SingleObjectListView):
|
|||||||
class WorkflowInstanceDetailView(SingleObjectListView):
|
class WorkflowInstanceDetailView(SingleObjectListView):
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_workflow_view])
|
Permission.check_permissions(request.user, [permission_document_workflow_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_workflow_view, request.user, self.get_workflow_instance().document)
|
AccessEntry.objects.check_access(permission_document_workflow_view, request.user, self.get_workflow_instance().document)
|
||||||
|
|
||||||
@@ -94,7 +94,7 @@ class WorkflowInstanceTransitionView(FormView):
|
|||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_workflow_transition])
|
Permission.check_permissions(request.user, [permission_document_workflow_transition])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_workflow_transition, request.user, self.get_workflow_instance().document)
|
AccessEntry.objects.check_access(permission_document_workflow_transition, request.user, self.get_workflow_instance().document)
|
||||||
|
|
||||||
@@ -175,7 +175,7 @@ class SetupWorkflowDocumentTypesView(AssignRemoveView):
|
|||||||
self.workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
|
self.workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_workflow_edit])
|
Permission.check_permissions(self.request.user, [permission_workflow_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_workflow_edit, self.request.user, self.workflow)
|
AccessEntry.objects.check_access(permission_workflow_edit, self.request.user, self.workflow)
|
||||||
|
|
||||||
@@ -205,7 +205,7 @@ class SetupWorkflowDocumentTypesView(AssignRemoveView):
|
|||||||
class SetupWorkflowStateListView(SingleObjectListView):
|
class SetupWorkflowStateListView(SingleObjectListView):
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_workflow_edit])
|
Permission.check_permissions(request.user, [permission_workflow_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||||
|
|
||||||
@@ -235,7 +235,7 @@ class SetupWorkflowStateCreateView(SingleObjectCreateView):
|
|||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_workflow_edit])
|
Permission.check_permissions(request.user, [permission_workflow_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||||
|
|
||||||
@@ -316,7 +316,7 @@ class SetupWorkflowStateEditView(SingleObjectEditView):
|
|||||||
class SetupWorkflowTransitionListView(SingleObjectListView):
|
class SetupWorkflowTransitionListView(SingleObjectListView):
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_workflow_edit])
|
Permission.check_permissions(request.user, [permission_workflow_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||||
|
|
||||||
@@ -346,7 +346,7 @@ class SetupWorkflowTransitionCreateView(SingleObjectCreateView):
|
|||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_workflow_edit])
|
Permission.check_permissions(request.user, [permission_workflow_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||||
|
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ from converter.exceptions import UnkownConvertError, UnknownFileFormat
|
|||||||
from converter.literals import (
|
from converter.literals import (
|
||||||
DEFAULT_PAGE_NUMBER, DEFAULT_ROTATION, DEFAULT_ZOOM_LEVEL
|
DEFAULT_PAGE_NUMBER, DEFAULT_ROTATION, DEFAULT_ZOOM_LEVEL
|
||||||
)
|
)
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
from rest_api.filters import MayanObjectPermissionsFilter
|
from rest_api.filters import MayanObjectPermissionsFilter
|
||||||
from rest_api.permissions import MayanPermission
|
from rest_api.permissions import MayanPermission
|
||||||
|
|
||||||
@@ -184,7 +184,7 @@ class APIDocumentImageView(generics.GenericAPIView):
|
|||||||
document = get_object_or_404(Document, pk=pk)
|
document = get_object_or_404(Document, pk=pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||||
|
|
||||||
@@ -315,7 +315,7 @@ class APIDocumentTypeDocumentListView(generics.ListAPIView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
document_type = get_object_or_404(DocumentType, pk=self.kwargs['pk'])
|
document_type = get_object_or_404(DocumentType, pk=self.kwargs['pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_type_view])
|
Permission.check_permissions(self.request.user, [permission_document_type_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_type_view, self.request.user, document_type)
|
AccessEntry.objects.check_access(permission_document_type_view, self.request.user, document_type)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('documents', _('Documents'))
|
namespace = PermissionNamespace('documents', _('Documents'))
|
||||||
|
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ from converter.literals import (
|
|||||||
from converter.models import Transformation
|
from converter.models import Transformation
|
||||||
from converter.permissions import permission_transformation_delete
|
from converter.permissions import permission_transformation_delete
|
||||||
from filetransfers.api import serve_file
|
from filetransfers.api import serve_file
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .events import (
|
from .events import (
|
||||||
event_document_properties_edit, event_document_type_change
|
event_document_properties_edit, event_document_type_change
|
||||||
@@ -105,7 +105,7 @@ def document_list(request, object_list=None, title=None, extra_context=None):
|
|||||||
pre_object_list = object_list if not (object_list is None) else Document.objects.all()
|
pre_object_list = object_list if not (object_list is None) else Document.objects.all()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
# If user doesn't have global permission, get a list of document
|
# If user doesn't have global permission, get a list of document
|
||||||
# for which he/she does hace access use it to filter the
|
# for which he/she does hace access use it to filter the
|
||||||
@@ -131,7 +131,7 @@ def document_properties(request, document_id):
|
|||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||||
|
|
||||||
@@ -168,7 +168,7 @@ def document_preview(request, document_id):
|
|||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||||
|
|
||||||
@@ -199,7 +199,7 @@ def document_delete(request, document_id=None, document_id_list=None):
|
|||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_delete])
|
Permission.check_permissions(request.user, [permission_document_delete])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission_document_delete, request.user, documents, exception_on_empty=True)
|
documents = AccessEntry.objects.filter_objects_by_access(permission_document_delete, request.user, documents, exception_on_empty=True)
|
||||||
|
|
||||||
@@ -245,7 +245,7 @@ def document_multiple_delete(request):
|
|||||||
def document_edit(request, document_id):
|
def document_edit(request, document_id):
|
||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_properties_edit])
|
Permission.check_permissions(request.user, [permission_document_properties_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_properties_edit, request.user, document)
|
AccessEntry.objects.check_access(permission_document_properties_edit, request.user, document)
|
||||||
|
|
||||||
@@ -290,7 +290,7 @@ def document_document_type_edit(request, document_id=None, document_id_list=None
|
|||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_properties_edit])
|
Permission.check_permissions(request.user, [permission_document_properties_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission_document_properties_edit, request.user, documents, exception_on_empty=True)
|
documents = AccessEntry.objects.filter_objects_by_access(permission_document_properties_edit, request.user, documents, exception_on_empty=True)
|
||||||
|
|
||||||
@@ -340,7 +340,7 @@ def document_multiple_document_type_edit(request):
|
|||||||
def get_document_image(request, document_id, size=setting_preview_size.value):
|
def get_document_image(request, document_id, size=setting_preview_size.value):
|
||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||||
|
|
||||||
@@ -376,7 +376,7 @@ def document_download(request, document_id=None, document_id_list=None, document
|
|||||||
document_versions = [get_object_or_404(DocumentVersion, pk=document_version_pk)]
|
document_versions = [get_object_or_404(DocumentVersion, pk=document_version_pk)]
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_download])
|
Permission.check_permissions(request.user, [permission_document_download])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
document_versions = AccessEntry.objects.filter_objects_by_access(permission_document_download, request.user, document_versions, related='document', exception_on_empty=True)
|
document_versions = AccessEntry.objects.filter_objects_by_access(permission_document_download, request.user, document_versions, related='document', exception_on_empty=True)
|
||||||
|
|
||||||
@@ -484,7 +484,7 @@ def document_update_page_count(request, document_id=None, document_id_list=None)
|
|||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_tools])
|
Permission.check_permissions(request.user, [permission_document_tools])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission_document_tools, request.user, documents, exception_on_empty=True)
|
documents = AccessEntry.objects.filter_objects_by_access(permission_document_tools, request.user, documents, exception_on_empty=True)
|
||||||
|
|
||||||
@@ -536,7 +536,7 @@ def document_clear_transformations(request, document_id=None, document_id_list=N
|
|||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_transformation_delete])
|
Permission.check_permissions(request.user, [permission_transformation_delete])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission_transformation_delete, request.user, documents, exception_on_empty=True)
|
documents = AccessEntry.objects.filter_objects_by_access(permission_transformation_delete, request.user, documents, exception_on_empty=True)
|
||||||
|
|
||||||
@@ -582,7 +582,7 @@ def document_page_view(request, document_page_id):
|
|||||||
document_page = get_object_or_404(DocumentPage, pk=document_page_id)
|
document_page = get_object_or_404(DocumentPage, pk=document_page_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||||
|
|
||||||
@@ -617,7 +617,7 @@ def document_page_navigation_next(request, document_page_id):
|
|||||||
document_page = get_object_or_404(DocumentPage, pk=document_page_id)
|
document_page = get_object_or_404(DocumentPage, pk=document_page_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||||
|
|
||||||
@@ -635,7 +635,7 @@ def document_page_navigation_previous(request, document_page_id):
|
|||||||
document_page = get_object_or_404(DocumentPage, pk=document_page_id)
|
document_page = get_object_or_404(DocumentPage, pk=document_page_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||||
|
|
||||||
@@ -654,7 +654,7 @@ def document_page_navigation_first(request, document_page_id):
|
|||||||
document_page = get_object_or_404(document_page.siblings, page_number=1)
|
document_page = get_object_or_404(document_page.siblings, page_number=1)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||||
|
|
||||||
@@ -668,7 +668,7 @@ def document_page_navigation_last(request, document_page_id):
|
|||||||
document_page = get_object_or_404(document_page.siblings, page_number=document_page.siblings.count())
|
document_page = get_object_or_404(document_page.siblings, page_number=document_page.siblings.count())
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||||
|
|
||||||
@@ -681,7 +681,7 @@ def transform_page(request, document_page_id, zoom_function=None, rotation_funct
|
|||||||
document_page = get_object_or_404(DocumentPage, pk=document_page_id)
|
document_page = get_object_or_404(DocumentPage, pk=document_page_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||||
|
|
||||||
@@ -744,7 +744,7 @@ def document_print(request, document_id):
|
|||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_print])
|
Permission.check_permissions(request.user, [permission_document_print])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_print, request.user, document)
|
AccessEntry.objects.check_access(permission_document_print, request.user, document)
|
||||||
|
|
||||||
@@ -784,7 +784,7 @@ def document_print(request, document_id):
|
|||||||
|
|
||||||
|
|
||||||
def document_type_list(request):
|
def document_type_list(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_type_view])
|
Permission.check_permissions(request.user, [permission_document_type_view])
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
'object_list': DocumentType.objects.all(),
|
'object_list': DocumentType.objects.all(),
|
||||||
@@ -800,7 +800,7 @@ def document_type_list(request):
|
|||||||
|
|
||||||
|
|
||||||
def document_type_edit(request, document_type_id):
|
def document_type_edit(request, document_type_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_type_edit])
|
Permission.check_permissions(request.user, [permission_document_type_edit])
|
||||||
document_type = get_object_or_404(DocumentType, pk=document_type_id)
|
document_type = get_object_or_404(DocumentType, pk=document_type_id)
|
||||||
|
|
||||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse('documents:document_type_list'))))
|
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse('documents:document_type_list'))))
|
||||||
@@ -827,7 +827,7 @@ def document_type_edit(request, document_type_id):
|
|||||||
|
|
||||||
|
|
||||||
def document_type_delete(request, document_type_id):
|
def document_type_delete(request, document_type_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_type_delete])
|
Permission.check_permissions(request.user, [permission_document_type_delete])
|
||||||
document_type = get_object_or_404(DocumentType, pk=document_type_id)
|
document_type = get_object_or_404(DocumentType, pk=document_type_id)
|
||||||
|
|
||||||
post_action_redirect = reverse('documents:document_type_list')
|
post_action_redirect = reverse('documents:document_type_list')
|
||||||
@@ -860,7 +860,7 @@ def document_type_delete(request, document_type_id):
|
|||||||
|
|
||||||
|
|
||||||
def document_type_create(request):
|
def document_type_create(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_type_create])
|
Permission.check_permissions(request.user, [permission_document_type_create])
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
form = DocumentTypeForm(request.POST)
|
form = DocumentTypeForm(request.POST)
|
||||||
@@ -882,7 +882,7 @@ def document_type_create(request):
|
|||||||
|
|
||||||
|
|
||||||
def document_type_filename_list(request, document_type_id):
|
def document_type_filename_list(request, document_type_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_type_view])
|
Permission.check_permissions(request.user, [permission_document_type_view])
|
||||||
document_type = get_object_or_404(DocumentType, pk=document_type_id)
|
document_type = get_object_or_404(DocumentType, pk=document_type_id)
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
@@ -904,7 +904,7 @@ def document_type_filename_list(request, document_type_id):
|
|||||||
|
|
||||||
|
|
||||||
def document_type_filename_edit(request, document_type_filename_id):
|
def document_type_filename_edit(request, document_type_filename_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_type_edit])
|
Permission.check_permissions(request.user, [permission_document_type_edit])
|
||||||
document_type_filename = get_object_or_404(DocumentTypeFilename, pk=document_type_filename_id)
|
document_type_filename = get_object_or_404(DocumentTypeFilename, pk=document_type_filename_id)
|
||||||
|
|
||||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse('documents:document_type_filename_list', args=[document_type_filename.document_type_id]))))
|
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse('documents:document_type_filename_list', args=[document_type_filename.document_type_id]))))
|
||||||
@@ -936,7 +936,7 @@ def document_type_filename_edit(request, document_type_filename_id):
|
|||||||
|
|
||||||
|
|
||||||
def document_type_filename_delete(request, document_type_filename_id):
|
def document_type_filename_delete(request, document_type_filename_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_type_edit])
|
Permission.check_permissions(request.user, [permission_document_type_edit])
|
||||||
document_type_filename = get_object_or_404(DocumentTypeFilename, pk=document_type_filename_id)
|
document_type_filename = get_object_or_404(DocumentTypeFilename, pk=document_type_filename_id)
|
||||||
|
|
||||||
post_action_redirect = reverse('documents:document_type_filename_list', args=[document_type_filename.document_type_id])
|
post_action_redirect = reverse('documents:document_type_filename_list', args=[document_type_filename.document_type_id])
|
||||||
@@ -971,7 +971,7 @@ def document_type_filename_delete(request, document_type_filename_id):
|
|||||||
|
|
||||||
|
|
||||||
def document_type_filename_create(request, document_type_id):
|
def document_type_filename_create(request, document_type_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_type_edit])
|
Permission.check_permissions(request.user, [permission_document_type_edit])
|
||||||
|
|
||||||
document_type = get_object_or_404(DocumentType, pk=document_type_id)
|
document_type = get_object_or_404(DocumentType, pk=document_type_id)
|
||||||
|
|
||||||
@@ -1002,7 +1002,7 @@ def document_type_filename_create(request, document_type_id):
|
|||||||
|
|
||||||
|
|
||||||
def document_clear_image_cache(request):
|
def document_clear_image_cache(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_tools])
|
Permission.check_permissions(request.user, [permission_document_tools])
|
||||||
|
|
||||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
|
|
||||||
@@ -1022,7 +1022,7 @@ def document_version_list(request, document_pk):
|
|||||||
document = get_object_or_404(Document, pk=document_pk)
|
document = get_object_or_404(Document, pk=document_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||||
|
|
||||||
@@ -1062,7 +1062,7 @@ def document_version_revert(request, document_version_pk):
|
|||||||
document_version = get_object_or_404(DocumentVersion, pk=document_version_pk)
|
document_version = get_object_or_404(DocumentVersion, pk=document_version_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_version_revert])
|
Permission.check_permissions(request.user, [permission_document_version_revert])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_version_revert, request.user, document_version.document)
|
AccessEntry.objects.check_access(permission_document_version_revert, request.user, document_version.document)
|
||||||
|
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ from django.db.models.loading import get_model
|
|||||||
from django.utils.module_loading import import_string
|
from django.utils.module_loading import import_string
|
||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .models import RecentSearch
|
from .models import RecentSearch
|
||||||
from .settings import setting_limit
|
from .settings import setting_limit
|
||||||
@@ -171,7 +171,7 @@ class SearchModel(object):
|
|||||||
|
|
||||||
if self.permission:
|
if self.permission:
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(user, [self.permission])
|
Permission.check_permissions(user, [self.permission])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
queryset = AccessEntry.objects.filter_objects_by_access(self.permission, user, queryset)
|
queryset = AccessEntry.objects.filter_objects_by_access(self.permission, user, queryset)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('events', _('Events'))
|
namespace = PermissionNamespace('events', _('Events'))
|
||||||
permission_events_view = namespace.add_permission(name='events_view', label=_('Access the events of an object'))
|
permission_events_view = namespace.add_permission(name='events_view', label=_('Access the events of an object'))
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ from actstream.models import Action, any_stream
|
|||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from common.utils import encapsulate
|
from common.utils import encapsulate
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .classes import Event
|
from .classes import Event
|
||||||
from .permissions import permission_events_view
|
from .permissions import permission_events_view
|
||||||
@@ -33,7 +33,7 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb=
|
|||||||
content_object = get_object_or_404(model, pk=object_id)
|
content_object = get_object_or_404(model, pk=object_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_events_view])
|
Permission.check_permissions(request.user, [permission_events_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_events_view, request.user, content_object)
|
AccessEntry.objects.check_access(permission_events_view, request.user, content_object)
|
||||||
|
|
||||||
@@ -46,7 +46,7 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb=
|
|||||||
pre_object_list = Action.objects.filter(verb=verb)
|
pre_object_list = Action.objects.filter(verb=verb)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_events_view])
|
Permission.check_permissions(request.user, [permission_events_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
# If user doesn't have global permission, get a list of document
|
# If user doesn't have global permission, get a list of document
|
||||||
# for which he/she does hace access use it to filter the
|
# for which he/she does hace access use it to filter the
|
||||||
@@ -63,7 +63,7 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb=
|
|||||||
pre_object_list = Action.objects.all()
|
pre_object_list = Action.objects.all()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_events_view])
|
Permission.check_permissions(request.user, [permission_events_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
# If user doesn't have global permission, get a list of document
|
# If user doesn't have global permission, get a list of document
|
||||||
# for which he/she does hace access use it to filter the
|
# for which he/she does hace access use it to filter the
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ from rest_framework.response import Response
|
|||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from documents.permissions import permission_document_view
|
from documents.permissions import permission_document_view
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
from rest_api.filters import MayanObjectPermissionsFilter
|
from rest_api.filters import MayanObjectPermissionsFilter
|
||||||
from rest_api.permissions import MayanPermission
|
from rest_api.permissions import MayanPermission
|
||||||
|
|
||||||
@@ -96,7 +96,7 @@ class APIFolderDocumentListView(generics.ListAPIView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_folder_view])
|
Permission.check_permissions(self.request.user, [permission_folder_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_folder_view, self.request.user, folder)
|
AccessEntry.objects.check_access(permission_folder_view, self.request.user, folder)
|
||||||
|
|
||||||
@@ -114,7 +114,7 @@ class APIDocumentFolderListView(generics.ListAPIView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
document = get_object_or_404(Document, pk=self.kwargs['pk'])
|
document = get_object_or_404(Document, pk=self.kwargs['pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_view])
|
Permission.check_permissions(self.request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
|
AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
|
||||||
|
|
||||||
@@ -129,7 +129,7 @@ class APIFolderDocumentView(views.APIView):
|
|||||||
|
|
||||||
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_folder_remove_document])
|
Permission.check_permissions(request.user, [permission_folder_remove_document])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_folder_remove_document, request.user, folder)
|
AccessEntry.objects.check_access(permission_folder_remove_document, request.user, folder)
|
||||||
|
|
||||||
@@ -143,7 +143,7 @@ class APIFolderDocumentView(views.APIView):
|
|||||||
|
|
||||||
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_folder_add_document])
|
Permission.check_permissions(request.user, [permission_folder_add_document])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_folder_add_document, request.user, folder)
|
AccessEntry.objects.check_access(permission_folder_add_document, request.user, folder)
|
||||||
|
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ from django.core.exceptions import PermissionDenied
|
|||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .models import Folder
|
from .models import Folder
|
||||||
from .permissions import permission_folder_view
|
from .permissions import permission_folder_view
|
||||||
@@ -29,7 +29,7 @@ class FolderListForm(forms.Form):
|
|||||||
|
|
||||||
queryset = Folder.objects.all()
|
queryset = Folder.objects.all()
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(user, [permission_folder_view])
|
Permission.check_permissions(user, [permission_folder_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_folder_view, user, queryset)
|
queryset = AccessEntry.objects.filter_objects_by_access(permission_folder_view, user, queryset)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('folders', _('Folders'))
|
namespace = PermissionNamespace('folders', _('Folders'))
|
||||||
|
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ from common.views import SingleObjectListView
|
|||||||
from documents.permissions import permission_document_view
|
from documents.permissions import permission_document_view
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from documents.views import DocumentListView
|
from documents.views import DocumentListView
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import FolderForm, FolderListForm
|
from .forms import FolderForm, FolderListForm
|
||||||
from .models import Folder
|
from .models import Folder
|
||||||
@@ -43,7 +43,7 @@ class FolderListView(SingleObjectListView):
|
|||||||
|
|
||||||
|
|
||||||
def folder_create(request):
|
def folder_create(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_folder_create])
|
Permission.check_permissions(request.user, [permission_folder_create])
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
form = FolderForm(request.POST)
|
form = FolderForm(request.POST)
|
||||||
@@ -68,7 +68,7 @@ def folder_edit(request, folder_id):
|
|||||||
folder = get_object_or_404(Folder, pk=folder_id)
|
folder = get_object_or_404(Folder, pk=folder_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_folder_edit])
|
Permission.check_permissions(request.user, [permission_folder_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_folder_edit, request.user, folder)
|
AccessEntry.objects.check_access(permission_folder_edit, request.user, folder)
|
||||||
|
|
||||||
@@ -95,7 +95,7 @@ def folder_delete(request, folder_id):
|
|||||||
folder = get_object_or_404(Folder, pk=folder_id)
|
folder = get_object_or_404(Folder, pk=folder_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_folder_delete])
|
Permission.check_permissions(request.user, [permission_folder_delete])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_folder_delete, request.user, folder)
|
AccessEntry.objects.check_access(permission_folder_delete, request.user, folder)
|
||||||
|
|
||||||
@@ -131,7 +131,7 @@ class FolderDetailView(DocumentListView):
|
|||||||
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_folder_view])
|
Permission.check_permissions(self.request.user, [permission_folder_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_folder_view, self.request.user, folder)
|
AccessEntry.objects.check_access(permission_folder_view, self.request.user, folder)
|
||||||
|
|
||||||
@@ -159,7 +159,7 @@ def folder_add_document(request, document_id=None, document_id_list=None):
|
|||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_folder_add_document])
|
Permission.check_permissions(request.user, [permission_folder_add_document])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission_folder_add_document, request.user, documents)
|
documents = AccessEntry.objects.filter_objects_by_access(permission_folder_add_document, request.user, documents)
|
||||||
|
|
||||||
@@ -207,7 +207,7 @@ def document_folder_list(request, document_id):
|
|||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||||
|
|
||||||
@@ -220,7 +220,7 @@ def document_folder_list(request, document_id):
|
|||||||
queryset = document.folders.all()
|
queryset = document.folders.all()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_folder_view])
|
Permission.check_permissions(request.user, [permission_folder_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_folder_view, request.user, queryset)
|
queryset = AccessEntry.objects.filter_objects_by_access(permission_folder_view, request.user, queryset)
|
||||||
|
|
||||||
@@ -245,7 +245,7 @@ def folder_document_remove(request, folder_id, document_id=None, document_id_lis
|
|||||||
|
|
||||||
logger.debug('folder_documents (pre permission check): %s', folder_documents)
|
logger.debug('folder_documents (pre permission check): %s', folder_documents)
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_folder_remove_document])
|
Permission.check_permissions(request.user, [permission_folder_remove_document])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
folder_documents = AccessEntry.objects.filter_objects_by_access(permission_folder_remove_document, request.user, folder_documents, exception_on_empty=True)
|
folder_documents = AccessEntry.objects.filter_objects_by_access(permission_folder_remove_document, request.user, folder_documents, exception_on_empty=True)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('installation', _('Installation'))
|
namespace = PermissionNamespace('installation', _('Installation'))
|
||||||
permission_installation_details = namespace.add_permission(name='installation_details', label=_('View installation environment details'))
|
permission_installation_details = namespace.add_permission(name='installation_details', label=_('View installation environment details'))
|
||||||
|
|||||||
@@ -4,14 +4,14 @@ from django.shortcuts import render_to_response
|
|||||||
from django.template import RequestContext
|
from django.template import RequestContext
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .classes import PropertyNamespace
|
from .classes import PropertyNamespace
|
||||||
from .permissions import permission_installation_details
|
from .permissions import permission_installation_details
|
||||||
|
|
||||||
|
|
||||||
def namespace_list(request):
|
def namespace_list(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_installation_details])
|
Permission.check_permissions(request.user, [permission_installation_details])
|
||||||
|
|
||||||
return render_to_response('appearance/generic_list.html', {
|
return render_to_response('appearance/generic_list.html', {
|
||||||
'object_list': PropertyNamespace.get_all(),
|
'object_list': PropertyNamespace.get_all(),
|
||||||
@@ -21,7 +21,7 @@ def namespace_list(request):
|
|||||||
|
|
||||||
|
|
||||||
def namespace_details(request, namespace_id):
|
def namespace_details(request, namespace_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_installation_details])
|
Permission.check_permissions(request.user, [permission_installation_details])
|
||||||
|
|
||||||
namespace = PropertyNamespace.get(namespace_id)
|
namespace = PropertyNamespace.get(namespace_id)
|
||||||
object_list = namespace.get_properties()
|
object_list = namespace.get_properties()
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('linking', _('Smart links'))
|
namespace = PermissionNamespace('linking', _('Smart links'))
|
||||||
|
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ from common.views import AssignRemoveView
|
|||||||
from common.widgets import two_state_template
|
from common.widgets import two_state_template
|
||||||
from documents.models import Document, DocumentType
|
from documents.models import Document, DocumentType
|
||||||
from documents.views import document_list
|
from documents.views import document_list
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import SmartLinkConditionForm, SmartLinkForm
|
from .forms import SmartLinkConditionForm, SmartLinkForm
|
||||||
from .models import SmartLink, SmartLinkCondition
|
from .models import SmartLink, SmartLinkCondition
|
||||||
@@ -41,7 +41,7 @@ class SetupSmartLinkDocumentTypesView(AssignRemoveView):
|
|||||||
self.smart_link = get_object_or_404(SmartLink, pk=self.kwargs['smart_link_pk'])
|
self.smart_link = get_object_or_404(SmartLink, pk=self.kwargs['smart_link_pk'])
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_smart_link_edit])
|
Permission.check_permissions(self.request.user, [permission_smart_link_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_smart_link_edit, self.request.user, self.smart_link)
|
AccessEntry.objects.check_access(permission_smart_link_edit, self.request.user, self.smart_link)
|
||||||
|
|
||||||
@@ -71,7 +71,7 @@ def smart_link_instance_view(request, document_id, smart_link_pk):
|
|||||||
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
|
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_smart_link_view])
|
Permission.check_permissions(request.user, [permission_smart_link_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_smart_link_view, request.user, smart_link)
|
AccessEntry.objects.check_access(permission_smart_link_view, request.user, smart_link)
|
||||||
|
|
||||||
@@ -106,7 +106,7 @@ def smart_link_instances_for_document(request, document_id):
|
|||||||
)
|
)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_smart_link_view])
|
Permission.check_permissions(request.user, [permission_smart_link_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
smart_links = AccessEntry.objects.filter_objects_by_access(permission_smart_link_view, request.user, queryset)
|
smart_links = AccessEntry.objects.filter_objects_by_access(permission_smart_link_view, request.user, queryset)
|
||||||
else:
|
else:
|
||||||
@@ -141,7 +141,7 @@ def smart_link_list(request):
|
|||||||
qs = SmartLink.objects.all()
|
qs = SmartLink.objects.all()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_smart_link_view])
|
Permission.check_permissions(request.user, [permission_smart_link_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
qs = AccessEntry.objects.filter_objects_by_access(permission_smart_link_view, request.user, qs)
|
qs = AccessEntry.objects.filter_objects_by_access(permission_smart_link_view, request.user, qs)
|
||||||
|
|
||||||
@@ -158,7 +158,7 @@ def smart_link_list(request):
|
|||||||
|
|
||||||
|
|
||||||
def smart_link_create(request):
|
def smart_link_create(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_smart_link_create])
|
Permission.check_permissions(request.user, [permission_smart_link_create])
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
form = SmartLinkForm(request.POST)
|
form = SmartLinkForm(request.POST)
|
||||||
@@ -180,7 +180,7 @@ def smart_link_edit(request, smart_link_pk):
|
|||||||
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
|
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_smart_link_edit])
|
Permission.check_permissions(request.user, [permission_smart_link_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_smart_link_edit, request.user, smart_link)
|
AccessEntry.objects.check_access(permission_smart_link_edit, request.user, smart_link)
|
||||||
|
|
||||||
@@ -204,7 +204,7 @@ def smart_link_delete(request, smart_link_pk):
|
|||||||
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
|
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_smart_link_delete])
|
Permission.check_permissions(request.user, [permission_smart_link_delete])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_smart_link_delete, request.user, smart_link)
|
AccessEntry.objects.check_access(permission_smart_link_delete, request.user, smart_link)
|
||||||
|
|
||||||
@@ -235,7 +235,7 @@ def smart_link_condition_list(request, smart_link_pk):
|
|||||||
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
|
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_smart_link_edit])
|
Permission.check_permissions(request.user, [permission_smart_link_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link)
|
AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link)
|
||||||
|
|
||||||
@@ -254,7 +254,7 @@ def smart_link_condition_create(request, smart_link_pk):
|
|||||||
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
|
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_smart_link_edit])
|
Permission.check_permissions(request.user, [permission_smart_link_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link)
|
AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link)
|
||||||
|
|
||||||
@@ -280,7 +280,7 @@ def smart_link_condition_edit(request, smart_link_condition_pk):
|
|||||||
smart_link_condition = get_object_or_404(SmartLinkCondition, pk=smart_link_condition_pk)
|
smart_link_condition = get_object_or_404(SmartLinkCondition, pk=smart_link_condition_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_smart_link_edit])
|
Permission.check_permissions(request.user, [permission_smart_link_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link_condition.smart_link)
|
AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link_condition.smart_link)
|
||||||
|
|
||||||
@@ -311,7 +311,7 @@ def smart_link_condition_delete(request, smart_link_condition_pk):
|
|||||||
smart_link_condition = get_object_or_404(SmartLinkCondition, pk=smart_link_condition_pk)
|
smart_link_condition = get_object_or_404(SmartLinkCondition, pk=smart_link_condition_pk)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_smart_link_edit])
|
Permission.check_permissions(request.user, [permission_smart_link_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link_condition.smart_link)
|
AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link_condition.smart_link)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('mailing', _('Mailing'))
|
namespace = PermissionNamespace('mailing', _('Mailing'))
|
||||||
|
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import DocumentMailForm
|
from .forms import DocumentMailForm
|
||||||
from .permissions import (
|
from .permissions import (
|
||||||
@@ -34,7 +34,7 @@ def send_document_link(request, document_id=None, document_id_list=None, as_atta
|
|||||||
permission = permission_mailing_link
|
permission = permission_mailing_link
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission])
|
Permission.check_permissions(request.user, [permission])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission, request.user, documents)
|
documents = AccessEntry.objects.filter_objects_by_access(permission, request.user, documents)
|
||||||
|
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ from documents.models import Document, DocumentType
|
|||||||
from documents.permissions import (
|
from documents.permissions import (
|
||||||
permission_document_type_view, permission_document_type_edit
|
permission_document_type_view, permission_document_type_edit
|
||||||
)
|
)
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
from rest_api.filters import MayanObjectPermissionsFilter
|
from rest_api.filters import MayanObjectPermissionsFilter
|
||||||
from rest_api.permissions import MayanPermission
|
from rest_api.permissions import MayanPermission
|
||||||
|
|
||||||
@@ -88,7 +88,7 @@ class APIDocumentMetadataListView(generics.ListCreateAPIView):
|
|||||||
if self.request == 'GET':
|
if self.request == 'GET':
|
||||||
# Make sure the use has the permission to see the metadata for this document
|
# Make sure the use has the permission to see the metadata for this document
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_metadata_document_view])
|
Permission.check_permissions(self.request.user, [permission_metadata_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_metadata_document_view, self.request.user, document)
|
AccessEntry.objects.check_access(permission_metadata_document_view, self.request.user, document)
|
||||||
else:
|
else:
|
||||||
@@ -96,7 +96,7 @@ class APIDocumentMetadataListView(generics.ListCreateAPIView):
|
|||||||
elif self.request == 'POST':
|
elif self.request == 'POST':
|
||||||
# Make sure the use has the permission to add metadata to this document
|
# Make sure the use has the permission to add metadata to this document
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_metadata_document_add])
|
Permission.check_permissions(self.request.user, [permission_metadata_document_add])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_metadata_document_add, self.request.user, document)
|
AccessEntry.objects.check_access(permission_metadata_document_add, self.request.user, document)
|
||||||
else:
|
else:
|
||||||
@@ -162,7 +162,7 @@ class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk'])
|
document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_type_view])
|
Permission.check_permissions(self.request.user, [permission_document_type_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_type_view, self.request.user, document_type)
|
AccessEntry.objects.check_access(permission_document_type_view, self.request.user, document_type)
|
||||||
|
|
||||||
@@ -185,7 +185,7 @@ class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView):
|
|||||||
document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk'])
|
document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk'])
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_type_edit])
|
Permission.check_permissions(self.request.user, [permission_document_type_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_type_edit, self.request.user, document_type)
|
AccessEntry.objects.check_access(permission_document_type_edit, self.request.user, document_type)
|
||||||
|
|
||||||
@@ -221,7 +221,7 @@ class APIDocumentTypeMetadataTypeRequiredView(views.APIView):
|
|||||||
|
|
||||||
document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk'])
|
document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_type_edit])
|
Permission.check_permissions(self.request.user, [permission_document_type_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_type_edit, self.request.user, document_type)
|
AccessEntry.objects.check_access(permission_document_type_edit, self.request.user, document_type)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('metadata', _('Metadata'))
|
namespace = PermissionNamespace('metadata', _('Metadata'))
|
||||||
permission_metadata_document_edit = namespace.add_permission(name='metadata_document_edit', label=_('Edit a document\'s metadata'))
|
permission_metadata_document_edit = namespace.add_permission(name='metadata_document_edit', label=_('Edit a document\'s metadata'))
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ from documents.permissions import (
|
|||||||
permission_document_type_edit
|
permission_document_type_edit
|
||||||
)
|
)
|
||||||
from documents.views import DocumentListView
|
from documents.views import DocumentListView
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .api import save_metadata_list
|
from .api import save_metadata_list
|
||||||
from .forms import (
|
from .forms import (
|
||||||
@@ -48,7 +48,7 @@ def metadata_edit(request, document_id=None, document_id_list=None):
|
|||||||
documents = Document.objects.select_related('metadata').filter(pk__in=document_id_list.split(','))
|
documents = Document.objects.select_related('metadata').filter(pk__in=document_id_list.split(','))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_metadata_document_edit])
|
Permission.check_permissions(request.user, [permission_metadata_document_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_edit, request.user, documents)
|
documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_edit, request.user, documents)
|
||||||
|
|
||||||
@@ -156,7 +156,7 @@ def metadata_add(request, document_id=None, document_id_list=None):
|
|||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_metadata_document_add])
|
Permission.check_permissions(request.user, [permission_metadata_document_add])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_add, request.user, documents)
|
documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_add, request.user, documents)
|
||||||
|
|
||||||
@@ -235,7 +235,7 @@ def metadata_remove(request, document_id=None, document_id_list=None):
|
|||||||
documents = Document.objects.select_related('metadata').filter(pk__in=document_id_list.split(','))
|
documents = Document.objects.select_related('metadata').filter(pk__in=document_id_list.split(','))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_metadata_document_remove])
|
Permission.check_permissions(request.user, [permission_metadata_document_remove])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_remove, request.user, documents)
|
documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_remove, request.user, documents)
|
||||||
|
|
||||||
@@ -329,7 +329,7 @@ def metadata_view(request, document_id):
|
|||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_metadata_document_view])
|
Permission.check_permissions(request.user, [permission_metadata_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_metadata_document_view, request.user, document)
|
AccessEntry.objects.check_access(permission_metadata_document_view, request.user, document)
|
||||||
|
|
||||||
@@ -347,7 +347,7 @@ def metadata_view(request, document_id):
|
|||||||
|
|
||||||
# Setup views
|
# Setup views
|
||||||
def setup_metadata_type_list(request):
|
def setup_metadata_type_list(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_metadata_type_view])
|
Permission.check_permissions(request.user, [permission_metadata_type_view])
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
'object_list': MetadataType.objects.all(),
|
'object_list': MetadataType.objects.all(),
|
||||||
@@ -366,7 +366,7 @@ def setup_metadata_type_list(request):
|
|||||||
|
|
||||||
|
|
||||||
def setup_metadata_type_edit(request, metadatatype_id):
|
def setup_metadata_type_edit(request, metadatatype_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_metadata_type_edit])
|
Permission.check_permissions(request.user, [permission_metadata_type_edit])
|
||||||
|
|
||||||
metadata_type = get_object_or_404(MetadataType, pk=metadatatype_id)
|
metadata_type = get_object_or_404(MetadataType, pk=metadatatype_id)
|
||||||
|
|
||||||
@@ -391,7 +391,7 @@ def setup_metadata_type_edit(request, metadatatype_id):
|
|||||||
|
|
||||||
|
|
||||||
def setup_metadata_type_create(request):
|
def setup_metadata_type_create(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_metadata_type_create])
|
Permission.check_permissions(request.user, [permission_metadata_type_create])
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
form = MetadataTypeForm(request.POST)
|
form = MetadataTypeForm(request.POST)
|
||||||
@@ -409,7 +409,7 @@ def setup_metadata_type_create(request):
|
|||||||
|
|
||||||
|
|
||||||
def setup_metadata_type_delete(request, metadatatype_id):
|
def setup_metadata_type_delete(request, metadatatype_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_metadata_type_delete])
|
Permission.check_permissions(request.user, [permission_metadata_type_delete])
|
||||||
|
|
||||||
metadata_type = get_object_or_404(MetadataType, pk=metadatatype_id)
|
metadata_type = get_object_or_404(MetadataType, pk=metadatatype_id)
|
||||||
|
|
||||||
@@ -447,7 +447,7 @@ class SetupDocumentTypeMetadataOptionalView(AssignRemoveView):
|
|||||||
self.document_type.metadata.create(metadata_type=item, required=False)
|
self.document_type.metadata.create(metadata_type=item, required=False)
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_type_edit])
|
Permission.check_permissions(request.user, [permission_document_type_edit])
|
||||||
self.document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_id'])
|
self.document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_id'])
|
||||||
return super(SetupDocumentTypeMetadataOptionalView, self).dispatch(request, *args, **kwargs)
|
return super(SetupDocumentTypeMetadataOptionalView, self).dispatch(request, *args, **kwargs)
|
||||||
|
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ from django.utils.http import urlencode, urlquote
|
|||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
@@ -157,7 +157,7 @@ class Link(object):
|
|||||||
# too
|
# too
|
||||||
if self.permissions:
|
if self.permissions:
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, self.permissions)
|
Permission.check_permissions(request.user, self.permissions)
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
# If the user doesn't have the permission, and we are passed
|
# If the user doesn't have the permission, and we are passed
|
||||||
# an instance, check to see if the user has at least ACL
|
# an instance, check to see if the user has at least ACL
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ from rest_framework.settings import api_settings
|
|||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from documents.models import DocumentVersion
|
from documents.models import DocumentVersion
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
from rest_api.permissions import MayanPermission
|
from rest_api.permissions import MayanPermission
|
||||||
|
|
||||||
from .permissions import permission_ocr_document
|
from .permissions import permission_ocr_document
|
||||||
@@ -30,7 +30,7 @@ class DocumentVersionOCRView(generics.GenericAPIView):
|
|||||||
document_version = get_object_or_404(DocumentVersion, pk=serializer.data['document_version_id'])
|
document_version = get_object_or_404(DocumentVersion, pk=serializer.data['document_version_id'])
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_ocr_document])
|
Permission.check_permissions(request.user, [permission_ocr_document])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_ocr_document, request.user, document_version.document)
|
AccessEntry.objects.check_access(permission_ocr_document, request.user, document_version.document)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('ocr', _('OCR'))
|
namespace = PermissionNamespace('ocr', _('OCR'))
|
||||||
|
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ from django.utils.translation import ugettext_lazy as _, ungettext
|
|||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from common.views import ConfirmView, SingleObjectEditView
|
from common.views import ConfirmView, SingleObjectEditView
|
||||||
from documents.models import Document, DocumentType, DocumentVersion
|
from documents.models import Document, DocumentType, DocumentVersion
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import DocumentContentForm
|
from .forms import DocumentContentForm
|
||||||
from .models import DocumentTypeSettings, DocumentVersionOCRError
|
from .models import DocumentTypeSettings, DocumentVersionOCRError
|
||||||
@@ -38,7 +38,7 @@ class DocumentSubmitView(ConfirmView):
|
|||||||
document = obj
|
document = obj
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_ocr_document])
|
Permission.check_permissions(request.user, [permission_ocr_document])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_ocr_document, request.user, document)
|
AccessEntry.objects.check_access(permission_ocr_document, request.user, document)
|
||||||
|
|
||||||
@@ -102,7 +102,7 @@ def document_content(request, document_id):
|
|||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_ocr_content_view])
|
Permission.check_permissions(request.user, [permission_ocr_content_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_ocr_content_view, request.user, document)
|
AccessEntry.objects.check_access(permission_ocr_content_view, request.user, document)
|
||||||
|
|
||||||
@@ -121,7 +121,7 @@ def document_content(request, document_id):
|
|||||||
|
|
||||||
|
|
||||||
def entry_list(request):
|
def entry_list(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_ocr_document])
|
Permission.check_permissions(request.user, [permission_ocr_document])
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
'object_list': DocumentVersionOCRError.objects.all(),
|
'object_list': DocumentVersionOCRError.objects.all(),
|
||||||
@@ -134,7 +134,7 @@ def entry_list(request):
|
|||||||
|
|
||||||
|
|
||||||
def entry_delete(request, pk=None, pk_list=None):
|
def entry_delete(request, pk=None, pk_list=None):
|
||||||
Permission.objects.check_permissions(request.user, [permission_ocr_document_delete])
|
Permission.check_permissions(request.user, [permission_ocr_document_delete])
|
||||||
|
|
||||||
if pk:
|
if pk:
|
||||||
entries = [get_object_or_404(DocumentVersionOCRError, pk=pk)]
|
entries = [get_object_or_404(DocumentVersionOCRError, pk=pk)]
|
||||||
@@ -183,7 +183,7 @@ def entry_delete_multiple(request):
|
|||||||
|
|
||||||
|
|
||||||
def entry_re_queue(request, pk=None, pk_list=None):
|
def entry_re_queue(request, pk=None, pk_list=None):
|
||||||
Permission.objects.check_permissions(request.user, [permission_ocr_document])
|
Permission.check_permissions(request.user, [permission_ocr_document])
|
||||||
|
|
||||||
if pk:
|
if pk:
|
||||||
entries = [get_object_or_404(DocumentVersionOCRError, pk=pk)]
|
entries = [get_object_or_404(DocumentVersionOCRError, pk=pk)]
|
||||||
|
|||||||
@@ -0,0 +1 @@
|
|||||||
|
from .classes import Permission, PermissionNamespace # NOQA
|
||||||
|
|||||||
@@ -1,7 +1,89 @@
|
|||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.core.exceptions import PermissionDenied
|
||||||
|
|
||||||
from acls.classes import EncapsulatedObject
|
from acls.classes import EncapsulatedObject
|
||||||
|
|
||||||
|
from .models import StoredPermission
|
||||||
|
|
||||||
|
|
||||||
class Member(EncapsulatedObject):
|
class Member(EncapsulatedObject):
|
||||||
source_object_name = 'member_object'
|
source_object_name = 'member_object'
|
||||||
|
|
||||||
|
|
||||||
|
class PermissionNamespace(object):
|
||||||
|
def __init__(self, name, label):
|
||||||
|
self.name = name
|
||||||
|
self.label = label
|
||||||
|
|
||||||
|
def __unicode__(self):
|
||||||
|
return unicode(self.label)
|
||||||
|
|
||||||
|
def add_permission(self, name, label):
|
||||||
|
return Permission(namespace=self, name=name, label=label)
|
||||||
|
|
||||||
|
|
||||||
|
class Permission(object):
|
||||||
|
_stored_permissions_cache = {}
|
||||||
|
_permissions = {}
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def check_permissions(cls, requester, permission_list):
|
||||||
|
for permission in permission_list:
|
||||||
|
if permission.requester_has_this(requester):
|
||||||
|
return True
|
||||||
|
|
||||||
|
logger.debug('no permission')
|
||||||
|
|
||||||
|
raise PermissionDenied(ugettext('Insufficient permissions.'))
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def get_for_holder(cls, holder):
|
||||||
|
return StoredPermission.get_for_holder(holder)
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def all(cls):
|
||||||
|
# Return sorted permisions by namespace.name
|
||||||
|
return sorted(cls._permissions.values(), key=lambda x: x.namespace.name)
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def get(cls, get_dict, proxy_only=False):
|
||||||
|
if 'pk' in get_dict:
|
||||||
|
if proxy_only:
|
||||||
|
return cls._permissions[get_dict['pk']]
|
||||||
|
else:
|
||||||
|
return cls._permissions[get_dict['pk']].stored_permission
|
||||||
|
|
||||||
|
def __init__(self, namespace, name, label):
|
||||||
|
self.namespace = namespace
|
||||||
|
self.name = name
|
||||||
|
self.label = label
|
||||||
|
self.pk = self.uuid
|
||||||
|
self.__class__._permissions[self.uuid] = self
|
||||||
|
|
||||||
|
def __unicode__(self):
|
||||||
|
return unicode(self.label)
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return str(self.__unicode__())
|
||||||
|
|
||||||
|
@property
|
||||||
|
def uuid(self):
|
||||||
|
return '%s.%s' % (self.namespace.name, self.name)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def stored_permission(self):
|
||||||
|
try:
|
||||||
|
return self.__class__._stored_permissions_cache[self]
|
||||||
|
except KeyError:
|
||||||
|
stored_permission, created = StoredPermission.objects.get_or_create(
|
||||||
|
namespace=self.namespace.name,
|
||||||
|
name=self.name,
|
||||||
|
)
|
||||||
|
stored_permission.volatile_permission = self
|
||||||
|
self.__class__._stored_permissions_cache[self] = stored_permission
|
||||||
|
return stored_permission
|
||||||
|
|
||||||
|
def requester_has_this(self, requester):
|
||||||
|
stored_permission = self.stored_permission
|
||||||
|
return stored_permission.requester_has_this(requester)
|
||||||
|
|||||||
@@ -19,114 +19,6 @@ from .managers import RoleMemberManager, StoredPermissionManager
|
|||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class PermissionNamespace(object):
|
|
||||||
def __init__(self, name, label):
|
|
||||||
self.name = name
|
|
||||||
self.label = label
|
|
||||||
|
|
||||||
def __unicode__(self):
|
|
||||||
return unicode(self.label)
|
|
||||||
|
|
||||||
def add_permission(self, name, label):
|
|
||||||
return Permission(namespace=self, name=name, label=label)
|
|
||||||
|
|
||||||
|
|
||||||
class PermissionDoesNotExists(Exception):
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class PermissionManager(object):
|
|
||||||
_permissions = {}
|
|
||||||
DoesNotExist = PermissionDoesNotExists()
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def register(cls, namespace, name, label):
|
|
||||||
permission = Permission(namespace, name, label)
|
|
||||||
cls._permissions[permission.uuid] = permission
|
|
||||||
return permission
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def check_permissions(cls, requester, permission_list):
|
|
||||||
for permission in permission_list:
|
|
||||||
if permission.requester_has_this(requester):
|
|
||||||
return True
|
|
||||||
|
|
||||||
logger.debug('no permission')
|
|
||||||
|
|
||||||
raise PermissionDenied(ugettext('Insufficient permissions.'))
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def get_for_holder(cls, holder):
|
|
||||||
return StoredPermission.objects.get_for_holder(holder)
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def all(cls):
|
|
||||||
# Return sorted permisions by namespace.name
|
|
||||||
return sorted(cls._permissions.values(), key=lambda x: x.namespace.name)
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def get(cls, get_dict, proxy_only=False):
|
|
||||||
if 'pk' in get_dict:
|
|
||||||
try:
|
|
||||||
if proxy_only:
|
|
||||||
return cls._permissions[get_dict['pk']]
|
|
||||||
else:
|
|
||||||
return cls._permissions[get_dict['pk']].get_stored_permission()
|
|
||||||
except KeyError:
|
|
||||||
raise Permission.DoesNotExist
|
|
||||||
|
|
||||||
def __init__(self, model):
|
|
||||||
self.model = model
|
|
||||||
|
|
||||||
|
|
||||||
class Permission(object):
|
|
||||||
_stored_permissions_cache = {}
|
|
||||||
|
|
||||||
DoesNotExist = PermissionDoesNotExists
|
|
||||||
|
|
||||||
def __init__(self, namespace, name, label):
|
|
||||||
self.namespace = namespace
|
|
||||||
self.name = name
|
|
||||||
self.label = label
|
|
||||||
self.pk = self.uuid
|
|
||||||
|
|
||||||
def __unicode__(self):
|
|
||||||
return unicode(self.label)
|
|
||||||
|
|
||||||
def __str__(self):
|
|
||||||
return str(self.__unicode__())
|
|
||||||
|
|
||||||
@property
|
|
||||||
def uuid(self):
|
|
||||||
return '%s.%s' % (self.namespace.name, self.name)
|
|
||||||
|
|
||||||
@property
|
|
||||||
def stored_permission(self):
|
|
||||||
return self.get_stored_permission()
|
|
||||||
|
|
||||||
def get_stored_permission(self):
|
|
||||||
try:
|
|
||||||
return self.__class__._stored_permissions_cache[self]
|
|
||||||
except KeyError:
|
|
||||||
stored_permission, created = StoredPermission.objects.get_or_create(
|
|
||||||
namespace=self.namespace.name,
|
|
||||||
name=self.name,
|
|
||||||
)
|
|
||||||
stored_permission.volatile_permission = self
|
|
||||||
self.__class__._stored_permissions_cache[self] = stored_permission
|
|
||||||
return stored_permission
|
|
||||||
|
|
||||||
def requester_has_this(self, requester):
|
|
||||||
stored_permission = self.get_stored_permission()
|
|
||||||
return stored_permission.requester_has_this(requester)
|
|
||||||
|
|
||||||
def save(self, *args, **kwargs):
|
|
||||||
return self.get_stored_permission()
|
|
||||||
|
|
||||||
Permission.objects = PermissionManager(Permission)
|
|
||||||
Permission._default_manager = Permission.objects
|
|
||||||
|
|
||||||
|
|
||||||
@python_2_unicode_compatible
|
@python_2_unicode_compatible
|
||||||
class StoredPermission(models.Model):
|
class StoredPermission(models.Model):
|
||||||
namespace = models.CharField(max_length=64, verbose_name=_('Namespace'))
|
namespace = models.CharField(max_length=64, verbose_name=_('Namespace'))
|
||||||
@@ -141,10 +33,12 @@ class StoredPermission(models.Model):
|
|||||||
verbose_name_plural = _('Permissions')
|
verbose_name_plural = _('Permissions')
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
|
from .classes import Permission
|
||||||
|
|
||||||
super(StoredPermission, self).__init__(*args, **kwargs)
|
super(StoredPermission, self).__init__(*args, **kwargs)
|
||||||
try:
|
try:
|
||||||
self.volatile_permission = Permission.objects.get({'pk': '%s.%s' % (self.namespace, self.name)}, proxy_only=True)
|
self.volatile_permission = Permission.get({'pk': '%s.%s' % (self.namespace, self.name)}, proxy_only=True)
|
||||||
except Permission.DoesNotExist:
|
except KeyError:
|
||||||
# Must be a deprecated permission in the database that is no
|
# Must be a deprecated permission in the database that is no
|
||||||
# longer used in the current code
|
# longer used in the current code
|
||||||
pass
|
pass
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from .models import PermissionNamespace
|
from . import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('permissions', _('Permissions'))
|
namespace = PermissionNamespace('permissions', _('Permissions'))
|
||||||
|
|
||||||
|
|||||||
@@ -21,9 +21,9 @@ from common.views import (
|
|||||||
from common.utils import encapsulate
|
from common.utils import encapsulate
|
||||||
from common.widgets import two_state_template
|
from common.widgets import two_state_template
|
||||||
|
|
||||||
from .classes import Member
|
from .classes import Member, Permission
|
||||||
from .forms import RoleForm, RoleForm_view
|
from .forms import RoleForm, RoleForm_view
|
||||||
from .models import Permission, Role
|
from .models import Role
|
||||||
from .permissions import (
|
from .permissions import (
|
||||||
permission_permission_grant, permission_permission_revoke,
|
permission_permission_grant, permission_permission_revoke,
|
||||||
permission_role_view, permission_role_create, permission_role_delete,
|
permission_role_view, permission_role_create, permission_role_delete,
|
||||||
@@ -58,7 +58,7 @@ class SetupRoleMembersView(AssignRemoveView):
|
|||||||
self.role.add_member(member)
|
self.role.add_member(member)
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
Permission.objects.check_permissions(request.user, [permission_role_edit])
|
Permission.check_permissions(request.user, [permission_role_edit])
|
||||||
self.role = get_object_or_404(Role, pk=self.kwargs['role_id'])
|
self.role = get_object_or_404(Role, pk=self.kwargs['role_id'])
|
||||||
self.left_list_title = _('Non members of role: %s') % self.role
|
self.left_list_title = _('Non members of role: %s') % self.role
|
||||||
self.right_list_title = _('Members of role: %s') % self.role
|
self.right_list_title = _('Members of role: %s') % self.role
|
||||||
@@ -85,7 +85,7 @@ class SetupRoleMembersView(AssignRemoveView):
|
|||||||
|
|
||||||
|
|
||||||
def role_list(request):
|
def role_list(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_role_view])
|
Permission.check_permissions(request.user, [permission_role_view])
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
'object_list': Role.objects.all(),
|
'object_list': Role.objects.all(),
|
||||||
@@ -98,46 +98,35 @@ def role_list(request):
|
|||||||
|
|
||||||
|
|
||||||
def role_permissions(request, role_id):
|
def role_permissions(request, role_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_permission_grant, permission_permission_revoke])
|
Permission.check_permissions(request.user, [permission_permission_grant, permission_permission_revoke])
|
||||||
|
|
||||||
role = get_object_or_404(Role, pk=role_id)
|
role = get_object_or_404(Role, pk=role_id)
|
||||||
form = RoleForm_view(instance=role)
|
|
||||||
|
|
||||||
subtemplates_list = [
|
return render_to_response('appearance/generic_list.html', {
|
||||||
{
|
|
||||||
'name': 'appearance/generic_list_subtemplate.html',
|
|
||||||
'context': {
|
|
||||||
'title': _('Permissions'),
|
|
||||||
'object_list': Permission.objects.all(),
|
|
||||||
'extra_columns': [
|
|
||||||
{'name': _('Namespace'), 'attribute': encapsulate(lambda x: x.namespace)},
|
|
||||||
{'name': _('Name'), 'attribute': encapsulate(lambda x: x.label)},
|
|
||||||
{
|
|
||||||
'name': _('Has permission'),
|
|
||||||
'attribute': encapsulate(lambda x: two_state_template(x.requester_has_this(role))),
|
|
||||||
},
|
|
||||||
],
|
|
||||||
'hide_link': True,
|
|
||||||
'hide_object': True,
|
|
||||||
}
|
|
||||||
},
|
|
||||||
]
|
|
||||||
|
|
||||||
return render_to_response('appearance/generic_form.html', {
|
|
||||||
'form': form,
|
|
||||||
'object': role,
|
'object': role,
|
||||||
'subtemplates_list': subtemplates_list,
|
|
||||||
'multi_select_item_properties': {
|
'multi_select_item_properties': {
|
||||||
'permission_id': lambda x: x.pk,
|
'permission_id': lambda x: x.pk,
|
||||||
'requester_id': lambda x: role.pk,
|
'requester_id': lambda x: role.pk,
|
||||||
'requester_app_label': lambda x: ContentType.objects.get_for_model(role).app_label,
|
'requester_app_label': lambda x: ContentType.objects.get_for_model(role).app_label,
|
||||||
'requester_model': lambda x: ContentType.objects.get_for_model(role).model,
|
'requester_model': lambda x: ContentType.objects.get_for_model(role).model,
|
||||||
},
|
},
|
||||||
|
'title': _('Permissions for: %s') % role,
|
||||||
|
'object_list': Permission.all(),
|
||||||
|
'extra_columns': [
|
||||||
|
{'name': _('Namespace'), 'attribute': encapsulate(lambda x: x.namespace)},
|
||||||
|
{'name': _('Name'), 'attribute': encapsulate(lambda x: x.label)},
|
||||||
|
{
|
||||||
|
'name': _('Has permission'),
|
||||||
|
'attribute': encapsulate(lambda x: two_state_template(x.requester_has_this(role))),
|
||||||
|
},
|
||||||
|
],
|
||||||
|
'hide_link': True,
|
||||||
|
'hide_object': True,
|
||||||
}, context_instance=RequestContext(request))
|
}, context_instance=RequestContext(request))
|
||||||
|
|
||||||
|
|
||||||
def permission_grant(request):
|
def permission_grant(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_permission_grant])
|
Permission.check_permissions(request.user, [permission_permission_grant])
|
||||||
items_property_list = loads(request.GET.get('items_property_list', []))
|
items_property_list = loads(request.GET.get('items_property_list', []))
|
||||||
|
|
||||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
@@ -146,7 +135,7 @@ def permission_grant(request):
|
|||||||
items = []
|
items = []
|
||||||
for item_properties in items_property_list:
|
for item_properties in items_property_list:
|
||||||
try:
|
try:
|
||||||
permission = Permission.objects.get({'pk': item_properties['permission_id']})
|
permission = Permission.get({'pk': item_properties['permission_id']})
|
||||||
except Permission.DoesNotExist:
|
except Permission.DoesNotExist:
|
||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
@@ -197,7 +186,7 @@ def permission_grant(request):
|
|||||||
|
|
||||||
|
|
||||||
def permission_revoke(request):
|
def permission_revoke(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_permission_revoke])
|
Permission.check_permissions(request.user, [permission_permission_revoke])
|
||||||
items_property_list = loads(request.GET.get('items_property_list', []))
|
items_property_list = loads(request.GET.get('items_property_list', []))
|
||||||
|
|
||||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))
|
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))
|
||||||
@@ -206,7 +195,7 @@ def permission_revoke(request):
|
|||||||
items = []
|
items = []
|
||||||
for item_properties in items_property_list:
|
for item_properties in items_property_list:
|
||||||
try:
|
try:
|
||||||
permission = Permission.objects.get({'pk': item_properties['permission_id']})
|
permission = Permission.get({'pk': item_properties['permission_id']})
|
||||||
except Permission.DoesNotExist:
|
except Permission.DoesNotExist:
|
||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ from django.core.exceptions import PermissionDenied
|
|||||||
from rest_framework.filters import BaseFilterBackend
|
from rest_framework.filters import BaseFilterBackend
|
||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
|
|
||||||
class MayanObjectPermissionsFilter(BaseFilterBackend):
|
class MayanObjectPermissionsFilter(BaseFilterBackend):
|
||||||
@@ -14,7 +14,7 @@ class MayanObjectPermissionsFilter(BaseFilterBackend):
|
|||||||
|
|
||||||
if required_permission:
|
if required_permission:
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, required_permission)
|
Permission.check_permissions(request.user, required_permission)
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
return AccessEntry.objects.filter_objects_by_access(required_permission[0], request.user, queryset)
|
return AccessEntry.objects.filter_objects_by_access(required_permission[0], request.user, queryset)
|
||||||
else:
|
else:
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ from django.core.exceptions import PermissionDenied
|
|||||||
from rest_framework.permissions import BasePermission
|
from rest_framework.permissions import BasePermission
|
||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
|
|
||||||
class MayanPermission(BasePermission):
|
class MayanPermission(BasePermission):
|
||||||
@@ -16,7 +16,7 @@ class MayanPermission(BasePermission):
|
|||||||
|
|
||||||
if required_permission:
|
if required_permission:
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, required_permission)
|
Permission.check_permissions(request.user, required_permission)
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
return False
|
return False
|
||||||
else:
|
else:
|
||||||
@@ -29,7 +29,7 @@ class MayanPermission(BasePermission):
|
|||||||
|
|
||||||
if required_permission:
|
if required_permission:
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, required_permission)
|
Permission.check_permissions(request.user, required_permission)
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
try:
|
try:
|
||||||
if hasattr(view, 'mayan_permission_attribute_check'):
|
if hasattr(view, 'mayan_permission_attribute_check'):
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('sources_setup', _('Sources setup'))
|
namespace = PermissionNamespace('sources_setup', _('Sources setup'))
|
||||||
permission_sources_setup_create = namespace.add_permission(name='sources_setup_create', label=_('Create new document sources'))
|
permission_sources_setup_create = namespace.add_permission(name='sources_setup_create', label=_('Create new document sources'))
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ from documents.permissions import (
|
|||||||
from documents.tasks import task_upload_new_version
|
from documents.tasks import task_upload_new_version
|
||||||
from metadata.api import decode_metadata_from_url
|
from metadata.api import decode_metadata_from_url
|
||||||
from navigation import Link
|
from navigation import Link
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import (
|
from .forms import (
|
||||||
NewDocumentForm, NewVersionForm
|
NewDocumentForm, NewVersionForm
|
||||||
@@ -73,7 +73,7 @@ class SourceLogListView(ParentChildListView):
|
|||||||
|
|
||||||
|
|
||||||
def document_create_siblings(request, document_id):
|
def document_create_siblings(request, document_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_create])
|
Permission.check_permissions(request.user, [permission_document_create])
|
||||||
|
|
||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
query_dict = {}
|
query_dict = {}
|
||||||
@@ -192,7 +192,7 @@ class UploadInteractiveView(UploadBaseView):
|
|||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
self.subtemplates_list = []
|
self.subtemplates_list = []
|
||||||
|
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_create])
|
Permission.check_permissions(request.user, [permission_document_create])
|
||||||
|
|
||||||
self.document_type = get_object_or_404(DocumentType, pk=self.request.GET.get('document_type_id', self.request.POST.get('document_type_id')))
|
self.document_type = get_object_or_404(DocumentType, pk=self.request.GET.get('document_type_id', self.request.POST.get('document_type_id')))
|
||||||
|
|
||||||
@@ -275,7 +275,7 @@ class UploadInteractiveVersionView(UploadBaseView):
|
|||||||
|
|
||||||
self.document = get_object_or_404(Document, pk=kwargs['document_pk'])
|
self.document = get_object_or_404(Document, pk=kwargs['document_pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_new_version])
|
Permission.check_permissions(self.request.user, [permission_document_new_version])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_new_version, self.request.user, self.document)
|
AccessEntry.objects.check_access(permission_document_new_version, self.request.user, self.document)
|
||||||
|
|
||||||
@@ -336,7 +336,7 @@ class UploadInteractiveVersionView(UploadBaseView):
|
|||||||
|
|
||||||
|
|
||||||
def staging_file_delete(request, staging_folder_pk, encoded_filename):
|
def staging_file_delete(request, staging_folder_pk, encoded_filename):
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_create, permission_document_new_version])
|
Permission.check_permissions(request.user, [permission_document_create, permission_document_new_version])
|
||||||
staging_folder = get_object_or_404(StagingFolderSource, pk=staging_folder_pk)
|
staging_folder = get_object_or_404(StagingFolderSource, pk=staging_folder_pk)
|
||||||
|
|
||||||
staging_file = staging_folder.get_file(encoded_filename=encoded_filename)
|
staging_file = staging_folder.get_file(encoded_filename=encoded_filename)
|
||||||
@@ -365,7 +365,7 @@ def staging_file_delete(request, staging_folder_pk, encoded_filename):
|
|||||||
|
|
||||||
# Setup views
|
# Setup views
|
||||||
def setup_source_list(request):
|
def setup_source_list(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_sources_setup_view])
|
Permission.check_permissions(request.user, [permission_sources_setup_view])
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
'object_list': Source.objects.select_subclasses(),
|
'object_list': Source.objects.select_subclasses(),
|
||||||
@@ -388,7 +388,7 @@ def setup_source_list(request):
|
|||||||
|
|
||||||
|
|
||||||
def setup_source_edit(request, source_id):
|
def setup_source_edit(request, source_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_sources_setup_edit])
|
Permission.check_permissions(request.user, [permission_sources_setup_edit])
|
||||||
|
|
||||||
source = get_object_or_404(Source.objects.select_subclasses(), pk=source_id)
|
source = get_object_or_404(Source.objects.select_subclasses(), pk=source_id)
|
||||||
form_class = get_form_class(source.source_type)
|
form_class = get_form_class(source.source_type)
|
||||||
@@ -418,7 +418,7 @@ def setup_source_edit(request, source_id):
|
|||||||
|
|
||||||
|
|
||||||
def setup_source_delete(request, source_id):
|
def setup_source_delete(request, source_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_sources_setup_delete])
|
Permission.check_permissions(request.user, [permission_sources_setup_delete])
|
||||||
source = get_object_or_404(Source.objects.select_subclasses(), pk=source_id)
|
source = get_object_or_404(Source.objects.select_subclasses(), pk=source_id)
|
||||||
redirect_view = reverse('sources:setup_source_list')
|
redirect_view = reverse('sources:setup_source_list')
|
||||||
|
|
||||||
@@ -448,7 +448,7 @@ def setup_source_delete(request, source_id):
|
|||||||
|
|
||||||
|
|
||||||
def setup_source_create(request, source_type):
|
def setup_source_create(request, source_type):
|
||||||
Permission.objects.check_permissions(request.user, [permission_sources_setup_create])
|
Permission.check_permissions(request.user, [permission_sources_setup_create])
|
||||||
|
|
||||||
cls = get_class(source_type)
|
cls = get_class(source_type)
|
||||||
form_class = get_form_class(source_type)
|
form_class = get_form_class(source_type)
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ from rest_framework.response import Response
|
|||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from documents.permissions import permission_document_view
|
from documents.permissions import permission_document_view
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
from rest_api.filters import MayanObjectPermissionsFilter
|
from rest_api.filters import MayanObjectPermissionsFilter
|
||||||
from rest_api.permissions import MayanPermission
|
from rest_api.permissions import MayanPermission
|
||||||
|
|
||||||
@@ -75,7 +75,7 @@ class APITagDocumentListView(generics.ListAPIView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
tag = get_object_or_404(Tag, pk=self.kwargs['pk'])
|
tag = get_object_or_404(Tag, pk=self.kwargs['pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_tag_view])
|
Permission.check_permissions(self.request.user, [permission_tag_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_tag_view, self.request.user, tag)
|
AccessEntry.objects.check_access(permission_tag_view, self.request.user, tag)
|
||||||
|
|
||||||
@@ -96,7 +96,7 @@ class APIDocumentTagListView(generics.ListAPIView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
document = get_object_or_404(Document, pk=self.kwargs['pk'])
|
document = get_object_or_404(Document, pk=self.kwargs['pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(self.request.user, [permission_document_view])
|
Permission.check_permissions(self.request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
|
AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
|
||||||
|
|
||||||
@@ -112,7 +112,7 @@ class APIDocumentTagView(views.APIView):
|
|||||||
|
|
||||||
document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
|
document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_tag_remove])
|
Permission.check_permissions(request.user, [permission_tag_remove])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_tag_remove, request.user, document)
|
AccessEntry.objects.check_access(permission_tag_remove, request.user, document)
|
||||||
|
|
||||||
@@ -127,7 +127,7 @@ class APIDocumentTagView(views.APIView):
|
|||||||
|
|
||||||
document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
|
document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_tag_attach])
|
Permission.check_permissions(request.user, [permission_tag_attach])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_tag_attach, request.user, document)
|
AccessEntry.objects.check_access(permission_tag_attach, request.user, document)
|
||||||
|
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ from django.core.exceptions import PermissionDenied
|
|||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from acls.models import AccessEntry
|
from acls.models import AccessEntry
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .models import Tag
|
from .models import Tag
|
||||||
from .permissions import permission_tag_view
|
from .permissions import permission_tag_view
|
||||||
@@ -33,7 +33,7 @@ class TagListForm(forms.Form):
|
|||||||
|
|
||||||
queryset = Tag.objects.all()
|
queryset = Tag.objects.all()
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(user, [permission_tag_view])
|
Permission.check_permissions(user, [permission_tag_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_tag_view, user, queryset)
|
queryset = AccessEntry.objects.filter_objects_by_access(permission_tag_view, user, queryset)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('tags', _('Tags'))
|
namespace = PermissionNamespace('tags', _('Tags'))
|
||||||
|
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ from acls.utils import apply_default_acls
|
|||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from documents.views import DocumentListView
|
from documents.views import DocumentListView
|
||||||
from documents.permissions import permission_document_view
|
from documents.permissions import permission_document_view
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import TagForm, TagListForm
|
from .forms import TagForm, TagListForm
|
||||||
from .models import Tag
|
from .models import Tag
|
||||||
@@ -30,7 +30,7 @@ logger = logging.getLogger(__name__)
|
|||||||
|
|
||||||
|
|
||||||
def tag_create(request):
|
def tag_create(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_tag_create])
|
Permission.check_permissions(request.user, [permission_tag_create])
|
||||||
redirect_url = reverse('tags:tag_list')
|
redirect_url = reverse('tags:tag_list')
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
@@ -61,7 +61,7 @@ def tag_attach(request, document_id=None, document_id_list=None):
|
|||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_tag_attach])
|
Permission.check_permissions(request.user, [permission_tag_attach])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission_tag_attach, request.user, documents)
|
documents = AccessEntry.objects.filter_objects_by_access(permission_tag_attach, request.user, documents)
|
||||||
|
|
||||||
@@ -123,7 +123,7 @@ def tag_list(request, queryset=None, extra_context=None):
|
|||||||
queryset = queryset if not (queryset is None) else Tag.objects.all()
|
queryset = queryset if not (queryset is None) else Tag.objects.all()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_tag_view])
|
Permission.check_permissions(request.user, [permission_tag_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_tag_view, request.user, queryset)
|
queryset = AccessEntry.objects.filter_objects_by_access(permission_tag_view, request.user, queryset)
|
||||||
|
|
||||||
@@ -146,7 +146,7 @@ def tag_delete(request, tag_id=None, tag_id_list=None):
|
|||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_tag_delete])
|
Permission.check_permissions(request.user, [permission_tag_delete])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
tags = AccessEntry.objects.filter_objects_by_access(permission_tag_delete, request.user, tags)
|
tags = AccessEntry.objects.filter_objects_by_access(permission_tag_delete, request.user, tags)
|
||||||
|
|
||||||
@@ -194,7 +194,7 @@ def tag_edit(request, tag_id):
|
|||||||
tag = get_object_or_404(Tag, pk=tag_id)
|
tag = get_object_or_404(Tag, pk=tag_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_tag_edit])
|
Permission.check_permissions(request.user, [permission_tag_edit])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_tag_edit, request.user, tag)
|
AccessEntry.objects.check_access(permission_tag_edit, request.user, tag)
|
||||||
|
|
||||||
@@ -233,7 +233,7 @@ def document_tags(request, document_id):
|
|||||||
document = get_object_or_404(Document, pk=document_id)
|
document = get_object_or_404(Document, pk=document_id)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_document_view])
|
Permission.check_permissions(request.user, [permission_document_view])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||||
|
|
||||||
@@ -256,7 +256,7 @@ def tag_remove(request, document_id=None, document_id_list=None, tag_id=None, ta
|
|||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Permission.objects.check_permissions(request.user, [permission_tag_remove])
|
Permission.check_permissions(request.user, [permission_tag_remove])
|
||||||
except PermissionDenied:
|
except PermissionDenied:
|
||||||
documents = AccessEntry.objects.filter_objects_by_access(permission_tag_remove, request.user, documents, exception_on_empty=True)
|
documents = AccessEntry.objects.filter_objects_by_access(permission_tag_remove, request.user, documents, exception_on_empty=True)
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from permissions.models import PermissionNamespace
|
from permissions import PermissionNamespace
|
||||||
|
|
||||||
namespace = PermissionNamespace('user_management', _('User management'))
|
namespace = PermissionNamespace('user_management', _('User management'))
|
||||||
|
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||||||
from common.utils import encapsulate
|
from common.utils import encapsulate
|
||||||
from common.views import AssignRemoveView
|
from common.views import AssignRemoveView
|
||||||
from common.widgets import two_state_template
|
from common.widgets import two_state_template
|
||||||
from permissions.models import Permission
|
from permissions import Permission
|
||||||
|
|
||||||
from .forms import GroupForm, PasswordForm, UserForm
|
from .forms import GroupForm, PasswordForm, UserForm
|
||||||
from .permissions import (
|
from .permissions import (
|
||||||
@@ -24,7 +24,7 @@ from .permissions import (
|
|||||||
|
|
||||||
|
|
||||||
def user_list(request):
|
def user_list(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_user_view])
|
Permission.check_permissions(request.user, [permission_user_view])
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
'object_list': get_user_model().objects.exclude(is_superuser=True).exclude(is_staff=True).order_by('username'),
|
'object_list': get_user_model().objects.exclude(is_superuser=True).exclude(is_staff=True).order_by('username'),
|
||||||
@@ -55,7 +55,7 @@ def user_list(request):
|
|||||||
|
|
||||||
|
|
||||||
def user_edit(request, user_id):
|
def user_edit(request, user_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_user_edit])
|
Permission.check_permissions(request.user, [permission_user_edit])
|
||||||
user = get_object_or_404(User, pk=user_id)
|
user = get_object_or_404(User, pk=user_id)
|
||||||
|
|
||||||
if user.is_superuser or user.is_staff:
|
if user.is_superuser or user.is_staff:
|
||||||
@@ -79,7 +79,7 @@ def user_edit(request, user_id):
|
|||||||
|
|
||||||
|
|
||||||
def user_add(request):
|
def user_add(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_user_create])
|
Permission.check_permissions(request.user, [permission_user_create])
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
form = UserForm(request.POST)
|
form = UserForm(request.POST)
|
||||||
@@ -99,7 +99,7 @@ def user_add(request):
|
|||||||
|
|
||||||
|
|
||||||
def user_delete(request, user_id=None, user_id_list=None):
|
def user_delete(request, user_id=None, user_id_list=None):
|
||||||
Permission.objects.check_permissions(request.user, [permission_user_delete])
|
Permission.check_permissions(request.user, [permission_user_delete])
|
||||||
post_action_redirect = None
|
post_action_redirect = None
|
||||||
|
|
||||||
if user_id:
|
if user_id:
|
||||||
@@ -151,7 +151,7 @@ def user_multiple_delete(request):
|
|||||||
|
|
||||||
|
|
||||||
def user_set_password(request, user_id=None, user_id_list=None):
|
def user_set_password(request, user_id=None, user_id_list=None):
|
||||||
Permission.objects.check_permissions(request.user, [permission_user_edit])
|
Permission.check_permissions(request.user, [permission_user_edit])
|
||||||
post_action_redirect = None
|
post_action_redirect = None
|
||||||
|
|
||||||
if user_id:
|
if user_id:
|
||||||
@@ -226,7 +226,7 @@ class UserGroupsView(AssignRemoveView):
|
|||||||
item.user_set.add(self.user)
|
item.user_set.add(self.user)
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
Permission.objects.check_permissions(request.user, [permission_user_edit])
|
Permission.check_permissions(request.user, [permission_user_edit])
|
||||||
self.user = get_object_or_404(User, pk=self.kwargs['user_id'])
|
self.user = get_object_or_404(User, pk=self.kwargs['user_id'])
|
||||||
self.left_list_title = _('Non groups of user: %s') % self.user
|
self.left_list_title = _('Non groups of user: %s') % self.user
|
||||||
self.right_list_title = _('Groups of user: %s') % self.user
|
self.right_list_title = _('Groups of user: %s') % self.user
|
||||||
@@ -253,7 +253,7 @@ class UserGroupsView(AssignRemoveView):
|
|||||||
|
|
||||||
# Group views
|
# Group views
|
||||||
def group_list(request):
|
def group_list(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_group_view])
|
Permission.check_permissions(request.user, [permission_group_view])
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
'object_list': Group.objects.all(),
|
'object_list': Group.objects.all(),
|
||||||
@@ -272,7 +272,7 @@ def group_list(request):
|
|||||||
|
|
||||||
|
|
||||||
def group_edit(request, group_id):
|
def group_edit(request, group_id):
|
||||||
Permission.objects.check_permissions(request.user, [permission_group_edit])
|
Permission.check_permissions(request.user, [permission_group_edit])
|
||||||
group = get_object_or_404(Group, pk=group_id)
|
group = get_object_or_404(Group, pk=group_id)
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
@@ -292,7 +292,7 @@ def group_edit(request, group_id):
|
|||||||
|
|
||||||
|
|
||||||
def group_add(request):
|
def group_add(request):
|
||||||
Permission.objects.check_permissions(request.user, [permission_group_create])
|
Permission.check_permissions(request.user, [permission_group_create])
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
form = GroupForm(request.POST)
|
form = GroupForm(request.POST)
|
||||||
@@ -310,7 +310,7 @@ def group_add(request):
|
|||||||
|
|
||||||
|
|
||||||
def group_delete(request, group_id=None, group_id_list=None):
|
def group_delete(request, group_id=None, group_id_list=None):
|
||||||
Permission.objects.check_permissions(request.user, [permission_group_delete])
|
Permission.check_permissions(request.user, [permission_group_delete])
|
||||||
post_action_redirect = None
|
post_action_redirect = None
|
||||||
|
|
||||||
if group_id:
|
if group_id:
|
||||||
@@ -365,7 +365,7 @@ class GroupMembersView(AssignRemoveView):
|
|||||||
self.group.user_set.add(item)
|
self.group.user_set.add(item)
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
Permission.objects.check_permissions(request.user, [permission_group_edit])
|
Permission.check_permissions(request.user, [permission_group_edit])
|
||||||
self.group = get_object_or_404(Group, pk=self.kwargs['group_id'])
|
self.group = get_object_or_404(Group, pk=self.kwargs['group_id'])
|
||||||
self.left_list_title = _('Non members of group: %s') % self.group
|
self.left_list_title = _('Non members of group: %s') % self.group
|
||||||
self.right_list_title = _('Members of group: %s') % self.group
|
self.right_list_title = _('Members of group: %s') % self.group
|
||||||
|
|||||||
Reference in New Issue
Block a user