Remove permission grant and revoke permissions
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
This commit is contained in:
Roberto Rosario
@@ -12,10 +12,11 @@
|
|||||||
* Add custom DatabaseWarning to tag the SQLite usage warning.
|
* Add custom DatabaseWarning to tag the SQLite usage warning.
|
||||||
* Add keyword arguments to add_to_class instances.
|
* Add keyword arguments to add_to_class instances.
|
||||||
* Move add_to_class function to their own module called methods.py
|
* Move add_to_class function to their own module called methods.py
|
||||||
* Remove catch all exception handling for the check in and
|
* Remove catch all exception handling for the check in and
|
||||||
check out views.
|
check out views.
|
||||||
* Improve checkouts tests code reducing redundant code.
|
* Improve checkouts tests code reducing redundant code.
|
||||||
* Change how the HOME_VIEW setting is defined.
|
* Change how the HOME_VIEW setting is defined.
|
||||||
|
* Remove the role permission grant and revoke permission.
|
||||||
|
|
||||||
3.1.11 (2019-04-XX)
|
3.1.11 (2019-04-XX)
|
||||||
===================
|
===================
|
||||||
|
|||||||
@@ -20,6 +20,13 @@ Every app reference is now prepended with 'mayan.apps'.
|
|||||||
Existing config.yml files need to be updated manually.
|
Existing config.yml files need to be updated manually.
|
||||||
|
|
||||||
|
|
||||||
|
Permissions
|
||||||
|
^^^^^^^^^^^
|
||||||
|
|
||||||
|
The role permission grant and revoke permissions were removed. Instead only the
|
||||||
|
role edit permission is required to grant or revoke permissions to a role.
|
||||||
|
|
||||||
|
|
||||||
Other changes
|
Other changes
|
||||||
^^^^^^^^^^^^^
|
^^^^^^^^^^^^^
|
||||||
|
|
||||||
@@ -27,9 +34,9 @@ Other changes
|
|||||||
* Fix multiple tag selection wizard step.
|
* Fix multiple tag selection wizard step.
|
||||||
* Split document app models into separate modules.
|
* Split document app models into separate modules.
|
||||||
* Split workflow views into separate modules.
|
* Split workflow views into separate modules.
|
||||||
* Change how the HOME_VIEW setting is defined
|
* Change how the HOME_VIEW setting is defined
|
||||||
|
|
||||||
HOME_VIEW is now COMMON_HOME_VIEW.
|
HOME_VIEW is now COMMON_HOME_VIEW.
|
||||||
|
|
||||||
|
|
||||||
Removals
|
Removals
|
||||||
|
|||||||
@@ -19,7 +19,6 @@ from .links import (
|
|||||||
link_role_list, link_role_permissions
|
link_role_list, link_role_permissions
|
||||||
)
|
)
|
||||||
from .permissions import (
|
from .permissions import (
|
||||||
permission_permission_grant, permission_permission_revoke,
|
|
||||||
permission_role_delete, permission_role_edit, permission_role_view
|
permission_role_delete, permission_role_edit, permission_role_view
|
||||||
)
|
)
|
||||||
from .search import * # NOQA
|
from .search import * # NOQA
|
||||||
@@ -42,7 +41,6 @@ class PermissionsApp(MayanAppConfig):
|
|||||||
ModelPermission.register(
|
ModelPermission.register(
|
||||||
model=Role, permissions=(
|
model=Role, permissions=(
|
||||||
permission_acl_edit, permission_acl_view,
|
permission_acl_edit, permission_acl_view,
|
||||||
permission_permission_grant, permission_permission_revoke,
|
|
||||||
permission_role_delete, permission_role_edit,
|
permission_role_delete, permission_role_edit,
|
||||||
permission_role_view
|
permission_role_view
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -7,7 +7,6 @@ from mayan.apps.user_management.permissions import permission_group_edit
|
|||||||
|
|
||||||
from .icons import icon_role_create, icon_role_list
|
from .icons import icon_role_create, icon_role_list
|
||||||
from .permissions import (
|
from .permissions import (
|
||||||
permission_permission_grant, permission_permission_revoke,
|
|
||||||
permission_role_create, permission_role_delete, permission_role_edit,
|
permission_role_create, permission_role_delete, permission_role_edit,
|
||||||
permission_role_view
|
permission_role_view
|
||||||
)
|
)
|
||||||
@@ -17,11 +16,11 @@ link_group_roles = Link(
|
|||||||
view='permissions:group_roles',
|
view='permissions:group_roles',
|
||||||
)
|
)
|
||||||
link_permission_grant = Link(
|
link_permission_grant = Link(
|
||||||
permissions=(permission_permission_grant,), text=_('Grant'),
|
permissions=(permission_role_edit,), text=_('Grant'),
|
||||||
view='permissions:permission_multiple_grant'
|
view='permissions:permission_multiple_grant'
|
||||||
)
|
)
|
||||||
link_permission_revoke = Link(
|
link_permission_revoke = Link(
|
||||||
permissions=(permission_permission_revoke,), text=_('Revoke'),
|
permissions=(permission_role_edit,), text=_('Revoke'),
|
||||||
view='permissions:permission_multiple_revoke'
|
view='permissions:permission_multiple_revoke'
|
||||||
)
|
)
|
||||||
link_role_create = Link(
|
link_role_create = Link(
|
||||||
@@ -46,6 +45,6 @@ link_role_groups = Link(
|
|||||||
)
|
)
|
||||||
link_role_permissions = Link(
|
link_role_permissions = Link(
|
||||||
args='object.id',
|
args='object.id',
|
||||||
permissions=(permission_permission_grant, permission_permission_revoke),
|
permissions=(permission_role_edit,),
|
||||||
text=_('Role permissions'), view='permissions:role_permissions',
|
text=_('Role permissions'), view='permissions:role_permissions',
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -18,9 +18,3 @@ permission_role_create = namespace.add_permission(
|
|||||||
permission_role_delete = namespace.add_permission(
|
permission_role_delete = namespace.add_permission(
|
||||||
name='role_delete', label=_('Delete roles')
|
name='role_delete', label=_('Delete roles')
|
||||||
)
|
)
|
||||||
permission_permission_grant = namespace.add_permission(
|
|
||||||
name='permission_grant', label=_('Grant permissions')
|
|
||||||
)
|
|
||||||
permission_permission_revoke = namespace.add_permission(
|
|
||||||
name='permission_revoke', label=_('Revoke permissions')
|
|
||||||
)
|
|
||||||
|
|||||||
@@ -8,7 +8,6 @@ from mayan.apps.user_management.tests.literals import TEST_GROUP_2_NAME
|
|||||||
|
|
||||||
from ..models import Role
|
from ..models import Role
|
||||||
from ..permissions import (
|
from ..permissions import (
|
||||||
permission_permission_grant, permission_permission_revoke,
|
|
||||||
permission_role_create, permission_role_delete, permission_role_edit,
|
permission_role_create, permission_role_delete, permission_role_edit,
|
||||||
permission_role_view,
|
permission_role_view,
|
||||||
)
|
)
|
||||||
@@ -129,18 +128,10 @@ class PermissionsViewsTestCase(GenericViewTestCase):
|
|||||||
response = self._request_role_permissions_view()
|
response = self._request_role_permissions_view()
|
||||||
self.assertEqual(response.status_code, 403)
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
def test_role_permissions_view_with_permission_grant(self):
|
def test_role_permissions_view_with_access(self):
|
||||||
self._create_role()
|
self._create_role()
|
||||||
self.grant_access(
|
self.grant_access(
|
||||||
permission=permission_permission_grant, obj=self.role_2
|
permission=permission_role_edit, obj=self.role_2
|
||||||
)
|
|
||||||
response = self._request_role_permissions_view()
|
|
||||||
self.assertEqual(response.status_code, 200)
|
|
||||||
|
|
||||||
def test_role_permissions_view_with_permission_revoke(self):
|
|
||||||
self._create_role()
|
|
||||||
self.grant_access(
|
|
||||||
permission=permission_permission_revoke, obj=self.role_2
|
|
||||||
)
|
)
|
||||||
response = self._request_role_permissions_view()
|
response = self._request_role_permissions_view()
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
|
|||||||
@@ -21,7 +21,6 @@ from .icons import icon_role_list
|
|||||||
from .links import link_role_create
|
from .links import link_role_create
|
||||||
from .models import Role, StoredPermission
|
from .models import Role, StoredPermission
|
||||||
from .permissions import (
|
from .permissions import (
|
||||||
permission_permission_grant, permission_permission_revoke,
|
|
||||||
permission_role_view, permission_role_create, permission_role_delete,
|
permission_role_view, permission_role_create, permission_role_delete,
|
||||||
permission_role_edit
|
permission_role_edit
|
||||||
)
|
)
|
||||||
@@ -145,15 +144,12 @@ class SetupRolePermissionsView(AssignRemoveView):
|
|||||||
return results
|
return results
|
||||||
|
|
||||||
def add(self, item):
|
def add(self, item):
|
||||||
Permission.check_permissions(
|
|
||||||
self.request.user, permissions=(permission_permission_grant,)
|
|
||||||
)
|
|
||||||
permission = get_object_or_404(klass=StoredPermission, pk=item)
|
permission = get_object_or_404(klass=StoredPermission, pk=item)
|
||||||
self.get_object().permissions.add(permission)
|
self.get_object().permissions.add(permission)
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
AccessControlList.objects.check_access(
|
AccessControlList.objects.check_access(
|
||||||
permissions=(permission_permission_grant, permission_permission_revoke),
|
permissions=(permission_role_edit,),
|
||||||
user=self.request.user, obj=self.get_object()
|
user=self.request.user, obj=self.get_object()
|
||||||
)
|
)
|
||||||
return super(SetupRolePermissionsView, self).dispatch(request, *args, **kwargs)
|
return super(SetupRolePermissionsView, self).dispatch(request, *args, **kwargs)
|
||||||
@@ -186,9 +182,6 @@ class SetupRolePermissionsView(AssignRemoveView):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def remove(self, item):
|
def remove(self, item):
|
||||||
Permission.check_permissions(
|
|
||||||
self.request.user, permissions=(permission_permission_revoke,)
|
|
||||||
)
|
|
||||||
permission = get_object_or_404(klass=StoredPermission, pk=item)
|
permission = get_object_or_404(klass=StoredPermission, pk=item)
|
||||||
self.get_object().permissions.remove(permission)
|
self.get_object().permissions.remove(permission)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user