Remove permission grant and revoke permissions

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>

HISTORY.rst

@@ -16,6 +16,7 @@
   check out views.
 * Improve checkouts tests code reducing redundant code.
 * Change how the HOME_VIEW setting is defined.
+* Remove the role permission grant and revoke permission.
 
 3.1.11 (2019-04-XX)
 ===================

docs/releases/3.2.rst

@@ -20,6 +20,13 @@ Every app reference is now prepended with 'mayan.apps'.
 Existing config.yml files need to be updated manually.
 
 
+Permissions
+^^^^^^^^^^^
+
+The role permission grant and revoke permissions were removed. Instead only the
+role edit permission is required to grant or revoke permissions to a role.
+
+
 Other changes
 ^^^^^^^^^^^^^
 

mayan/apps/permissions/apps.py

@@ -19,7 +19,6 @@ from .links import (
     link_role_list, link_role_permissions
 )
 from .permissions import (
-    permission_permission_grant, permission_permission_revoke,
     permission_role_delete, permission_role_edit, permission_role_view
 )
 from .search import *  # NOQA
@@ -42,7 +41,6 @@ class PermissionsApp(MayanAppConfig):
         ModelPermission.register(
             model=Role, permissions=(
                 permission_acl_edit, permission_acl_view,
-                permission_permission_grant, permission_permission_revoke,
                 permission_role_delete, permission_role_edit,
                 permission_role_view
             )

mayan/apps/permissions/links.py

@@ -7,7 +7,6 @@ from mayan.apps.user_management.permissions import permission_group_edit
 
 from .icons import icon_role_create, icon_role_list
 from .permissions import (
-    permission_permission_grant, permission_permission_revoke,
     permission_role_create, permission_role_delete, permission_role_edit,
     permission_role_view
 )
@@ -17,11 +16,11 @@ link_group_roles = Link(
     view='permissions:group_roles',
 )
 link_permission_grant = Link(
-    permissions=(permission_permission_grant,), text=_('Grant'),
+    permissions=(permission_role_edit,), text=_('Grant'),
     view='permissions:permission_multiple_grant'
 )
 link_permission_revoke = Link(
-    permissions=(permission_permission_revoke,), text=_('Revoke'),
+    permissions=(permission_role_edit,), text=_('Revoke'),
     view='permissions:permission_multiple_revoke'
 )
 link_role_create = Link(
@@ -46,6 +45,6 @@ link_role_groups = Link(
 )
 link_role_permissions = Link(
     args='object.id',
-    permissions=(permission_permission_grant, permission_permission_revoke),
+    permissions=(permission_role_edit,),
     text=_('Role permissions'), view='permissions:role_permissions',
 )

mayan/apps/permissions/permissions.py

@@ -18,9 +18,3 @@ permission_role_create = namespace.add_permission(
 permission_role_delete = namespace.add_permission(
     name='role_delete', label=_('Delete roles')
 )
-permission_permission_grant = namespace.add_permission(
-    name='permission_grant', label=_('Grant permissions')
-)
-permission_permission_revoke = namespace.add_permission(
-    name='permission_revoke', label=_('Revoke permissions')
-)

mayan/apps/permissions/tests/test_views.py

@@ -8,7 +8,6 @@ from mayan.apps.user_management.tests.literals import TEST_GROUP_2_NAME
 
 from ..models import Role
 from ..permissions import (
-    permission_permission_grant, permission_permission_revoke,
     permission_role_create, permission_role_delete, permission_role_edit,
     permission_role_view,
 )
@@ -129,18 +128,10 @@ class PermissionsViewsTestCase(GenericViewTestCase):
         response = self._request_role_permissions_view()
         self.assertEqual(response.status_code, 403)
 
-    def test_role_permissions_view_with_permission_grant(self):
+    def test_role_permissions_view_with_access(self):
         self._create_role()
         self.grant_access(
-            permission=permission_permission_grant, obj=self.role_2
-        )
-        response = self._request_role_permissions_view()
-        self.assertEqual(response.status_code, 200)
-
-    def test_role_permissions_view_with_permission_revoke(self):
-        self._create_role()
-        self.grant_access(
-            permission=permission_permission_revoke, obj=self.role_2
+            permission=permission_role_edit, obj=self.role_2
         )
         response = self._request_role_permissions_view()
         self.assertEqual(response.status_code, 200)

mayan/apps/permissions/views.py

@@ -21,7 +21,6 @@ from .icons import icon_role_list
 from .links import link_role_create
 from .models import Role, StoredPermission
 from .permissions import (
-    permission_permission_grant, permission_permission_revoke,
     permission_role_view, permission_role_create, permission_role_delete,
     permission_role_edit
 )
@@ -145,15 +144,12 @@ class SetupRolePermissionsView(AssignRemoveView):
         return results
 
     def add(self, item):
-        Permission.check_permissions(
-            self.request.user, permissions=(permission_permission_grant,)
-        )
         permission = get_object_or_404(klass=StoredPermission, pk=item)
         self.get_object().permissions.add(permission)
 
     def dispatch(self, request, *args, **kwargs):
         AccessControlList.objects.check_access(
-            permissions=(permission_permission_grant, permission_permission_revoke),
+            permissions=(permission_role_edit,),
             user=self.request.user, obj=self.get_object()
         )
         return super(SetupRolePermissionsView, self).dispatch(request, *args, **kwargs)
@@ -186,9 +182,6 @@ class SetupRolePermissionsView(AssignRemoveView):
         )
 
     def remove(self, item):
-        Permission.check_permissions(
-            self.request.user, permissions=(permission_permission_revoke,)
-        )
         permission = get_object_or_404(klass=StoredPermission, pk=item)
         self.get_object().permissions.remove(permission)