Add ACL support to the document signatures app

apps/document_signatures/__init__.py

@@ -1,4 +1,5 @@
 from __future__ import absolute_import
+
 import logging
 
 try:
@@ -11,9 +12,9 @@ from django.db.models.signals import post_save
 
 from documents.models import Document, DocumentVersion
 from navigation.api import register_links
-
 from django_gpg.runtime import gpg
 from django_gpg.exceptions import GPGDecryptionError
+from acls.api import class_permissions
 
 from .models import DocumentVersionSignature
 from .permissions import (
@@ -59,3 +60,9 @@ register_links(['document_verify', 'document_signature_upload', 'document_signat
 DocumentVersion.register_pre_open_hook(1, document_pre_open_hook)
 
 post_save.connect(document_post_save, sender=DocumentVersion)
+
+class_permissions(Document, [
+    PERMISSION_DOCUMENT_VERIFY,
+    PERMISSION_SIGNATURE_UPLOAD,
+    PERMISSION_SIGNATURE_DOWNLOAD
+])

apps/document_signatures/views.py

@@ -11,10 +11,12 @@ from django.contrib import messages
 from django.utils.safestring import mark_safe
 from django.conf import settings
 from django.template.defaultfilters import force_escape
+from django.core.exceptions import PermissionDenied
 
 from documents.models import Document, RecentDocument
 from permissions.models import Permission
 from filetransfers.api import serve_file
+from acls.models import AccessEntry
 
 from django_gpg.api import SIGNATURE_STATES
 
@@ -27,9 +29,13 @@ logger = logging.getLogger(__name__)
 
 
 def document_verify(request, document_pk):
-    Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VERIFY])
     document = get_object_or_404(Document, pk=document_pk)
 
+    try:
+        Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VERIFY])
+    except PermissionDenied:
+        AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VERIFY, request.user, document)
+
     RecentDocument.objects.add_document_for_user(request.user, document)
 
     signature = DocumentVersionSignature.objects.verify_signature(document)
@@ -69,10 +75,13 @@ def document_verify(request, document_pk):
 
 
 def document_signature_upload(request, document_pk):
-    Permission.objects.check_permissions(request.user, [PERMISSION_SIGNATURE_UPLOAD])
-    
     document = get_object_or_404(Document, pk=document_pk)
 
+    try:
+        Permission.objects.check_permissions(request.user, [PERMISSION_SIGNATURE_UPLOAD])
+    except PermissionDenied:
+        AccessEntry.objects.check_access(PERMISSION_SIGNATURE_UPLOAD, request.user, document)
+
     RecentDocument.objects.add_document_for_user(request.user, document)
 
     post_action_redirect = None
@@ -103,9 +112,13 @@ def document_signature_upload(request, document_pk):
 
 
 def document_signature_download(request, document_pk):
-    Permission.objects.check_permissions(request.user, [PERMISSION_SIGNATURE_DOWNLOAD])
     document = get_object_or_404(Document, pk=document_pk)
 
+    try:
+        Permission.objects.check_permissions(request.user, [PERMISSION_SIGNATURE_DOWNLOAD])
+    except PermissionDenied:
+        AccessEntry.objects.check_access(PERMISSION_SIGNATURE_DOWNLOAD, request.user, document)    
+
     try:
         if DocumentVersionSignature.objects.has_detached_signature(document):
             signature = DocumentVersionSignature.objects.detached_signature(document)