Remove DefaultAccessControlList support

2015-06-29 14:51:10 -04:00
parent 3d1b030f95
commit 5be41af1cf
15 changed files with 14 additions and 472 deletions
--- a/mayan/apps/acls/apps.py
+++ b/mayan/apps/acls/apps.py
@@ -9,21 +9,11 @@ from common import (
 )
 from .classes import (
-    AccessHolder, AccessObject, AccessObjectClass, ClassAccessHolder
+    AccessHolder, AccessObject, AccessObjectClass
 )
 from .links import (
-    link_acl_class_acl_detail, link_acl_class_acl_list, link_acl_class_grant,
+    link_acl_detail, link_acl_grant, link_acl_holder_new, link_acl_revoke
    link_acl_class_list, link_acl_class_new_holder_for, link_acl_class_revoke,
    link_acl_detail, link_acl_grant, link_acl_holder_new, link_acl_revoke,
    link_acl_setup_valid_classes
 )
 #from .models import CreatorSingleton
 #def create_creator_user(sender, **kwargs):
 #    if kwargs['app_config'].__class__ == ACLsApp:
 #        CreatorSingleton.objects.get_or_create()
 class ACLsApp(MayanAppConfig):
    name = 'acls'
@@ -32,21 +22,6 @@ class ACLsApp(MayanAppConfig):
    def ready(self):
        super(ACLsApp, self).ready()
        menu_multi_item.bind_links(links=[link_acl_class_grant, link_acl_class_revoke], sources=['acls:acl_class_acl_detail'])
        menu_multi_item.bind_links(links=[link_acl_grant, link_acl_revoke], sources=['acls:acl_detail'])
        menu_object.bind_links(links=[link_acl_class_acl_detail], sources=[ClassAccessHolder])
        menu_object.bind_links(links=[link_acl_class_acl_list, link_acl_class_new_holder_for], sources=[AccessObjectClass])
        menu_object.bind_links(links=[link_acl_detail], sources=[AccessHolder])
        menu_secondary.bind_links(
            links=[link_acl_class_list],
            sources=[
                'acls:acl_setup_valid_classes', 'acls:acl_class_acl_list',
                'acls:acl_class_new_holder_for', 'acls:acl_class_acl_detail',
                'acls:acl_class_multiple_grant',
                'acls:acl_class_multiple_revoke'
            ],
        )
        menu_setup.bind_links(links=[link_acl_setup_valid_classes])
        menu_sidebar.bind_links(links=[link_acl_holder_new], sources=[AccessObject])
        #post_migrate.connect(create_creator_user, dispatch_uid='create_creator_user')
--- a/mayan/apps/acls/classes.py
+++ b/mayan/apps/acls/classes.py
@@ -140,10 +140,6 @@ class AccessObjectClass(EncapsulatedObject):
    source_object_name = 'cls'
 class ClassAccessHolder(EncapsulatedObject):
    source_object_name = 'class_holder'
 if sys.version_info < (2, 5):
    # Prior to Python 2.5, Exception was an old-style class
    def subclass_exception(name, parents, unused):
--- a/mayan/apps/acls/links.py
+++ b/mayan/apps/acls/links.py
@@ -4,9 +4,7 @@ from django.utils.translation import ugettext_lazy as _
 from navigation import Link
-from .permissions import (
+from .permissions import acls_edit_acl, acls_view_acl
    acls_class_edit_acl, acls_class_view_acl, acls_edit_acl, acls_view_acl
 )
 link_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='acls:acl_list')
@@ -14,11 +12,3 @@ link_acl_detail = Link(permissions=[acls_view_acl], text=_('Details'), view='acl
 link_acl_grant = Link(permissions=[acls_edit_acl], text=_('Grant'), view='acls:acl_multiple_grant')
 link_acl_revoke = Link(permissions=[acls_edit_acl], text=_('Revoke'), view='acls:acl_multiple_revoke')
 link_acl_holder_new = Link(permissions=[acls_edit_acl], text=_('New holder'), view='acls:acl_holder_new', args='access_object.gid')
 link_acl_setup_valid_classes = Link(icon='fa fa-lock', permissions=[acls_class_view_acl], text=_('Default ACLs'), view='acls:acl_setup_valid_classes')
 link_acl_class_list = Link(permissions=[acls_class_view_acl], text=_('Classes'), view='acls:acl_setup_valid_classes')
 link_acl_class_acl_list = Link(permissions=[acls_class_view_acl], text=_('ACLs for class'), view='acls:acl_class_acl_list', args='object.gid')
 link_acl_class_acl_detail = Link(permissions=[acls_class_view_acl], text=_('Details'), view='acls:acl_class_acl_detail', args=['access_object_class.gid', 'object.gid'])
 link_acl_class_new_holder_for = Link(permissions=[acls_class_edit_acl], text=_('New holder'), view='acls:acl_class_new_holder_for', args='object.gid')
 link_acl_class_grant = Link(permissions=[acls_class_edit_acl], text=_('Grant'), view='acls:acl_class_multiple_grant')
 link_acl_class_revoke = Link(permissions=[acls_class_edit_acl], text=_('Revoke'), view='acls:acl_class_multiple_revoke')
--- a/mayan/apps/acls/managers.py
+++ b/mayan/apps/acls/managers.py
@@ -12,9 +12,8 @@ from django.utils.translation import ugettext
 from common.models import AnonymousUserSingleton
 from permissions import Permission
 #from permissions.models import RoleMember
-from .classes import AccessHolder, ClassAccessHolder, get_source_object
+from .classes import AccessHolder, get_source_object
 logger = logging.getLogger(__name__)
@@ -266,13 +265,14 @@ class DefaultAccessEntryManager(models.Manager):
        cls = get_source_object(cls)
        content_type = ContentType.objects.get_for_model(cls)
        holder_list = []
-        for access_entry in self.model.objects.filter(content_type=content_type):
+        #for access_entry in self.model.objects.filter(content_type=content_type):
-            if access_entry.holder_object:
+            #if access_entry.holder_object:
                # Don't add references to non existant content type objects
-                entry = ClassAccessHolder.encapsulate(access_entry.holder_object)
+                #TODO: FIX
                #entry = ClassAccessHolder.encapsulate(access_entry.holder_object)
-                if entry not in holder_list:
+                #if entry not in holder_list:
-                    holder_list.append(entry)
+                #    holder_list.append(entry)
        return holder_list
--- a/mayan/apps/acls/models.py
+++ b/mayan/apps/acls/models.py
@@ -44,26 +44,3 @@ class AccessEntry(models.Model):
    def __str__(self):
        return '%s: %s' % (self.content_type, self.content_object)
@python_2_unicode_compatible
 class DefaultAccessEntry(models.Model):
    """
    Model that holds the permission, class, actor relationship, that will
    be added upon the creation of an instance of said class
    """
    @classmethod
    def get_classes(cls):
        return [AccessObjectClass.encapsulate(cls) for cls in get_classes()]
    permission = models.ForeignKey(StoredPermission, verbose_name=_('Permission'))
    role = models.ForeignKey(Role, verbose_name=_('Role'))
    objects = DefaultAccessEntryManager()
    class Meta:
        verbose_name = _('Default access entry')
        verbose_name_plural = _('Default access entries')
    def __str__(self):
        return '%s: %s' % (self.content_type, self.content_object)
--- a/mayan/apps/acls/permissions.py
+++ b/mayan/apps/acls/permissions.py
@@ -5,10 +5,6 @@ from django.utils.translation import ugettext_lazy as _
 from permissions import PermissionNamespace
 acls_namespace = PermissionNamespace('acls', _('Access control lists'))
 acls_setup_namespace = PermissionNamespace('acls_setup', _('Access control lists'))
 acls_edit_acl = acls_namespace.add_permission(name='acl_edit', label=_('Edit ACLs'))
 acls_view_acl = acls_namespace.add_permission(name='acl_view', label=_('View ACLs'))
 acls_class_edit_acl = acls_setup_namespace.add_permission(name='acl_class_edit', label=_('Edit class default ACLs'))
 acls_class_view_acl = acls_setup_namespace.add_permission(name='acl_class_view', label=_('View class default ACLs'))
--- a/mayan/apps/acls/urls.py
+++ b/mayan/apps/acls/urls.py
@@ -11,12 +11,4 @@ urlpatterns = patterns(
    url(r'^multiple/grant/$', 'acl_grant', name='acl_multiple_grant'),
    url(r'^multiple/revoke/$', 'acl_revoke', name='acl_multiple_revoke'),
    url(r'^class/$', 'acl_setup_valid_classes', name='acl_setup_valid_classes'),
    url(r'^class/details/(?P<access_object_class_gid>[.\w]+)/holder/(?P<holder_object_gid>[.\w]+)/$', 'acl_class_acl_detail', name='acl_class_acl_detail'),
    url(r'^class/list_for/(?P<access_object_class_gid>[.\w]+)/$', 'acl_class_acl_list', name='acl_class_acl_list'),
    url(r'^class/holder/new/(?P<access_object_class_gid>[.\w]+)/$', 'acl_class_new_holder_for', name='acl_class_new_holder_for'),
    url(r'^class/multiple/grant/$', 'acl_class_multiple_grant', name='acl_class_multiple_grant'),
    url(r'^class/multiple/revoke/$', 'acl_class_multiple_revoke', name='acl_class_multiple_revoke'),
 )
--- a/mayan/apps/acls/utils.py
+++ b/mayan/apps/acls/utils.py
@@ -1,36 +0,0 @@
 from __future__ import unicode_literals
 import logging
 from django.contrib.contenttypes.models import ContentType
 from common.models import AnonymousUserSingleton
 from .classes import get_source_object
 #from .models import AccessEntry, CreatorSingleton, DefaultAccessEntry
 from .models import AccessEntry, DefaultAccessEntry
 logger = logging.getLogger(__name__)
 def apply_default_acls(obj, actor=None):
    logger.debug('actor, init: %s', actor)
    obj = get_source_object(obj)
    #if actor:
    #    actor = AnonymousUserSingleton.objects.passthru_check(actor)
    content_type = ContentType.objects.get_for_model(obj)
    for default_acl in DefaultAccessEntry.objects.filter(content_type=content_type):
        #holder = CreatorSingleton.objects.passthru_check(default_acl.holder_object, actor)
        holder = actor
        if holder:
            # When the creator is admin
            access_entry = AccessEntry(
                permission=default_acl.permission,
                holder_object=holder,
                content_object=obj,
            )
            access_entry.save()
--- a/mayan/apps/acls/views.py
+++ b/mayan/apps/acls/views.py
@@ -19,14 +19,10 @@ from common.widgets import two_state_template
 from permissions import Permission
 from .api import get_class_permissions_for
-from .classes import (
+from .classes import AccessHolder, AccessObject, AccessObjectClass
    AccessHolder, AccessObject, AccessObjectClass, ClassAccessHolder
 )
 from .forms import ClassHolderSelectionForm, HolderSelectionForm
-from .models import AccessEntry, DefaultAccessEntry
+from .models import AccessEntry
-from .permissions import (
+from .permissions import acls_edit_acl, acls_view_acl
    acls_edit_acl, acls_class_edit_acl, acls_class_view_acl, acls_view_acl
 )
 from .widgets import object_indentifier
 logger = logging.getLogger(__name__)
@@ -359,270 +355,4 @@ def acl_holder_new(request, access_object_gid):
    except ObjectDoesNotExist:
        raise Http404
-    return acl_new_holder_for(request, access_object.source_object)  # , extra_context={'access_object': access_object})
+    return acl_new_holder_for(request, access_object.source_object)
 # Setup views
 def acl_setup_valid_classes(request):
    Permission.check_permissions(request.user, [acls_class_view_acl])
    context = {
        'object_list': DefaultAccessEntry.get_classes(),
        'title': _('Classes'),
        'extra_columns': [
            {'name': _('Class'), 'attribute': encapsulate(lambda x: object_indentifier(x.source_object))},
        ],
        'hide_object': True,
    }
    return render_to_response('appearance/generic_list.html', context,
                              context_instance=RequestContext(request))
 def acl_class_acl_list(request, access_object_class_gid):
    logger.debug('access_object_class_gid: %s', access_object_class_gid)
    Permission.check_permissions(request.user, [acls_class_view_acl])
    access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
    logger.debug('access_object_class: %s', access_object_class)
    context = {
        'object_list': DefaultAccessEntry.objects.get_holders_for(access_object_class.source_object),
        'title': _('Default access control lists for class: %s') % access_object_class,
        'extra_columns': [
            {'name': _('Holder'), 'attribute': encapsulate(lambda x: object_indentifier(x.source_object))},
            {'name': _('Permissions'), 'attribute': encapsulate(lambda x: _permission_titles(DefaultAccessEntry.objects.get_holder_permissions_for(access_object_class.source_object, x.source_object)))},
        ],
        'hide_object': True,
        'access_object_class': access_object_class,
        'object': access_object_class,
    }
    return render_to_response('appearance/generic_list.html', context,
                              context_instance=RequestContext(request))
 def acl_class_acl_detail(request, access_object_class_gid, holder_object_gid):
    Permission.check_permissions(request.user, [acls_class_view_acl])
    try:
        actor = AccessHolder.get(gid=holder_object_gid)
        access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
    except ObjectDoesNotExist:
        raise Http404
    permission_list = get_class_permissions_for(access_object_class.content_type.model_class())
    # TODO : get all globally assigned permission, new function get_permissions_for_holder (roles aware)
    subtemplates_list = [
        {
            'name': 'appearance/generic_list_subtemplate.html',
            'context': {
                'title': _('Permissions available to: %(actor)s for class %(class)s' % {
                    'actor': actor,
                    'class': access_object_class
                }),
                'object_list': permission_list,
                'extra_columns': [
                    {'name': _('Namespace'), 'attribute': 'namespace'},
                    {'name': _('Label'), 'attribute': 'label'},
                    {
                        'name': _('Has permission'),
                        'attribute': encapsulate(lambda x: two_state_template(DefaultAccessEntry.objects.has_access(x, actor.source_object, access_object_class.source_object)))
                    },
                ],
                'hide_object': True,
            }
        },
    ]
    return render_to_response('appearance/generic_form.html', {
        'object': access_object_class,
        'subtemplates_list': subtemplates_list,
        'multi_select_item_properties': {
            'permission_pk': lambda x: x.pk,
            'holder_gid': lambda x: actor.gid,
            'access_object_class_gid': lambda x: access_object_class.gid,
        },
        'read_only': True,
    }, context_instance=RequestContext(request))
 def acl_class_new_holder_for(request, access_object_class_gid):
    Permission.check_permissions(request.user, [acls_class_edit_acl])
    access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
    if request.method == 'POST':
        form = ClassHolderSelectionForm(request.POST)
        if form.is_valid():
            try:
                access_holder = ClassAccessHolder.get(form.cleaned_data['holder_gid'])
                return HttpResponseRedirect(reverse('acls:acl_class_acl_detail', args=[access_object_class.gid, access_holder.gid]))
            except ObjectDoesNotExist:
                raise Http404
    else:
        form = ClassHolderSelectionForm(current_holders=DefaultAccessEntry.objects.get_holders_for(access_object_class))
    context = {
        'form': form,
        'title': _('Add new holder for class: %s') % unicode(access_object_class),
        'object': access_object_class,
        'submit_label': _('Select'),
    }
    return render_to_response('appearance/generic_form.html', context,
                              context_instance=RequestContext(request))
 def acl_class_multiple_grant(request):
    Permission.check_permissions(request.user, [acls_class_edit_acl])
    items_property_list = loads(request.GET.get('items_property_list', []))
    next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
    previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
    items = {}
    title_suffix = []
    navigation_object = None
    navigation_object_count = 0
    for item_properties in items_property_list:
        try:
            permission = Permission.get({'pk': item_properties['permission_pk']})
        except Permission.DoesNotExist:
            raise Http404
        try:
            requester = AccessHolder.get(gid=item_properties['holder_gid'])
            access_object_class = AccessObjectClass.get(gid=item_properties['access_object_class_gid'])
        except ObjectDoesNotExist:
            raise Http404
        items.setdefault(requester, {})
        items[requester].setdefault(access_object_class, [])
        items[requester][access_object_class].append(permission)
        navigation_object = access_object_class
        navigation_object_count += 1
    for requester, obj_ps in items.items():
        for obj, ps in obj_ps.items():
            title_suffix.append(_(', ').join(['"%s"' % unicode(p) for p in ps]))
            title_suffix.append(_(' for %s') % obj)
        title_suffix.append(_(' to %s') % requester)
    if len(items_property_list) == 1:
        title_prefix = _('Are you sure you wish to grant the permission %(title_suffix)s?')
    else:
        title_prefix = _('Are you sure you wish to grant the permissions %(title_suffix)s?')
    if request.method == 'POST':
        for requester, object_permissions in items.items():
            for obj, permissions in object_permissions.items():
                for permission in permissions:
                    if DefaultAccessEntry.objects.grant(permission, requester.source_object, obj.source_object):
                        messages.success(request, _('Permission "%(permission)s" granted to %(actor)s for %(object)s.') % {
                            'permission': permission,
                            'actor': requester,
                            'object': obj
                        })
                    else:
                        messages.warning(request, _('%(actor)s, already had the permission "%(permission)s" granted for %(object)s.') % {
                            'actor': requester,
                            'permission': permission,
                            'object': obj,
                        })
        return HttpResponseRedirect(next)
    context = {
        'previous': previous,
        'next': next,
    }
    context['title'] = title_prefix % {
        'title_suffix': ''.join(title_suffix),
    }
    logger.debug('navigation_object_count: %d', navigation_object_count)
    logger.debug('navigation_object: %s', navigation_object)
    if navigation_object_count == 1:
        context['object'] = navigation_object
    return render_to_response('appearance/generic_confirm.html', context,
                              context_instance=RequestContext(request))
 def acl_class_multiple_revoke(request):
    Permission.check_permissions(request.user, [acls_class_edit_acl])
    items_property_list = loads(request.GET.get('items_property_list', []))
    next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
    previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
    items = {}
    title_suffix = []
    navigation_object = None
    navigation_object_count = 0
    for item_properties in items_property_list:
        try:
            permission = Permission.get({'pk': item_properties['permission_pk']})
        except Permission.DoesNotExist:
            raise Http404
        try:
            requester = AccessHolder.get(gid=item_properties['holder_gid'])
            access_object_class = AccessObjectClass.get(gid=item_properties['access_object_class_gid'])
        except ObjectDoesNotExist:
            raise Http404
        items.setdefault(requester, {})
        items[requester].setdefault(access_object_class, [])
        items[requester][access_object_class].append(permission)
        navigation_object = access_object_class
        navigation_object_count += 1
    for requester, obj_ps in items.items():
        for obj, ps in obj_ps.items():
            title_suffix.append(_(', ').join(['"%s"' % unicode(p) for p in ps]))
            title_suffix.append(_(' for %s') % obj)
        title_suffix.append(_(' from %s') % requester)
    if len(items_property_list) == 1:
        title_prefix = _('Are you sure you wish to revoke the permission %(title_suffix)s?')
    else:
        title_prefix = _('Are you sure you wish to revoke the permissions %(title_suffix)s?')
    if request.method == 'POST':
        for requester, object_permissions in items.items():
            for obj, permissions in object_permissions.items():
                for permission in permissions:
                    if DefaultAccessEntry.objects.revoke(permission, requester.source_object, obj.source_object):
                        messages.success(request, _('Permission "%(permission)s" revoked of %(actor)s for %(object)s.') % {
                            'permission': permission,
                            'actor': requester,
                            'object': obj
                        })
                    else:
                        messages.warning(request, _('%(actor)s, didn\'t had the permission "%(permission)s" for %(object)s.') % {
                            'actor': requester,
                            'permission': permission,
                            'object': obj,
                        })
        return HttpResponseRedirect(next)
    context = {
        'previous': previous,
        'next': next,
    }
    context['title'] = title_prefix % {
        'title_suffix': ''.join(title_suffix),
    }
    logger.debug('navigation_object_count: %d', navigation_object_count)
    logger.debug('navigation_object: %s', navigation_object)
    if navigation_object_count == 1:
        context['object'] = navigation_object
    return render_to_response('appearance/generic_confirm.html', context,
                              context_instance=RequestContext(request))
--- a/mayan/apps/document_indexing/views.py
+++ b/mayan/apps/document_indexing/views.py
@@ -11,7 +11,6 @@ from django.utils.html import mark_safe
 from django.utils.translation import ugettext_lazy as _
 from acls.models import AccessEntry
 from acls.utils import apply_default_acls
 from common.utils import encapsulate
 from common.views import AssignRemoveView
 from common.widgets import two_state_template
@@ -65,7 +64,6 @@ def index_setup_create(request):
        form = IndexForm(request.POST)
        if form.is_valid():
            index = form.save()
            apply_default_acls(index, request.user)
            messages.success(request, _('Index created successfully.'))
            return HttpResponseRedirect(reverse('indexing:index_setup_list'))
    else:
--- a/mayan/apps/documents/models.py
+++ b/mayan/apps/documents/models.py
@@ -12,7 +12,6 @@ from django.db import models, transaction
 from django.utils.encoding import python_2_unicode_compatible
 from django.utils.translation import ugettext_lazy as _
 from acls.utils import apply_default_acls
 from common.settings import setting_temporary_directory
 from common.utils import fs_cleanup
 from converter import (
@@ -112,8 +111,6 @@ class Document(models.Model):
        super(Document, self).save(*args, **kwargs)
        if new_document:
            apply_default_acls(self, user)
            if user:
                self.add_as_recent_document_for_user(user)
                event_document_create.commit(actor=user, target=self)
--- a/mayan/apps/folders/views.py
+++ b/mayan/apps/folders/views.py
@@ -12,7 +12,6 @@ from django.template import RequestContext
 from django.utils.translation import ugettext_lazy as _, ungettext
 from acls.models import AccessEntry
 from acls.utils import apply_default_acls
 from acls.views import acl_list_for
 from common.views import SingleObjectListView
 from documents.permissions import permission_document_view
@@ -50,7 +49,6 @@ def folder_create(request):
        if form.is_valid():
            folder, created = Folder.objects.get_or_create(user=request.user, title=form.cleaned_data['title'])
            if created:
                apply_default_acls(folder, request.user)
                messages.success(request, _('Folder created successfully'))
                return HttpResponseRedirect(reverse('folders:folder_list'))
            else:
--- a/mayan/apps/linking/views.py
+++ b/mayan/apps/linking/views.py
@@ -12,7 +12,6 @@ from django.template import RequestContext
 from django.utils.translation import ugettext_lazy as _
 from acls.models import AccessEntry
 from acls.utils import apply_default_acls
 from acls.views import acl_list_for
 from common.utils import encapsulate
 from common.views import AssignRemoveView
@@ -164,7 +163,6 @@ def smart_link_create(request):
        form = SmartLinkForm(request.POST)
        if form.is_valid():
            document_group = form.save()
            apply_default_acls(document_group, request.user)
            messages.success(request, _('Smart link: %s created successfully.') % document_group)
            return HttpResponseRedirect(reverse('linking:smart_link_list'))
    else:
--- a/mayan/apps/permissions/models.py
+++ b/mayan/apps/permissions/models.py
@@ -12,8 +12,6 @@ from django.utils.encoding import python_2_unicode_compatible
 from django.utils.translation import ugettext
 from django.utils.translation import ugettext_lazy as _
 #from common.models import AnonymousUserSingleton
 from .managers import RoleMemberManager, StoredPermissionManager
 logger = logging.getLogger(__name__)
@@ -94,24 +92,6 @@ class StoredPermission(models.Model):
            return True
 """
@python_2_unicode_compatible
 class PermissionHolder(models.Model):
    permission = models.ForeignKey(StoredPermission, verbose_name=_('Permission'))
    holder_type = models.ForeignKey(ContentType,
                                    related_name='permission_holder',
                                    limit_choices_to={'model__in': ('user', 'group', 'role')})
    holder_id = models.PositiveIntegerField()
    holder_object = generic.GenericForeignKey(ct_field='holder_type', fk_field='holder_id')
    class Meta:
        verbose_name = _('Permission holder')
        verbose_name_plural = _('Permission holders')
    def __str__(self):
        return '%s: %s' % (self.holder_type, self.holder_object)
 """
@python_2_unicode_compatible
 class Role(models.Model):
    name = models.CharField(max_length=64, unique=True)
@@ -129,50 +109,3 @@ class Role(models.Model):
    def get_absolute_url(self):
        return reverse('permissions:role_list')
    """
    def add_member(self, member):
        member = AnonymousUserSingleton.objects.passthru_check(member)
        role_member, created = RoleMember.objects.get_or_create(
            role=self,
            member_type=ContentType.objects.get_for_model(member),
            member_id=member.pk)
        if not created:
            raise Exception('Unable to add member to role')
    def remove_member(self, member):
        member = AnonymousUserSingleton.objects.passthru_check(member)
        member_type = ContentType.objects.get_for_model(member)
        role_member = RoleMember.objects.get(role=self, member_type=member_type, member_id=member.pk)
        role_member.delete()
    def members(self, filter_dict=None):
        filter_dict = filter_dict or {}
        return (member.member_object for member in self.rolemember_set.filter(**filter_dict))
    """
    """
@python_2_unicode_compatible
 class RoleMember(models.Model):
    role = models.ForeignKey(Role, verbose_name=_('Role'))
    member_type = models.ForeignKey(
        ContentType,
        related_name='role_member',
        limit_choices_to={
            'model__in': (
                'user', 'group', 'anonymoususersingleton'
            )
        }
    )
    member_id = models.PositiveIntegerField()
    member_object = generic.GenericForeignKey(ct_field='member_type', fk_field='member_id')
    objects = RoleMemberManager()
    class Meta:
        verbose_name = _('Role member')
        verbose_name_plural = _('Role members')
    def __str__(self):
        return unicode(self.member_object)
    """
--- a/mayan/apps/tags/views.py
+++ b/mayan/apps/tags/views.py
@@ -13,7 +13,6 @@ from django.utils.translation import ugettext_lazy as _, ungettext
 from acls.models import AccessEntry
 from acls.views import acl_list_for
 from acls.utils import apply_default_acls
 from documents.models import Document
 from documents.views import DocumentListView
 from documents.permissions import permission_document_view
@@ -37,7 +36,6 @@ def tag_create(request):
        form = TagForm(request.POST)
        if form.is_valid():
            tag = form.save()
            apply_default_acls(tag, request.user)
            messages.success(request, _('Tag created succesfully.'))
            return HttpResponseRedirect(redirect_url)