Update the role permission edit view require the permission grant or permission revoke permissions for the selected role.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
2018-04-03 00:32:45 -04:00
parent a5856da810
commit 68d96fae7e
5 changed files with 27 additions and 4 deletions
--- a/HISTORY.rst
+++ b/HISTORY.rst
@@ -110,6 +110,8 @@
 - Invert the columns in the ACL detail view.
 - Fix issue #454. Thanks to Andrei Korostelev @kindkaktus for the issue and the
  solution.
+- Update the role permission edit view require the permission grant or permission
+  revoke permissions for the selected role.

 2.7.3 (2017-09-11)
 ==================
--- a/docs/releases/3.0.rst
+++ b/docs/releases/3.0.rst
@@ -364,6 +364,9 @@ Other changes worth mentioning
  view when there are no metadata types exist.
 - Improved styling and interaction of the multiple object action form.
 - Add checkbox to allow selecting all item in the item list view.
+- Update the role permission edit view require the permission grant or permission
+  revoke permissions for the selected role.
+

 Removals
 --------
--- a/mayan/apps/permissions/apps.py
+++ b/mayan/apps/permissions/apps.py
@@ -19,6 +19,7 @@ from .links import (
    link_role_list, link_role_permissions
 )
 from .permissions import (
+    permission_permission_grant, permission_permission_revoke,
    permission_role_delete, permission_role_edit, permission_role_view
 )
 from .search import *  # NOQA
@@ -39,6 +40,7 @@ class PermissionsApp(MayanAppConfig):
        ModelPermission.register(
            model=Role, permissions=(
                permission_acl_edit, permission_acl_view,
+                permission_permission_grant, permission_permission_revoke,
                permission_role_delete, permission_role_edit,
                permission_role_view
            )
--- a/mayan/apps/permissions/tests/test_views.py
+++ b/mayan/apps/permissions/tests/test_views.py
@@ -8,8 +8,9 @@ from user_management.tests.literals import TEST_GROUP_2_NAME

 from ..models import Role
 from ..permissions import (
+    permission_permission_grant, permission_permission_revoke,
    permission_role_create, permission_role_delete, permission_role_edit,
-    permission_role_view
+    permission_role_view,
 )

 from .literals import TEST_ROLE_2_LABEL, TEST_ROLE_LABEL_EDITED
@@ -116,9 +117,17 @@ class PermissionsViewsTestCase(GenericViewTestCase):
        response = self._request_role_permissions_view()
        self.assertEqual(response.status_code, 403)

-    def test_role_permissions_view_with_access(self):
+    def test_role_permissions_view_with_permission_grant(self):
        self._create_role()
-        self.grant_access(permission=permission_role_edit, obj=self.role_2)
+        self.grant_access(permission=permission_permission_grant, obj=self.role_2)
+        #self.grant_access(permission=permission_role_edit, obj=self.role_2)
+        response = self._request_role_permissions_view()
+        self.assertEqual(response.status_code, 200)
+
+    def test_role_permissions_view_with_permission_revoke(self):
+        self._create_role()
+        self.grant_access(permission=permission_permission_revoke, obj=self.role_2)
+        #self.grant_access(permission=permission_role_edit, obj=self.role_2)
        response = self._request_role_permissions_view()
        self.assertEqual(response.status_code, 200)

--- a/mayan/apps/permissions/views.py
+++ b/mayan/apps/permissions/views.py
@@ -8,6 +8,7 @@ from django.urls import reverse_lazy
 from django.utils.encoding import force_text
 from django.utils.translation import ugettext_lazy as _

+from acls.models import AccessControlList
 from common.views import (
    AssignRemoveView, SingleObjectCreateView, SingleObjectDeleteView,
    SingleObjectEditView, SingleObjectListView
@@ -114,7 +115,6 @@ class SetupRolePermissionsView(AssignRemoveView):
    grouped = True
    left_list_title = _('Available permissions')
    right_list_title = _('Granted permissions')
-    object_permission = permission_role_view

    def add(self, item):
        Permission.check_permissions(
@@ -123,6 +123,13 @@ class SetupRolePermissionsView(AssignRemoveView):
        permission = get_object_or_404(StoredPermission, pk=item)
        self.get_object().permissions.add(permission)

+    def dispatch(self, request, *args, **kwargs):
+        AccessControlList.objects.check_access(
+            permissions=(permission_permission_grant, permission_permission_revoke),
+            user=self.request.user, obj=self.get_object()
+        )
+        return super(SetupRolePermissionsView, self).dispatch(request, *args, **kwargs)
+
    def get_extra_context(self):
        return {
            'object': self.get_object(),