Implement document workflows transition ACLs. GitLab issue #321.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>

mayan/apps/document_states/forms.py

@@ -1,9 +1,14 @@
-from __future__ import unicode_literals
+from __future__ import absolute_import, unicode_literals
 
 from django import forms
+from django.core.exceptions import PermissionDenied
 from django.utils.translation import ugettext_lazy as _
 
+from acls.models import AccessControlList
+from permissions import Permission
+
 from .models import Workflow, WorkflowState, WorkflowTransition
+from .permissions import permission_workflow_transition
 
 
 class WorkflowForm(forms.ModelForm):
@@ -32,11 +37,36 @@ class WorkflowTransitionForm(forms.ModelForm):
 
 class WorkflowInstanceTransitionForm(forms.Form):
     def __init__(self, *args, **kwargs):
-        workflow = kwargs.pop('workflow')
+        user = kwargs.pop('user')
+        workflow_instance = kwargs.pop('workflow_instance')
         super(WorkflowInstanceTransitionForm, self).__init__(*args, **kwargs)
-        self.fields['transition'].choices = workflow.get_transition_choices().values_list('pk', 'label')
+        queryset = workflow_instance.get_transition_choices().all()
 
-    transition = forms.ChoiceField(label=_('Transition'))
+        try:
+            Permission.check_permissions(
+                requester=user, permissions=(permission_workflow_transition,)
+            )
+        except PermissionDenied:
+            try:
+                # Check for ACL access to the workflow, if true, allow all
+                # transition options.
+                AccessControlList.objects.check_access(
+                    permissions=permission_workflow_transition, user=user,
+                    obj=workflow_instance.workflow
+                )
+            except PermissionDenied:
+                # If not ACL access to the workflow, filter transition options
+                # by each transition ACL access
+                queryset = AccessControlList.objects.filter_by_access(
+                    permission=permission_workflow_transition, user=user,
+                    queryset=queryset
+                )
+
+        self.fields['transition'].queryset = queryset
+
+    transition = forms.ModelChoiceField(
+        label=_('Transition'), queryset=WorkflowTransition.objects.none()
+    )
     comment = forms.CharField(
         label=_('Comment'), required=False, widget=forms.widgets.Textarea()
     )