matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve permission having in the workflow app views. Most were made more granular and operate now on an object access basis instead of working per view permission.

Browse Source 
Signed-off-by: Michael Price <loneviking72@gmail.com>
This commit is contained in:
Michael Price
2018-03-02 18:00:48 -04:00
committed by Roberto Rosario
parent a4a3c96228
commit 775894ee0d
1 changed files with 84 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
mayan/apps/document_states/views.py
View File

@@ -142,33 +142,33 @@ class SetupWorkflowListView(SingleObjectListView):
'hide_object': True,
}
model = Workflow
view_permission = permission_workflow_view
object_permission = permission_workflow_view
class SetupWorkflowCreateView(SingleObjectCreateView):
form_class = WorkflowForm
model = Workflow
view_permission = permission_workflow_create
post_action_redirect = reverse_lazy('document_states:setup_workflow_list')
view_permission = permission_workflow_create
class SetupWorkflowEditView(SingleObjectEditView):
form_class = WorkflowForm
model = Workflow
view_permission = permission_workflow_edit
object_permission = permission_workflow_edit
post_action_redirect = reverse_lazy('document_states:setup_workflow_list')
class SetupWorkflowDeleteView(SingleObjectDeleteView):
model = Workflow
view_permission = permission_workflow_delete
object_permission = permission_workflow_delete
post_action_redirect = reverse_lazy('document_states:setup_workflow_list')
class SetupWorkflowDocumentTypesView(AssignRemoveView):
decode_content_type = True
object_permission = permission_workflow_edit
left_list_title = _('Available document types')
object_permission = permission_workflow_edit
right_list_title = _('Document types assigned this workflow')
def add(self, item):
@@ -203,29 +203,7 @@ class SetupWorkflowDocumentTypesView(AssignRemoveView):
# item
class SetupWorkflowStateListView(SingleObjectListView):
def dispatch(self, request, *args, **kwargs):
AccessControlList.objects.check_access(
permissions=permission_workflow_view, user=request.user,
obj=self.get_workflow()
)
return super(
SetupWorkflowStateListView, self
).dispatch(request, *args, **kwargs)
def get_extra_context(self):
return {
'hide_link': True,
'object': self.get_workflow(),
'title': _('States of workflow: %s') % self.get_workflow()
}
def get_object_list(self):
return self.get_workflow().states.all()
def get_workflow(self):
return get_object_or_404(Workflow, pk=self.kwargs['pk'])
# Workflow state actions
class SetupWorkflowStateActionCreateView(SingleObjectDynamicFormCreateView):
@@ -387,9 +365,11 @@ class SetupWorkflowStateActionSelectionView(FormView):
return get_object_or_404(WorkflowState, pk=self.kwargs['pk'])
# Workflow states
class SetupWorkflowStateCreateView(SingleObjectCreateView):
form_class = WorkflowStateForm
view_permission = permission_workflow_edit
def get_extra_context(self):
return {
@@ -399,17 +379,22 @@ class SetupWorkflowStateCreateView(SingleObjectCreateView):
) % self.get_workflow()
}
def get_workflow(self):
return get_object_or_404(Workflow, pk=self.kwargs['pk'])
def get_object_list(self):
return self.get_workflow().states.all()
def get_success_url(self):
return reverse(
'document_states:setup_workflow_states', args=(self.kwargs['pk'],)
'document_states:setup_workflow_state_list', args=(self.kwargs['pk'],)
)
def get_workflow(self):
workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
AccessControlList.objects.check_access(
permissions=(permission_workflow_edit,), obj=workflow,
user=self.request.user
)
return workflow
def form_valid(self, form):
self.object = form.save(commit=False)
self.object.workflow = self.get_workflow()
@@ -419,7 +404,7 @@ class SetupWorkflowStateCreateView(SingleObjectCreateView):
class SetupWorkflowStateDeleteView(SingleObjectDeleteView):
model = WorkflowState
view_permission = permission_workflow_edit
object_permission = permission_workflow_edit
def get_extra_context(self):
return {
@@ -428,17 +413,28 @@ class SetupWorkflowStateDeleteView(SingleObjectDeleteView):
'workflow_instance': self.get_object().workflow,
}
def get_object_list(self):
return self.get_workflow().states.all()
def get_success_url(self):
return reverse(
'document_states:setup_workflow_states',
'document_states:setup_workflow_state_list',
args=(self.get_object().workflow.pk,)
)
def get_workflow(self):
workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
AccessControlList.objects.check_access(
permissions=(permission_workflow_edit,), obj=workflow,
user=self.request.user
)
return workflow
class SetupWorkflowStateEditView(SingleObjectEditView):
form_class = WorkflowStateForm
model = WorkflowState
view_permission = permission_workflow_edit
object_permission = permission_workflow_edit
def get_extra_context(self):
return {
@@ -449,36 +445,43 @@ class SetupWorkflowStateEditView(SingleObjectEditView):
def get_success_url(self):
return reverse(
'document_states:setup_workflow_states',
'document_states:setup_workflow_state_list',
args=(self.get_object().workflow.pk,)
)
# Transitions
class SetupWorkflowStateListView(SingleObjectListView):
object_permission = permission_workflow_view
def dispatch(self, request, *args, **kwargs):
AccessControlList.objects.check_access(
permissions=permission_workflow_view, user=request.user,
obj=self.get_workflow()
)
class SetupWorkflowTransitionListView(SingleObjectListView):
view_permission = permission_workflow_view
return super(
SetupWorkflowStateListView, self
).dispatch(request, *args, **kwargs)
def get_extra_context(self):
return {
'hide_link': True,
'object': self.get_workflow(),
'title': _(
'Transitions of workflow: %s'
) % self.get_workflow()
'title': _('States of workflow: %s') % self.get_workflow()
}
def get_object_list(self):
return self.get_workflow().transitions.all()
return self.get_workflow().states.all()
def get_workflow(self):
return get_object_or_404(Workflow, pk=self.kwargs['pk'])
# Transitions
class SetupWorkflowTransitionCreateView(SingleObjectCreateView):
form_class = WorkflowTransitionForm
view_permission = permission_workflow_edit
def form_valid(self, form):
self.object = form.save(commit=False)
@@ -515,17 +518,22 @@ class SetupWorkflowTransitionCreateView(SingleObjectCreateView):
def get_success_url(self):
return reverse(
'document_states:setup_workflow_transitions',
'document_states:setup_workflow_transition_list',
args=(self.kwargs['pk'],)
)
def get_workflow(self):
return get_object_or_404(Workflow, pk=self.kwargs['pk'])
workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
AccessControlList.objects.check_access(
permissions=(permission_workflow_edit,), obj=workflow,
user=self.request.user
)
return workflow
class SetupWorkflowTransitionDeleteView(SingleObjectDeleteView):
model = WorkflowTransition
view_permission = permission_workflow_edit
object_permission = permission_workflow_edit
def get_extra_context(self):
return {
@@ -536,7 +544,7 @@ class SetupWorkflowTransitionDeleteView(SingleObjectDeleteView):
def get_success_url(self):
return reverse(
'document_states:setup_workflow_transitions',
'document_states:setup_workflow_transition_list',
args=(self.get_object().workflow.pk,)
)
@@ -544,7 +552,7 @@ class SetupWorkflowTransitionDeleteView(SingleObjectDeleteView):
class SetupWorkflowTransitionEditView(SingleObjectEditView):
form_class = WorkflowTransitionForm
model = WorkflowTransition
view_permission = permission_workflow_edit
object_permission = permission_workflow_edit
def get_extra_context(self):
return {
@@ -562,13 +570,35 @@ class SetupWorkflowTransitionEditView(SingleObjectEditView):
def get_success_url(self):
return reverse(
'document_states:setup_workflow_transitions',
'document_states:setup_workflow_transition_list',
args=(self.get_object().workflow.pk,)
)
class SetupWorkflowTransitionListView(SingleObjectListView):
object_permission = permission_workflow_view
def get_extra_context(self):
return {
'hide_link': True,
'object': self.get_workflow(),
'title': _(
'Transitions of workflow: %s'
) % self.get_workflow()
}
def get_object_list(self):
return self.get_workflow().transitions.all()
def get_workflow(self):
return get_object_or_404(Workflow, pk=self.kwargs['pk'])
# Other
class WorkflowListView(SingleObjectListView):
view_permission = permission_workflow_view
object_permission = permission_workflow_view
def get_extra_context(self):
return {
@@ -735,7 +765,7 @@ class SetupWorkflowTransitionTriggerEventListView(FormView):
initial = []
# Return the queryset by name from the sorted list of the class
event_type_ids = [event_type.id for event_type in Event.all()]
event_type_ids = [event_type.id for event_type in EventType.all()]
event_type_queryset = StoredEventType.objects.filter(
name__in=event_type_ids
)
@@ -749,7 +779,7 @@ class SetupWorkflowTransitionTriggerEventListView(FormView):
def get_post_action_redirect(self):
return reverse(
'document_states:setup_workflow_transitions',
'document_states:setup_workflow_transition_list',
args=(self.get_object().workflow.pk,)
)