Register the workflow_view permission to the Document model.
Add task to rebalance the workflow app permission checking. Signed-off-by: Michael Price <loneviking72@gmail.com> Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
This commit is contained in:
Michael Price
committed by
Roberto Rosario
Roberto Rosario
parent
db735bc454
commit
837d64dfdb
@@ -76,11 +76,35 @@ Other
|
||||
- Automatically capture license information from installed Python
|
||||
packages.
|
||||
|
||||
Permissions
|
||||
~~~~~~~~~~~
|
||||
- Permission should be reciprocal. Example: To be able to add a tag to a
|
||||
document, the user must hold the tag add permission for the document
|
||||
and for the tag to be added. To be able to enable a metadata type to a
|
||||
document type, the user must hold the metadata add permissions for the
|
||||
metadata type and for the document type.
|
||||
- Edit type permissions should only grant the ability to edit the properties
|
||||
of an object. To modify its relationship with other objects a reciprocal
|
||||
permission check should be instead.
|
||||
|
||||
Sources
|
||||
~~~~~~~
|
||||
- Add ACLs support to sources.
|
||||
- Provide error message/feedback when scanning from a remote scanner fails.
|
||||
- Redirect to the same source when scanning from a remote scanner finishes.
|
||||
- Require a permission for document types to avoid a user that has the workflow
|
||||
creation permission to attach a workflow to a document type they don't
|
||||
control.
|
||||
- Research making APIWorkflowDocumentTypeList a subclass of documents.api_views.APIDocumentTypeList
|
||||
- A POST request to APIWorkflowDocumentTypeList should require some permission
|
||||
on the document type part to avoid adding non controlled document types
|
||||
to a new workflow.
|
||||
- To transition a workflow, the transition permission is only needed for the
|
||||
workflow. Make it necesary to have the same permission for the document
|
||||
of document type.
|
||||
- To view the transition log, the workflow view permission is only needed for the
|
||||
document. Make it necesary to have the same permission for the workflow or
|
||||
for the transition and the states.
|
||||
|
||||
Testing
|
||||
~~~~~~~
|
||||
|
||||
@@ -106,6 +106,9 @@ class DocumentStatesApp(MayanAppConfig):
|
||||
), type_name=['property', 'indexing']
|
||||
)
|
||||
|
||||
ModelPermission.register(
|
||||
model=Document, permissions=(permission_workflow_view,)
|
||||
)
|
||||
ModelPermission.register(
|
||||
model=Workflow, permissions=(
|
||||
permission_error_log_view, permission_workflow_delete,
|
||||
|
||||
Reference in New Issue
Block a user