Add access grant workflow state action.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>

mayan/apps/acls/workflow_actions.py

@@ -0,0 +1,107 @@
+from __future__ import absolute_import, unicode_literals
+
+import logging
+
+from django.apps import apps
+from django.contrib.contenttypes.models import ContentType
+from django.core.exceptions import ValidationError
+from django.utils.translation import ugettext_lazy as _
+
+from acls.models import AccessControlList
+from document_states.classes import WorkflowAction
+from permissions.classes import Permission
+from permissions.models import Role
+
+from .classes import ModelPermission
+from .permissions import permission_acl_edit
+
+__all__ = ('GrantAccessAction',)
+logger = logging.getLogger(__name__)
+
+
+class GrantAccessAction(WorkflowAction):
+    fields = (
+        {
+            'name': 'content_type', 'label': _('Object type'),
+            'class': 'django.forms.ModelChoiceField', 'kwargs': {
+                'help_text': _(
+                    'Type of the object for which the access will be granted.'
+                ),
+                'queryset': ModelPermission.get_classes(as_content_type=True),
+                'required': True
+            }
+        }, {
+            'name': 'object_id', 'label': _('Object ID'),
+            'class': 'django.forms.IntegerField', 'kwargs': {
+                'help_text': _(
+                    'Numeric identifier of the object for which the access '
+                    'will be granted.'
+                ), 'required': True
+            }
+        }, {
+            'name': 'roles', 'label': _('Roles'),
+            'class': 'django.forms.ModelMultipleChoiceField', 'kwargs': {
+                'help_text': _('Roles that will be granted access.'),
+                'queryset': Role.objects.all(), 'required': True
+            }
+        }, {
+            'name': 'permissions', 'label': _('Permissions'),
+            'class': 'django.forms.MultipleChoiceField', 'kwargs': {
+                'help_text': _(
+                    'Permissions to grant to the role for the object.'
+                ), 'choices': Permission.all(as_choices=True),
+                'required': True
+            }
+        },
+    )
+    label = _('Grant access')
+    widgets = {
+        'roles': {
+            'class': 'django.forms.widgets.SelectMultiple', 'kwargs': {
+                'attrs': {'class': 'select2'},
+            }
+        },
+        'permissions': {
+            'class': 'django.forms.widgets.SelectMultiple', 'kwargs': {
+                'attrs': {'class': 'select2'},
+            }
+        }
+    }
+
+    @classmethod
+    def clean(cls, request, form_data=None):
+        AccessControlList = apps.get_model(
+            app_label='acls', model_name='AccessControlList'
+        )
+
+        content_type = ContentType.objects.get(
+            pk=int(form_data['action_data']['content_type'])
+        )
+        obj = content_type.get_object_for_this_type(
+            pk=int(form_data['action_data']['object_id'])
+        )
+
+        try:
+            AccessControlList.objects.check_access(
+                permissions=permission_acl_edit, user=request.user, obj=obj
+            )
+        except Exception as exception:
+            raise ValidationError(exception)
+        else:
+            return form_data
+
+    def execute(self, context):
+        content_type = ContentType.objects.get(
+            pk=self.form_data['content_type']
+        )
+        obj = content_type.get_object_for_this_type(
+            pk=self.form_data['object_id']
+        )
+        roles = Role.objects.filter(pk__in=self.form_data['roles'])
+        permissions = [Permission.get(pk=permission.uuid) for permission in self.form_data['permissions']]
+
+        for role in roles:
+            for permission in permissions:
+                AccessControlList.objects.grant(
+                    permission=permission, role=role, obj=obj
+                )