Update apps for new ACLs refactor.
This commit is contained in:
Roberto Rosario
@@ -8,7 +8,7 @@ from django.shortcuts import get_object_or_404
|
||||
from rest_framework import generics, status
|
||||
from rest_framework.response import Response
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document
|
||||
from documents.permissions import permission_document_view
|
||||
from permissions import Permission
|
||||
@@ -31,7 +31,7 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
filtered_documents = AccessEntry.objects.filter_objects_by_access([permission_document_view], self.request.user, documents)
|
||||
filtered_documents = AccessControlList.objects.filter_by_access([permission_document_view], self.request.user, documents)
|
||||
else:
|
||||
filtered_documents = documents
|
||||
|
||||
@@ -54,7 +54,7 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_checkout])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_checkout, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_checkout, request.user, document)
|
||||
|
||||
timezone = pytz.utc
|
||||
|
||||
@@ -83,7 +83,7 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
filtered_documents = AccessEntry.objects.filter_objects_by_access([permission_document_view], self.request.user, documents)
|
||||
filtered_documents = AccessControlList.objects.filter_by_access([permission_document_view], self.request.user, documents)
|
||||
else:
|
||||
filtered_documents = documents
|
||||
|
||||
@@ -109,11 +109,11 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_checkin])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_checkin, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_checkin, request.user, document)
|
||||
else:
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_checkin_override])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_checkin_override, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_checkin_override, request.user, document)
|
||||
|
||||
return super(APICheckedoutDocumentView, self).delete(request, *args, **kwargs)
|
||||
|
||||
@@ -12,7 +12,7 @@ from django.utils.translation import ugettext_lazy as _
|
||||
from documents.models import Document
|
||||
from documents.views import DocumentListView
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from common.utils import encapsulate, get_object_name
|
||||
from permissions import Permission
|
||||
|
||||
@@ -45,7 +45,7 @@ def checkout_info(request, document_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_checkout, permission_document_checkin])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_accesses([permission_document_checkout, permission_document_checkin], request.user, document)
|
||||
AccessControlList.objects.check_access([permission_document_checkout, permission_document_checkin], request.user, document)
|
||||
|
||||
paragraphs = [_('Document status: %s') % STATE_LABELS[document.checkout_state()]]
|
||||
|
||||
@@ -68,7 +68,7 @@ def checkout_document(request, document_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_checkout])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_checkout, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_checkout, request.user, document)
|
||||
|
||||
if request.method == 'POST':
|
||||
form = DocumentCheckoutForm(data=request.POST, initial={'document': document})
|
||||
@@ -116,12 +116,12 @@ def checkin_document(request, document_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_checkin])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_checkin, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_checkin, request.user, document)
|
||||
else:
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_checkin_override])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_checkin_override, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_checkin_override, request.user, document)
|
||||
|
||||
if request.method == 'POST':
|
||||
try:
|
||||
|
||||
@@ -4,7 +4,7 @@ from django.conf import settings
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.core.urlresolvers import reverse
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ class ObjectListPermissionFilterMixin(object):
|
||||
Permission.check_permissions(self.request.user, (self.object_permission,))
|
||||
except PermissionDenied:
|
||||
# No global permission, filter ther queryset per object + permission
|
||||
return AccessEntry.objects.filter_objects_by_access(self.object_permission, self.request.user, queryset)
|
||||
return AccessControlList.objects.filter_by_access(self.object_permission, self.request.user, queryset)
|
||||
else:
|
||||
# Has the permission globally, return all results
|
||||
return queryset
|
||||
@@ -52,7 +52,7 @@ class ObjectPermissionCheckMixin(object):
|
||||
try:
|
||||
Permission.check_permissions(request.user, (self.object_permission,))
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(self.object_permission, request.user, self.get_permission_object())
|
||||
AccessControlList.objects.check_access(self.object_permission, request.user, self.get_permission_object())
|
||||
|
||||
return super(ObjectPermissionCheckMixin, self).dispatch(request, *args, **kwargs)
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ from django.shortcuts import get_object_or_404, render_to_response
|
||||
from django.template import RequestContext
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from common.utils import encapsulate
|
||||
from permissions import Permission
|
||||
|
||||
@@ -36,7 +36,7 @@ def transformation_list(request, app_label, model, object_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_transformation_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_transformation_view, request.user, content_object)
|
||||
AccessControlList.objects.check_access(permission_transformation_view, request.user, content_object)
|
||||
|
||||
context = {
|
||||
'object_list': Transformation.objects.get_for_model(content_object),
|
||||
@@ -67,7 +67,7 @@ def transformation_create(request, app_label, model, object_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_transformation_create])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_transformation_create, request.user, content_object)
|
||||
AccessControlList.objects.check_access(permission_transformation_create, request.user, content_object)
|
||||
|
||||
if request.method == 'POST':
|
||||
form = TransformationForm(request.POST, initial={'content_object': content_object})
|
||||
@@ -94,7 +94,7 @@ def transformation_delete(request, object_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_transformation_delete])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_transformation_delete, request.user, transformation.content_object)
|
||||
AccessControlList.objects.check_access(permission_transformation_delete, request.user, transformation.content_object)
|
||||
|
||||
if request.method == 'POST':
|
||||
transformation.delete()
|
||||
@@ -119,7 +119,7 @@ def transformation_edit(request, object_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_transformation_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_transformation_edit, request.user, transformation.content_object)
|
||||
AccessControlList.objects.check_access(permission_transformation_edit, request.user, transformation.content_object)
|
||||
|
||||
if request.method == 'POST':
|
||||
form = TransformationForm(request.POST, instance=transformation)
|
||||
|
||||
@@ -12,7 +12,7 @@ from django.shortcuts import render_to_response, get_object_or_404
|
||||
from django.template import RequestContext
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document
|
||||
from permissions import Permission
|
||||
|
||||
@@ -34,7 +34,7 @@ def comment_delete(request, comment_id=None, comment_id_list=None):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_comment_delete])
|
||||
except PermissionDenied:
|
||||
comments = AccessEntry.objects.filter_objects_by_access(permission_comment_delete, request.user, comments, related='content_object')
|
||||
comments = AccessControlList.objects.filter_by_access(permission_comment_delete, request.user, comments, related='content_object')
|
||||
|
||||
if not comments:
|
||||
messages.error(request, _('Must provide at least one comment.'))
|
||||
@@ -82,7 +82,7 @@ def comment_add(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_comment_create])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_comment_create, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_comment_create, request.user, document)
|
||||
|
||||
post_action_redirect = None
|
||||
|
||||
@@ -120,7 +120,7 @@ def comments_for_document(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_comment_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_comment_view, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_comment_view, request.user, document)
|
||||
|
||||
return render_to_response('appearance/generic_list.html', {
|
||||
'object': document,
|
||||
|
||||
@@ -5,7 +5,7 @@ from django.shortcuts import get_object_or_404
|
||||
|
||||
from rest_framework import generics
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document
|
||||
from documents.permissions import permission_document_view
|
||||
from permissions import Permission
|
||||
@@ -84,7 +84,7 @@ class APIIndexNodeInstanceDocumentListView(generics.ListAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_indexing_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_indexing_view, self.request.user, index_node_instance.index)
|
||||
AccessControlList.objects.check_access(permission_document_indexing_view, self.request.user, index_node_instance.index)
|
||||
|
||||
return index_node_instance.documents.all()
|
||||
|
||||
@@ -144,6 +144,6 @@ class APIDocumentIndexListView(generics.ListAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_view, self.request.user, document)
|
||||
|
||||
return document.node_instances.all()
|
||||
|
||||
@@ -10,7 +10,7 @@ from django.template import RequestContext
|
||||
from django.utils.html import mark_safe
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from common.utils import encapsulate
|
||||
from common.views import AssignRemoveView
|
||||
from common.widgets import two_state_template
|
||||
@@ -49,7 +49,7 @@ def index_setup_list(request):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_indexing_setup])
|
||||
except PermissionDenied:
|
||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_setup, request.user, queryset)
|
||||
queryset = AccessControlList.objects.filter_by_access(permission_document_indexing_setup, request.user, queryset)
|
||||
|
||||
context['object_list'] = queryset
|
||||
|
||||
@@ -81,7 +81,7 @@ def index_setup_edit(request, index_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_indexing_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_indexing_create, request.user, index)
|
||||
AccessControlList.objects.check_access(permission_document_indexing_create, request.user, index)
|
||||
|
||||
if request.method == 'POST':
|
||||
form = IndexForm(request.POST, instance=index)
|
||||
@@ -106,7 +106,7 @@ def index_setup_delete(request, index_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_indexing_delete])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_indexing_delete, request.user, index)
|
||||
AccessControlList.objects.check_access(permission_document_indexing_delete, request.user, index)
|
||||
|
||||
post_action_redirect = reverse('indexing:index_setup_list')
|
||||
|
||||
@@ -142,7 +142,7 @@ def index_setup_view(request, index_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_indexing_setup])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_indexing_setup, request.user, index)
|
||||
AccessControlList.objects.check_access(permission_document_indexing_setup, request.user, index)
|
||||
|
||||
object_list = index.template_root.get_descendants(include_self=True)
|
||||
|
||||
@@ -201,7 +201,7 @@ def template_node_create(request, parent_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_indexing_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, parent_node.index)
|
||||
AccessControlList.objects.check_access(permission_document_indexing_edit, request.user, parent_node.index)
|
||||
|
||||
if request.method == 'POST':
|
||||
form = IndexTemplateNodeForm(request.POST)
|
||||
@@ -226,7 +226,7 @@ def template_node_edit(request, node_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_indexing_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, node.index)
|
||||
AccessControlList.objects.check_access(permission_document_indexing_edit, request.user, node.index)
|
||||
|
||||
if request.method == 'POST':
|
||||
form = IndexTemplateNodeForm(request.POST, instance=node)
|
||||
@@ -252,7 +252,7 @@ def template_node_delete(request, node_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_indexing_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, node.index)
|
||||
AccessControlList.objects.check_access(permission_document_indexing_edit, request.user, node.index)
|
||||
|
||||
post_action_redirect = reverse('indexing:index_setup_view', args=[node.index.pk])
|
||||
|
||||
@@ -302,7 +302,7 @@ def index_list(request):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_indexing_view])
|
||||
except PermissionDenied:
|
||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_view, request.user, queryset)
|
||||
queryset = AccessControlList.objects.filter_by_access(permission_document_indexing_view, request.user, queryset)
|
||||
|
||||
context['object_list'] = queryset
|
||||
|
||||
@@ -322,7 +322,7 @@ def index_instance_node_view(request, index_instance_node_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_indexing_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_indexing_view, request.user, index_instance.index)
|
||||
AccessControlList.objects.check_access(permission_document_indexing_view, request.user, index_instance.index)
|
||||
|
||||
title = mark_safe(_('Contents for index: %s') % breadcrumbs)
|
||||
|
||||
@@ -392,7 +392,7 @@ def document_index_list(request, document_id):
|
||||
# TODO: should be AND not OR
|
||||
Permission.check_permissions(request.user, [permission_document_view, permission_document_indexing_view])
|
||||
except PermissionDenied:
|
||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_view, request.user, queryset, related='index')
|
||||
queryset = AccessControlList.objects.filter_by_access(permission_document_indexing_view, request.user, queryset, related='index')
|
||||
|
||||
for index_instance in queryset:
|
||||
object_list.append(get_breadcrumbs(index_instance, single_link=True, include_count=True))
|
||||
|
||||
@@ -13,7 +13,7 @@ from django.template import RequestContext
|
||||
from django.template.defaultfilters import force_escape
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from django_gpg.literals import SIGNATURE_STATE_NONE, SIGNATURE_STATES
|
||||
from documents.models import Document
|
||||
from filetransfers.api import serve_file
|
||||
@@ -35,7 +35,7 @@ def document_verify(request, document_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_verify])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_verify, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_verify, request.user, document)
|
||||
|
||||
document.add_as_recent_document_for_user(request.user)
|
||||
|
||||
@@ -82,7 +82,7 @@ def document_signature_upload(request, document_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_signature_upload])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_signature_upload, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_signature_upload, request.user, document)
|
||||
|
||||
document.add_as_recent_document_for_user(request.user)
|
||||
|
||||
@@ -118,7 +118,7 @@ def document_signature_download(request, document_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_signature_download])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_signature_download, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_signature_download, request.user, document)
|
||||
|
||||
try:
|
||||
if DocumentVersionSignature.objects.has_detached_signature(document.latest_version):
|
||||
@@ -142,7 +142,7 @@ def document_signature_delete(request, document_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_signature_delete])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_signature_delete, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_signature_delete, request.user, document)
|
||||
|
||||
document.add_as_recent_document_for_user(request.user)
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ from django.shortcuts import get_object_or_404
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.views.generic import FormView
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from common.views import (
|
||||
AssignRemoveView, SingleObjectCreateView, SingleObjectDeleteView,
|
||||
SingleObjectEditView, SingleObjectListView
|
||||
@@ -34,7 +34,7 @@ class DocumentWorkflowInstanceListView(SingleObjectListView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_workflow_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_workflow_view, request.user, self.get_document())
|
||||
AccessControlList.objects.check_access(permission_document_workflow_view, request.user, self.get_document())
|
||||
|
||||
return super(DocumentWorkflowInstanceListView, self).dispatch(request, *args, **kwargs)
|
||||
|
||||
@@ -62,7 +62,7 @@ class WorkflowInstanceDetailView(SingleObjectListView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_workflow_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_workflow_view, request.user, self.get_workflow_instance().document)
|
||||
AccessControlList.objects.check_access(permission_document_workflow_view, request.user, self.get_workflow_instance().document)
|
||||
|
||||
return super(WorkflowInstanceDetailView, self).dispatch(request, *args, **kwargs)
|
||||
|
||||
@@ -96,7 +96,7 @@ class WorkflowInstanceTransitionView(FormView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_workflow_transition])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_workflow_transition, request.user, self.get_workflow_instance().document)
|
||||
AccessControlList.objects.check_access(permission_document_workflow_transition, request.user, self.get_workflow_instance().document)
|
||||
|
||||
return super(WorkflowInstanceTransitionView, self).dispatch(request, *args, **kwargs)
|
||||
|
||||
@@ -203,7 +203,7 @@ class SetupWorkflowStateListView(SingleObjectListView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_workflow_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||
AccessControlList.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||
|
||||
return super(SetupWorkflowStateListView, self).dispatch(request, *args, **kwargs)
|
||||
|
||||
@@ -233,7 +233,7 @@ class SetupWorkflowStateCreateView(SingleObjectCreateView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_workflow_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||
AccessControlList.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||
|
||||
return super(SetupWorkflowStateCreateView, self).dispatch(request, *args, **kwargs)
|
||||
|
||||
@@ -314,7 +314,7 @@ class SetupWorkflowTransitionListView(SingleObjectListView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_workflow_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||
AccessControlList.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||
|
||||
return super(SetupWorkflowTransitionListView, self).dispatch(request, *args, **kwargs)
|
||||
|
||||
@@ -344,7 +344,7 @@ class SetupWorkflowTransitionCreateView(SingleObjectCreateView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_workflow_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||
AccessControlList.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
|
||||
|
||||
return super(SetupWorkflowTransitionCreateView, self).dispatch(request, *args, **kwargs)
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ from rest_framework import generics, status
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.settings import api_settings
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from common.models import SharedUploadedFile
|
||||
from converter.exceptions import UnkownConvertError, UnknownFileFormat
|
||||
from converter.literals import (
|
||||
@@ -186,7 +186,7 @@ class APIDocumentImageView(generics.GenericAPIView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document)
|
||||
|
||||
size = request.GET.get('size', setting_display_size.value)
|
||||
|
||||
@@ -317,7 +317,7 @@ class APIDocumentTypeDocumentListView(generics.ListAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_type_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_type_view, self.request.user, document_type)
|
||||
AccessControlList.objects.check_access(permission_document_type_view, self.request.user, document_type)
|
||||
|
||||
return document_type.documents.all()
|
||||
|
||||
|
||||
@@ -14,6 +14,7 @@ from django.template import RequestContext
|
||||
from django.utils.http import urlencode
|
||||
from django.utils.translation import ugettext_lazy as _, ungettext
|
||||
|
||||
from acls.models import AccessControlList
|
||||
from common.compressed_files import CompressedFile
|
||||
from common.utils import encapsulate, pretty_size
|
||||
from common.views import ParentChildListView, SingleObjectListView
|
||||
@@ -108,7 +109,7 @@ def document_list(request, object_list=None, title=None, extra_context=None):
|
||||
# If user doesn't have global permission, get a list of document
|
||||
# for which he/she does hace access use it to filter the
|
||||
# provided object_list
|
||||
final_object_list = AccessEntry.objects.filter_objects_by_access(
|
||||
final_object_list = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, request.user, pre_object_list)
|
||||
else:
|
||||
final_object_list = pre_object_list
|
||||
@@ -131,7 +132,7 @@ def document_properties(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document)
|
||||
|
||||
document.add_as_recent_document_for_user(request.user)
|
||||
|
||||
@@ -168,7 +169,7 @@ def document_preview(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document)
|
||||
|
||||
document.add_as_recent_document_for_user(request.user)
|
||||
|
||||
@@ -199,7 +200,7 @@ def document_delete(request, document_id=None, document_id_list=None):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_delete])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission_document_delete, request.user, documents, exception_on_empty=True)
|
||||
documents = AccessControlList.objects.filter_by_access(permission_document_delete, request.user, documents, exception_on_empty=True)
|
||||
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
@@ -245,7 +246,7 @@ def document_edit(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_properties_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_properties_edit, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_properties_edit, request.user, document)
|
||||
|
||||
if request.method == 'POST':
|
||||
form = DocumentForm(request.POST, instance=document)
|
||||
@@ -290,7 +291,7 @@ def document_document_type_edit(request, document_id=None, document_id_list=None
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_properties_edit])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission_document_properties_edit, request.user, documents, exception_on_empty=True)
|
||||
documents = AccessControlList.objects.filter_by_access(permission_document_properties_edit, request.user, documents, exception_on_empty=True)
|
||||
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
@@ -340,7 +341,7 @@ def get_document_image(request, document_id, size=setting_preview_size.value):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document)
|
||||
|
||||
page = int(request.GET.get('page', DEFAULT_PAGE_NUMBER))
|
||||
|
||||
@@ -376,7 +377,7 @@ def document_download(request, document_id=None, document_id_list=None, document
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_download])
|
||||
except PermissionDenied:
|
||||
document_versions = AccessEntry.objects.filter_objects_by_access(permission_document_download, request.user, document_versions, related='document', exception_on_empty=True)
|
||||
document_versions = AccessControlList.objects.filter_by_access(permission_document_download, request.user, document_versions, related='document', exception_on_empty=True)
|
||||
|
||||
subtemplates_list = []
|
||||
subtemplates_list.append(
|
||||
@@ -484,7 +485,7 @@ def document_update_page_count(request, document_id=None, document_id_list=None)
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_tools])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission_document_tools, request.user, documents, exception_on_empty=True)
|
||||
documents = AccessControlList.objects.filter_by_access(permission_document_tools, request.user, documents, exception_on_empty=True)
|
||||
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
|
||||
@@ -536,7 +537,7 @@ def document_clear_transformations(request, document_id=None, document_id_list=N
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_transformation_delete])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission_transformation_delete, request.user, documents, exception_on_empty=True)
|
||||
documents = AccessControlList.objects.filter_by_access(permission_transformation_delete, request.user, documents, exception_on_empty=True)
|
||||
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
|
||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
|
||||
@@ -582,7 +583,7 @@ def document_page_view(request, document_page_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
|
||||
zoom = int(request.GET.get('zoom', DEFAULT_ZOOM_LEVEL))
|
||||
rotation = int(request.GET.get('rotation', DEFAULT_ROTATION))
|
||||
@@ -617,7 +618,7 @@ def document_page_navigation_next(request, document_page_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
|
||||
view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name
|
||||
|
||||
@@ -635,7 +636,7 @@ def document_page_navigation_previous(request, document_page_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
|
||||
view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name
|
||||
|
||||
@@ -654,7 +655,7 @@ def document_page_navigation_first(request, document_page_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
|
||||
view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name
|
||||
|
||||
@@ -668,7 +669,7 @@ def document_page_navigation_last(request, document_page_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
|
||||
view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name
|
||||
|
||||
@@ -681,7 +682,7 @@ def transform_page(request, document_page_id, zoom_function=None, rotation_funct
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document)
|
||||
|
||||
view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name
|
||||
|
||||
@@ -744,7 +745,7 @@ def document_print(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_print])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_print, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_print, request.user, document)
|
||||
|
||||
document.add_as_recent_document_for_user(request.user)
|
||||
|
||||
@@ -1022,7 +1023,7 @@ def document_version_list(request, document_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document)
|
||||
|
||||
document.add_as_recent_document_for_user(request.user)
|
||||
|
||||
@@ -1062,7 +1063,7 @@ def document_version_revert(request, document_version_pk):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_version_revert])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_version_revert, request.user, document_version.document)
|
||||
AccessControlList.objects.check_access(permission_document_version_revert, request.user, document_version.document)
|
||||
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ from django.db.models import Q
|
||||
from django.db.models.loading import get_model
|
||||
from django.utils.module_loading import import_string
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
from .models import RecentSearch
|
||||
@@ -167,13 +167,14 @@ class SearchModel(object):
|
||||
|
||||
elapsed_time = unicode(datetime.datetime.now() - start_time).split(':')[2]
|
||||
|
||||
queryset = self.model.objects.in_bulk(list(result_set)[: setting_limit.value]).values()
|
||||
#queryset = self.model.objects.in_bulk(list(result_set)[:setting_limit.value]).values()
|
||||
queryset = self.model.objects.filter(pk__in=list(result_set)[:setting_limit.value])
|
||||
|
||||
if self.permission:
|
||||
try:
|
||||
Permission.check_permissions(user, [self.permission])
|
||||
except PermissionDenied:
|
||||
queryset = AccessEntry.objects.filter_objects_by_access(self.permission, user, queryset)
|
||||
queryset = AccessControlList.objects.filter_by_access(self.permission, user, queryset)
|
||||
|
||||
RecentSearch.objects.add_query_for_user(user, query_string, len(result_set))
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from actstream.models import Action, any_stream
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from common.utils import encapsulate
|
||||
from permissions import Permission
|
||||
|
||||
@@ -35,7 +35,7 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb=
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_events_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_events_view, request.user, content_object)
|
||||
AccessControlList.objects.check_access(permission_events_view, request.user, content_object)
|
||||
|
||||
context.update({
|
||||
'object_list': any_stream(content_object),
|
||||
@@ -51,7 +51,7 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb=
|
||||
# If user doesn't have global permission, get a list of document
|
||||
# for which he/she does hace access use it to filter the
|
||||
# provided object_list
|
||||
object_list = AccessEntry.objects.filter_objects_by_access(permission_events_view, request.user, pre_object_list, related='content_object')
|
||||
object_list = AccessControlList.objects.filter_by_access(permission_events_view, request.user, pre_object_list, related='content_object')
|
||||
else:
|
||||
object_list = pre_object_list
|
||||
|
||||
@@ -68,7 +68,7 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb=
|
||||
# If user doesn't have global permission, get a list of document
|
||||
# for which he/she does hace access use it to filter the
|
||||
# provided object_list
|
||||
object_list = AccessEntry.objects.filter_objects_by_access(permission_events_view, request.user, pre_object_list, related='content_object')
|
||||
object_list = AccessControlList.objects.filter_by_access(permission_events_view, request.user, pre_object_list, related='content_object')
|
||||
else:
|
||||
object_list = pre_object_list
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@ from django.shortcuts import get_object_or_404
|
||||
from rest_framework import generics, status, views
|
||||
from rest_framework.response import Response
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document
|
||||
from documents.permissions import permission_document_view
|
||||
from permissions import Permission
|
||||
@@ -98,7 +98,7 @@ class APIFolderDocumentListView(generics.ListAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_folder_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_folder_view, self.request.user, folder)
|
||||
AccessControlList.objects.check_access(permission_folder_view, self.request.user, folder)
|
||||
|
||||
return folder.documents.all()
|
||||
|
||||
@@ -116,7 +116,7 @@ class APIDocumentFolderListView(generics.ListAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_view, self.request.user, document)
|
||||
|
||||
queryset = document.folders.all()
|
||||
return queryset
|
||||
@@ -131,7 +131,7 @@ class APIFolderDocumentView(views.APIView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_folder_remove_document])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_folder_remove_document, request.user, folder)
|
||||
AccessControlList.objects.check_access(permission_folder_remove_document, request.user, folder)
|
||||
|
||||
document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
|
||||
folder.documents.remove(document)
|
||||
@@ -145,7 +145,7 @@ class APIFolderDocumentView(views.APIView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_folder_add_document])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_folder_add_document, request.user, folder)
|
||||
AccessControlList.objects.check_access(permission_folder_add_document, request.user, folder)
|
||||
|
||||
document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
|
||||
folder.documents.add(document)
|
||||
|
||||
@@ -6,7 +6,7 @@ from django import forms
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
from .models import Folder
|
||||
@@ -31,7 +31,7 @@ class FolderListForm(forms.Form):
|
||||
try:
|
||||
Permission.check_permissions(user, [permission_folder_view])
|
||||
except PermissionDenied:
|
||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_folder_view, user, queryset)
|
||||
queryset = AccessControlList.objects.filter_by_access(permission_folder_view, user, queryset)
|
||||
|
||||
self.fields['folder'] = forms.ModelChoiceField(
|
||||
queryset=queryset,
|
||||
|
||||
@@ -11,6 +11,7 @@ from django.shortcuts import get_object_or_404, render_to_response
|
||||
from django.template import RequestContext
|
||||
from django.utils.translation import ugettext_lazy as _, ungettext
|
||||
|
||||
from acls.models import AccessControlList
|
||||
from common.views import SingleObjectListView
|
||||
from documents.permissions import permission_document_view
|
||||
from documents.models import Document
|
||||
@@ -66,7 +67,7 @@ def folder_edit(request, folder_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_folder_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_folder_edit, request.user, folder)
|
||||
AccessControlList.objects.check_access(permission_folder_edit, request.user, folder)
|
||||
|
||||
if request.method == 'POST':
|
||||
form = FolderForm(data=request.POST, instance=folder)
|
||||
@@ -93,7 +94,7 @@ def folder_delete(request, folder_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_folder_delete])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_folder_delete, request.user, folder)
|
||||
AccessControlList.objects.check_access(permission_folder_delete, request.user, folder)
|
||||
|
||||
post_action_redirect = reverse('folders:folder_list')
|
||||
|
||||
@@ -129,7 +130,7 @@ class FolderDetailView(DocumentListView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_folder_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_folder_view, self.request.user, folder)
|
||||
AccessControlList.objects.check_access(permission_folder_view, self.request.user, folder)
|
||||
|
||||
return folder
|
||||
|
||||
@@ -157,7 +158,7 @@ def folder_add_document(request, document_id=None, document_id_list=None):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_folder_add_document])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission_folder_add_document, request.user, documents)
|
||||
documents = AccessControlList.objects.filter_by_access(permission_folder_add_document, request.user, documents)
|
||||
|
||||
post_action_redirect = None
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
@@ -205,7 +206,7 @@ def document_folder_list(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document)
|
||||
|
||||
context = {
|
||||
'hide_link': True,
|
||||
@@ -218,7 +219,7 @@ def document_folder_list(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_folder_view])
|
||||
except PermissionDenied:
|
||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_folder_view, request.user, queryset)
|
||||
queryset = AccessControlList.objects.filter_by_access(permission_folder_view, request.user, queryset)
|
||||
|
||||
context['object_list'] = queryset
|
||||
|
||||
@@ -243,7 +244,7 @@ def folder_document_remove(request, folder_id, document_id=None, document_id_lis
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_folder_remove_document])
|
||||
except PermissionDenied:
|
||||
folder_documents = AccessEntry.objects.filter_objects_by_access(permission_folder_remove_document, request.user, folder_documents, exception_on_empty=True)
|
||||
folder_documents = AccessControlList.objects.filter_by_access(permission_folder_remove_document, request.user, folder_documents, exception_on_empty=True)
|
||||
|
||||
logger.debug('folder_documents (post permission check): %s', folder_documents)
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ from django.template import Context, RequestContext, Template
|
||||
from django.utils.html import strip_tags
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document
|
||||
from permissions import Permission
|
||||
|
||||
@@ -36,7 +36,7 @@ def send_document_link(request, document_id=None, document_id_list=None, as_atta
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission, request.user, documents)
|
||||
documents = AccessControlList.objects.filter_by_access(permission, request.user, documents)
|
||||
|
||||
if not documents:
|
||||
messages.error(request, _('Must provide at least one document.'))
|
||||
|
||||
@@ -6,7 +6,7 @@ from django.shortcuts import get_object_or_404
|
||||
from rest_framework import generics, status, views
|
||||
from rest_framework.response import Response
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document, DocumentType
|
||||
from documents.permissions import (
|
||||
permission_document_type_view, permission_document_type_edit
|
||||
@@ -90,7 +90,7 @@ class APIDocumentMetadataListView(generics.ListCreateAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_metadata_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_metadata_document_view, self.request.user, document)
|
||||
AccessControlList.objects.check_access(permission_metadata_document_view, self.request.user, document)
|
||||
else:
|
||||
return document.metadata.all()
|
||||
elif self.request == 'POST':
|
||||
@@ -98,7 +98,7 @@ class APIDocumentMetadataListView(generics.ListCreateAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_metadata_document_add])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_metadata_document_add, self.request.user, document)
|
||||
AccessControlList.objects.check_access(permission_metadata_document_add, self.request.user, document)
|
||||
else:
|
||||
return document.metadata.all()
|
||||
|
||||
@@ -164,7 +164,7 @@ class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_type_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_type_view, self.request.user, document_type)
|
||||
AccessControlList.objects.check_access(permission_document_type_view, self.request.user, document_type)
|
||||
|
||||
return document_type.metadata.filter(required=self.required_metadata)
|
||||
|
||||
@@ -187,7 +187,7 @@ class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_type_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_type_edit, self.request.user, document_type)
|
||||
AccessControlList.objects.check_access(permission_document_type_edit, self.request.user, document_type)
|
||||
|
||||
serializer = self.get_serializer(data=self.request.POST)
|
||||
|
||||
@@ -223,7 +223,7 @@ class APIDocumentTypeMetadataTypeRequiredView(views.APIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_type_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_type_edit, self.request.user, document_type)
|
||||
AccessControlList.objects.check_access(permission_document_type_edit, self.request.user, document_type)
|
||||
|
||||
metadata_type = get_object_or_404(MetadataType, pk=self.kwargs['metadata_type_pk'])
|
||||
document_type.metadata_type.remove(metadata_type)
|
||||
|
||||
@@ -10,7 +10,7 @@ from django.template import RequestContext
|
||||
from django.utils.http import urlencode
|
||||
from django.utils.translation import ugettext_lazy as _, ungettext
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from common.utils import encapsulate
|
||||
from common.views import AssignRemoveView
|
||||
from documents.models import Document, DocumentType
|
||||
@@ -50,7 +50,7 @@ def metadata_edit(request, document_id=None, document_id_list=None):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_metadata_document_edit])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_edit, request.user, documents)
|
||||
documents = AccessControlList.objects.filter_by_access(permission_metadata_document_edit, request.user, documents)
|
||||
|
||||
if not documents:
|
||||
if document_id:
|
||||
@@ -158,7 +158,7 @@ def metadata_add(request, document_id=None, document_id_list=None):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_metadata_document_add])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_add, request.user, documents)
|
||||
documents = AccessControlList.objects.filter_by_access(permission_metadata_document_add, request.user, documents)
|
||||
|
||||
if not documents:
|
||||
messages.error(request, _('Must provide at least one document.'))
|
||||
@@ -237,7 +237,7 @@ def metadata_remove(request, document_id=None, document_id_list=None):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_metadata_document_remove])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_remove, request.user, documents)
|
||||
documents = AccessControlList.objects.filter_by_access(permission_metadata_document_remove, request.user, documents)
|
||||
|
||||
if not documents:
|
||||
if document_id:
|
||||
@@ -331,7 +331,7 @@ def metadata_view(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_metadata_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_metadata_document_view, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_metadata_document_view, request.user, document)
|
||||
|
||||
return render_to_response('appearance/generic_list.html', {
|
||||
'title': _('Metadata for document: %s') % document,
|
||||
|
||||
@@ -14,7 +14,7 @@ from django.utils.encoding import smart_str, smart_unicode
|
||||
from django.utils.http import urlencode, urlquote
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -96,7 +96,7 @@ class Menu(object):
|
||||
resolved_link = link.resolve(context=context, resolved_object=resolved_navigation_object)
|
||||
if resolved_link:
|
||||
resolved_links.append(resolved_link)
|
||||
break # No need for further content object match testing
|
||||
#break # No need for further content object match testing
|
||||
except TypeError:
|
||||
# When source is a dictionary
|
||||
pass
|
||||
@@ -164,7 +164,7 @@ class Link(object):
|
||||
# access to the instance.
|
||||
if resolved_object:
|
||||
try:
|
||||
AccessEntry.objects.check_access(self.permissions, request.user, resolved_object)
|
||||
AccessControlList.objects.check_access(self.permissions, request.user, resolved_object)
|
||||
except PermissionDenied:
|
||||
return None
|
||||
else:
|
||||
|
||||
@@ -7,7 +7,7 @@ from rest_framework import generics, status
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.settings import api_settings
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import DocumentVersion
|
||||
from permissions import Permission
|
||||
from rest_api.permissions import MayanPermission
|
||||
@@ -32,7 +32,7 @@ class DocumentVersionOCRView(generics.GenericAPIView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_ocr_document])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_ocr_document, request.user, document_version.document)
|
||||
AccessControlList.objects.check_access(permission_ocr_document, request.user, document_version.document)
|
||||
|
||||
document_version.submit_for_ocr()
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ from django.shortcuts import get_object_or_404, render_to_response
|
||||
from django.template import RequestContext
|
||||
from django.utils.translation import ugettext_lazy as _, ungettext
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from common.views import ConfirmView, SingleObjectEditView
|
||||
from documents.models import Document, DocumentType, DocumentVersion
|
||||
from permissions import Permission
|
||||
@@ -40,7 +40,7 @@ class DocumentSubmitView(ConfirmView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_ocr_document])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_ocr_document, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_ocr_document, request.user, document)
|
||||
|
||||
document.submit_for_ocr()
|
||||
messages.success(request, _('Document: %(document)s was added to the OCR queue.') % {
|
||||
@@ -104,7 +104,7 @@ def document_content(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_ocr_content_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_ocr_content_view, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_ocr_content_view, request.user, document)
|
||||
|
||||
document.add_as_recent_document_for_user(request.user)
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ from django.core.exceptions import PermissionDenied
|
||||
|
||||
from rest_framework.filters import BaseFilterBackend
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@ class MayanObjectPermissionsFilter(BaseFilterBackend):
|
||||
try:
|
||||
Permission.check_permissions(request.user, required_permission)
|
||||
except PermissionDenied:
|
||||
return AccessEntry.objects.filter_objects_by_access(required_permission[0], request.user, queryset)
|
||||
return AccessControlList.objects.filter_by_access(required_permission[0], request.user, queryset)
|
||||
else:
|
||||
return queryset
|
||||
else:
|
||||
|
||||
@@ -6,7 +6,7 @@ from django.core.exceptions import PermissionDenied
|
||||
|
||||
from rest_framework.permissions import BasePermission
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
|
||||
@@ -33,9 +33,9 @@ class MayanPermission(BasePermission):
|
||||
except PermissionDenied:
|
||||
try:
|
||||
if hasattr(view, 'mayan_permission_attribute_check'):
|
||||
AccessEntry.objects.check_accesses(required_permission, request.user, getattr(obj, view.mayan_permission_attribute_check))
|
||||
AccessControlList.objects.check_access(required_permission, request.user, getattr(obj, view.mayan_permission_attribute_check))
|
||||
else:
|
||||
AccessEntry.objects.check_accesses(required_permission, request.user, obj)
|
||||
AccessControlList.objects.check_access(required_permission, request.user, obj)
|
||||
except PermissionDenied:
|
||||
return False
|
||||
else:
|
||||
|
||||
@@ -10,7 +10,7 @@ from django.template import RequestContext
|
||||
from django.utils.http import urlencode
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from common import menu_facet
|
||||
from common.models import SharedUploadedFile
|
||||
from common.utils import encapsulate
|
||||
@@ -279,7 +279,7 @@ class UploadInteractiveVersionView(UploadBaseView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_new_version])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_new_version, self.request.user, self.document)
|
||||
AccessControlList.objects.check_access(permission_document_new_version, self.request.user, self.document)
|
||||
|
||||
self.tab_links = get_active_tab_links(self.document)
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@ from django.shortcuts import get_object_or_404
|
||||
from rest_framework import generics, status, views
|
||||
from rest_framework.response import Response
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document
|
||||
from documents.permissions import permission_document_view
|
||||
from permissions import Permission
|
||||
@@ -77,7 +77,7 @@ class APITagDocumentListView(generics.ListAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_tag_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_tag_view, self.request.user, tag)
|
||||
AccessControlList.objects.check_access(permission_tag_view, self.request.user, tag)
|
||||
|
||||
queryset = tag.documents.all()
|
||||
return queryset
|
||||
@@ -98,7 +98,7 @@ class APIDocumentTagListView(generics.ListAPIView):
|
||||
try:
|
||||
Permission.check_permissions(self.request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_view, self.request.user, document)
|
||||
|
||||
queryset = document.tags.all()
|
||||
return queryset
|
||||
@@ -114,7 +114,7 @@ class APIDocumentTagView(views.APIView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_tag_remove])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_tag_remove, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_tag_remove, request.user, document)
|
||||
|
||||
tag = get_object_or_404(Tag, pk=self.kwargs['pk'])
|
||||
tag.documents.remove(document)
|
||||
@@ -129,7 +129,7 @@ class APIDocumentTagView(views.APIView):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_tag_attach])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_tag_attach, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_tag_attach, request.user, document)
|
||||
|
||||
tag = get_object_or_404(Tag, pk=self.kwargs['pk'])
|
||||
tag.documents.add(document)
|
||||
|
||||
@@ -6,7 +6,7 @@ from django import forms
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
from .models import Tag
|
||||
@@ -35,7 +35,7 @@ class TagListForm(forms.Form):
|
||||
try:
|
||||
Permission.check_permissions(user, [permission_tag_view])
|
||||
except PermissionDenied:
|
||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_tag_view, user, queryset)
|
||||
queryset = AccessControlList.objects.filter_by_access(permission_tag_view, user, queryset)
|
||||
|
||||
self.fields['tag'] = forms.ModelChoiceField(
|
||||
queryset=queryset,
|
||||
|
||||
@@ -59,7 +59,7 @@ def tag_attach(request, document_id=None, document_id_list=None):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_tag_attach])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission_tag_attach, request.user, documents)
|
||||
documents = AccessControlList.objects.filter_by_access(permission_tag_attach, request.user, documents)
|
||||
|
||||
post_action_redirect = None
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
@@ -121,7 +121,7 @@ def tag_list(request, queryset=None, extra_context=None):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_tag_view])
|
||||
except PermissionDenied:
|
||||
queryset = AccessEntry.objects.filter_objects_by_access(permission_tag_view, request.user, queryset)
|
||||
queryset = AccessControlList.objects.filter_by_access(permission_tag_view, request.user, queryset)
|
||||
|
||||
context['object_list'] = queryset
|
||||
|
||||
@@ -144,7 +144,7 @@ def tag_delete(request, tag_id=None, tag_id_list=None):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_tag_delete])
|
||||
except PermissionDenied:
|
||||
tags = AccessEntry.objects.filter_objects_by_access(permission_tag_delete, request.user, tags)
|
||||
tags = AccessControlList.objects.filter_by_access(permission_tag_delete, request.user, tags)
|
||||
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
@@ -192,7 +192,7 @@ def tag_edit(request, tag_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_tag_edit])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_tag_edit, request.user, tag)
|
||||
AccessControlList.objects.check_access(permission_tag_edit, request.user, tag)
|
||||
|
||||
if request.method == 'POST':
|
||||
form = TagForm(data=request.POST, instance=tag)
|
||||
@@ -231,7 +231,7 @@ def document_tags(request, document_id):
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(permission_document_view, request.user, document)
|
||||
AccessControlList.objects.check_access(permission_document_view, request.user, document)
|
||||
|
||||
context = {
|
||||
'object': document,
|
||||
@@ -254,7 +254,7 @@ def tag_remove(request, document_id=None, document_id_list=None, tag_id=None, ta
|
||||
try:
|
||||
Permission.check_permissions(request.user, [permission_tag_remove])
|
||||
except PermissionDenied:
|
||||
documents = AccessEntry.objects.filter_objects_by_access(permission_tag_remove, request.user, documents, exception_on_empty=True)
|
||||
documents = AccessControlList.objects.filter_by_access(permission_tag_remove, request.user, documents, exception_on_empty=True)
|
||||
|
||||
post_action_redirect = None
|
||||
|
||||
|
||||
Reference in New Issue
Block a user