Remove role permission grant revoke permissions

Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
2019-01-25 01:16:48 -04:00
parent 9203977261
commit c5ce20bbea
6 changed files with 16 additions and 45 deletions
--- a/HISTORY.rst
+++ b/HISTORY.rst
@@ -222,6 +222,8 @@
  filtering in Python. The refactor added cascading access checking
  in preparation for nested cabinet access control and the removal
  of the permission proxy support which is now redundant.
+- Remove the permissions to grant or revoke a permission to a role.
+  The instead the role edit permission is used.

 3.1.9 (2018-11-01)
 ==================
--- a/mayan/apps/permissions/apps.py
+++ b/mayan/apps/permissions/apps.py
@@ -22,7 +22,6 @@ from .links import (
    link_role_list, link_role_permissions
 )
 from .permissions import (
-    permission_permission_grant, permission_permission_revoke,
    permission_role_delete, permission_role_edit, permission_role_view
 )
 from .search import *  # NOQA
@@ -45,7 +44,6 @@ class PermissionsApp(MayanAppConfig):
        ModelPermission.register(
            model=Role, permissions=(
                permission_acl_edit, permission_acl_view,
-                permission_permission_grant, permission_permission_revoke,
                permission_role_delete, permission_role_edit,
                permission_role_view
            )
--- a/mayan/apps/permissions/links.py
+++ b/mayan/apps/permissions/links.py
@@ -10,49 +10,48 @@ from .icons import (
    icon_role_list, icon_role_permissions
 )
 from .permissions import (
-    permission_permission_grant, permission_permission_revoke,
    permission_role_create, permission_role_delete, permission_role_edit,
    permission_role_view
 )

 link_group_roles = Link(
    icon_class=icon_role_list, kwargs={'group_id': 'object.id'},
-    permissions=(permission_group_edit,), text=_('Roles'),
+    permission=permission_group_edit, text=_('Roles'),
    view='permissions:group_roles',
 )
 link_permission_grant = Link(
-    permissions=(permission_permission_grant,), text=_('Grant'),
+    permission=permission_role_edit, text=_('Grant'),
    view='permissions:permission_multiple_grant'
 )
 link_permission_revoke = Link(
-    permissions=(permission_permission_revoke,), text=_('Revoke'),
+    permission=permission_role_edit, text=_('Revoke'),
    view='permissions:permission_multiple_revoke'
 )
 link_role_create = Link(
-    icon_class=icon_role_create, permissions=(permission_role_create,),
+    icon_class=icon_role_create, permission=permission_role_create,
    text=_('Create new role'), view='permissions:role_create'
 )
 link_role_delete = Link(
    icon_class=icon_role_delete, kwargs={'role_id': 'object.id'},
-    permissions=(permission_role_delete,), tags='dangerous', text=_('Delete'),
+    permission=permission_role_delete, tags='dangerous', text=_('Delete'),
    view='permissions:role_delete',
 )
 link_role_edit = Link(
    icon_class=icon_role_edit, kwargs={'role_id': 'object.id'},
-    permissions=(permission_role_edit,), text=_('Edit'),
+    permission=permission_role_edit, text=_('Edit'),
    view='permissions:role_edit',
 )
 link_role_list = Link(
-    icon_class=icon_role_list, permissions=(permission_role_view,),
+    icon_class=icon_role_list, permission=permission_role_view,
    text=_('Roles'), view='permissions:role_list'
 )
 link_role_groups = Link(
    icon_class=icon_role_groups, kwargs={'role_id': 'object.id'},
-    permissions=(permission_role_edit,), text=_('Groups'),
+    permission=permission_role_edit, text=_('Groups'),
    view='permissions:role_groups',
 )
 link_role_permissions = Link(
    icon_class=icon_role_permissions, kwargs={'role_id': 'object.id'},
-    permissions=(permission_permission_grant, permission_permission_revoke),
-    text=_('Role permissions'), view='permissions:role_permissions',
+    permission=permission_role_edit, text=_('Role permissions'),
+    view='permissions:role_permissions',
 )
--- a/mayan/apps/permissions/permissions.py
+++ b/mayan/apps/permissions/permissions.py
@@ -6,12 +6,6 @@ from . import PermissionNamespace

 namespace = PermissionNamespace(label=_('Permissions'), name='permissions')

-permission_permission_grant = namespace.add_permission(
-    label=_('Grant permissions'), name='permission_grant'
-)
-permission_permission_revoke = namespace.add_permission(
-    label=_('Revoke permissions'), name='permission_revoke'
-)
 permission_role_create = namespace.add_permission(
    label=_('Create roles'), name='role_create'
 )
--- a/mayan/apps/permissions/tests/test_views.py
+++ b/mayan/apps/permissions/tests/test_views.py
@@ -6,7 +6,6 @@ from mayan.apps.user_management.tests import GroupTestMixin

 from ..models import Role
 from ..permissions import (
-    permission_permission_grant, permission_permission_revoke,
    permission_role_create, permission_role_delete, permission_role_edit,
    permission_role_view
 )
@@ -123,23 +122,15 @@ class PermissionsViewsTestCase(GroupTestMixin, RoleTestMixin, GenericViewTestCas
            kwargs={'role_id': self.test_role.pk}
        )

-    def test_role_permissions_view_no_access(self):
+    def test_role_permissions_view_no_permission(self):
        self._create_test_role()
        response = self._request_role_permissions_view()
        self.assertEqual(response.status_code, 403)

-    def test_role_permissions_view_with_permission_grant(self):
+    def test_role_permissions_view_with_access(self):
        self._create_test_role()
        self.grant_access(
-            permission=permission_permission_grant, obj=self.test_role
-        )
-        response = self._request_role_permissions_view()
-        self.assertEqual(response.status_code, 200)
-
-    def test_role_permissions_view_with_permission_revoke(self):
-        self._create_test_role()
-        self.grant_access(
-            permission=permission_permission_revoke, obj=self.test_role
+            permission=permission_permission_view, obj=self.test_role
        )
        response = self._request_role_permissions_view()
        self.assertEqual(response.status_code, 200)
--- a/mayan/apps/permissions/views.py
+++ b/mayan/apps/permissions/views.py
@@ -21,7 +21,6 @@ from .icons import icon_role_list
 from .links import link_role_create
 from .models import Role, StoredPermission
 from .permissions import (
-    permission_permission_grant, permission_permission_revoke,
    permission_role_create, permission_role_delete, permission_role_edit,
    permission_role_view
 )
@@ -147,6 +146,7 @@ class RoleListView(SingleObjectListView):
 class RolePermissionsView(AssignRemoveView):
    grouped = True
    left_list_title = _('Available permissions')
+    object_permission = permission_role_edit
    right_list_title = _('Granted permissions')

    @staticmethod
@@ -171,19 +171,9 @@ class RolePermissionsView(AssignRemoveView):
        return results

    def add(self, item):
-        Permission.check_permissions(
-            self.request.user, permissions=(permission_permission_grant,)
-        )
        permission = get_object_or_404(klass=StoredPermission, pk=item)
        self.get_object().permissions.add(permission)

-    def dispatch(self, request, *args, **kwargs):
-        AccessControlList.objects.check_access(
-            permissions=(permission_permission_grant, permission_permission_revoke),
-            user=self.request.user, obj=self.get_object()
-        )
-        return super(RolePermissionsView, self).dispatch(request, *args, **kwargs)
-
    def get_extra_context(self):
        return {
            'object': self.get_object(),
@@ -207,9 +197,6 @@ class RolePermissionsView(AssignRemoveView):
        )

    def remove(self, item):
-        Permission.check_permissions(
-            self.request.user, permissions=(permission_permission_revoke,)
-        )
        permission = get_object_or_404(klass=StoredPermission, pk=item)
        self.get_object().permissions.remove(permission)