Move new document version blocking logic to the checkouts app. Remove PERMISSION_DOCUMENT_RESTRICTIONS_OVERRIDE, overriding checkout restrictions even for admin users has the potential to confuse or corrupt data, removing it. Even admins must now checkin a document before trying to perform a restricted operation.

2015-06-16 20:38:45 -04:00
parent dc35ed6948
commit c8268b1a5b
9 changed files with 60 additions and 55 deletions
--- a/mayan/apps/checkouts/apps.py
+++ b/mayan/apps/checkouts/apps.py
@@ -3,14 +3,16 @@ from __future__ import absolute_import, unicode_literals
 from datetime import timedelta

 from django import apps
+from django.db.models.signals import pre_save
 from django.utils.translation import ugettext_lazy as _

 from acls.api import class_permissions
 from common.menus import menu_facet, menu_main, menu_sidebar
-from documents.models import Document
+from documents.models import Document, DocumentVersion
 from mayan.celery import app
 from rest_api.classes import APIEndPoint

+from .handlers import check_if_new_versions_allowed
 from .links import (
    link_checkin_document, link_checkout_document, link_checkout_info,
    link_checkout_list
@@ -18,7 +20,7 @@ from .links import (
 from .models import DocumentCheckout
 from .permissions import (
    PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE,
-    PERMISSION_DOCUMENT_CHECKOUT, PERMISSION_DOCUMENT_RESTRICTIONS_OVERRIDE
+    PERMISSION_DOCUMENT_CHECKOUT
 )

 CHECK_EXPIRED_CHECK_OUTS_INTERVAL = 60  # Lowest check out expiration allowed
@@ -33,7 +35,6 @@ class CheckoutsApp(apps.AppConfig):
        Document.add_to_class('check_in', lambda document, user=None: DocumentCheckout.objects.check_in_document(document, user))
        Document.add_to_class('checkout_info', lambda document: DocumentCheckout.objects.document_checkout_info(document))
        Document.add_to_class('checkout_state', lambda document: DocumentCheckout.objects.document_checkout_state(document))
-        Document.add_to_class('is_new_versions_allowed', lambda document, user=None: DocumentCheckout.objects.is_document_new_versions_allowed(document, user))

        app.conf.CELERYBEAT_SCHEDULE.update({
            'check_expired_check_outs': {
@@ -47,11 +48,12 @@ class CheckoutsApp(apps.AppConfig):
            PERMISSION_DOCUMENT_CHECKOUT,
            PERMISSION_DOCUMENT_CHECKIN,
            PERMISSION_DOCUMENT_CHECKIN_OVERRIDE,
-            PERMISSION_DOCUMENT_RESTRICTIONS_OVERRIDE
        ])

        menu_facet.bind_links(links=[link_checkout_info], sources=[Document])
        menu_main.bind_links(links=[link_checkout_list])
        menu_sidebar.bind_links(links=[link_checkout_document, link_checkin_document], sources=['checkouts:checkout_info', 'checkouts:checkout_document', 'checkouts:checkin_document'])

+        pre_save.connect(check_if_new_versions_allowed, dispatch_uid='document_index_delete', sender=DocumentVersion)
+
        APIEndPoint('checkouts')
--- a/mayan/apps/checkouts/exceptions.py
+++ b/mayan/apps/checkouts/exceptions.py
@@ -3,16 +3,38 @@ from __future__ import unicode_literals
 from django.utils.translation import ugettext


-class DocumentNotCheckedOut(Exception):
+class DocumentCheckoutError(Exception):
+    """
+    Base checkout exception
+    """
+    pass
+
+
+class DocumentCheckoutWarning(Warning):
+    """
+    Base checkout warning
+    """
+    pass
+
+
+class DocumentNotCheckedOut(DocumentCheckoutError):
    """
    Raised when trying to checkin a document that is not checkedout
    """
    pass


-class DocumentAlreadyCheckedOut(Exception):
+class DocumentAlreadyCheckedOut(DocumentCheckoutError):
    """
    Raised when trying to checkout an already checkedout document
    """
    def __unicode__(self):
        return ugettext('Document already checked out.')
+
+
+class NewDocumentVersionNotAllowed(DocumentCheckoutWarning):
+    """
+    Uploading new versions for this document is not allowed
+    Current reasons:  Document is in checked out state
+    """
+    pass
--- a/mayan/apps/checkouts/handlers.py
+++ b/mayan/apps/checkouts/handlers.py
@@ -0,0 +1,11 @@
+from __future__ import unicode_literals
+
+from django.utils.translation import ugettext_lazy as _
+
+from .exceptions import NewDocumentVersionNotAllowed
+from .models import DocumentCheckout
+
+
+def check_if_new_versions_allowed(sender, **kwargs):
+    if not DocumentCheckout.objects.are_document_new_versions_allowed(kwargs['instance'].document):
+        raise NewDocumentVersionNotAllowed(_('New versions not allowed for the checkedout document: %s' % kwargs['instance'].document))
--- a/mayan/apps/checkouts/managers.py
+++ b/mayan/apps/checkouts/managers.py
@@ -16,12 +16,14 @@ from .events import (
 )
 from .exceptions import DocumentNotCheckedOut
 from .literals import STATE_CHECKED_OUT, STATE_CHECKED_IN
-from .permissions import PERMISSION_DOCUMENT_RESTRICTIONS_OVERRIDE

 logger = logging.getLogger(__name__)


 class DocumentCheckoutManager(models.Manager):
+    def checkout_document(self, document, expiration_datetime, user, block_new_version=True):
+        self.create(document=document, expiration_datetime=expiration_datetime, user_object=user, block_new_version=block_new_version)
+
    def checked_out_documents(self):
        return Document.objects.filter(pk__in=self.model.objects.all().values_list('document__pk', flat=True))

@@ -68,33 +70,10 @@ class DocumentCheckoutManager(models.Manager):
        else:
            return STATE_CHECKED_IN

-    def is_document_new_versions_allowed(self, document, user=None):
+    def are_document_new_versions_allowed(self, document, user=None):
        try:
            checkout_info = self.document_checkout_info(document)
        except DocumentNotCheckedOut:
            return True
        else:
-            if not user:
            return not checkout_info.block_new_version
-            else:
-                if user.is_staff or user.is_superuser:
-                    # Allow anything to superusers and staff
-                    return True
-
-                if user == checkout_info.user_object:
-                    # Allow anything to the user who checked out this document
-                    return True
-                else:
-                    # If not original user check to see if user has global or this document's PERMISSION_DOCUMENT_RESTRICTIONS_OVERRIDE permission
-                    try:
-                        Permission.objects.check_permissions(user, [PERMISSION_DOCUMENT_RESTRICTIONS_OVERRIDE])
-                    except PermissionDenied:
-                        try:
-                            AccessEntry.objects.check_accesses([PERMISSION_DOCUMENT_RESTRICTIONS_OVERRIDE], user, document)
-                        except PermissionDenied:
-                            # Last resort check if original user enabled restriction
-                            return not checkout_info.block_new_version
-                        else:
-                            return True
-                    else:
-                        return True
--- a/mayan/apps/checkouts/permissions.py
+++ b/mayan/apps/checkouts/permissions.py
@@ -9,4 +9,3 @@ namespace = PermissionNamespace('checkouts', _('Document checkout'))
 PERMISSION_DOCUMENT_CHECKOUT = Permission.objects.register(namespace, 'checkout_document', _('Check out documents'))
 PERMISSION_DOCUMENT_CHECKIN = Permission.objects.register(namespace, 'checkin_document', _('Check in documents'))
 PERMISSION_DOCUMENT_CHECKIN_OVERRIDE = Permission.objects.register(namespace, 'checkin_document_override', _('Forcefully check in documents'))
-PERMISSION_DOCUMENT_RESTRICTIONS_OVERRIDE = Permission.objects.register(namespace, 'checkout_restrictions_override', _('Allow overriding check out restrictions'))
--- a/mayan/apps/checkouts/views.py
+++ b/mayan/apps/checkouts/views.py
@@ -74,10 +74,12 @@ def checkout_document(request, document_pk):
        form = DocumentCheckoutForm(data=request.POST, initial={'document': document})
        if form.is_valid():
            try:
-                document_checkout = form.save(commit=False)
-                document_checkout.user_object = request.user
-                document_checkout.document = document
-                document_checkout.save()
+                DocumentCheckout.objects.checkout_document(
+                    document=document,
+                    expiration_datetime=form.cleaned_data['expiration_datetime'],
+                    user=request.user,
+                    block_new_version=form.cleaned_data['block_new_version'],
+                )
            except DocumentAlreadyCheckedOut:
                messages.error(request, _('Document already checked out.'))
                return HttpResponseRedirect(reverse('checkouts:checkout_info', args=[document.pk]))
--- a/mayan/apps/documents/exceptions.py
+++ b/mayan/apps/documents/exceptions.py
@@ -1,9 +0,0 @@
-from __future__ import unicode_literals
-
-
-class NewDocumentVersionNotAllowed(Exception):
-    """
-    Uploading new versions for this document is not allowed
-    Current reasons:  Document is in checked out state
-    """
-    pass
--- a/mayan/apps/documents/models.py
+++ b/mayan/apps/documents/models.py
@@ -29,7 +29,6 @@ from converter.models import Transformation
 from mimetype.api import get_mimetype

 from .events import event_document_create
-from .exceptions import NewDocumentVersionNotAllowed
 from .managers import (
    DocumentManager, DocumentTypeManager, RecentDocumentManager
 )
@@ -138,10 +137,7 @@ class Document(models.Model):
        return self.latest_version.size

    def new_version(self, file_object, user=None, comment=None):
-        logger.debug('creating new document version')
-        # TODO: move this restriction to a signal processor of the checkouts app
-        if not self.is_new_versions_allowed(user=user):
-            raise NewDocumentVersionNotAllowed
+        logger.info('Creating a new document version for document: %s', self)

        new_version = DocumentVersion.objects.create(
            document=self,
@@ -149,7 +145,7 @@ class Document(models.Model):
            comment=comment or '',
        )

-        logger.debug('new_version saved')
+        logger.info('New document version created for document: %s', self)

        # TODO: new HISTORY for version updates

--- a/mayan/apps/documents/tasks.py
+++ b/mayan/apps/documents/tasks.py
@@ -71,6 +71,9 @@ def task_upload_new_version(document_id, shared_uploaded_file_id, user_id, comme
        user = None

    with File(file=shared_file.file) as file_object:
+        try:
            document.new_version(comment=comment, file_object=file_object, user=user)
-
+        except Warning as warning:
+            logger.info('Warning during attempt to create new document version for document:%s ; %s', document, warning)
+        finally:
            shared_file.delete()