diff --git a/mayan/apps/acls/links.py b/mayan/apps/acls/links.py index 9e0800a0af..291ccae1da 100644 --- a/mayan/apps/acls/links.py +++ b/mayan/apps/acls/links.py @@ -5,20 +5,20 @@ from django.utils.translation import ugettext_lazy as _ from navigation import Link from .permissions import ( - ACLS_CLASS_EDIT_ACL, ACLS_CLASS_VIEW_ACL, ACLS_EDIT_ACL, ACLS_VIEW_ACL + acls_class_edit_acl, acls_class_view_acl, acls_edit_acl, acls_view_acl ) -link_acl_list = Link(permissions=[ACLS_VIEW_ACL], text=_('ACLs'), view='acls:acl_list') +link_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='acls:acl_list') -link_acl_detail = Link(permissions=[ACLS_VIEW_ACL], text=_('Details'), view='acls:acl_detail', args=['access_object.gid', 'object.gid']) -link_acl_grant = Link(permissions=[ACLS_EDIT_ACL], text=_('Grant'), view='acls:acl_multiple_grant') -link_acl_revoke = Link(permissions=[ACLS_EDIT_ACL], text=_('Revoke'), view='acls:acl_multiple_revoke') -link_acl_holder_new = Link(permissions=[ACLS_EDIT_ACL], text=_('New holder'), view='acls:acl_holder_new', args='access_object.gid') -link_acl_setup_valid_classes = Link(icon='fa fa-lock', permissions=[ACLS_CLASS_VIEW_ACL], text=_('Default ACLs'), view='acls:acl_setup_valid_classes') -link_acl_class_list = Link(permissions=[ACLS_CLASS_VIEW_ACL], text=_('Classes'), view='acls:acl_setup_valid_classes') +link_acl_detail = Link(permissions=[acls_view_acl], text=_('Details'), view='acls:acl_detail', args=['access_object.gid', 'object.gid']) +link_acl_grant = Link(permissions=[acls_edit_acl], text=_('Grant'), view='acls:acl_multiple_grant') +link_acl_revoke = Link(permissions=[acls_edit_acl], text=_('Revoke'), view='acls:acl_multiple_revoke') +link_acl_holder_new = Link(permissions=[acls_edit_acl], text=_('New holder'), view='acls:acl_holder_new', args='access_object.gid') +link_acl_setup_valid_classes = Link(icon='fa fa-lock', permissions=[acls_class_view_acl], text=_('Default ACLs'), view='acls:acl_setup_valid_classes') +link_acl_class_list = Link(permissions=[acls_class_view_acl], text=_('Classes'), view='acls:acl_setup_valid_classes') -link_acl_class_acl_list = Link(permissions=[ACLS_CLASS_VIEW_ACL], text=_('ACLs for class'), view='acls:acl_class_acl_list', args='object.gid') -link_acl_class_acl_detail = Link(permissions=[ACLS_CLASS_VIEW_ACL], text=_('Details'), view='acls:acl_class_acl_detail', args=['access_object_class.gid', 'object.gid']) -link_acl_class_new_holder_for = Link(permissions=[ACLS_CLASS_EDIT_ACL], text=_('New holder'), view='acls:acl_class_new_holder_for', args='object.gid') -link_acl_class_grant = Link(permissions=[ACLS_CLASS_EDIT_ACL], text=_('Grant'), view='acls:acl_class_multiple_grant') -link_acl_class_revoke = Link(permissions=[ACLS_CLASS_EDIT_ACL], text=_('Revoke'), view='acls:acl_class_multiple_revoke') +link_acl_class_acl_list = Link(permissions=[acls_class_view_acl], text=_('ACLs for class'), view='acls:acl_class_acl_list', args='object.gid') +link_acl_class_acl_detail = Link(permissions=[acls_class_view_acl], text=_('Details'), view='acls:acl_class_acl_detail', args=['access_object_class.gid', 'object.gid']) +link_acl_class_new_holder_for = Link(permissions=[acls_class_edit_acl], text=_('New holder'), view='acls:acl_class_new_holder_for', args='object.gid') +link_acl_class_grant = Link(permissions=[acls_class_edit_acl], text=_('Grant'), view='acls:acl_class_multiple_grant') +link_acl_class_revoke = Link(permissions=[acls_class_edit_acl], text=_('Revoke'), view='acls:acl_class_multiple_revoke') diff --git a/mayan/apps/acls/permissions.py b/mayan/apps/acls/permissions.py index f0dc2116e3..2b923fdec7 100644 --- a/mayan/apps/acls/permissions.py +++ b/mayan/apps/acls/permissions.py @@ -2,13 +2,13 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace acls_namespace = PermissionNamespace('acls', _('Access control lists')) acls_setup_namespace = PermissionNamespace('acls_setup', _('Access control lists')) -ACLS_EDIT_ACL = Permission.objects.register(acls_namespace, 'acl_edit', _('Edit ACLs')) -ACLS_VIEW_ACL = Permission.objects.register(acls_namespace, 'acl_view', _('View ACLs')) +acls_edit_acl = acls_namespace.add_permission(name='acl_edit', label=_('Edit ACLs')) +acls_view_acl = acls_namespace.add_permission(name='acl_view', label=_('View ACLs')) -ACLS_CLASS_EDIT_ACL = Permission.objects.register(acls_setup_namespace, 'acl_class_edit', _('Edit class default ACLs')) -ACLS_CLASS_VIEW_ACL = Permission.objects.register(acls_setup_namespace, 'acl_class_view', _('View class default ACLs')) +acls_class_edit_acl = acls_setup_namespace.add_permission(name='acl_class_edit', label=_('Edit class default ACLs')) +acls_class_view_acl = acls_setup_namespace.add_permission(name='acl_class_view', label=_('View class default ACLs')) diff --git a/mayan/apps/acls/views.py b/mayan/apps/acls/views.py index cd8295ee90..663126cb3c 100644 --- a/mayan/apps/acls/views.py +++ b/mayan/apps/acls/views.py @@ -25,7 +25,7 @@ from .classes import ( from .forms import ClassHolderSelectionForm, HolderSelectionForm from .models import AccessEntry, DefaultAccessEntry from .permissions import ( - ACLS_EDIT_ACL, ACLS_CLASS_EDIT_ACL, ACLS_CLASS_VIEW_ACL, ACLS_VIEW_ACL + acls_edit_acl, acls_class_edit_acl, acls_class_view_acl, acls_view_acl ) from .widgets import object_indentifier @@ -38,9 +38,9 @@ def _permission_titles(permission_list): def acl_list_for(request, obj, extra_context=None): try: - Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL]) + Permission.objects.check_permissions(request.user, [acls_view_acl]) except PermissionDenied: - AccessEntry.objects.check_access(ACLS_VIEW_ACL, request.user, obj) + AccessEntry.objects.check_access(acls_view_acl, request.user, obj) logger.debug('obj: %s', obj) @@ -83,9 +83,9 @@ def acl_detail(request, access_object_gid, holder_object_gid): def acl_detail_for(request, actor, obj): try: - Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL]) + Permission.objects.check_permissions(request.user, [acls_view_acl]) except PermissionDenied: - AccessEntry.objects.check_accesses([ACLS_VIEW_ACL], actor, obj) + AccessEntry.objects.check_accesses([acls_view_acl], actor, obj) permission_list = get_class_permissions_for(obj.source_object) # TODO : get all globally assigned permission, new function get_permissions_for_holder (roles aware) @@ -153,10 +153,10 @@ def acl_grant(request): raise Http404 try: - Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL]) + Permission.objects.check_permissions(request.user, [acls_edit_acl]) except PermissionDenied: try: - AccessEntry.objects.check_access(ACLS_EDIT_ACL, request.user, access_object) + AccessEntry.objects.check_access(acls_edit_acl, request.user, access_object) except PermissionDenied: raise else: @@ -244,10 +244,10 @@ def acl_revoke(request): raise Http404 try: - Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL]) + Permission.objects.check_permissions(request.user, [acls_edit_acl]) except PermissionDenied: try: - AccessEntry.objects.check_access(ACLS_EDIT_ACL, request.user, access_object) + AccessEntry.objects.check_access(acls_edit_acl, request.user, access_object) except PermissionDenied: raise else: @@ -313,9 +313,9 @@ def acl_revoke(request): def acl_new_holder_for(request, obj, extra_context=None, navigation_object=None): try: - Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL]) + Permission.objects.check_permissions(request.user, [acls_edit_acl]) except PermissionDenied: - AccessEntry.objects.check_access(ACLS_EDIT_ACL, request.user, obj) + AccessEntry.objects.check_access(acls_edit_acl, request.user, obj) if request.method == 'POST': form = HolderSelectionForm(request.POST) @@ -364,7 +364,7 @@ def acl_holder_new(request, access_object_gid): # Setup views def acl_setup_valid_classes(request): - Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL]) + Permission.objects.check_permissions(request.user, [acls_class_view_acl]) context = { 'object_list': DefaultAccessEntry.get_classes(), @@ -382,7 +382,7 @@ def acl_setup_valid_classes(request): def acl_class_acl_list(request, access_object_class_gid): logger.debug('access_object_class_gid: %s', access_object_class_gid) - Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL]) + Permission.objects.check_permissions(request.user, [acls_class_view_acl]) access_object_class = AccessObjectClass.get(gid=access_object_class_gid) logger.debug('access_object_class: %s', access_object_class) @@ -404,7 +404,7 @@ def acl_class_acl_list(request, access_object_class_gid): def acl_class_acl_detail(request, access_object_class_gid, holder_object_gid): - Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL]) + Permission.objects.check_permissions(request.user, [acls_class_view_acl]) try: actor = AccessHolder.get(gid=holder_object_gid) access_object_class = AccessObjectClass.get(gid=access_object_class_gid) @@ -448,7 +448,7 @@ def acl_class_acl_detail(request, access_object_class_gid, holder_object_gid): def acl_class_new_holder_for(request, access_object_class_gid): - Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) + Permission.objects.check_permissions(request.user, [acls_class_edit_acl]) access_object_class = AccessObjectClass.get(gid=access_object_class_gid) if request.method == 'POST': @@ -475,7 +475,7 @@ def acl_class_new_holder_for(request, access_object_class_gid): def acl_class_multiple_grant(request): - Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) + Permission.objects.check_permissions(request.user, [acls_class_edit_acl]) items_property_list = loads(request.GET.get('items_property_list', [])) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -552,7 +552,7 @@ def acl_class_multiple_grant(request): def acl_class_multiple_revoke(request): - Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) + Permission.objects.check_permissions(request.user, [acls_class_edit_acl]) items_property_list = loads(request.GET.get('items_property_list', [])) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) diff --git a/mayan/apps/checkouts/api_views.py b/mayan/apps/checkouts/api_views.py index a2911acd87..59c9b73978 100644 --- a/mayan/apps/checkouts/api_views.py +++ b/mayan/apps/checkouts/api_views.py @@ -10,11 +10,11 @@ from rest_framework.response import Response from acls.models import AccessEntry from documents.models import Document -from documents.permissions import PERMISSION_DOCUMENT_VIEW +from documents.permissions import permission_document_view from permissions.models import Permission from .models import DocumentCheckout -from .permissions import PERMISSION_DOCUMENT_CHECKOUT, PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE +from .permissions import permission_document_checkout, permission_document_checkin, permission_document_checkin_override from .serializers import DocumentCheckoutSerializer, NewDocumentCheckoutSerializer @@ -29,9 +29,9 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView): documents = DocumentCheckout.objects.checked_out_documents() try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_document_view]) except PermissionDenied: - filtered_documents = AccessEntry.objects.filter_objects_by_access([PERMISSION_DOCUMENT_VIEW], self.request.user, documents) + filtered_documents = AccessEntry.objects.filter_objects_by_access([permission_document_view], self.request.user, documents) else: filtered_documents = documents @@ -52,9 +52,9 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView): if serializer.is_valid(): document = get_object_or_404(Document, pk=serializer.data['document']) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKOUT]) + Permission.objects.check_permissions(request.user, [permission_document_checkout]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKOUT, request.user, document) + AccessEntry.objects.check_access(permission_document_checkout, request.user, document) timezone = pytz.utc @@ -81,9 +81,9 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView): documents = DocumentCheckout.objects.checked_out_documents() try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_document_view]) except PermissionDenied: - filtered_documents = AccessEntry.objects.filter_objects_by_access([PERMISSION_DOCUMENT_VIEW], self.request.user, documents) + filtered_documents = AccessEntry.objects.filter_objects_by_access([permission_document_view], self.request.user, documents) else: filtered_documents = documents @@ -107,13 +107,13 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView): if document.checkout_info().user == request.user: try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKIN]) + Permission.objects.check_permissions(request.user, [permission_document_checkin]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKIN, request.user, document) + AccessEntry.objects.check_access(permission_document_checkin, request.user, document) else: try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKIN_OVERRIDE]) + Permission.objects.check_permissions(request.user, [permission_document_checkin_override]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, request.user, document) + AccessEntry.objects.check_access(permission_document_checkin_override, request.user, document) return super(APICheckedoutDocumentView, self).delete(request, *args, **kwargs) diff --git a/mayan/apps/checkouts/apps.py b/mayan/apps/checkouts/apps.py index ad53433507..e68085af77 100644 --- a/mayan/apps/checkouts/apps.py +++ b/mayan/apps/checkouts/apps.py @@ -18,8 +18,8 @@ from .links import ( ) from .models import DocumentCheckout from .permissions import ( - PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, - PERMISSION_DOCUMENT_CHECKOUT + permission_document_checkin, permission_document_checkin_override, + permission_document_checkout ) CHECK_EXPIRED_CHECK_OUTS_INTERVAL = 60 # Lowest check out expiration allowed @@ -48,9 +48,9 @@ class CheckoutsApp(MayanAppConfig): }) class_permissions(Document, [ - PERMISSION_DOCUMENT_CHECKOUT, - PERMISSION_DOCUMENT_CHECKIN, - PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, + permission_document_checkout, + permission_document_checkin, + permission_document_checkin_override, ]) menu_facet.bind_links(links=[link_checkout_info], sources=[Document]) diff --git a/mayan/apps/checkouts/links.py b/mayan/apps/checkouts/links.py index d58a37257e..c6e9fb7ae3 100644 --- a/mayan/apps/checkouts/links.py +++ b/mayan/apps/checkouts/links.py @@ -5,8 +5,8 @@ from django.utils.translation import ugettext_lazy as _ from navigation import Link from .permissions import ( - PERMISSION_DOCUMENT_CHECKOUT, PERMISSION_DOCUMENT_CHECKIN, - PERMISSION_DOCUMENT_CHECKIN_OVERRIDE + permission_document_checkout, permission_document_checkin, + permission_document_checkin_override ) @@ -19,6 +19,6 @@ def is_not_checked_out(context): link_checkout_list = Link(icon='fa fa-shopping-cart', text=_('Checkouts'), view='checkouts:checkout_list') -link_checkout_document = Link(condition=is_not_checked_out, permissions=[PERMISSION_DOCUMENT_CHECKOUT], text=_('Check out document'), view='checkouts:checkout_document', args='object.pk') -link_checkin_document = Link(condition=is_checked_out, permissions=[PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE], text=_('Check in document'), view='checkouts:checkin_document', args='object.pk') -link_checkout_info = Link(permissions=[PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, PERMISSION_DOCUMENT_CHECKOUT], text=_('Check in/out'), view='checkouts:checkout_info', args='object.pk') +link_checkout_document = Link(condition=is_not_checked_out, permissions=[permission_document_checkout], text=_('Check out document'), view='checkouts:checkout_document', args='object.pk') +link_checkin_document = Link(condition=is_checked_out, permissions=[permission_document_checkin, permission_document_checkin_override], text=_('Check in document'), view='checkouts:checkin_document', args='object.pk') +link_checkout_info = Link(permissions=[permission_document_checkin, permission_document_checkin_override, permission_document_checkout], text=_('Check in/out'), view='checkouts:checkout_info', args='object.pk') diff --git a/mayan/apps/checkouts/permissions.py b/mayan/apps/checkouts/permissions.py index 3be1124d92..40ae1556c1 100644 --- a/mayan/apps/checkouts/permissions.py +++ b/mayan/apps/checkouts/permissions.py @@ -2,10 +2,10 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace namespace = PermissionNamespace('checkouts', _('Document checkout')) -PERMISSION_DOCUMENT_CHECKOUT = Permission.objects.register(namespace, 'checkout_document', _('Check out documents')) -PERMISSION_DOCUMENT_CHECKIN = Permission.objects.register(namespace, 'checkin_document', _('Check in documents')) -PERMISSION_DOCUMENT_CHECKIN_OVERRIDE = Permission.objects.register(namespace, 'checkin_document_override', _('Forcefully check in documents')) +permission_document_checkout = namespace.add_permission(name='checkout_document', label=_('Check out documents')) +permission_document_checkin = namespace.add_permission(name='checkin_document', label=_('Check in documents')) +permission_document_checkin_override = namespace.add_permission(name='checkin_document_override', label=_('Forcefully check in documents')) diff --git a/mayan/apps/checkouts/views.py b/mayan/apps/checkouts/views.py index 0ed610327c..4a90e19167 100644 --- a/mayan/apps/checkouts/views.py +++ b/mayan/apps/checkouts/views.py @@ -21,8 +21,8 @@ from .forms import DocumentCheckoutForm from .literals import STATE_LABELS from .models import DocumentCheckout from .permissions import ( - PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, - PERMISSION_DOCUMENT_CHECKOUT + permission_document_checkin, permission_document_checkin_override, + permission_document_checkout ) @@ -43,9 +43,9 @@ class CheckoutListView(DocumentListView): def checkout_info(request, document_pk): document = get_object_or_404(Document, pk=document_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKOUT, PERMISSION_DOCUMENT_CHECKIN]) + Permission.objects.check_permissions(request.user, [permission_document_checkout, permission_document_checkin]) except PermissionDenied: - AccessEntry.objects.check_accesses([PERMISSION_DOCUMENT_CHECKOUT, PERMISSION_DOCUMENT_CHECKIN], request.user, document) + AccessEntry.objects.check_accesses([permission_document_checkout, permission_document_checkin], request.user, document) paragraphs = [_('Document status: %s') % STATE_LABELS[document.checkout_state()]] @@ -66,9 +66,9 @@ def checkout_info(request, document_pk): def checkout_document(request, document_pk): document = get_object_or_404(Document, pk=document_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKOUT]) + Permission.objects.check_permissions(request.user, [permission_document_checkout]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKOUT, request.user, document) + AccessEntry.objects.check_access(permission_document_checkout, request.user, document) if request.method == 'POST': form = DocumentCheckoutForm(data=request.POST, initial={'document': document}) @@ -114,14 +114,14 @@ def checkin_document(request, document_pk): # checkin permission if document.checkout_info().user == request.user: try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKIN]) + Permission.objects.check_permissions(request.user, [permission_document_checkin]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKIN, request.user, document) + AccessEntry.objects.check_access(permission_document_checkin, request.user, document) else: try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKIN_OVERRIDE]) + Permission.objects.check_permissions(request.user, [permission_document_checkin_override]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, request.user, document) + AccessEntry.objects.check_access(permission_document_checkin_override, request.user, document) if request.method == 'POST': try: diff --git a/mayan/apps/converter/links.py b/mayan/apps/converter/links.py index 476e180415..6241956f28 100644 --- a/mayan/apps/converter/links.py +++ b/mayan/apps/converter/links.py @@ -6,8 +6,8 @@ from django.utils.translation import ugettext_lazy as _ from navigation import Link from .permissions import ( - PERMISSION_TRANSFORMATION_CREATE, PERMISSION_TRANSFORMATION_DELETE, - PERMISSION_TRANSFORMATION_EDIT, PERMISSION_TRANSFORMATION_VIEW + permission_transformation_create, permission_transformation_delete, + permission_transformation_edit, permission_transformation_view ) @@ -19,7 +19,7 @@ def get_kwargs_factory(variable_name): return get_kwargs -link_transformation_create = Link(kwargs=get_kwargs_factory('content_object'), permissions=[PERMISSION_TRANSFORMATION_CREATE], text=_('Create new transformation'), view='converter:transformation_create') -link_transformation_delete = Link(args='resolved_object.pk', permissions=[PERMISSION_TRANSFORMATION_DELETE], tags='dangerous', text=_('Delete'), view='converter:transformation_delete') -link_transformation_edit = Link(args='resolved_object.pk', permissions=[PERMISSION_TRANSFORMATION_EDIT], text=_('Edit'), view='converter:transformation_edit') -link_transformation_list = Link(kwargs=get_kwargs_factory('resolved_object'), permissions=[PERMISSION_TRANSFORMATION_VIEW], text=_('Transformations'), view='converter:transformation_list') +link_transformation_create = Link(kwargs=get_kwargs_factory('content_object'), permissions=[permission_transformation_create], text=_('create new transformation'), view='converter:transformation_create') +link_transformation_delete = Link(args='resolved_object.pk', permissions=[permission_transformation_delete], tags='dangerous', text=_('delete'), view='converter:transformation_delete') +link_transformation_edit = Link(args='resolved_object.pk', permissions=[permission_transformation_edit], text=_('edit'), view='converter:transformation_edit') +link_transformation_list = Link(kwargs=get_kwargs_factory('resolved_object'), permissions=[permission_transformation_view], text=_('transformations'), view='converter:transformation_list') diff --git a/mayan/apps/converter/permissions.py b/mayan/apps/converter/permissions.py index 023802d30b..2155180b59 100644 --- a/mayan/apps/converter/permissions.py +++ b/mayan/apps/converter/permissions.py @@ -5,7 +5,7 @@ from django.utils.translation import ugettext_lazy as _ from permissions.models import Permission, PermissionNamespace namespace = PermissionNamespace('converter', _('Converter')) -PERMISSION_TRANSFORMATION_CREATE = Permission.objects.register(namespace, 'transformation_create', _('Create new transformations')) -PERMISSION_TRANSFORMATION_DELETE = Permission.objects.register(namespace, 'transformation_delete', _('Delete transformations')) -PERMISSION_TRANSFORMATION_EDIT = Permission.objects.register(namespace, 'transformation_edit', _('Edit transformations')) -PERMISSION_TRANSFORMATION_VIEW = Permission.objects.register(namespace, 'transformation_view', _('View existing transformations')) +permission_transformation_create = Permission.objects.register(namespace, 'transformation_create', _('Create new transformations')) +permission_transformation_delete = Permission.objects.register(namespace, 'transformation_delete', _('Delete transformations')) +permission_transformation_edit = Permission.objects.register(namespace, 'transformation_edit', _('Edit transformations')) +permission_transformation_view = Permission.objects.register(namespace, 'transformation_view', _('View existing transformations')) diff --git a/mayan/apps/converter/views.py b/mayan/apps/converter/views.py index e53483291f..2fa584877e 100644 --- a/mayan/apps/converter/views.py +++ b/mayan/apps/converter/views.py @@ -18,8 +18,8 @@ from permissions.models import Permission from .forms import TransformationForm from .models import Transformation from .permissions import ( - PERMISSION_TRANSFORMATION_CREATE, PERMISSION_TRANSFORMATION_DELETE, - PERMISSION_TRANSFORMATION_EDIT, PERMISSION_TRANSFORMATION_VIEW + permission_transformation_create, permission_transformation_delete, + permission_transformation_edit, permission_transformation_view ) logger = logging.getLogger(__name__) @@ -34,9 +34,9 @@ def transformation_list(request, app_label, model, object_id): raise Http404 try: - Permission.objects.check_permissions(request.user, [PERMISSION_TRANSFORMATION_VIEW]) + Permission.objects.check_permissions(request.user, [permission_transformation_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_TRANSFORMATION_VIEW, request.user, content_object) + AccessEntry.objects.check_access(permission_transformation_view, request.user, content_object) context = { 'object_list': Transformation.objects.get_for_model(content_object), @@ -65,9 +65,9 @@ def transformation_create(request, app_label, model, object_id): raise Http404 try: - Permission.objects.check_permissions(request.user, [PERMISSION_TRANSFORMATION_CREATE]) + Permission.objects.check_permissions(request.user, [permission_transformation_create]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_TRANSFORMATION_CREATE, request.user, content_object) + AccessEntry.objects.check_access(permission_transformation_create, request.user, content_object) if request.method == 'POST': form = TransformationForm(request.POST, initial={'content_object': content_object}) @@ -92,9 +92,9 @@ def transformation_delete(request, object_id): transformation = get_object_or_404(Transformation, pk=object_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_TRANSFORMATION_DELETE]) + Permission.objects.check_permissions(request.user, [permission_transformation_delete]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_TRANSFORMATION_DELETE, request.user, transformation.content_object) + AccessEntry.objects.check_access(permission_transformation_delete, request.user, transformation.content_object) if request.method == 'POST': transformation.delete() @@ -117,9 +117,9 @@ def transformation_edit(request, object_id): transformation = get_object_or_404(Transformation, pk=object_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_TRANSFORMATION_EDIT]) + Permission.objects.check_permissions(request.user, [permission_transformation_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_TRANSFORMATION_EDIT, request.user, transformation.content_object) + AccessEntry.objects.check_access(permission_transformation_edit, request.user, transformation.content_object) if request.method == 'POST': form = TransformationForm(request.POST, instance=transformation) diff --git a/mayan/apps/django_gpg/links.py b/mayan/apps/django_gpg/links.py index 14530eec9a..76c36cb39d 100644 --- a/mayan/apps/django_gpg/links.py +++ b/mayan/apps/django_gpg/links.py @@ -5,13 +5,13 @@ from django.utils.translation import ugettext_lazy as _ from navigation import Link from .permissions import ( - PERMISSION_KEY_DELETE, PERMISSION_KEY_RECEIVE, PERMISSION_KEY_VIEW, - PERMISSION_KEYSERVER_QUERY + permission_key_delete, permission_key_receive, permission_key_view, + permission_keyserver_query ) -link_private_keys = Link(icon='fa fa-key', permissions=[PERMISSION_KEY_VIEW], text=_('Private keys'), view='django_gpg:key_private_list') -link_public_keys = Link(icon='fa fa-key', permissions=[PERMISSION_KEY_VIEW], text=_('Public keys'), view='django_gpg:key_public_list') -link_key_delete = Link(permissions=[PERMISSION_KEY_DELETE], tags='dangerous', text=_('Delete'), view='django_gpg:key_delete', args=['object.fingerprint', 'object.type']) -link_key_query = Link(text=_('Query keyservers'), view='django_gpg:key_query', permissions=[PERMISSION_KEYSERVER_QUERY]) -link_key_receive = Link(keep_query=True, permissions=[PERMISSION_KEY_RECEIVE], text=_('Import'), view='django_gpg:key_receive', args='object.key_id') -link_key_setup = Link(icon='fa fa-key', permissions=[PERMISSION_KEY_VIEW], text=_('Key management'), view='django_gpg:key_public_list') +link_private_keys = Link(icon='fa fa-key', permissions=[permission_key_view], text=_('private keys'), view='django_gpg:key_private_list') +link_public_keys = Link(icon='fa fa-key', permissions=[permission_key_view], text=_('public keys'), view='django_gpg:key_public_list') +link_key_delete = Link(permissions=[permission_key_delete], tags='dangerous', text=_('delete'), view='django_gpg:key_delete', args=['object.fingerprint', 'object.type']) +link_key_query = Link(text=_('Query keyservers'), view='django_gpg:key_query', permissions=[permission_keyserver_query]) +link_key_receive = Link(keep_query=True, permissions=[permission_key_receive], text=_('import'), view='django_gpg:key_receive', args='object.key_id') +link_key_setup = Link(icon='fa fa-key', permissions=[permission_key_view], text=_('key management'), view='django_gpg:key_public_list') diff --git a/mayan/apps/django_gpg/permissions.py b/mayan/apps/django_gpg/permissions.py index 321478146b..4361afb9b0 100644 --- a/mayan/apps/django_gpg/permissions.py +++ b/mayan/apps/django_gpg/permissions.py @@ -2,11 +2,11 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace -django_gpg_namespace = PermissionNamespace('django_gpg', _('Key management')) +namespace = PermissionNamespace('django_gpg', _('Key management')) -PERMISSION_KEY_VIEW = Permission.objects.register(django_gpg_namespace, 'key_view', _('View keys')) -PERMISSION_KEY_DELETE = Permission.objects.register(django_gpg_namespace, 'key_delete', _('Delete keys')) -PERMISSION_KEYSERVER_QUERY = Permission.objects.register(django_gpg_namespace, 'keyserver_query', _('Query keyservers')) -PERMISSION_KEY_RECEIVE = Permission.objects.register(django_gpg_namespace, 'key_receive', _('Import keys from keyservers')) +permission_key_view = namespace.add_permission(name='key_view', label=_('View keys')) +permission_key_delete = namespace.add_permission(name='key_delete', label=_('Delete keys')) +permission_keyserver_query = namespace.add_permission(name='keyserver_query', label=_('Query keyservers')) +permission_key_receive = namespace.add_permission(name='key_receive', label=_('Import keys from keyservers')) diff --git a/mayan/apps/django_gpg/views.py b/mayan/apps/django_gpg/views.py index fea36f83ea..2cb34bb5f9 100644 --- a/mayan/apps/django_gpg/views.py +++ b/mayan/apps/django_gpg/views.py @@ -17,8 +17,8 @@ from permissions.models import Permission from .api import Key from .forms import KeySearchForm from .permissions import ( - PERMISSION_KEY_DELETE, PERMISSION_KEY_RECEIVE, PERMISSION_KEY_VIEW, - PERMISSION_KEYSERVER_QUERY + permission_key_delete, permission_key_receive, permission_key_view, + permission_keyserver_query ) from .runtime import gpg @@ -26,7 +26,7 @@ logger = logging.getLogger(__name__) def key_receive(request, key_id): - Permission.objects.check_permissions(request.user, [PERMISSION_KEY_RECEIVE]) + Permission.objects.check_permissions(request.user, [permission_key_receive]) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -64,7 +64,7 @@ def key_receive(request, key_id): def key_list(request, secret=True): - Permission.objects.check_permissions(request.user, [PERMISSION_KEY_VIEW]) + Permission.objects.check_permissions(request.user, [permission_key_view]) if secret: object_list = Key.get_all(gpg, secret=True) @@ -91,7 +91,7 @@ def key_list(request, secret=True): def key_delete(request, fingerprint, key_type): - Permission.objects.check_permissions(request.user, [PERMISSION_KEY_DELETE]) + Permission.objects.check_permissions(request.user, [permission_key_delete]) secret = key_type == 'sec' key = Key.get(gpg, fingerprint, secret=secret) @@ -119,7 +119,7 @@ def key_delete(request, fingerprint, key_type): def key_query(request): - Permission.objects.check_permissions(request.user, [PERMISSION_KEYSERVER_QUERY]) + Permission.objects.check_permissions(request.user, [permission_keyserver_query]) subtemplates_list = [] term = request.GET.get('term') diff --git a/mayan/apps/document_comments/apps.py b/mayan/apps/document_comments/apps.py index 8106a543da..7009b61bf4 100644 --- a/mayan/apps/document_comments/apps.py +++ b/mayan/apps/document_comments/apps.py @@ -15,8 +15,8 @@ from .links import ( link_comment_add, link_comment_delete, link_comments_for_document ) from .permissions import ( - PERMISSION_COMMENT_CREATE, PERMISSION_COMMENT_DELETE, - PERMISSION_COMMENT_VIEW + permission_comment_create, permission_comment_delete, + permission_comment_view ) @@ -45,9 +45,9 @@ class DocumentCommentsApp(MayanAppConfig): SourceColumn(source=Comment, label=_('Comment'), attribute='comment') class_permissions(Document, [ - PERMISSION_COMMENT_CREATE, - PERMISSION_COMMENT_DELETE, - PERMISSION_COMMENT_VIEW] + permission_comment_create, + permission_comment_delete, + permission_comment_view] ) menu_sidebar.bind_links(links=[link_comment_add], sources=['comments:comments_for_document', 'comments:comment_add', 'comments:comment_delete', 'comments:comment_multiple_delete']) diff --git a/mayan/apps/document_comments/links.py b/mayan/apps/document_comments/links.py index 156d3bf73e..aef167674f 100644 --- a/mayan/apps/document_comments/links.py +++ b/mayan/apps/document_comments/links.py @@ -5,11 +5,11 @@ from django.utils.translation import ugettext_lazy as _ from navigation import Link from .permissions import ( - PERMISSION_COMMENT_CREATE, PERMISSION_COMMENT_DELETE, - PERMISSION_COMMENT_VIEW + permission_comment_create, permission_comment_delete, + permission_comment_view ) -link_comment_add = Link(permissions=[PERMISSION_COMMENT_CREATE], text=_('Add comment'), view='comments:comment_add', args='object.pk') -link_comment_delete = Link(permissions=[PERMISSION_COMMENT_DELETE], tags='dangerous', text=_('Delete'), view='comments:comment_delete', args='object.pk') -link_comment_multiple_delete = Link(permissions=[PERMISSION_COMMENT_DELETE], tags='dangerous', text=_('Delete'), view='comments:comment_multiple_delete', args='object.pk') -link_comments_for_document = Link(permissions=[PERMISSION_COMMENT_VIEW], text=_('Comments'), view='comments:comments_for_document', args='object.pk') +link_comment_add = Link(permissions=[permission_comment_create], text=_('add comment'), view='comments:comment_add', args='object.pk') +link_comment_delete = Link(permissions=[permission_comment_delete], tags='dangerous', text=_('delete'), view='comments:comment_delete', args='object.pk') +link_comment_multiple_delete = Link(permissions=[permission_comment_delete], tags='dangerous', text=_('delete'), view='comments:comment_multiple_delete', args='object.pk') +link_comments_for_document = Link(permissions=[permission_comment_view], text=_('comments'), view='comments:comments_for_document', args='object.pk') diff --git a/mayan/apps/document_comments/permissions.py b/mayan/apps/document_comments/permissions.py index 79646c79fa..acd68721db 100644 --- a/mayan/apps/document_comments/permissions.py +++ b/mayan/apps/document_comments/permissions.py @@ -2,10 +2,10 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace -comments_namespace = PermissionNamespace('comments', _('Comments')) +namespace = PermissionNamespace('comments', _('Comments')) -PERMISSION_COMMENT_CREATE = Permission.objects.register(comments_namespace, 'comment_create', _('Create new comments')) -PERMISSION_COMMENT_DELETE = Permission.objects.register(comments_namespace, 'comment_delete', _('Delete comments')) -PERMISSION_COMMENT_VIEW = Permission.objects.register(comments_namespace, 'comment_view', _('View comments')) +permission_comment_create = namespace.add_permission(name='comment_create', label=_('Create new comments')) +permission_comment_delete = namespace.add_permission(name='comment_delete', label=_('Delete comments')) +permission_comment_view = namespace.add_permission(name='comment_view', label=_('View comments')) diff --git a/mayan/apps/document_comments/views.py b/mayan/apps/document_comments/views.py index bed45fc5c3..7f2cc4b74e 100644 --- a/mayan/apps/document_comments/views.py +++ b/mayan/apps/document_comments/views.py @@ -18,8 +18,8 @@ from permissions.models import Permission from .forms import CommentForm from .permissions import ( - PERMISSION_COMMENT_CREATE, PERMISSION_COMMENT_DELETE, - PERMISSION_COMMENT_VIEW + permission_comment_create, permission_comment_delete, + permission_comment_view ) @@ -32,9 +32,9 @@ def comment_delete(request, comment_id=None, comment_id_list=None): comments = [get_object_or_404(Comment, pk=comment_id) for comment_id in comment_id_list.split(',')] try: - Permission.objects.check_permissions(request.user, [PERMISSION_COMMENT_DELETE]) + Permission.objects.check_permissions(request.user, [permission_comment_delete]) except PermissionDenied: - comments = AccessEntry.objects.filter_objects_by_access(PERMISSION_COMMENT_DELETE, request.user, comments, related='content_object') + comments = AccessEntry.objects.filter_objects_by_access(permission_comment_delete, request.user, comments, related='content_object') if not comments: messages.error(request, _('Must provide at least one comment.')) @@ -80,9 +80,9 @@ def comment_add(request, document_id): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_COMMENT_CREATE]) + Permission.objects.check_permissions(request.user, [permission_comment_create]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_COMMENT_CREATE, request.user, document) + AccessEntry.objects.check_access(permission_comment_create, request.user, document) post_action_redirect = None @@ -118,9 +118,9 @@ def comments_for_document(request, document_id): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_COMMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_comment_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_COMMENT_VIEW, request.user, document) + AccessEntry.objects.check_access(permission_comment_view, request.user, document) return render_to_response('appearance/generic_list.html', { 'object': document, diff --git a/mayan/apps/document_indexing/api_views.py b/mayan/apps/document_indexing/api_views.py index d2f5a41e9b..848fbfcc78 100644 --- a/mayan/apps/document_indexing/api_views.py +++ b/mayan/apps/document_indexing/api_views.py @@ -7,16 +7,16 @@ from rest_framework import generics from acls.models import AccessEntry from documents.models import Document -from documents.permissions import PERMISSION_DOCUMENT_VIEW +from documents.permissions import permission_document_view from permissions.models import Permission from rest_api.filters import MayanObjectPermissionsFilter from rest_api.permissions import MayanPermission from .models import Index, IndexInstanceNode, IndexTemplateNode -from .permissions import (PERMISSION_DOCUMENT_INDEXING_CREATE, - PERMISSION_DOCUMENT_INDEXING_DELETE, - PERMISSION_DOCUMENT_INDEXING_EDIT, - PERMISSION_DOCUMENT_INDEXING_VIEW) +from .permissions import (permission_document_indexing_create, + permission_document_indexing_delete, + permission_document_indexing_edit, + permission_document_indexing_view) from .serializers import (IndexInstanceNodeSerializer, IndexSerializer, IndexTemplateNodeSerializer) @@ -26,8 +26,8 @@ class APIIndexListView(generics.ListCreateAPIView): queryset = Index.objects.all() filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW]} - mayan_view_permissions = {'POST': [PERMISSION_DOCUMENT_INDEXING_CREATE]} + mayan_object_permissions = {'GET': [permission_document_indexing_view]} + mayan_view_permissions = {'POST': [permission_document_indexing_create]} def get(self, *args, **kwargs): """Returns a list of all the defined indexes.""" @@ -44,10 +44,10 @@ class APIIndexView(generics.RetrieveUpdateDestroyAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW], - 'PUT': [PERMISSION_DOCUMENT_INDEXING_EDIT], - 'PATCH': [PERMISSION_DOCUMENT_INDEXING_EDIT], - 'DELETE': [PERMISSION_DOCUMENT_INDEXING_DELETE] + 'GET': [permission_document_indexing_view], + 'PUT': [permission_document_indexing_edit], + 'PATCH': [permission_document_indexing_edit], + 'DELETE': [permission_document_indexing_delete] } def delete(self, *args, **kwargs): @@ -73,7 +73,7 @@ class APIIndexNodeInstanceDocumentListView(generics.ListAPIView): """ filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]} + mayan_object_permissions = {'GET': [permission_document_view]} def get_serializer_class(self): from documents.serializers import DocumentSerializer @@ -82,9 +82,9 @@ class APIIndexNodeInstanceDocumentListView(generics.ListAPIView): def get_queryset(self): index_node_instance = get_object_or_404(IndexInstanceNode, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_INDEXING_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_document_indexing_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_VIEW, self.request.user, index_node_instance.index) + AccessEntry.objects.check_access(permission_document_indexing_view, self.request.user, index_node_instance.index) return index_node_instance.documents.all() @@ -93,7 +93,7 @@ class APIIndexTemplateListView(generics.ListAPIView): serializer_class = IndexTemplateNodeSerializer filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW]} + mayan_object_permissions = {'GET': [permission_document_indexing_view]} def get(self, *args, **kwargs): """Returns a list of all the template nodes for the selected index.""" @@ -106,10 +106,10 @@ class APIIndexTemplateView(generics.RetrieveUpdateDestroyAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW], - 'PUT': [PERMISSION_DOCUMENT_INDEXING_EDIT], - 'PATCH': [PERMISSION_DOCUMENT_INDEXING_EDIT], - 'DELETE': [PERMISSION_DOCUMENT_INDEXING_EDIT] + 'GET': [permission_document_indexing_view], + 'PUT': [permission_document_indexing_edit], + 'PATCH': [permission_document_indexing_edit], + 'DELETE': [permission_document_indexing_edit] } def delete(self, *args, **kwargs): @@ -137,13 +137,13 @@ class APIDocumentIndexListView(generics.ListAPIView): serializer_class = IndexInstanceNodeSerializer filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW]} + mayan_object_permissions = {'GET': [permission_document_indexing_view]} def get_queryset(self): document = get_object_or_404(Document, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, self.request.user, document) + AccessEntry.objects.check_access(permission_document_view, self.request.user, document) return document.node_instances.all() diff --git a/mayan/apps/document_indexing/links.py b/mayan/apps/document_indexing/links.py index b15b93e95b..5f28ca03bc 100644 --- a/mayan/apps/document_indexing/links.py +++ b/mayan/apps/document_indexing/links.py @@ -2,14 +2,14 @@ from __future__ import unicode_literals from django.utils.translation import ugettext_lazy as _ -from documents.permissions import PERMISSION_DOCUMENT_VIEW +from documents.permissions import permission_document_view from navigation import Link from .permissions import ( - PERMISSION_DOCUMENT_INDEXING_CREATE, PERMISSION_DOCUMENT_INDEXING_EDIT, - PERMISSION_DOCUMENT_INDEXING_DELETE, - PERMISSION_DOCUMENT_INDEXING_REBUILD_INDEXES, - PERMISSION_DOCUMENT_INDEXING_SETUP, PERMISSION_DOCUMENT_INDEXING_VIEW + permission_document_indexing_create, permission_document_indexing_edit, + permission_document_indexing_delete, + permission_document_indexing_rebuild_indexes, + permission_document_indexing_setup, permission_document_indexing_view ) @@ -21,22 +21,22 @@ def is_not_root_node(context): return not context['resolved_object'].is_root_node() -link_document_index_list = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_VIEW, PERMISSION_DOCUMENT_VIEW], text=_('Indexes'), view='indexing:document_index_list', args='object.pk') -link_index_list = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_VIEW], text=_('Index list'), view='indexing:index_list') +link_document_index_list = Link(permissions=[permission_document_indexing_view, permission_document_view], text=_('indexes'), view='indexing:document_index_list', args='object.pk') +link_index_list = Link(permissions=[permission_document_indexing_view], text=_('index list'), view='indexing:index_list') link_index_main_menu = Link(icon='fa fa-list-ul', text=_('Indexes'), view='indexing:index_list') -link_index_parent = Link(condition=is_not_instance_root_node, permissions=[PERMISSION_DOCUMENT_INDEXING_VIEW], text=_('Go up one level'), view='indexing:index_instance_node_view', args='object.parent.pk') -link_index_setup = Link(icon='fa fa-list-ul', permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], text=_('Indexes'), view='indexing:index_setup_list') -link_index_setup_list = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], text=_('Indexes'), view='indexing:index_setup_list') -link_index_setup_create = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_CREATE], text=_('Create index'), view='indexing:index_setup_create') -link_index_setup_edit = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_EDIT], text=_('Edit'), view='indexing:index_setup_edit', args='resolved_object.pk') -link_index_setup_delete = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_DELETE], tags='dangerous', text=_('Delete'), view='indexing:index_setup_delete', args='resolved_object.pk') -link_index_setup_view = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], text=_('Tree template'), view='indexing:index_setup_view', args='resolved_object.pk') -link_index_setup_document_types = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_EDIT], text=_('Document types'), view='indexing:index_setup_document_types', args='resolved_object.pk') +link_index_parent = Link(condition=is_not_instance_root_node, permissions=[permission_document_indexing_view], text=_('go up one level'), view='indexing:index_instance_node_view', args='object.parent.pk') +link_index_setup = Link(icon='fa fa-list-ul', permissions=[permission_document_indexing_setup], text=_('indexes'), view='indexing:index_setup_list') +link_index_setup_list = Link(permissions=[permission_document_indexing_setup], text=_('indexes'), view='indexing:index_setup_list') +link_index_setup_create = Link(permissions=[permission_document_indexing_create], text=_('create index'), view='indexing:index_setup_create') +link_index_setup_edit = Link(permissions=[permission_document_indexing_edit], text=_('edit'), view='indexing:index_setup_edit', args='resolved_object.pk') +link_index_setup_delete = Link(permissions=[permission_document_indexing_delete], tags='dangerous', text=_('delete'), view='indexing:index_setup_delete', args='resolved_object.pk') +link_index_setup_view = Link(permissions=[permission_document_indexing_setup], text=_('tree template'), view='indexing:index_setup_view', args='resolved_object.pk') +link_index_setup_document_types = Link(permissions=[permission_document_indexing_edit], text=_('document types'), view='indexing:index_setup_document_types', args='resolved_object.pk') link_rebuild_index_instances = Link( description=_('Deletes and creates from scratch all the document indexes.'), - permissions=[PERMISSION_DOCUMENT_INDEXING_REBUILD_INDEXES], + permissions=[permission_document_indexing_rebuild_indexes], text=_('Rebuild indexes'), view='indexing:rebuild_index_instances' ) -link_template_node_create = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], text=_('New child node'), view='indexing:template_node_create', args='resolved_object.pk') -link_template_node_edit = Link(condition=is_not_root_node, permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], text=_('Edit'), view='indexing:template_node_edit', args='resolved_object.pk') -link_template_node_delete = Link(condition=is_not_root_node, permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], tags='dangerous', text=_('Delete'), view='indexing:template_node_delete', args='resolved_object.pk') +link_template_node_create = Link(permissions=[permission_document_indexing_setup], text=_('new child node'), view='indexing:template_node_create', args='resolved_object.pk') +link_template_node_edit = Link(condition=is_not_root_node, permissions=[permission_document_indexing_setup], text=_('edit'), view='indexing:template_node_edit', args='resolved_object.pk') +link_template_node_delete = Link(condition=is_not_root_node, permissions=[permission_document_indexing_setup], tags='dangerous', text=_('delete'), view='indexing:template_node_delete', args='resolved_object.pk') diff --git a/mayan/apps/document_indexing/permissions.py b/mayan/apps/document_indexing/permissions.py index a0ecac6e45..bd19dbfdd1 100644 --- a/mayan/apps/document_indexing/permissions.py +++ b/mayan/apps/document_indexing/permissions.py @@ -2,14 +2,13 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace -document_indexing_namespace = PermissionNamespace('document_indexing', _('Indexing')) +namespace = PermissionNamespace('document_indexing', _('Indexing')) -PERMISSION_DOCUMENT_INDEXING_SETUP = Permission.objects.register(document_indexing_namespace, 'document_index_setup', _('Configure document indexes')) -PERMISSION_DOCUMENT_INDEXING_CREATE = Permission.objects.register(document_indexing_namespace, 'document_index_create', _('Create new document indexes')) -PERMISSION_DOCUMENT_INDEXING_EDIT = Permission.objects.register(document_indexing_namespace, 'document_index_edit', _('Edit document indexes')) -PERMISSION_DOCUMENT_INDEXING_DELETE = Permission.objects.register(document_indexing_namespace, 'document_index_delete', _('Delete document indexes')) - -PERMISSION_DOCUMENT_INDEXING_VIEW = Permission.objects.register(document_indexing_namespace, 'document_index_view', _('View document indexes')) -PERMISSION_DOCUMENT_INDEXING_REBUILD_INDEXES = Permission.objects.register(document_indexing_namespace, 'document_rebuild_indexes', _('Rebuild document indexes')) +permission_document_indexing_setup = namespace.add_permission(name='document_index_setup', label=_('Configure document indexes')) +permission_document_indexing_create = namespace.add_permission(name='document_index_create', label=_('Create new document indexes')) +permission_document_indexing_edit = namespace.add_permission(name='document_index_edit', label=_('Edit document indexes')) +permission_document_indexing_delete = namespace.add_permission(name='document_index_delete', label=_('Delete document indexes')) +permission_document_indexing_view = namespace.add_permission(name='document_index_view', label=_('View document indexes')) +permission_document_indexing_rebuild_indexes = namespace.add_permission(name='document_rebuild_indexes', label=_('Rebuild document indexes')) diff --git a/mayan/apps/document_indexing/views.py b/mayan/apps/document_indexing/views.py index 24828e9154..19a794ed9a 100644 --- a/mayan/apps/document_indexing/views.py +++ b/mayan/apps/document_indexing/views.py @@ -16,17 +16,17 @@ from common.utils import encapsulate from common.views import AssignRemoveView from common.widgets import two_state_template from documents.models import Document -from documents.permissions import PERMISSION_DOCUMENT_VIEW +from documents.permissions import permission_document_view from documents.views import document_list from permissions.models import Permission from .forms import IndexForm, IndexTemplateNodeForm from .models import Index, IndexInstanceNode, IndexTemplateNode from .permissions import ( - PERMISSION_DOCUMENT_INDEXING_CREATE, PERMISSION_DOCUMENT_INDEXING_DELETE, - PERMISSION_DOCUMENT_INDEXING_EDIT, - PERMISSION_DOCUMENT_INDEXING_REBUILD_INDEXES, - PERMISSION_DOCUMENT_INDEXING_SETUP, PERMISSION_DOCUMENT_INDEXING_VIEW + permission_document_indexing_create, permission_document_indexing_delete, + permission_document_indexing_edit, + permission_document_indexing_rebuild_indexes, + permission_document_indexing_setup, permission_document_indexing_view ) from .tasks import task_do_rebuild_all_indexes from .widgets import index_instance_item_link, get_breadcrumbs, node_level @@ -48,9 +48,9 @@ def index_setup_list(request): queryset = Index.objects.all() try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_SETUP]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_setup]) except PermissionDenied: - queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_INDEXING_SETUP, request.user, queryset) + queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_setup, request.user, queryset) context['object_list'] = queryset @@ -59,7 +59,7 @@ def index_setup_list(request): def index_setup_create(request): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_CREATE]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_create]) if request.method == 'POST': form = IndexForm(request.POST) @@ -81,9 +81,9 @@ def index_setup_edit(request, index_pk): index = get_object_or_404(Index, pk=index_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_CREATE, request.user, index) + AccessEntry.objects.check_access(permission_document_indexing_create, request.user, index) if request.method == 'POST': form = IndexForm(request.POST, instance=index) @@ -106,9 +106,9 @@ def index_setup_delete(request, index_pk): index = get_object_or_404(Index, pk=index_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_DELETE]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_delete]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_DELETE, request.user, index) + AccessEntry.objects.check_access(permission_document_indexing_delete, request.user, index) post_action_redirect = reverse('indexing:index_setup_list') @@ -142,9 +142,9 @@ def index_setup_view(request, index_pk): index = get_object_or_404(Index, pk=index_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_SETUP]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_setup]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_SETUP, request.user, index) + AccessEntry.objects.check_access(permission_document_indexing_setup, request.user, index) object_list = index.template_root.get_descendants(include_self=True) @@ -175,9 +175,9 @@ class SetupIndexDocumentTypesView(AssignRemoveView): self.index = get_object_or_404(Index, pk=self.kwargs['index_pk']) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_EDIT, request.user, self.index) + AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, self.index) self.left_list_title = _('Document types not in index: %s') % self.index self.right_list_title = _('Document types for index: %s') % self.index @@ -208,9 +208,9 @@ def template_node_create(request, parent_pk): parent_node = get_object_or_404(IndexTemplateNode, pk=parent_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_EDIT, request.user, parent_node.index) + AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, parent_node.index) if request.method == 'POST': form = IndexTemplateNodeForm(request.POST) @@ -233,9 +233,9 @@ def template_node_edit(request, node_pk): node = get_object_or_404(IndexTemplateNode, pk=node_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_EDIT, request.user, node.index) + AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, node.index) if request.method == 'POST': form = IndexTemplateNodeForm(request.POST, instance=node) @@ -259,9 +259,9 @@ def template_node_delete(request, node_pk): node = get_object_or_404(IndexTemplateNode, pk=node_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_EDIT, request.user, node.index) + AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, node.index) post_action_redirect = reverse('indexing:index_setup_view', args=[node.index.pk]) @@ -309,9 +309,9 @@ def index_list(request): queryset = Index.objects.filter(enabled=True) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_view]) except PermissionDenied: - queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_INDEXING_VIEW, request.user, queryset) + queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_view, request.user, queryset) context['object_list'] = queryset @@ -329,9 +329,9 @@ def index_instance_node_view(request, index_instance_node_pk): breadcrumbs = get_breadcrumbs(index_instance) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_VIEW, request.user, index_instance.index) + AccessEntry.objects.check_access(permission_document_indexing_view, request.user, index_instance.index) title = mark_safe(_('Contents for index: %s') % breadcrumbs) @@ -371,7 +371,7 @@ def rebuild_index_instances(request): """ Confirmation view to execute the tool: do_rebuild_all_indexes """ - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_REBUILD_INDEXES]) + Permission.objects.check_permissions(request.user, [permission_document_indexing_rebuild_indexes]) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -399,9 +399,9 @@ def document_index_list(request, document_id): queryset = document.node_instances.all() try: # TODO: should be AND not OR - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW, PERMISSION_DOCUMENT_INDEXING_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view, permission_document_indexing_view]) except PermissionDenied: - queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_INDEXING_VIEW, request.user, queryset, related='index') + queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_view, request.user, queryset, related='index') for index_instance in queryset: object_list.append(get_breadcrumbs(index_instance, single_link=True, include_count=True)) diff --git a/mayan/apps/document_signatures/apps.py b/mayan/apps/document_signatures/apps.py index 79db370dcd..8c7995387e 100644 --- a/mayan/apps/document_signatures/apps.py +++ b/mayan/apps/document_signatures/apps.py @@ -21,8 +21,8 @@ from .links import ( ) from .models import DocumentVersionSignature from .permissions import ( - PERMISSION_DOCUMENT_VERIFY, PERMISSION_SIGNATURE_DELETE, - PERMISSION_SIGNATURE_DOWNLOAD, PERMISSION_SIGNATURE_UPLOAD + permission_document_verify, permission_signature_delete, + permission_signature_download, permission_signature_upload ) logger = logging.getLogger(__name__) @@ -68,10 +68,10 @@ class DocumentSignaturesApp(MayanAppConfig): DocumentVersion.register_pre_open_hook(1, document_pre_open_hook) class_permissions(Document, [ - PERMISSION_DOCUMENT_VERIFY, - PERMISSION_SIGNATURE_DELETE, - PERMISSION_SIGNATURE_DOWNLOAD, - PERMISSION_SIGNATURE_UPLOAD, + permission_document_verify, + permission_signature_delete, + permission_signature_download, + permission_signature_upload, ]) menu_facet.bind_links(links=[link_document_verify], sources=[Document]) diff --git a/mayan/apps/document_signatures/links.py b/mayan/apps/document_signatures/links.py index b48c7af6e7..9fd8ccf8e1 100644 --- a/mayan/apps/document_signatures/links.py +++ b/mayan/apps/document_signatures/links.py @@ -6,8 +6,8 @@ from navigation import Link from .models import DocumentVersionSignature from .permissions import ( - PERMISSION_DOCUMENT_VERIFY, PERMISSION_SIGNATURE_DELETE, - PERMISSION_SIGNATURE_DOWNLOAD, PERMISSION_SIGNATURE_UPLOAD, + permission_document_verify, permission_signature_delete, + permission_signature_download, permission_signature_upload, ) @@ -19,7 +19,7 @@ def can_delete_detached_signature(context): return DocumentVersionSignature.objects.has_detached_signature(context['object'].latest_version) -link_document_signature_delete = Link(condition=can_delete_detached_signature, permissions=[PERMISSION_SIGNATURE_DELETE], tags='dangerous', text=_('Delete signature'), view='signatures:document_signature_delete', args='object.pk') -link_document_signature_download = Link(condition=can_delete_detached_signature, text=_('Download signature'), view='signatures:document_signature_download', args='object.pk', permissions=[PERMISSION_SIGNATURE_DOWNLOAD]) -link_document_signature_upload = Link(condition=can_upload_detached_signature, permissions=[PERMISSION_SIGNATURE_UPLOAD], text=_('Upload signature'), view='signatures:document_signature_upload', args='object.pk') -link_document_verify = Link(permissions=[PERMISSION_DOCUMENT_VERIFY], text=_('Signatures'), view='signatures:document_verify', args='object.pk') +link_document_signature_delete = Link(condition=can_delete_detached_signature, permissions=[permission_signature_delete], tags='dangerous', text=_('delete signature'), view='signatures:document_signature_delete', args='object.pk') +link_document_signature_download = Link(condition=can_delete_detached_signature, text=_('Download signature'), view='signatures:document_signature_download', args='object.pk', permissions=[permission_signature_download]) +link_document_signature_upload = Link(condition=can_upload_detached_signature, permissions=[permission_signature_upload], text=_('upload signature'), view='signatures:document_signature_upload', args='object.pk') +link_document_verify = Link(permissions=[permission_document_verify], text=_('signatures'), view='signatures:document_verify', args='object.pk') diff --git a/mayan/apps/document_signatures/permissions.py b/mayan/apps/document_signatures/permissions.py index b0d402324c..da7fa00a9a 100644 --- a/mayan/apps/document_signatures/permissions.py +++ b/mayan/apps/document_signatures/permissions.py @@ -2,10 +2,11 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace -document_signatures_namespace = PermissionNamespace('document_signatures', _('Document signatures')) -PERMISSION_DOCUMENT_VERIFY = Permission.objects.register(document_signatures_namespace, 'document_verify', _('Verify document signatures')) -PERMISSION_SIGNATURE_DELETE = Permission.objects.register(document_signatures_namespace, 'signature_delete', _('Delete detached signatures')) -PERMISSION_SIGNATURE_DOWNLOAD = Permission.objects.register(document_signatures_namespace, 'signature_download', _('Download detached signatures')) -PERMISSION_SIGNATURE_UPLOAD = Permission.objects.register(document_signatures_namespace, 'signature_upload', _('Upload detached signatures')) +namespace = PermissionNamespace('document_signatures', _('Document signatures')) + +permission_document_verify = namespace.add_permission(name='document_verify', label=_('Verify document signatures')) +permission_signature_delete = namespace.add_permission(name='signature_delete', label=_('Delete detached signatures')) +permission_signature_download = namespace.add_permission(name='signature_download', label=_('Download detached signatures')) +permission_signature_upload = namespace.add_permission(name='signature_upload', label=_('Upload detached signatures')) diff --git a/mayan/apps/document_signatures/views.py b/mayan/apps/document_signatures/views.py index 16dbfb3e77..fba96b5dd6 100644 --- a/mayan/apps/document_signatures/views.py +++ b/mayan/apps/document_signatures/views.py @@ -22,8 +22,8 @@ from permissions.models import Permission from .forms import DetachedSignatureForm from .models import DocumentVersionSignature from .permissions import ( - PERMISSION_DOCUMENT_VERIFY, PERMISSION_SIGNATURE_UPLOAD, - PERMISSION_SIGNATURE_DOWNLOAD, PERMISSION_SIGNATURE_DELETE + permission_document_verify, permission_signature_upload, + permission_signature_download, permission_signature_delete ) logger = logging.getLogger(__name__) @@ -33,9 +33,9 @@ def document_verify(request, document_pk): document = get_object_or_404(Document, pk=document_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VERIFY]) + Permission.objects.check_permissions(request.user, [permission_document_verify]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VERIFY, request.user, document) + AccessEntry.objects.check_access(permission_document_verify, request.user, document) document.add_as_recent_document_for_user(request.user) @@ -80,9 +80,9 @@ def document_signature_upload(request, document_pk): document = get_object_or_404(Document, pk=document_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SIGNATURE_UPLOAD]) + Permission.objects.check_permissions(request.user, [permission_signature_upload]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_SIGNATURE_UPLOAD, request.user, document) + AccessEntry.objects.check_access(permission_signature_upload, request.user, document) document.add_as_recent_document_for_user(request.user) @@ -116,9 +116,9 @@ def document_signature_download(request, document_pk): document = get_object_or_404(Document, pk=document_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SIGNATURE_DOWNLOAD]) + Permission.objects.check_permissions(request.user, [permission_signature_download]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_SIGNATURE_DOWNLOAD, request.user, document) + AccessEntry.objects.check_access(permission_signature_download, request.user, document) try: if DocumentVersionSignature.objects.has_detached_signature(document.latest_version): @@ -140,9 +140,9 @@ def document_signature_delete(request, document_pk): document = get_object_or_404(Document, pk=document_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SIGNATURE_DELETE]) + Permission.objects.check_permissions(request.user, [permission_signature_delete]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_SIGNATURE_DELETE, request.user, document) + AccessEntry.objects.check_access(permission_signature_delete, request.user, document) document.add_as_recent_document_for_user(request.user) diff --git a/mayan/apps/document_states/permissions.py b/mayan/apps/document_states/permissions.py index 0326eb8cc0..ca0063f0b8 100644 --- a/mayan/apps/document_states/permissions.py +++ b/mayan/apps/document_states/permissions.py @@ -2,13 +2,13 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace namespace = PermissionNamespace('document_states', _('States')) -PERMISSION_WORKFLOW_CREATE = Permission.objects.register(namespace, 'workflow_create', _('Create workflows')) -PERMISSION_WORKFLOW_DELETE = Permission.objects.register(namespace, 'workflow_delte', _('Delete workflows')) -PERMISSION_WORKFLOW_EDIT = Permission.objects.register(namespace, 'workflow_edit', _('Edit workflows')) -PERMISSION_WORKFLOW_VIEW = Permission.objects.register(namespace, 'workflow_view', _('View workflows')) -PERMISSION_DOCUMENT_WORKFLOW_VIEW = Permission.objects.register(namespace, 'document_workflow_view', _('View document workflows')) -PERMISSION_DOCUMENT_WORKFLOW_TRANSITION = Permission.objects.register(namespace, 'document_workflow_transition', _('Transition document workflows')) +permission_workflow_create = namespace.add_permission(name='workflow_create', label=_('Create workflows')) +permission_workflow_delete = namespace.add_permission(name='workflow_delte', label=_('Delete workflows')) +permission_workflow_edit = namespace.add_permission(name='workflow_edit', label=_('Edit workflows')) +permission_workflow_view = namespace.add_permission(name='workflow_view', label=_('View workflows')) +permission_document_workflow_view = namespace.add_permission(name='document_workflow_view', label=_('View document workflows')) +permission_document_workflow_transition = namespace.add_permission(name='document_workflow_transition', label=_('Transition document workflows')) diff --git a/mayan/apps/document_states/views.py b/mayan/apps/document_states/views.py index d3e4c58ae3..d8522eabc5 100644 --- a/mayan/apps/document_states/views.py +++ b/mayan/apps/document_states/views.py @@ -23,18 +23,18 @@ from .forms import ( ) from .models import Workflow, WorkflowInstance, WorkflowState, WorkflowTransition from .permissions import ( - PERMISSION_WORKFLOW_CREATE, PERMISSION_WORKFLOW_DELETE, - PERMISSION_WORKFLOW_EDIT, PERMISSION_WORKFLOW_VIEW, - PERMISSION_DOCUMENT_WORKFLOW_VIEW, PERMISSION_DOCUMENT_WORKFLOW_TRANSITION + permission_workflow_create, permission_workflow_delete, + permission_workflow_edit, permission_workflow_view, + permission_document_workflow_view, permission_document_workflow_transition ) class DocumentWorkflowInstanceListView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_WORKFLOW_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_workflow_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_WORKFLOW_VIEW, request.user, self.get_document()) + AccessEntry.objects.check_access(permission_document_workflow_view, request.user, self.get_document()) return super(DocumentWorkflowInstanceListView, self).dispatch(request, *args, **kwargs) @@ -60,9 +60,9 @@ class DocumentWorkflowInstanceListView(SingleObjectListView): class WorkflowInstanceDetailView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_WORKFLOW_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_workflow_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_WORKFLOW_VIEW, request.user, self.get_workflow_instance().document) + AccessEntry.objects.check_access(permission_document_workflow_view, request.user, self.get_workflow_instance().document) return super(WorkflowInstanceDetailView, self).dispatch(request, *args, **kwargs) @@ -94,9 +94,9 @@ class WorkflowInstanceTransitionView(FormView): def dispatch(self, request, *args, **kwargs): try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_WORKFLOW_TRANSITION]) + Permission.objects.check_permissions(request.user, [permission_document_workflow_transition]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_WORKFLOW_TRANSITION, request.user, self.get_workflow_instance().document) + AccessEntry.objects.check_access(permission_document_workflow_transition, request.user, self.get_workflow_instance().document) return super(WorkflowInstanceTransitionView, self).dispatch(request, *args, **kwargs) @@ -140,26 +140,26 @@ class SetupWorkflowListView(SingleObjectListView): 'hide_link': True, } model = Workflow - view_permission = PERMISSION_WORKFLOW_VIEW + view_permission = permission_workflow_view class SetupWorkflowCreateView(SingleObjectCreateView): form_class = WorkflowForm model = Workflow - view_permission = PERMISSION_WORKFLOW_CREATE + view_permission = permission_workflow_create success_url = reverse_lazy('document_states:setup_workflow_list') class SetupWorkflowEditView(SingleObjectEditView): form_class = WorkflowForm model = Workflow - view_permission = PERMISSION_WORKFLOW_EDIT + view_permission = permission_workflow_edit success_url = reverse_lazy('document_states:setup_workflow_list') class SetupWorkflowDeleteView(SingleObjectDeleteView): model = Workflow - view_permission = PERMISSION_WORKFLOW_DELETE + view_permission = permission_workflow_delete success_url = reverse_lazy('document_states:setup_workflow_list') @@ -175,9 +175,9 @@ class SetupWorkflowDocumentTypesView(AssignRemoveView): self.workflow = get_object_or_404(Workflow, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_WORKFLOW_EDIT]) + Permission.objects.check_permissions(self.request.user, [permission_workflow_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_WORKFLOW_EDIT, self.request.user, self.workflow) + AccessEntry.objects.check_access(permission_workflow_edit, self.request.user, self.workflow) return super(SetupWorkflowDocumentTypesView, self).dispatch(request, *args, **kwargs) @@ -205,9 +205,9 @@ class SetupWorkflowDocumentTypesView(AssignRemoveView): class SetupWorkflowStateListView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): try: - Permission.objects.check_permissions(request.user, [PERMISSION_WORKFLOW_EDIT]) + Permission.objects.check_permissions(request.user, [permission_workflow_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_WORKFLOW_EDIT, request.user, self.get_workflow()) + AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow()) return super(SetupWorkflowStateListView, self).dispatch(request, *args, **kwargs) @@ -235,9 +235,9 @@ class SetupWorkflowStateCreateView(SingleObjectCreateView): def dispatch(self, request, *args, **kwargs): try: - Permission.objects.check_permissions(request.user, [PERMISSION_WORKFLOW_EDIT]) + Permission.objects.check_permissions(request.user, [permission_workflow_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_WORKFLOW_EDIT, request.user, self.get_workflow()) + AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow()) return super(SetupWorkflowStateCreateView, self).dispatch(request, *args, **kwargs) @@ -269,7 +269,7 @@ class SetupWorkflowStateCreateView(SingleObjectCreateView): class SetupWorkflowStateDeleteView(SingleObjectDeleteView): model = WorkflowState - view_permission = PERMISSION_WORKFLOW_DELETE + view_permission = permission_workflow_delete def get_context_data(self, **kwargs): context = super(SetupWorkflowStateDeleteView, self).get_context_data(**kwargs) @@ -291,7 +291,7 @@ class SetupWorkflowStateDeleteView(SingleObjectDeleteView): class SetupWorkflowStateEditView(SingleObjectEditView): form_class = WorkflowStateForm model = WorkflowState - view_permission = PERMISSION_WORKFLOW_EDIT + view_permission = permission_workflow_edit def get_context_data(self, **kwargs): context = super(SetupWorkflowStateEditView, self).get_context_data(**kwargs) @@ -316,9 +316,9 @@ class SetupWorkflowStateEditView(SingleObjectEditView): class SetupWorkflowTransitionListView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): try: - Permission.objects.check_permissions(request.user, [PERMISSION_WORKFLOW_EDIT]) + Permission.objects.check_permissions(request.user, [permission_workflow_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_WORKFLOW_EDIT, request.user, self.get_workflow()) + AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow()) return super(SetupWorkflowTransitionListView, self).dispatch(request, *args, **kwargs) @@ -346,9 +346,9 @@ class SetupWorkflowTransitionCreateView(SingleObjectCreateView): def dispatch(self, request, *args, **kwargs): try: - Permission.objects.check_permissions(request.user, [PERMISSION_WORKFLOW_EDIT]) + Permission.objects.check_permissions(request.user, [permission_workflow_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_WORKFLOW_EDIT, request.user, self.get_workflow()) + AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow()) return super(SetupWorkflowTransitionCreateView, self).dispatch(request, *args, **kwargs) @@ -390,7 +390,7 @@ class SetupWorkflowTransitionCreateView(SingleObjectCreateView): class SetupWorkflowTransitionDeleteView(SingleObjectDeleteView): model = WorkflowTransition - view_permission = PERMISSION_WORKFLOW_DELETE + view_permission = permission_workflow_delete def get_context_data(self, **kwargs): context = super(SetupWorkflowTransitionDeleteView, self).get_context_data(**kwargs) @@ -412,7 +412,7 @@ class SetupWorkflowTransitionDeleteView(SingleObjectDeleteView): class SetupWorkflowTransitionEditView(SingleObjectEditView): form_class = WorkflowTransitionForm model = WorkflowTransition - view_permission = PERMISSION_WORKFLOW_EDIT + view_permission = permission_workflow_edit def get_context_data(self, **kwargs): context = super(SetupWorkflowTransitionEditView, self).get_context_data(**kwargs) diff --git a/mayan/apps/documents/api_views.py b/mayan/apps/documents/api_views.py index 042cd08b1d..2f69f041e8 100644 --- a/mayan/apps/documents/api_views.py +++ b/mayan/apps/documents/api_views.py @@ -24,11 +24,11 @@ from .models import ( Document, DocumentPage, DocumentType, DocumentVersion, RecentDocument ) from .permissions import ( - PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_DELETE, - PERMISSION_DOCUMENT_EDIT, PERMISSION_DOCUMENT_NEW_VERSION, - PERMISSION_DOCUMENT_PROPERTIES_EDIT, PERMISSION_DOCUMENT_VIEW, - PERMISSION_DOCUMENT_TYPE_CREATE, PERMISSION_DOCUMENT_TYPE_DELETE, - PERMISSION_DOCUMENT_TYPE_EDIT, PERMISSION_DOCUMENT_TYPE_VIEW + permission_document_create, permission_document_delete, + permission_document_edit, permission_document_new_version, + permission_document_properties_edit, permission_document_view, + permission_document_type_create, permission_document_type_delete, + permission_document_type_edit, permission_document_type_view ) from .serializers import ( DocumentImageSerializer, DocumentPageSerializer, DocumentSerializer, @@ -50,8 +50,8 @@ class APIDocumentListView(generics.ListAPIView): permission_classes = (MayanPermission,) filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW], - 'POST': [PERMISSION_DOCUMENT_CREATE]} + mayan_object_permissions = {'GET': [permission_document_view], + 'POST': [permission_document_create]} def get_serializer_class(self): if self.request.method == 'GET': @@ -105,10 +105,10 @@ class APIDocumentView(generics.RetrieveUpdateDestroyAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_DOCUMENT_VIEW], - 'PUT': [PERMISSION_DOCUMENT_PROPERTIES_EDIT], - 'PATCH': [PERMISSION_DOCUMENT_PROPERTIES_EDIT], - 'DELETE': [PERMISSION_DOCUMENT_DELETE] + 'GET': [permission_document_view], + 'PUT': [permission_document_properties_edit], + 'PATCH': [permission_document_properties_edit], + 'DELETE': [permission_document_delete] } def delete(self, *args, **kwargs): @@ -137,7 +137,7 @@ class APIDocumentVersionCreateView(generics.CreateAPIView): queryset = DocumentVersion.objects.all() permission_classes = (MayanPermission,) - mayan_view_permissions = {'POST': [PERMISSION_DOCUMENT_NEW_VERSION]} + mayan_view_permissions = {'POST': [permission_document_new_version]} def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.DATA, files=request.FILES) @@ -166,7 +166,7 @@ class APIDocumentVersionView(generics.RetrieveAPIView): queryset = DocumentVersion.objects.all() permission_classes = (MayanPermission,) - mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]} + mayan_object_permissions = {'GET': [permission_document_view]} mayan_permission_attribute_check = 'document' @@ -184,9 +184,9 @@ class APIDocumentImageView(generics.GenericAPIView): document = get_object_or_404(Document, pk=pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) + AccessEntry.objects.check_access(permission_document_view, request.user, document) size = request.GET.get('size', setting_display_size.value) @@ -230,9 +230,9 @@ class APIDocumentPageView(generics.RetrieveUpdateAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_DOCUMENT_VIEW], - 'PUT': [PERMISSION_DOCUMENT_EDIT], - 'PATCH': [PERMISSION_DOCUMENT_EDIT] + 'GET': [permission_document_view], + 'PUT': [permission_document_edit], + 'PATCH': [permission_document_edit] } mayan_permission_attribute_check = 'document' @@ -255,8 +255,8 @@ class APIDocumentTypeListView(generics.ListCreateAPIView): permission_classes = (MayanPermission,) filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_TYPE_VIEW]} - mayan_view_permissions = {'POST': [PERMISSION_DOCUMENT_TYPE_CREATE]} + mayan_object_permissions = {'GET': [permission_document_type_view]} + mayan_view_permissions = {'POST': [permission_document_type_create]} def get(self, *args, **kwargs): """Returns a list of all the document types.""" @@ -277,10 +277,10 @@ class APIDocumentTypeView(generics.RetrieveUpdateDestroyAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_DOCUMENT_TYPE_VIEW], - 'PUT': [PERMISSION_DOCUMENT_TYPE_EDIT], - 'PATCH': [PERMISSION_DOCUMENT_TYPE_EDIT], - 'DELETE': [PERMISSION_DOCUMENT_TYPE_DELETE] + 'GET': [permission_document_type_view], + 'PUT': [permission_document_type_edit], + 'PATCH': [permission_document_type_edit], + 'DELETE': [permission_document_type_delete] } def delete(self, *args, **kwargs): @@ -306,7 +306,7 @@ class APIDocumentTypeDocumentListView(generics.ListAPIView): """ filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]} + mayan_object_permissions = {'GET': [permission_document_view]} def get_serializer_class(self): from documents.serializers import DocumentSerializer @@ -315,9 +315,9 @@ class APIDocumentTypeDocumentListView(generics.ListAPIView): def get_queryset(self): document_type = get_object_or_404(DocumentType, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_TYPE_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_document_type_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_TYPE_VIEW, self.request.user, document_type) + AccessEntry.objects.check_access(permission_document_type_view, self.request.user, document_type) return document_type.documents.all() diff --git a/mayan/apps/documents/apps.py b/mayan/apps/documents/apps.py index ec0dc35920..7f14f488ef 100644 --- a/mayan/apps/documents/apps.py +++ b/mayan/apps/documents/apps.py @@ -5,7 +5,7 @@ from django.utils.translation import ugettext_lazy as _ from actstream import registry from acls.api import class_permissions -from acls.permissions import ACLS_VIEW_ACL, ACLS_EDIT_ACL +from acls.permissions import acls_view_acl, acls_edit_acl from common import ( MayanAppConfig, MissingItem, menu_facet, menu_front_page, menu_object, menu_secondary, menu_setup, menu_sidebar, menu_multi_item @@ -16,11 +16,11 @@ from common.signals import post_initial_setup from common.utils import encapsulate from converter.links import link_transformation_list from converter.permissions import ( - PERMISSION_TRANSFORMATION_CREATE, - PERMISSION_TRANSFORMATION_DELETE, PERMISSION_TRANSFORMATION_EDIT, - PERMISSION_TRANSFORMATION_VIEW, + permission_transformation_create, + permission_transformation_delete, permission_transformation_edit, + permission_transformation_view, ) -from events.permissions import PERMISSION_EVENTS_VIEW +from events.permissions import permission_events_view from navigation import SourceColumn from rest_api.classes import APIEndPoint from statistics.classes import StatisticNamespace @@ -55,10 +55,10 @@ from .models import ( DocumentVersion ) from .permissions import ( - PERMISSION_DOCUMENT_DELETE, PERMISSION_DOCUMENT_DOWNLOAD, - PERMISSION_DOCUMENT_EDIT, PERMISSION_DOCUMENT_NEW_VERSION, - PERMISSION_DOCUMENT_PRINT, PERMISSION_DOCUMENT_PROPERTIES_EDIT, - PERMISSION_DOCUMENT_VERSION_REVERT, PERMISSION_DOCUMENT_VIEW + permission_document_delete, permission_document_download, + permission_document_edit, permission_document_new_version, + permission_document_print, permission_document_properties_edit, + permission_document_version_revert, permission_document_view ) from .settings import setting_thumbnail_size from .statistics import DocumentStatistics, DocumentUsageStatistics @@ -82,14 +82,14 @@ class DocumentsApp(MayanAppConfig): ]) class_permissions(Document, [ - ACLS_VIEW_ACL, ACLS_EDIT_ACL, PERMISSION_DOCUMENT_DELETE, - PERMISSION_DOCUMENT_DOWNLOAD, PERMISSION_DOCUMENT_EDIT, - PERMISSION_DOCUMENT_NEW_VERSION, PERMISSION_DOCUMENT_PRINT, - PERMISSION_DOCUMENT_PROPERTIES_EDIT, - PERMISSION_DOCUMENT_VERSION_REVERT, PERMISSION_DOCUMENT_VIEW, - PERMISSION_EVENTS_VIEW, PERMISSION_TRANSFORMATION_CREATE, - PERMISSION_TRANSFORMATION_DELETE, PERMISSION_TRANSFORMATION_EDIT, - PERMISSION_TRANSFORMATION_VIEW, + acls_view_acl, acls_edit_acl, permission_document_delete, + permission_document_download, permission_document_edit, + permission_document_new_version, permission_document_print, + permission_document_properties_edit, + permission_document_version_revert, permission_document_view, + permission_events_view, permission_transformation_create, + permission_transformation_delete, permission_transformation_edit, + permission_transformation_view, ]) menu_front_page.bind_links(links=[link_document_list_recent, link_document_list]) diff --git a/mayan/apps/documents/links.py b/mayan/apps/documents/links.py index 777ddfe8b5..6535ed7933 100644 --- a/mayan/apps/documents/links.py +++ b/mayan/apps/documents/links.py @@ -2,18 +2,18 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from acls.permissions import ACLS_VIEW_ACL -from converter.permissions import PERMISSION_TRANSFORMATION_DELETE -from events.permissions import PERMISSION_EVENTS_VIEW +from acls.permissions import acls_view_acl +from converter.permissions import permission_transformation_delete +from events.permissions import permission_events_view from navigation import Link from .permissions import ( - PERMISSION_DOCUMENT_DELETE, PERMISSION_DOCUMENT_DOWNLOAD, - PERMISSION_DOCUMENT_PROPERTIES_EDIT, PERMISSION_DOCUMENT_PRINT, - PERMISSION_DOCUMENT_TOOLS, PERMISSION_DOCUMENT_VERSION_REVERT, - PERMISSION_DOCUMENT_VIEW, PERMISSION_DOCUMENT_TYPE_CREATE, - PERMISSION_DOCUMENT_TYPE_DELETE, PERMISSION_DOCUMENT_TYPE_EDIT, - PERMISSION_DOCUMENT_TYPE_VIEW + permission_document_delete, permission_document_download, + permission_document_properties_edit, permission_document_print, + permission_document_tools, permission_document_version_revert, + permission_document_view, permission_document_type_create, + permission_document_type_delete, permission_document_type_edit, + permission_document_type_view ) from .settings import setting_zoom_max_level, setting_zoom_min_level @@ -39,62 +39,62 @@ def is_min_zoom(context): # Facet -link_document_acl_list = Link(permissions=[ACLS_VIEW_ACL], text=_('ACLs'), view='documents:document_acl_list', args='object.pk') -link_document_events_view = Link(permissions=[PERMISSION_EVENTS_VIEW], text=_('Events'), view='events:events_for_object', args=['"documents"', '"document"', 'object.id']) -link_document_preview = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Preview'), view='documents:document_preview', args='object.id') -link_document_properties = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Properties'), view='documents:document_properties', args='object.id') -link_document_version_list = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Versions'), view='documents:document_version_list', args='object.pk') -link_document_pages = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Pages'), view='documents:document_pages', args='resolved_object.pk') +link_document_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='documents:document_acl_list', args='object.pk') +link_document_events_view = Link(permissions=[permission_events_view], text=_('events'), view='events:events_for_object', args=['"documents"', '"document"', 'object.id']) +link_document_preview = Link(permissions=[permission_document_view], text=_('preview'), view='documents:document_preview', args='object.id') +link_document_properties = Link(permissions=[permission_document_view], text=_('properties'), view='documents:document_properties', args='object.id') +link_document_version_list = Link(permissions=[permission_document_view], text=_('versions'), view='documents:document_version_list', args='object.pk') +link_document_pages = Link(permissions=[permission_document_view], text=_('pages'), view='documents:document_pages', args='resolved_object.pk') # Actions -link_document_clear_transformations = Link(permissions=[PERMISSION_TRANSFORMATION_DELETE], text=_('Clear transformations'), view='documents:document_clear_transformations', args='object.id') -link_document_delete = Link(permissions=[PERMISSION_DOCUMENT_DELETE], tags='dangerous', text=_('Delete'), view='documents:document_delete', args='object.id') -link_document_edit = Link(permissions=[PERMISSION_DOCUMENT_PROPERTIES_EDIT], text=_('Edit properties'), view='documents:document_edit', args='object.id') -link_document_document_type_edit = Link(permissions=[PERMISSION_DOCUMENT_PROPERTIES_EDIT], text=_('Change type'), view='documents:document_document_type_edit', args='object.id') -link_document_download = Link(permissions=[PERMISSION_DOCUMENT_DOWNLOAD], text=_('Download'), view='documents:document_download', args='object.id') -link_document_print = Link(permissions=[PERMISSION_DOCUMENT_PRINT], text=_('Print'), view='documents:document_print', args='object.id') -link_document_update_page_count = Link(permissions=[PERMISSION_DOCUMENT_TOOLS], text=_('Reset page count'), view='documents:document_update_page_count', args='object.pk') +link_document_clear_transformations = Link(permissions=[permission_transformation_delete], text=_('clear transformations'), view='documents:document_clear_transformations', args='object.id') +link_document_delete = Link(permissions=[permission_document_delete], tags='dangerous', text=_('delete'), view='documents:document_delete', args='object.id') +link_document_edit = Link(permissions=[permission_document_properties_edit], text=_('edit properties'), view='documents:document_edit', args='object.id') +link_document_document_type_edit = Link(permissions=[permission_document_properties_edit], text=_('change type'), view='documents:document_document_type_edit', args='object.id') +link_document_download = Link(permissions=[permission_document_download], text=_('download'), view='documents:document_download', args='object.id') +link_document_print = Link(permissions=[permission_document_print], text=_('print'), view='documents:document_print', args='object.id') +link_document_update_page_count = Link(permissions=[permission_document_tools], text=_('reset page count'), view='documents:document_update_page_count', args='object.pk') # Views link_document_list = Link(icon='fa fa-file', text=_('All documents'), view='documents:document_list') link_document_list_recent = Link(icon='fa fa-clock-o', text=_('Recent documents'), view='documents:document_list_recent') -link_document_multiple_clear_transformations = Link(permissions=[PERMISSION_TRANSFORMATION_DELETE], text=_('Clear transformations'), view='documents:document_multiple_clear_transformations') -link_document_multiple_delete = Link(permissions=[PERMISSION_DOCUMENT_DELETE], tags='dangerous', text=_('Delete'), view='documents:document_multiple_delete') -link_document_multiple_document_type_edit = Link(permissions=[PERMISSION_DOCUMENT_PROPERTIES_EDIT], text=_('Change type'), view='documents:document_multiple_document_type_edit') -link_document_multiple_download = Link(permissions=[PERMISSION_DOCUMENT_DOWNLOAD], text=_('Download'), view='documents:document_multiple_download') -link_document_multiple_update_page_count = Link(permissions=[PERMISSION_DOCUMENT_TOOLS], text=_('Reset page count'), view='documents:document_multiple_update_page_count') -link_document_version_download = Link(args='object.pk', permissions=[PERMISSION_DOCUMENT_DOWNLOAD], text=_('Download'), view='documents:document_version_download') +link_document_multiple_clear_transformations = Link(permissions=[permission_transformation_delete], text=_('clear transformations'), view='documents:document_multiple_clear_transformations') +link_document_multiple_delete = Link(permissions=[permission_document_delete], tags='dangerous', text=_('delete'), view='documents:document_multiple_delete') +link_document_multiple_document_type_edit = Link(permissions=[permission_document_properties_edit], text=_('change type'), view='documents:document_multiple_document_type_edit') +link_document_multiple_download = Link(permissions=[permission_document_download], text=_('download'), view='documents:document_multiple_download') +link_document_multiple_update_page_count = Link(permissions=[permission_document_tools], text=_('reset page count'), view='documents:document_multiple_update_page_count') +link_document_version_download = Link(args='object.pk', permissions=[permission_document_download], text=_('download'), view='documents:document_version_download') # Tools link_clear_image_cache = Link( description=_('Clear the graphics representations used to speed up the documents\' display and interactive transformations results.'), - permissions=[PERMISSION_DOCUMENT_TOOLS], text=_('Clear the document image cache'), + permissions=[permission_document_tools], text=_('Clear the document image cache'), view='documents:document_clear_image_cache' ) # Document pages -link_document_page_navigation_first = Link(conditional_disable=is_first_page, icon='fa fa-step-backward', keep_query=True, permissions=[PERMISSION_DOCUMENT_VIEW], text=_('First page'), view='documents:document_page_navigation_first', args='resolved_object.pk') -link_document_page_navigation_last = Link(conditional_disable=is_last_page, icon='fa fa-step-forward', keep_query=True, text=_('Last page'), permissions=[PERMISSION_DOCUMENT_VIEW], view='documents:document_page_navigation_last', args='resolved_object.pk') -link_document_page_navigation_previous = Link(conditional_disable=is_first_page, icon='fa fa-arrow-left', keep_query=True, permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Previous page'), view='documents:document_page_navigation_previous', args='resolved_object.pk') -link_document_page_navigation_next = Link(conditional_disable=is_last_page, icon='fa fa-arrow-right', keep_query=True, text=_('Next page'), permissions=[PERMISSION_DOCUMENT_VIEW], view='documents:document_page_navigation_next', args='resolved_object.pk') -link_document_page_return = Link(icon='fa fa-file', permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Document'), view='documents:document_preview', args='resolved_object.document.pk') -link_document_page_rotate_left = Link(icon='fa fa-rotate-left', permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Rotate left'), view='documents:document_page_rotate_left', args='resolved_object.pk') -link_document_page_rotate_right = Link(icon='fa fa-rotate-right', permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Rotate right'), view='documents:document_page_rotate_right', args='resolved_object.pk') -link_document_page_view = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Page image'), view='documents:document_page_view', args='resolved_object.pk') -link_document_page_view_reset = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Reset view'), view='documents:document_page_view_reset', args='resolved_object.pk') -link_document_page_zoom_in = Link(conditional_disable=is_max_zoom, icon='fa fa-search-plus', permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Zoom in'), view='documents:document_page_zoom_in', args='resolved_object.pk') -link_document_page_zoom_out = Link(conditional_disable=is_min_zoom, icon='fa fa-search-minus', permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Zoom out'), view='documents:document_page_zoom_out', args='resolved_object.pk') +link_document_page_navigation_first = Link(conditional_disable=is_first_page, icon='fa fa-step-backward', keep_query=True, permissions=[permission_document_view], text=_('first page'), view='documents:document_page_navigation_first', args='resolved_object.pk') +link_document_page_navigation_last = Link(conditional_disable=is_last_page, icon='fa fa-step-forward', keep_query=True, text=_('Last page'), permissions=[permission_document_view], view='documents:document_page_navigation_last', args='resolved_object.pk') +link_document_page_navigation_previous = Link(conditional_disable=is_first_page, icon='fa fa-arrow-left', keep_query=True, permissions=[permission_document_view], text=_('previous page'), view='documents:document_page_navigation_previous', args='resolved_object.pk') +link_document_page_navigation_next = Link(conditional_disable=is_last_page, icon='fa fa-arrow-right', keep_query=True, text=_('Next page'), permissions=[permission_document_view], view='documents:document_page_navigation_next', args='resolved_object.pk') +link_document_page_return = Link(icon='fa fa-file', permissions=[permission_document_view], text=_('document'), view='documents:document_preview', args='resolved_object.document.pk') +link_document_page_rotate_left = Link(icon='fa fa-rotate-left', permissions=[permission_document_view], text=_('rotate left'), view='documents:document_page_rotate_left', args='resolved_object.pk') +link_document_page_rotate_right = Link(icon='fa fa-rotate-right', permissions=[permission_document_view], text=_('rotate right'), view='documents:document_page_rotate_right', args='resolved_object.pk') +link_document_page_view = Link(permissions=[permission_document_view], text=_('page image'), view='documents:document_page_view', args='resolved_object.pk') +link_document_page_view_reset = Link(permissions=[permission_document_view], text=_('reset view'), view='documents:document_page_view_reset', args='resolved_object.pk') +link_document_page_zoom_in = Link(conditional_disable=is_max_zoom, icon='fa fa-search-plus', permissions=[permission_document_view], text=_('zoom in'), view='documents:document_page_zoom_in', args='resolved_object.pk') +link_document_page_zoom_out = Link(conditional_disable=is_min_zoom, icon='fa fa-search-minus', permissions=[permission_document_view], text=_('zoom out'), view='documents:document_page_zoom_out', args='resolved_object.pk') # Document versions -link_document_version_revert = Link(condition=is_not_current_version, permissions=[PERMISSION_DOCUMENT_VERSION_REVERT], tags='dangerous', text=_('Revert'), view='documents:document_version_revert', args='object.pk') +link_document_version_revert = Link(condition=is_not_current_version, permissions=[permission_document_version_revert], tags='dangerous', text=_('revert'), view='documents:document_version_revert', args='object.pk') # Document type related links -link_document_type_create = Link(permissions=[PERMISSION_DOCUMENT_TYPE_CREATE], text=_('Create document type'), view='documents:document_type_create') -link_document_type_delete = Link(permissions=[PERMISSION_DOCUMENT_TYPE_DELETE], tags='dangerous', text=_('Delete'), view='documents:document_type_delete', args='resolved_object.id') -link_document_type_edit = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], text=_('Edit'), view='documents:document_type_edit', args='resolved_object.id') -link_document_type_filename_create = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], text=_('Add filename to document type'), view='documents:document_type_filename_create', args='document_type.id') -link_document_type_filename_delete = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], tags='dangerous', text=_('Delete'), view='documents:document_type_filename_delete', args='resolved_object.id') -link_document_type_filename_edit = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], text=_('Edit'), view='documents:document_type_filename_edit', args='resolved_object.id') -link_document_type_filename_list = Link(permissions=[PERMISSION_DOCUMENT_TYPE_VIEW], text=_('Filenames'), view='documents:document_type_filename_list', args='resolved_object.id') -link_document_type_list = Link(permissions=[PERMISSION_DOCUMENT_TYPE_VIEW], text=_('Document types'), view='documents:document_type_list') -link_document_type_setup = Link(icon='fa fa-file', permissions=[PERMISSION_DOCUMENT_TYPE_VIEW], text=_('Document types'), view='documents:document_type_list') +link_document_type_create = Link(permissions=[permission_document_type_create], text=_('create document type'), view='documents:document_type_create') +link_document_type_delete = Link(permissions=[permission_document_type_delete], tags='dangerous', text=_('delete'), view='documents:document_type_delete', args='resolved_object.id') +link_document_type_edit = Link(permissions=[permission_document_type_edit], text=_('edit'), view='documents:document_type_edit', args='resolved_object.id') +link_document_type_filename_create = Link(permissions=[permission_document_type_edit], text=_('add filename to document type'), view='documents:document_type_filename_create', args='document_type.id') +link_document_type_filename_delete = Link(permissions=[permission_document_type_edit], tags='dangerous', text=_('delete'), view='documents:document_type_filename_delete', args='resolved_object.id') +link_document_type_filename_edit = Link(permissions=[permission_document_type_edit], text=_('edit'), view='documents:document_type_filename_edit', args='resolved_object.id') +link_document_type_filename_list = Link(permissions=[permission_document_type_view], text=_('filenames'), view='documents:document_type_filename_list', args='resolved_object.id') +link_document_type_list = Link(permissions=[permission_document_type_view], text=_('document types'), view='documents:document_type_list') +link_document_type_setup = Link(icon='fa fa-file', permissions=[permission_document_type_view], text=_('document types'), view='documents:document_type_list') diff --git a/mayan/apps/documents/permissions.py b/mayan/apps/documents/permissions.py index d3a48f981c..6de8f43db4 100644 --- a/mayan/apps/documents/permissions.py +++ b/mayan/apps/documents/permissions.py @@ -2,24 +2,24 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace -document_namespace = PermissionNamespace('documents', _('Documents')) +namespace = PermissionNamespace('documents', _('Documents')) -PERMISSION_DOCUMENT_CREATE = Permission.objects.register(document_namespace, 'document_create', _('Create documents')) -PERMISSION_DOCUMENT_DELETE = Permission.objects.register(document_namespace, 'document_delete', _('Delete documents')) -PERMISSION_DOCUMENT_DOWNLOAD = Permission.objects.register(document_namespace, 'document_download', _('Download documents')) -PERMISSION_DOCUMENT_EDIT = Permission.objects.register(document_namespace, 'document_edit', _('Edit documents')) -PERMISSION_DOCUMENT_NEW_VERSION = Permission.objects.register(document_namespace, 'document_new_version', _('Create new document versions')) -PERMISSION_DOCUMENT_PROPERTIES_EDIT = Permission.objects.register(document_namespace, 'document_properties_edit', _('Edit document properties')) -PERMISSION_DOCUMENT_PRINT = Permission.objects.register(document_namespace, 'document_print', _('Can print documents')) -PERMISSION_DOCUMENT_TOOLS = Permission.objects.register(document_namespace, 'document_tools', _('Execute document modifying tools')) -PERMISSION_DOCUMENT_VERSION_REVERT = Permission.objects.register(document_namespace, 'document_version_revert', _('Revert documents to a previous version')) -PERMISSION_DOCUMENT_VIEW = Permission.objects.register(document_namespace, 'document_view', _('View documents')) +permission_document_create = namespace.add_permission(name='document_create', label=_('Create documents')) +permission_document_delete = namespace.add_permission(name='document_delete', label=_('Delete documents')) +permission_document_download = namespace.add_permission(name='document_download', label=_('Download documents')) +permission_document_edit = namespace.add_permission(name='document_edit', label=_('Edit documents')) +permission_document_new_version = namespace.add_permission(name='document_new_version', label=_('Create new document versions')) +permission_document_properties_edit = namespace.add_permission(name='document_properties_edit', label=_('Edit document properties')) +permission_document_print = namespace.add_permission(name='document_print', label=_('Can print documents')) +permission_document_tools = namespace.add_permission(name='document_tools', label=_('Execute document modifying tools')) +permission_document_version_revert = namespace.add_permission(name='document_version_revert', label=_('Revert documents to a previous version')) +permission_document_view = namespace.add_permission(name='document_view', label=_('View documents')) -documents_setup_namespace = PermissionNamespace('documents_setup', _('Documents setup')) +setup_namespace = PermissionNamespace('documents_setup', label=_('Documents setup')) -PERMISSION_DOCUMENT_TYPE_CREATE = Permission.objects.register(documents_setup_namespace, 'document_type_create', _('Create document types')) -PERMISSION_DOCUMENT_TYPE_DELETE = Permission.objects.register(documents_setup_namespace, 'document_type_delete', _('Delete document types')) -PERMISSION_DOCUMENT_TYPE_EDIT = Permission.objects.register(documents_setup_namespace, 'document_type_edit', _('Edit document types')) -PERMISSION_DOCUMENT_TYPE_VIEW = Permission.objects.register(documents_setup_namespace, 'document_type_view', _('View document types')) +permission_document_type_create = setup_namespace.add_permission(name='document_type_create', label=_('Create document types')) +permission_document_type_delete = setup_namespace.add_permission(name='document_type_delete', label=_('Delete document types')) +permission_document_type_edit = setup_namespace.add_permission(name='document_type_edit', label=_('Edit document types')) +permission_document_type_view = setup_namespace.add_permission(name='document_type_view', label=_('View document types')) diff --git a/mayan/apps/documents/search.py b/mayan/apps/documents/search.py index 9d927672c3..d77f39f031 100644 --- a/mayan/apps/documents/search.py +++ b/mayan/apps/documents/search.py @@ -4,9 +4,9 @@ from django.utils.translation import ugettext_lazy as _ from dynamic_search.classes import SearchModel -from .permissions import PERMISSION_DOCUMENT_VIEW +from .permissions import permission_document_view -document_search = SearchModel('documents', 'Document', permission=PERMISSION_DOCUMENT_VIEW, serializer_string='documents.serializers.DocumentSerializer') +document_search = SearchModel('documents', 'Document', permission=permission_document_view, serializer_string='documents.serializers.DocumentSerializer') document_search.add_model_field(field='document_type__name', label=_('Document type')) document_search.add_model_field(field='versions__mimetype', label=_('MIME type')) diff --git a/mayan/apps/documents/views.py b/mayan/apps/documents/views.py index a0022c8b1c..8bdffd9a4a 100644 --- a/mayan/apps/documents/views.py +++ b/mayan/apps/documents/views.py @@ -24,7 +24,7 @@ from converter.literals import ( DEFAULT_PAGE_NUMBER, DEFAULT_ROTATION, DEFAULT_ZOOM_LEVEL ) from converter.models import Transformation -from converter.permissions import PERMISSION_TRANSFORMATION_DELETE +from converter.permissions import permission_transformation_delete from filetransfers.api import serve_file from permissions.models import Permission @@ -42,12 +42,12 @@ from .models import ( DocumentVersion, RecentDocument ) from .permissions import ( - PERMISSION_DOCUMENT_DELETE, PERMISSION_DOCUMENT_DOWNLOAD, - PERMISSION_DOCUMENT_PRINT, PERMISSION_DOCUMENT_PROPERTIES_EDIT, - PERMISSION_DOCUMENT_TOOLS, PERMISSION_DOCUMENT_TYPE_CREATE, - PERMISSION_DOCUMENT_TYPE_DELETE, PERMISSION_DOCUMENT_TYPE_EDIT, - PERMISSION_DOCUMENT_TYPE_VIEW, PERMISSION_DOCUMENT_VERSION_REVERT, - PERMISSION_DOCUMENT_VIEW, + permission_document_delete, permission_document_download, + permission_document_print, permission_document_properties_edit, + permission_document_tools, permission_document_type_create, + permission_document_type_delete, permission_document_type_edit, + permission_document_type_view, permission_document_version_revert, + permission_document_view, ) from .settings import ( setting_preview_size, setting_recent_count, setting_rotation_step, @@ -67,12 +67,12 @@ class DocumentListView(SingleObjectListView): 'hide_links': True, 'title': _('All documents'), } - object_permission = PERMISSION_DOCUMENT_VIEW + object_permission = permission_document_view queryset = Document.objects.all() class DocumentPageListView(ParentChildListView): - object_permission = PERMISSION_DOCUMENT_VIEW + object_permission = permission_document_view parent_queryset = Document.objects.all() def get_queryset(self): @@ -105,13 +105,13 @@ def document_list(request, object_list=None, title=None, extra_context=None): pre_object_list = object_list if not (object_list is None) else Document.objects.all() try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: # If user doesn't have global permission, get a list of document # for which he/she does hace access use it to filter the # provided object_list final_object_list = AccessEntry.objects.filter_objects_by_access( - PERMISSION_DOCUMENT_VIEW, request.user, pre_object_list) + permission_document_view, request.user, pre_object_list) else: final_object_list = pre_object_list @@ -131,9 +131,9 @@ def document_properties(request, document_id): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) + AccessEntry.objects.check_access(permission_document_view, request.user, document) document.add_as_recent_document_for_user(request.user) @@ -168,9 +168,9 @@ def document_preview(request, document_id): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) + AccessEntry.objects.check_access(permission_document_view, request.user, document) document.add_as_recent_document_for_user(request.user) @@ -199,9 +199,9 @@ def document_delete(request, document_id=None, document_id_list=None): return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_DELETE]) + Permission.objects.check_permissions(request.user, [permission_document_delete]) except PermissionDenied: - documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_DELETE, request.user, documents, exception_on_empty=True) + documents = AccessEntry.objects.filter_objects_by_access(permission_document_delete, request.user, documents, exception_on_empty=True) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -245,9 +245,9 @@ def document_multiple_delete(request): def document_edit(request, document_id): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_PROPERTIES_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_properties_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_PROPERTIES_EDIT, request.user, document) + AccessEntry.objects.check_access(permission_document_properties_edit, request.user, document) if request.method == 'POST': form = DocumentForm(request.POST, instance=document) @@ -290,9 +290,9 @@ def document_document_type_edit(request, document_id=None, document_id_list=None return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_PROPERTIES_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_properties_edit]) except PermissionDenied: - documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_PROPERTIES_EDIT, request.user, documents, exception_on_empty=True) + documents = AccessEntry.objects.filter_objects_by_access(permission_document_properties_edit, request.user, documents, exception_on_empty=True) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -340,9 +340,9 @@ def document_multiple_document_type_edit(request): def get_document_image(request, document_id, size=setting_preview_size.value): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) + AccessEntry.objects.check_access(permission_document_view, request.user, document) page = int(request.GET.get('page', DEFAULT_PAGE_NUMBER)) @@ -376,9 +376,9 @@ def document_download(request, document_id=None, document_id_list=None, document document_versions = [get_object_or_404(DocumentVersion, pk=document_version_pk)] try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_DOWNLOAD]) + Permission.objects.check_permissions(request.user, [permission_document_download]) except PermissionDenied: - document_versions = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_DOWNLOAD, request.user, document_versions, related='document', exception_on_empty=True) + document_versions = AccessEntry.objects.filter_objects_by_access(permission_document_download, request.user, document_versions, related='document', exception_on_empty=True) subtemplates_list = [] subtemplates_list.append( @@ -484,9 +484,9 @@ def document_update_page_count(request, document_id=None, document_id_list=None) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TOOLS]) + Permission.objects.check_permissions(request.user, [permission_document_tools]) except PermissionDenied: - documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_TOOLS, request.user, documents, exception_on_empty=True) + documents = AccessEntry.objects.filter_objects_by_access(permission_document_tools, request.user, documents, exception_on_empty=True) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -536,9 +536,9 @@ def document_clear_transformations(request, document_id=None, document_id_list=N return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) try: - Permission.objects.check_permissions(request.user, [PERMISSION_TRANSFORMATION_DELETE]) + Permission.objects.check_permissions(request.user, [permission_transformation_delete]) except PermissionDenied: - documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_TRANSFORMATION_DELETE, request.user, documents, exception_on_empty=True) + documents = AccessEntry.objects.filter_objects_by_access(permission_transformation_delete, request.user, documents, exception_on_empty=True) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list')))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list')))) @@ -582,9 +582,9 @@ def document_page_view(request, document_page_id): document_page = get_object_or_404(DocumentPage, pk=document_page_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) + AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document) zoom = int(request.GET.get('zoom', DEFAULT_ZOOM_LEVEL)) rotation = int(request.GET.get('rotation', DEFAULT_ROTATION)) @@ -617,9 +617,9 @@ def document_page_navigation_next(request, document_page_id): document_page = get_object_or_404(DocumentPage, pk=document_page_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) + AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document) view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name @@ -635,9 +635,9 @@ def document_page_navigation_previous(request, document_page_id): document_page = get_object_or_404(DocumentPage, pk=document_page_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) + AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document) view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name @@ -654,9 +654,9 @@ def document_page_navigation_first(request, document_page_id): document_page = get_object_or_404(document_page.siblings, page_number=1) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) + AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document) view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name @@ -668,9 +668,9 @@ def document_page_navigation_last(request, document_page_id): document_page = get_object_or_404(document_page.siblings, page_number=document_page.siblings.count()) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) + AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document) view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name @@ -681,9 +681,9 @@ def transform_page(request, document_page_id, zoom_function=None, rotation_funct document_page = get_object_or_404(DocumentPage, pk=document_page_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) + AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document) view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name @@ -744,9 +744,9 @@ def document_print(request, document_id): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_PRINT]) + Permission.objects.check_permissions(request.user, [permission_document_print]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_PRINT, request.user, document) + AccessEntry.objects.check_access(permission_document_print, request.user, document) document.add_as_recent_document_for_user(request.user) @@ -784,7 +784,7 @@ def document_print(request, document_id): def document_type_list(request): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_type_view]) context = { 'object_list': DocumentType.objects.all(), @@ -800,7 +800,7 @@ def document_type_list(request): def document_type_edit(request, document_type_id): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_type_edit]) document_type = get_object_or_404(DocumentType, pk=document_type_id) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse('documents:document_type_list')))) @@ -827,7 +827,7 @@ def document_type_edit(request, document_type_id): def document_type_delete(request, document_type_id): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_DELETE]) + Permission.objects.check_permissions(request.user, [permission_document_type_delete]) document_type = get_object_or_404(DocumentType, pk=document_type_id) post_action_redirect = reverse('documents:document_type_list') @@ -860,7 +860,7 @@ def document_type_delete(request, document_type_id): def document_type_create(request): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_CREATE]) + Permission.objects.check_permissions(request.user, [permission_document_type_create]) if request.method == 'POST': form = DocumentTypeForm(request.POST) @@ -882,7 +882,7 @@ def document_type_create(request): def document_type_filename_list(request, document_type_id): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_type_view]) document_type = get_object_or_404(DocumentType, pk=document_type_id) context = { @@ -904,7 +904,7 @@ def document_type_filename_list(request, document_type_id): def document_type_filename_edit(request, document_type_filename_id): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_type_edit]) document_type_filename = get_object_or_404(DocumentTypeFilename, pk=document_type_filename_id) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse('documents:document_type_filename_list', args=[document_type_filename.document_type_id])))) @@ -936,7 +936,7 @@ def document_type_filename_edit(request, document_type_filename_id): def document_type_filename_delete(request, document_type_filename_id): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_type_edit]) document_type_filename = get_object_or_404(DocumentTypeFilename, pk=document_type_filename_id) post_action_redirect = reverse('documents:document_type_filename_list', args=[document_type_filename.document_type_id]) @@ -971,7 +971,7 @@ def document_type_filename_delete(request, document_type_filename_id): def document_type_filename_create(request, document_type_id): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_type_edit]) document_type = get_object_or_404(DocumentType, pk=document_type_id) @@ -1002,7 +1002,7 @@ def document_type_filename_create(request, document_type_id): def document_clear_image_cache(request): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TOOLS]) + Permission.objects.check_permissions(request.user, [permission_document_tools]) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -1022,9 +1022,9 @@ def document_version_list(request, document_pk): document = get_object_or_404(Document, pk=document_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) + AccessEntry.objects.check_access(permission_document_view, request.user, document) document.add_as_recent_document_for_user(request.user) @@ -1062,9 +1062,9 @@ def document_version_revert(request, document_version_pk): document_version = get_object_or_404(DocumentVersion, pk=document_version_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VERSION_REVERT]) + Permission.objects.check_permissions(request.user, [permission_document_version_revert]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VERSION_REVERT, request.user, document_version.document) + AccessEntry.objects.check_access(permission_document_version_revert, request.user, document_version.document) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) diff --git a/mayan/apps/events/permissions.py b/mayan/apps/events/permissions.py index 15c15b299f..e71dc24935 100644 --- a/mayan/apps/events/permissions.py +++ b/mayan/apps/events/permissions.py @@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace -events_namespace = PermissionNamespace('events', _('Events')) -PERMISSION_EVENTS_VIEW = Permission.objects.register(events_namespace, 'events_view', _('Access the events of an object')) +namespace = PermissionNamespace('events', _('Events')) +permission_events_view = namespace.add_permission(name='events_view', label=_('Access the events of an object')) diff --git a/mayan/apps/events/views.py b/mayan/apps/events/views.py index cab4843aea..7420287a5c 100644 --- a/mayan/apps/events/views.py +++ b/mayan/apps/events/views.py @@ -14,7 +14,7 @@ from common.utils import encapsulate from permissions.models import Permission from .classes import Event -from .permissions import PERMISSION_EVENTS_VIEW +from .permissions import permission_events_view from .widgets import event_object_link @@ -33,9 +33,9 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb= content_object = get_object_or_404(model, pk=object_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_EVENTS_VIEW]) + Permission.objects.check_permissions(request.user, [permission_events_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_EVENTS_VIEW, request.user, content_object) + AccessEntry.objects.check_access(permission_events_view, request.user, content_object) context.update({ 'object_list': any_stream(content_object), @@ -46,12 +46,12 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb= pre_object_list = Action.objects.filter(verb=verb) try: - Permission.objects.check_permissions(request.user, [PERMISSION_EVENTS_VIEW]) + Permission.objects.check_permissions(request.user, [permission_events_view]) except PermissionDenied: # If user doesn't have global permission, get a list of document # for which he/she does hace access use it to filter the # provided object_list - object_list = AccessEntry.objects.filter_objects_by_access(PERMISSION_EVENTS_VIEW, request.user, pre_object_list, related='content_object') + object_list = AccessEntry.objects.filter_objects_by_access(permission_events_view, request.user, pre_object_list, related='content_object') else: object_list = pre_object_list @@ -63,12 +63,12 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb= pre_object_list = Action.objects.all() try: - Permission.objects.check_permissions(request.user, [PERMISSION_EVENTS_VIEW]) + Permission.objects.check_permissions(request.user, [permission_events_view]) except PermissionDenied: # If user doesn't have global permission, get a list of document # for which he/she does hace access use it to filter the # provided object_list - object_list = AccessEntry.objects.filter_objects_by_access(PERMISSION_EVENTS_VIEW, request.user, pre_object_list, related='content_object') + object_list = AccessEntry.objects.filter_objects_by_access(permission_events_view, request.user, pre_object_list, related='content_object') else: object_list = pre_object_list diff --git a/mayan/apps/folders/api_views.py b/mayan/apps/folders/api_views.py index 7782f27c83..7bd2fd78b2 100644 --- a/mayan/apps/folders/api_views.py +++ b/mayan/apps/folders/api_views.py @@ -8,16 +8,16 @@ from rest_framework.response import Response from acls.models import AccessEntry from documents.models import Document -from documents.permissions import PERMISSION_DOCUMENT_VIEW +from documents.permissions import permission_document_view from permissions.models import Permission from rest_api.filters import MayanObjectPermissionsFilter from rest_api.permissions import MayanPermission from .models import Folder from .permissions import ( - PERMISSION_FOLDER_ADD_DOCUMENT, PERMISSION_FOLDER_CREATE, - PERMISSION_FOLDER_DELETE, PERMISSION_FOLDER_EDIT, - PERMISSION_FOLDER_REMOVE_DOCUMENT, PERMISSION_FOLDER_VIEW + permission_folder_add_document, permission_folder_create, + permission_folder_delete, permission_folder_edit, + permission_folder_remove_document, permission_folder_view ) from .serializers import FolderSerializer @@ -28,8 +28,8 @@ class APIFolderListView(generics.ListCreateAPIView): permission_classes = (MayanPermission,) filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_FOLDER_VIEW]} - mayan_view_permissions = {'POST': [PERMISSION_FOLDER_CREATE]} + mayan_object_permissions = {'GET': [permission_folder_view]} + mayan_view_permissions = {'POST': [permission_folder_create]} def get(self, *args, **kwargs): """Returns a list of all the folders.""" @@ -60,10 +60,10 @@ class APIFolderView(generics.RetrieveUpdateDestroyAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_FOLDER_VIEW], - 'PUT': [PERMISSION_FOLDER_EDIT], - 'PATCH': [PERMISSION_FOLDER_EDIT], - 'DELETE': [PERMISSION_FOLDER_DELETE] + 'GET': [permission_folder_view], + 'PUT': [permission_folder_edit], + 'PATCH': [permission_folder_edit], + 'DELETE': [permission_folder_delete] } def delete(self, *args, **kwargs): @@ -87,7 +87,7 @@ class APIFolderDocumentListView(generics.ListAPIView): """Returns a list of all the documents contained in a particular folder.""" filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]} + mayan_object_permissions = {'GET': [permission_document_view]} def get_serializer_class(self): from documents.serializers import DocumentSerializer @@ -96,9 +96,9 @@ class APIFolderDocumentListView(generics.ListAPIView): def get_queryset(self): folder = get_object_or_404(Folder, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_FOLDER_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_folder_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_FOLDER_VIEW, self.request.user, folder) + AccessEntry.objects.check_access(permission_folder_view, self.request.user, folder) return folder.documents.all() @@ -109,14 +109,14 @@ class APIDocumentFolderListView(generics.ListAPIView): serializer_class = FolderSerializer filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_FOLDER_VIEW]} + mayan_object_permissions = {'GET': [permission_folder_view]} def get_queryset(self): document = get_object_or_404(Document, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, self.request.user, document) + AccessEntry.objects.check_access(permission_document_view, self.request.user, document) queryset = document.folders.all() return queryset @@ -129,9 +129,9 @@ class APIFolderDocumentView(views.APIView): folder = get_object_or_404(Folder, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_REMOVE_DOCUMENT]) + Permission.objects.check_permissions(request.user, [permission_folder_remove_document]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_FOLDER_REMOVE_DOCUMENT, request.user, folder) + AccessEntry.objects.check_access(permission_folder_remove_document, request.user, folder) document = get_object_or_404(Document, pk=self.kwargs['document_pk']) folder.documents.remove(document) @@ -143,9 +143,9 @@ class APIFolderDocumentView(views.APIView): folder = get_object_or_404(Folder, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_ADD_DOCUMENT]) + Permission.objects.check_permissions(request.user, [permission_folder_add_document]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_FOLDER_ADD_DOCUMENT, request.user, folder) + AccessEntry.objects.check_access(permission_folder_add_document, request.user, folder) document = get_object_or_404(Document, pk=self.kwargs['document_pk']) folder.documents.add(document) diff --git a/mayan/apps/folders/apps.py b/mayan/apps/folders/apps.py index 45808a1898..bb267fa3db 100644 --- a/mayan/apps/folders/apps.py +++ b/mayan/apps/folders/apps.py @@ -3,7 +3,7 @@ from __future__ import unicode_literals from django.utils.translation import ugettext_lazy as _ from acls.api import class_permissions -from acls.permissions import ACLS_EDIT_ACL, ACLS_VIEW_ACL +from acls.permissions import acls_edit_acl, acls_view_acl from common import ( MayanAppConfig, menu_facet, menu_main, menu_object, menu_secondary, menu_sidebar, menu_multi_item @@ -22,9 +22,9 @@ from .links import ( ) from .models import Folder from .permissions import ( - PERMISSION_FOLDER_ADD_DOCUMENT, PERMISSION_FOLDER_DELETE, - PERMISSION_FOLDER_EDIT, PERMISSION_FOLDER_REMOVE_DOCUMENT, - PERMISSION_FOLDER_VIEW + permission_folder_add_document, permission_folder_delete, + permission_folder_edit, permission_folder_remove_document, + permission_folder_view ) @@ -38,12 +38,12 @@ class FoldersApp(MayanAppConfig): APIEndPoint('folders') class_permissions(Document, [ - PERMISSION_FOLDER_ADD_DOCUMENT, PERMISSION_FOLDER_REMOVE_DOCUMENT + permission_folder_add_document, permission_folder_remove_document ]) class_permissions(Folder, [ - ACLS_EDIT_ACL, ACLS_VIEW_ACL, PERMISSION_FOLDER_DELETE, - PERMISSION_FOLDER_EDIT, PERMISSION_FOLDER_VIEW + acls_edit_acl, acls_view_acl, permission_folder_delete, + permission_folder_edit, permission_folder_view ]) menu_facet.bind_links(links=[link_document_folder_list], sources=[Document]) diff --git a/mayan/apps/folders/forms.py b/mayan/apps/folders/forms.py index 4e94bb9a19..91e935f2f2 100644 --- a/mayan/apps/folders/forms.py +++ b/mayan/apps/folders/forms.py @@ -10,7 +10,7 @@ from acls.models import AccessEntry from permissions.models import Permission from .models import Folder -from .permissions import PERMISSION_FOLDER_VIEW +from .permissions import permission_folder_view logger = logging.getLogger(__name__) @@ -29,9 +29,9 @@ class FolderListForm(forms.Form): queryset = Folder.objects.all() try: - Permission.objects.check_permissions(user, [PERMISSION_FOLDER_VIEW]) + Permission.objects.check_permissions(user, [permission_folder_view]) except PermissionDenied: - queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_FOLDER_VIEW, user, queryset) + queryset = AccessEntry.objects.filter_objects_by_access(permission_folder_view, user, queryset) self.fields['folder'] = forms.ModelChoiceField( queryset=queryset, diff --git a/mayan/apps/folders/links.py b/mayan/apps/folders/links.py index 8d0affe64a..3df90c339c 100644 --- a/mayan/apps/folders/links.py +++ b/mayan/apps/folders/links.py @@ -2,23 +2,23 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from acls.permissions import ACLS_VIEW_ACL -from documents.permissions import PERMISSION_DOCUMENT_VIEW +from acls.permissions import acls_view_acl +from documents.permissions import permission_document_view from navigation import Link from .permissions import ( - PERMISSION_FOLDER_ADD_DOCUMENT, PERMISSION_FOLDER_CREATE, - PERMISSION_FOLDER_DELETE, PERMISSION_FOLDER_EDIT, PERMISSION_FOLDER_VIEW, - PERMISSION_FOLDER_REMOVE_DOCUMENT + permission_folder_add_document, permission_folder_create, + permission_folder_delete, permission_folder_edit, permission_folder_view, + permission_folder_remove_document ) -link_document_folder_list = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Folders'), view='folders:document_folder_list', args='object.pk') -link_folder_acl_list = Link(permissions=[ACLS_VIEW_ACL], text=_('ACLs'), view='folders:folder_acl_list', args='object.pk') -link_folder_add_document = Link(permissions=[PERMISSION_FOLDER_ADD_DOCUMENT], text=_('Add to a folder'), view='folders:folder_add_document', args='object.pk') +link_document_folder_list = Link(permissions=[permission_document_view], text=_('folders'), view='folders:document_folder_list', args='object.pk') +link_folder_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='folders:folder_acl_list', args='object.pk') +link_folder_add_document = Link(permissions=[permission_folder_add_document], text=_('add to a folder'), view='folders:folder_add_document', args='object.pk') link_folder_add_multiple_documents = Link(text=_('Add to folder'), view='folders:folder_add_multiple_documents') -link_folder_create = Link(permissions=[PERMISSION_FOLDER_CREATE], text=_('Create folder'), view='folders:folder_create') -link_folder_delete = Link(permissions=[PERMISSION_FOLDER_DELETE], tags='dangerous', text=_('Delete'), view='folders:folder_delete', args='object.pk') -link_folder_document_multiple_remove = Link(permissions=[PERMISSION_FOLDER_REMOVE_DOCUMENT], text=_('Remove from folder'), view='folders:folder_document_multiple_remove', args='object.pk') -link_folder_edit = Link(permissions=[PERMISSION_FOLDER_EDIT], text=_('Edit'), view='folders:folder_edit', args='object.pk') +link_folder_create = Link(permissions=[permission_folder_create], text=_('create folder'), view='folders:folder_create') +link_folder_delete = Link(permissions=[permission_folder_delete], tags='dangerous', text=_('delete'), view='folders:folder_delete', args='object.pk') +link_folder_document_multiple_remove = Link(permissions=[permission_folder_remove_document], text=_('remove from folder'), view='folders:folder_document_multiple_remove', args='object.pk') +link_folder_edit = Link(permissions=[permission_folder_edit], text=_('edit'), view='folders:folder_edit', args='object.pk') link_folder_list = Link(icon='fa fa-folder', text=_('Folders'), view='folders:folder_list') -link_folder_view = Link(permissions=[PERMISSION_FOLDER_VIEW], text=_('Documents'), view='folders:folder_view', args='object.pk') +link_folder_view = Link(permissions=[permission_folder_view], text=_('documents'), view='folders:folder_view', args='object.pk') diff --git a/mayan/apps/folders/permissions.py b/mayan/apps/folders/permissions.py index cbe34bc1d1..e4c97200c3 100644 --- a/mayan/apps/folders/permissions.py +++ b/mayan/apps/folders/permissions.py @@ -2,13 +2,13 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace -folder_namespace = PermissionNamespace('folders', _('Folders')) +namespace = PermissionNamespace('folders', _('Folders')) -PERMISSION_FOLDER_CREATE = Permission.objects.register(folder_namespace, 'folder_create', _('Create new folders')) -PERMISSION_FOLDER_EDIT = Permission.objects.register(folder_namespace, 'folder_edit', _('Edit new folders')) -PERMISSION_FOLDER_DELETE = Permission.objects.register(folder_namespace, 'folder_delete', _('Delete new folders')) -PERMISSION_FOLDER_REMOVE_DOCUMENT = Permission.objects.register(folder_namespace, 'folder_remove_document', _('Remove documents from folders')) -PERMISSION_FOLDER_VIEW = Permission.objects.register(folder_namespace, 'folder_view', _('View existing folders')) -PERMISSION_FOLDER_ADD_DOCUMENT = Permission.objects.register(folder_namespace, 'folder_add_document', _('Add documents to existing folders')) +permission_folder_create = namespace.add_permission(name='folder_create', label=_('Create new folders')) +permission_folder_edit = namespace.add_permission(name='folder_edit', label=_('Edit new folders')) +permission_folder_delete = namespace.add_permission(name='folder_delete', label=_('Delete new folders')) +permission_folder_remove_document = namespace.add_permission(name='folder_remove_document', label=_('Remove documents from folders')) +permission_folder_view = namespace.add_permission(name='folder_view', label=_('View existing folders')) +permission_folder_add_document = namespace.add_permission(name='folder_add_document', label=_('Add documents to existing folders')) diff --git a/mayan/apps/folders/views.py b/mayan/apps/folders/views.py index 779d488437..3903e90297 100644 --- a/mayan/apps/folders/views.py +++ b/mayan/apps/folders/views.py @@ -15,7 +15,7 @@ from acls.models import AccessEntry from acls.utils import apply_default_acls from acls.views import acl_list_for from common.views import SingleObjectListView -from documents.permissions import PERMISSION_DOCUMENT_VIEW +from documents.permissions import permission_document_view from documents.models import Document from documents.views import DocumentListView from permissions.models import Permission @@ -23,9 +23,9 @@ from permissions.models import Permission from .forms import FolderForm, FolderListForm from .models import Folder from .permissions import ( - PERMISSION_FOLDER_ADD_DOCUMENT, PERMISSION_FOLDER_CREATE, - PERMISSION_FOLDER_DELETE, PERMISSION_FOLDER_EDIT, PERMISSION_FOLDER_VIEW, - PERMISSION_FOLDER_REMOVE_DOCUMENT + permission_folder_add_document, permission_folder_create, + permission_folder_delete, permission_folder_edit, permission_folder_view, + permission_folder_remove_document ) logger = logging.getLogger(__name__) @@ -33,7 +33,7 @@ logger = logging.getLogger(__name__) class FolderListView(SingleObjectListView): model = Folder - object_permission = PERMISSION_FOLDER_VIEW + object_permission = permission_folder_view def get_extra_context(self): return { @@ -43,7 +43,7 @@ class FolderListView(SingleObjectListView): def folder_create(request): - Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_CREATE]) + Permission.objects.check_permissions(request.user, [permission_folder_create]) if request.method == 'POST': form = FolderForm(request.POST) @@ -68,9 +68,9 @@ def folder_edit(request, folder_id): folder = get_object_or_404(Folder, pk=folder_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_EDIT]) + Permission.objects.check_permissions(request.user, [permission_folder_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_FOLDER_EDIT, request.user, folder) + AccessEntry.objects.check_access(permission_folder_edit, request.user, folder) if request.method == 'POST': form = FolderForm(data=request.POST, instance=folder) @@ -95,9 +95,9 @@ def folder_delete(request, folder_id): folder = get_object_or_404(Folder, pk=folder_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_DELETE]) + Permission.objects.check_permissions(request.user, [permission_folder_delete]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_FOLDER_DELETE, request.user, folder) + AccessEntry.objects.check_access(permission_folder_delete, request.user, folder) post_action_redirect = reverse('folders:folder_list') @@ -131,9 +131,9 @@ class FolderDetailView(DocumentListView): folder = get_object_or_404(Folder, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_FOLDER_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_folder_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_FOLDER_VIEW, self.request.user, folder) + AccessEntry.objects.check_access(permission_folder_view, self.request.user, folder) return folder @@ -159,9 +159,9 @@ def folder_add_document(request, document_id=None, document_id_list=None): return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) try: - Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_ADD_DOCUMENT]) + Permission.objects.check_permissions(request.user, [permission_folder_add_document]) except PermissionDenied: - documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_FOLDER_ADD_DOCUMENT, request.user, documents) + documents = AccessEntry.objects.filter_objects_by_access(permission_folder_add_document, request.user, documents) post_action_redirect = None previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -207,9 +207,9 @@ def document_folder_list(request, document_id): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) + AccessEntry.objects.check_access(permission_document_view, request.user, document) context = { 'hide_link': True, @@ -220,9 +220,9 @@ def document_folder_list(request, document_id): queryset = document.folders.all() try: - Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_VIEW]) + Permission.objects.check_permissions(request.user, [permission_folder_view]) except PermissionDenied: - queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_FOLDER_VIEW, request.user, queryset) + queryset = AccessEntry.objects.filter_objects_by_access(permission_folder_view, request.user, queryset) context['object_list'] = queryset @@ -245,9 +245,9 @@ def folder_document_remove(request, folder_id, document_id=None, document_id_lis logger.debug('folder_documents (pre permission check): %s', folder_documents) try: - Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_REMOVE_DOCUMENT]) + Permission.objects.check_permissions(request.user, [permission_folder_remove_document]) except PermissionDenied: - folder_documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_FOLDER_REMOVE_DOCUMENT, request.user, folder_documents, exception_on_empty=True) + folder_documents = AccessEntry.objects.filter_objects_by_access(permission_folder_remove_document, request.user, folder_documents, exception_on_empty=True) logger.debug('folder_documents (post permission check): %s', folder_documents) diff --git a/mayan/apps/installation/links.py b/mayan/apps/installation/links.py index f81fa01746..3e841a3d66 100644 --- a/mayan/apps/installation/links.py +++ b/mayan/apps/installation/links.py @@ -4,8 +4,8 @@ from django.utils.translation import ugettext_lazy as _ from navigation import Link -from .permissions import PERMISSION_INSTALLATION_DETAILS +from .permissions import permission_installation_details -link_menu_link = Link(icon='fa fa-check-square-o', permissions=[PERMISSION_INSTALLATION_DETAILS], text=_('Installation details'), view='installation:namespace_list') -link_namespace_details = Link(permissions=[PERMISSION_INSTALLATION_DETAILS], text=_('Details'), view='installation:namespace_details', args='object.id') -link_namespace_list = Link(permissions=[PERMISSION_INSTALLATION_DETAILS], text=_('Installation property namespaces'), view='installation:namespace_list') +link_menu_link = Link(icon='fa fa-check-square-o', permissions=[permission_installation_details], text=_('installation details'), view='installation:namespace_list') +link_namespace_details = Link(permissions=[permission_installation_details], text=_('details'), view='installation:namespace_details', args='object.id') +link_namespace_list = Link(permissions=[permission_installation_details], text=_('installation property namespaces'), view='installation:namespace_list') diff --git a/mayan/apps/installation/permissions.py b/mayan/apps/installation/permissions.py index fd08eaac50..5f7004cf05 100644 --- a/mayan/apps/installation/permissions.py +++ b/mayan/apps/installation/permissions.py @@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace namespace = PermissionNamespace('installation', _('Installation')) -PERMISSION_INSTALLATION_DETAILS = Permission.objects.register(namespace, 'installation_details', _('View installation environment details')) +permission_installation_details = namespace.add_permission(name='installation_details', label=_('View installation environment details')) diff --git a/mayan/apps/installation/views.py b/mayan/apps/installation/views.py index 7d277c5f5f..c0779144ec 100644 --- a/mayan/apps/installation/views.py +++ b/mayan/apps/installation/views.py @@ -7,11 +7,11 @@ from django.utils.translation import ugettext_lazy as _ from permissions.models import Permission from .classes import PropertyNamespace -from .permissions import PERMISSION_INSTALLATION_DETAILS +from .permissions import permission_installation_details def namespace_list(request): - Permission.objects.check_permissions(request.user, [PERMISSION_INSTALLATION_DETAILS]) + Permission.objects.check_permissions(request.user, [permission_installation_details]) return render_to_response('appearance/generic_list.html', { 'object_list': PropertyNamespace.get_all(), @@ -21,7 +21,7 @@ def namespace_list(request): def namespace_details(request, namespace_id): - Permission.objects.check_permissions(request.user, [PERMISSION_INSTALLATION_DETAILS]) + Permission.objects.check_permissions(request.user, [permission_installation_details]) namespace = PropertyNamespace.get(namespace_id) object_list = namespace.get_properties() diff --git a/mayan/apps/linking/apps.py b/mayan/apps/linking/apps.py index de1422c325..3a0ad81ee7 100644 --- a/mayan/apps/linking/apps.py +++ b/mayan/apps/linking/apps.py @@ -3,7 +3,7 @@ from __future__ import unicode_literals from django.utils.translation import ugettext_lazy as _ from acls.api import class_permissions -from acls.permissions import ACLS_EDIT_ACL, ACLS_VIEW_ACL +from acls.permissions import acls_edit_acl, acls_view_acl from common import ( MayanAppConfig, menu_facet, menu_object, menu_secondary, menu_setup, menu_sidebar @@ -22,8 +22,8 @@ from .links import ( ) from .models import SmartLink, SmartLinkCondition from .permissions import ( - PERMISSION_SMART_LINK_DELETE, PERMISSION_SMART_LINK_EDIT, - PERMISSION_SMART_LINK_VIEW + permission_smart_link_delete, permission_smart_link_edit, + permission_smart_link_view ) @@ -35,8 +35,8 @@ class LinkingApp(MayanAppConfig): super(LinkingApp, self).ready() class_permissions(SmartLink, [ - ACLS_EDIT_ACL, ACLS_VIEW_ACL, PERMISSION_SMART_LINK_DELETE, - PERMISSION_SMART_LINK_EDIT, PERMISSION_SMART_LINK_VIEW + acls_edit_acl, acls_view_acl, permission_smart_link_delete, + permission_smart_link_edit, permission_smart_link_view ]) menu_facet.bind_links(links=[link_smart_link_instances_for_document], sources=[Document]) diff --git a/mayan/apps/linking/links.py b/mayan/apps/linking/links.py index 248b13e625..4be581b846 100644 --- a/mayan/apps/linking/links.py +++ b/mayan/apps/linking/links.py @@ -2,25 +2,25 @@ from __future__ import unicode_literals from django.utils.translation import ugettext_lazy as _ -from acls.permissions import ACLS_VIEW_ACL -from documents.permissions import PERMISSION_DOCUMENT_VIEW +from acls.permissions import acls_view_acl +from documents.permissions import permission_document_view from navigation import Link from .permissions import ( - PERMISSION_SMART_LINK_CREATE, PERMISSION_SMART_LINK_DELETE, - PERMISSION_SMART_LINK_EDIT, PERMISSION_SMART_LINK_VIEW + permission_smart_link_create, permission_smart_link_delete, + permission_smart_link_edit, permission_smart_link_view ) -link_smart_link_acl_list = Link(permissions=[ACLS_VIEW_ACL], text=_('ACLs'), view='linking:smart_link_acl_list', args='object.pk') -link_smart_link_condition_create = Link(permissions=[PERMISSION_SMART_LINK_EDIT], text=_('Create condition'), view='linking:smart_link_condition_create', args='object.pk') -link_smart_link_condition_delete = Link(permissions=[PERMISSION_SMART_LINK_EDIT], tags='dangerous', text=_('Delete'), view='linking:smart_link_condition_delete', args='resolved_object.pk') -link_smart_link_condition_edit = Link(permissions=[PERMISSION_SMART_LINK_EDIT], text=_('Edit'), view='linking:smart_link_condition_edit', args='resolved_object.pk') -link_smart_link_condition_list = Link(permissions=[PERMISSION_SMART_LINK_EDIT], text=_('Conditions'), view='linking:smart_link_condition_list', args='object.pk') -link_smart_link_create = Link(permissions=[PERMISSION_SMART_LINK_CREATE], text=_('Create new smart link'), view='linking:smart_link_create') -link_smart_link_delete = Link(permissions=[PERMISSION_SMART_LINK_DELETE], tags='dangerous', text=_('Delete'), view='linking:smart_link_delete', args='object.pk') -link_smart_link_document_types = Link(permissions=[PERMISSION_SMART_LINK_EDIT], text=_('Document types'), view='linking:smart_link_document_types', args='object.pk') -link_smart_link_edit = Link(permissions=[PERMISSION_SMART_LINK_EDIT], text=_('Edit'), view='linking:smart_link_edit', args='object.pk') -link_smart_link_instance_view = Link(permissions=[PERMISSION_SMART_LINK_VIEW], text=_('Documents'), view='linking:smart_link_instance_view', args=['document.pk', 'object.smart_link.pk']) -link_smart_link_instances_for_document = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Smart links'), view='linking:smart_link_instances_for_document', args='object.pk') -link_smart_link_list = Link(permissions=[PERMISSION_SMART_LINK_CREATE], text=_('Smart links'), view='linking:smart_link_list') -link_smart_link_setup = Link(icon='fa fa-link', permissions=[PERMISSION_SMART_LINK_CREATE], text=_('Smart links'), view='linking:smart_link_list') +link_smart_link_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='linking:smart_link_acl_list', args='object.pk') +link_smart_link_condition_create = Link(permissions=[permission_smart_link_edit], text=_('create condition'), view='linking:smart_link_condition_create', args='object.pk') +link_smart_link_condition_delete = Link(permissions=[permission_smart_link_edit], tags='dangerous', text=_('delete'), view='linking:smart_link_condition_delete', args='resolved_object.pk') +link_smart_link_condition_edit = Link(permissions=[permission_smart_link_edit], text=_('edit'), view='linking:smart_link_condition_edit', args='resolved_object.pk') +link_smart_link_condition_list = Link(permissions=[permission_smart_link_edit], text=_('conditions'), view='linking:smart_link_condition_list', args='object.pk') +link_smart_link_create = Link(permissions=[permission_smart_link_create], text=_('create new smart link'), view='linking:smart_link_create') +link_smart_link_delete = Link(permissions=[permission_smart_link_delete], tags='dangerous', text=_('delete'), view='linking:smart_link_delete', args='object.pk') +link_smart_link_document_types = Link(permissions=[permission_smart_link_edit], text=_('document types'), view='linking:smart_link_document_types', args='object.pk') +link_smart_link_edit = Link(permissions=[permission_smart_link_edit], text=_('edit'), view='linking:smart_link_edit', args='object.pk') +link_smart_link_instance_view = Link(permissions=[permission_smart_link_view], text=_('documents'), view='linking:smart_link_instance_view', args=['document.pk', 'object.smart_link.pk']) +link_smart_link_instances_for_document = Link(permissions=[permission_document_view], text=_('smart links'), view='linking:smart_link_instances_for_document', args='object.pk') +link_smart_link_list = Link(permissions=[permission_smart_link_create], text=_('smart links'), view='linking:smart_link_list') +link_smart_link_setup = Link(icon='fa fa-link', permissions=[permission_smart_link_create], text=_('smart links'), view='linking:smart_link_list') diff --git a/mayan/apps/linking/permissions.py b/mayan/apps/linking/permissions.py index 15f93cf7da..cf959413a7 100644 --- a/mayan/apps/linking/permissions.py +++ b/mayan/apps/linking/permissions.py @@ -2,11 +2,11 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace -linking_namespace = PermissionNamespace('linking', _('Smart links')) +namespace = PermissionNamespace('linking', _('Smart links')) -PERMISSION_SMART_LINK_VIEW = Permission.objects.register(linking_namespace, 'smart_link_view', _('View existing smart links')) -PERMISSION_SMART_LINK_CREATE = Permission.objects.register(linking_namespace, 'smart_link_create', _('Create new smart links')) -PERMISSION_SMART_LINK_DELETE = Permission.objects.register(linking_namespace, 'smart_link_delete', _('Delete smart links')) -PERMISSION_SMART_LINK_EDIT = Permission.objects.register(linking_namespace, 'smart_link_edit', _('Edit smart links')) +permission_smart_link_view = namespace.add_permission(name='smart_link_view', label=_('View existing smart links')) +permission_smart_link_create = namespace.add_permission(name='smart_link_create', label=_('Create new smart links')) +permission_smart_link_delete = namespace.add_permission(name='smart_link_delete', label=_('Delete smart links')) +permission_smart_link_edit = namespace.add_permission(name='smart_link_edit', label=_('Edit smart links')) diff --git a/mayan/apps/linking/views.py b/mayan/apps/linking/views.py index 5b265e980d..ef4d454034 100644 --- a/mayan/apps/linking/views.py +++ b/mayan/apps/linking/views.py @@ -24,8 +24,8 @@ from permissions.models import Permission from .forms import SmartLinkConditionForm, SmartLinkForm from .models import SmartLink, SmartLinkCondition from .permissions import ( - PERMISSION_SMART_LINK_CREATE, PERMISSION_SMART_LINK_DELETE, - PERMISSION_SMART_LINK_EDIT, PERMISSION_SMART_LINK_VIEW + permission_smart_link_create, permission_smart_link_delete, + permission_smart_link_edit, permission_smart_link_view ) logger = logging.getLogger(__name__) @@ -41,9 +41,9 @@ class SetupSmartLinkDocumentTypesView(AssignRemoveView): self.smart_link = get_object_or_404(SmartLink, pk=self.kwargs['smart_link_pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_SMART_LINK_EDIT]) + Permission.objects.check_permissions(self.request.user, [permission_smart_link_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_SMART_LINK_EDIT, self.request.user, self.smart_link) + AccessEntry.objects.check_access(permission_smart_link_edit, self.request.user, self.smart_link) return super(SetupSmartLinkDocumentTypesView, self).dispatch(request, *args, **kwargs) @@ -71,9 +71,9 @@ def smart_link_instance_view(request, document_id, smart_link_pk): smart_link = get_object_or_404(SmartLink, pk=smart_link_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_VIEW]) + Permission.objects.check_permissions(request.user, [permission_smart_link_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_SMART_LINK_VIEW, request.user, smart_link) + AccessEntry.objects.check_access(permission_smart_link_view, request.user, smart_link) try: object_list = smart_link.get_linked_document_for(document) @@ -106,9 +106,9 @@ def smart_link_instances_for_document(request, document_id): ) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_VIEW]) + Permission.objects.check_permissions(request.user, [permission_smart_link_view]) except PermissionDenied: - smart_links = AccessEntry.objects.filter_objects_by_access(PERMISSION_SMART_LINK_VIEW, request.user, queryset) + smart_links = AccessEntry.objects.filter_objects_by_access(permission_smart_link_view, request.user, queryset) else: smart_links = queryset @@ -141,9 +141,9 @@ def smart_link_list(request): qs = SmartLink.objects.all() try: - Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_VIEW]) + Permission.objects.check_permissions(request.user, [permission_smart_link_view]) except PermissionDenied: - qs = AccessEntry.objects.filter_objects_by_access(PERMISSION_SMART_LINK_VIEW, request.user, qs) + qs = AccessEntry.objects.filter_objects_by_access(permission_smart_link_view, request.user, qs) return render_to_response('appearance/generic_list.html', { 'title': _('Smart links'), @@ -158,7 +158,7 @@ def smart_link_list(request): def smart_link_create(request): - Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_CREATE]) + Permission.objects.check_permissions(request.user, [permission_smart_link_create]) if request.method == 'POST': form = SmartLinkForm(request.POST) @@ -180,9 +180,9 @@ def smart_link_edit(request, smart_link_pk): smart_link = get_object_or_404(SmartLink, pk=smart_link_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_EDIT]) + Permission.objects.check_permissions(request.user, [permission_smart_link_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_SMART_LINK_EDIT, request.user, smart_link) + AccessEntry.objects.check_access(permission_smart_link_edit, request.user, smart_link) if request.method == 'POST': form = SmartLinkForm(request.POST, instance=smart_link) @@ -204,9 +204,9 @@ def smart_link_delete(request, smart_link_pk): smart_link = get_object_or_404(SmartLink, pk=smart_link_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_DELETE]) + Permission.objects.check_permissions(request.user, [permission_smart_link_delete]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_SMART_LINK_DELETE, request.user, smart_link) + AccessEntry.objects.check_access(permission_smart_link_delete, request.user, smart_link) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -235,9 +235,9 @@ def smart_link_condition_list(request, smart_link_pk): smart_link = get_object_or_404(SmartLink, pk=smart_link_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_EDIT]) + Permission.objects.check_permissions(request.user, [permission_smart_link_edit]) except PermissionDenied: - AccessEntry.objects.check_accesses([PERMISSION_SMART_LINK_EDIT], request.user, smart_link) + AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link) return render_to_response('appearance/generic_list.html', { 'title': _('Conditions for smart link: %s') % smart_link, @@ -254,9 +254,9 @@ def smart_link_condition_create(request, smart_link_pk): smart_link = get_object_or_404(SmartLink, pk=smart_link_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_EDIT]) + Permission.objects.check_permissions(request.user, [permission_smart_link_edit]) except PermissionDenied: - AccessEntry.objects.check_accesses([PERMISSION_SMART_LINK_EDIT], request.user, smart_link) + AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link) if request.method == 'POST': form = SmartLinkConditionForm(data=request.POST) @@ -280,9 +280,9 @@ def smart_link_condition_edit(request, smart_link_condition_pk): smart_link_condition = get_object_or_404(SmartLinkCondition, pk=smart_link_condition_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_EDIT]) + Permission.objects.check_permissions(request.user, [permission_smart_link_edit]) except PermissionDenied: - AccessEntry.objects.check_accesses([PERMISSION_SMART_LINK_EDIT], request.user, smart_link_condition.smart_link) + AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link_condition.smart_link) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -311,9 +311,9 @@ def smart_link_condition_delete(request, smart_link_condition_pk): smart_link_condition = get_object_or_404(SmartLinkCondition, pk=smart_link_condition_pk) try: - Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_EDIT]) + Permission.objects.check_permissions(request.user, [permission_smart_link_edit]) except PermissionDenied: - AccessEntry.objects.check_accesses([PERMISSION_SMART_LINK_EDIT], request.user, smart_link_condition.smart_link) + AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link_condition.smart_link) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) diff --git a/mayan/apps/mailer/apps.py b/mayan/apps/mailer/apps.py index ac664297be..c370473f60 100644 --- a/mayan/apps/mailer/apps.py +++ b/mayan/apps/mailer/apps.py @@ -8,7 +8,7 @@ from documents.models import Document from .links import link_send_document_link, link_send_document from .permissions import ( - PERMISSION_MAILING_LINK, PERMISSION_MAILING_SEND_DOCUMENT + permission_mailing_link, permission_mailing_send_document ) @@ -20,7 +20,7 @@ class MailerApp(MayanAppConfig): super(MailerApp, self).ready() class_permissions(Document, [ - PERMISSION_MAILING_LINK, PERMISSION_MAILING_SEND_DOCUMENT + permission_mailing_link, permission_mailing_send_document ]) menu_object.bind_links(links=[link_send_document_link, link_send_document], sources=[Document]) diff --git a/mayan/apps/mailer/links.py b/mayan/apps/mailer/links.py index b9a7aa7550..2897cef372 100644 --- a/mayan/apps/mailer/links.py +++ b/mayan/apps/mailer/links.py @@ -4,7 +4,7 @@ from django.utils.translation import ugettext_lazy as _ from navigation import Link -from .permissions import PERMISSION_MAILING_LINK, PERMISSION_MAILING_SEND_DOCUMENT +from .permissions import permission_mailing_link, permission_mailing_send_document -link_send_document = Link(permissions=[PERMISSION_MAILING_SEND_DOCUMENT], text=_('Email document'), view='mailer:send_document', args='object.pk') -link_send_document_link = Link(permissions=[PERMISSION_MAILING_LINK], text=_('Email link'), view='mailer:send_document_link', args='object.pk') +link_send_document = Link(permissions=[permission_mailing_send_document], text=_('email document'), view='mailer:send_document', args='object.pk') +link_send_document_link = Link(permissions=[permission_mailing_link], text=_('email link'), view='mailer:send_document_link', args='object.pk') diff --git a/mayan/apps/mailer/permissions.py b/mayan/apps/mailer/permissions.py index 9b79a02e94..9241ca334c 100644 --- a/mayan/apps/mailer/permissions.py +++ b/mayan/apps/mailer/permissions.py @@ -2,9 +2,9 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import Permission, PermissionNamespace +from permissions.models import PermissionNamespace -mailer_namespace = PermissionNamespace('mailing', _('Mailing')) +namespace = PermissionNamespace('mailing', _('Mailing')) -PERMISSION_MAILING_LINK = Permission.objects.register(mailer_namespace, 'mail_link', _('Send document link via email')) -PERMISSION_MAILING_SEND_DOCUMENT = Permission.objects.register(mailer_namespace, 'mail_document', _('Send document via email')) +permission_mailing_link = namespace.add_permission(name='mail_link', label=_('Send document link via email')) +permission_mailing_send_document = namespace.add_permission(name='mail_document', label=_('Send document via email')) diff --git a/mayan/apps/mailer/views.py b/mayan/apps/mailer/views.py index baf5a44dfa..9baaddeb84 100644 --- a/mayan/apps/mailer/views.py +++ b/mayan/apps/mailer/views.py @@ -17,7 +17,7 @@ from permissions.models import Permission from .forms import DocumentMailForm from .permissions import ( - PERMISSION_MAILING_LINK, PERMISSION_MAILING_SEND_DOCUMENT + permission_mailing_link, permission_mailing_send_document ) from .tasks import task_send_document @@ -29,9 +29,9 @@ def send_document_link(request, document_id=None, document_id_list=None, as_atta documents = [get_object_or_404(Document, pk=document_id) for document_id in document_id_list.split(',')] if as_attachment: - permission = PERMISSION_MAILING_SEND_DOCUMENT + permission = permission_mailing_send_document else: - permission = PERMISSION_MAILING_LINK + permission = permission_mailing_link try: Permission.objects.check_permissions(request.user, [permission]) diff --git a/mayan/apps/metadata/api_views.py b/mayan/apps/metadata/api_views.py index da59e546d3..fec084dd89 100644 --- a/mayan/apps/metadata/api_views.py +++ b/mayan/apps/metadata/api_views.py @@ -9,7 +9,7 @@ from rest_framework.response import Response from acls.models import AccessEntry from documents.models import Document, DocumentType from documents.permissions import ( - PERMISSION_DOCUMENT_TYPE_VIEW, PERMISSION_DOCUMENT_TYPE_EDIT + permission_document_type_view, permission_document_type_edit ) from permissions.models import Permission from rest_api.filters import MayanObjectPermissionsFilter @@ -17,10 +17,10 @@ from rest_api.permissions import MayanPermission from .models import DocumentMetadata, MetadataType from .permissions import ( - PERMISSION_METADATA_DOCUMENT_ADD, PERMISSION_METADATA_DOCUMENT_REMOVE, - PERMISSION_METADATA_DOCUMENT_EDIT, PERMISSION_METADATA_DOCUMENT_VIEW, - PERMISSION_METADATA_TYPE_CREATE, PERMISSION_METADATA_TYPE_DELETE, - PERMISSION_METADATA_TYPE_EDIT, PERMISSION_METADATA_TYPE_VIEW + permission_metadata_document_add, permission_metadata_document_remove, + permission_metadata_document_edit, permission_metadata_document_view, + permission_metadata_type_create, permission_metadata_type_delete, + permission_metadata_type_edit, permission_metadata_type_view ) from .serializers import ( DocumentMetadataSerializer, DocumentTypeNewMetadataTypeSerializer, @@ -34,8 +34,8 @@ class APIMetadataTypeListView(generics.ListCreateAPIView): permission_classes = (MayanPermission,) filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_METADATA_TYPE_VIEW]} - mayan_view_permissions = {'POST': [PERMISSION_METADATA_TYPE_CREATE]} + mayan_object_permissions = {'GET': [permission_metadata_type_view]} + mayan_view_permissions = {'POST': [permission_metadata_type_create]} def get(self, *args, **kwargs): """Returns a list of all the metadata types.""" @@ -52,10 +52,10 @@ class APIMetadataTypeView(generics.RetrieveUpdateDestroyAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_METADATA_TYPE_VIEW], - 'PUT': [PERMISSION_METADATA_TYPE_EDIT], - 'PATCH': [PERMISSION_METADATA_TYPE_EDIT], - 'DELETE': [PERMISSION_METADATA_TYPE_DELETE] + 'GET': [permission_metadata_type_view], + 'PUT': [permission_metadata_type_edit], + 'PATCH': [permission_metadata_type_edit], + 'DELETE': [permission_metadata_type_delete] } def delete(self, *args, **kwargs): @@ -88,17 +88,17 @@ class APIDocumentMetadataListView(generics.ListCreateAPIView): if self.request == 'GET': # Make sure the use has the permission to see the metadata for this document try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_METADATA_DOCUMENT_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_metadata_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_METADATA_DOCUMENT_VIEW, self.request.user, document) + AccessEntry.objects.check_access(permission_metadata_document_view, self.request.user, document) else: return document.metadata.all() elif self.request == 'POST': # Make sure the use has the permission to add metadata to this document try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_METADATA_DOCUMENT_ADD]) + Permission.objects.check_permissions(self.request.user, [permission_metadata_document_add]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_METADATA_DOCUMENT_ADD, self.request.user, document) + AccessEntry.objects.check_access(permission_metadata_document_add, self.request.user, document) else: return document.metadata.all() @@ -120,10 +120,10 @@ class APIDocumentMetadataView(generics.RetrieveUpdateDestroyAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_METADATA_DOCUMENT_VIEW], - 'PUT': [PERMISSION_METADATA_DOCUMENT_EDIT], - 'PATCH': [PERMISSION_METADATA_DOCUMENT_EDIT], - 'DELETE': [PERMISSION_METADATA_DOCUMENT_REMOVE] + 'GET': [permission_metadata_document_view], + 'PUT': [permission_metadata_document_edit], + 'PATCH': [permission_metadata_document_edit], + 'DELETE': [permission_metadata_document_remove] } def delete(self, *args, **kwargs): @@ -155,16 +155,16 @@ class APIDocumentMetadataView(generics.RetrieveUpdateDestroyAPIView): class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView): permission_classes = (MayanPermission,) - mayan_view_permissions = {'POST': [PERMISSION_DOCUMENT_TYPE_EDIT]} + mayan_view_permissions = {'POST': [permission_document_type_edit]} required_metadata = False def get_queryset(self): document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_TYPE_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_document_type_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_TYPE_VIEW, self.request.user, document_type) + AccessEntry.objects.check_access(permission_document_type_view, self.request.user, document_type) return document_type.metadata.filter(required=self.required_metadata) @@ -185,9 +185,9 @@ class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView): document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) + Permission.objects.check_permissions(self.request.user, [permission_document_type_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_TYPE_EDIT, self.request.user, document_type) + AccessEntry.objects.check_access(permission_document_type_edit, self.request.user, document_type) serializer = self.get_serializer(data=self.request.POST) @@ -221,9 +221,9 @@ class APIDocumentTypeMetadataTypeRequiredView(views.APIView): document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) + Permission.objects.check_permissions(self.request.user, [permission_document_type_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_TYPE_EDIT, self.request.user, document_type) + AccessEntry.objects.check_access(permission_document_type_edit, self.request.user, document_type) metadata_type = get_object_or_404(MetadataType, pk=self.kwargs['metadata_type_pk']) document_type.metadata_type.remove(metadata_type) diff --git a/mayan/apps/metadata/apps.py b/mayan/apps/metadata/apps.py index 6443943855..8c608cbf2a 100644 --- a/mayan/apps/metadata/apps.py +++ b/mayan/apps/metadata/apps.py @@ -35,8 +35,8 @@ from .links import ( ) from .models import DocumentTypeMetadataType, MetadataType from .permissions import ( - PERMISSION_METADATA_DOCUMENT_ADD, PERMISSION_METADATA_DOCUMENT_EDIT, - PERMISSION_METADATA_DOCUMENT_REMOVE, PERMISSION_METADATA_DOCUMENT_VIEW + permission_metadata_document_add, permission_metadata_document_edit, + permission_metadata_document_remove, permission_metadata_document_view ) logger = logging.getLogger(__name__) @@ -61,8 +61,8 @@ class MetadataApp(MayanAppConfig): SourceColumn(source=Document, label=_('Metadata'), attribute=encapsulate(lambda document: get_metadata_string(document))) class_permissions(Document, [ - PERMISSION_METADATA_DOCUMENT_ADD, PERMISSION_METADATA_DOCUMENT_EDIT, - PERMISSION_METADATA_DOCUMENT_REMOVE, PERMISSION_METADATA_DOCUMENT_VIEW, + permission_metadata_document_add, permission_metadata_document_edit, + permission_metadata_document_remove, permission_metadata_document_view, ]) document_search.add_model_field(field='metadata__metadata_type__name', label=_('Metadata type')) diff --git a/mayan/apps/metadata/links.py b/mayan/apps/metadata/links.py index c2b9ab1231..24f97a1c90 100644 --- a/mayan/apps/metadata/links.py +++ b/mayan/apps/metadata/links.py @@ -2,27 +2,27 @@ from __future__ import unicode_literals from django.utils.translation import ugettext_lazy as _ -from documents.permissions import PERMISSION_DOCUMENT_TYPE_EDIT +from documents.permissions import permission_document_type_edit from navigation import Link from .permissions import ( - PERMISSION_METADATA_DOCUMENT_ADD, PERMISSION_METADATA_DOCUMENT_EDIT, - PERMISSION_METADATA_DOCUMENT_REMOVE, PERMISSION_METADATA_DOCUMENT_VIEW, - PERMISSION_METADATA_TYPE_CREATE, PERMISSION_METADATA_TYPE_DELETE, - PERMISSION_METADATA_TYPE_EDIT, PERMISSION_METADATA_TYPE_VIEW + permission_metadata_document_add, permission_metadata_document_edit, + permission_metadata_document_remove, permission_metadata_document_view, + permission_metadata_type_create, permission_metadata_type_delete, + permission_metadata_type_edit, permission_metadata_type_view ) link_documents_missing_required_metadata = Link(icon='fa fa-edit', text=_('Missing metadata'), view='metadata:documents_missing_required_metadata') -link_metadata_add = Link(permissions=[PERMISSION_METADATA_DOCUMENT_ADD], text=_('Add metadata'), view='metadata:metadata_add', args='object.pk') -link_metadata_edit = Link(permissions=[PERMISSION_METADATA_DOCUMENT_EDIT], text=_('Edit metadata'), view='metadata:metadata_edit', args='object.pk') -link_metadata_multiple_add = Link(permissions=[PERMISSION_METADATA_DOCUMENT_ADD], text=_('Add metadata'), view='metadata:metadata_multiple_add') -link_metadata_multiple_edit = Link(permissions=[PERMISSION_METADATA_DOCUMENT_EDIT], text=_('Edit metadata'), view='metadata:metadata_multiple_edit') -link_metadata_multiple_remove = Link(permissions=[PERMISSION_METADATA_DOCUMENT_REMOVE], text=_('Remove metadata'), view='metadata:metadata_multiple_remove') -link_metadata_remove = Link(permissions=[PERMISSION_METADATA_DOCUMENT_REMOVE], text=_('Remove metadata'), view='metadata:metadata_remove', args='object.pk') -link_metadata_view = Link(permissions=[PERMISSION_METADATA_DOCUMENT_VIEW], text=_('Metadata'), view='metadata:metadata_view', args='object.pk') -link_setup_document_type_metadata = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], text=_('Optional metadata'), view='metadata:setup_document_type_metadata', args='resolved_object.pk') -link_setup_document_type_metadata_required = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], text=_('Required metadata'), view='metadata:setup_document_type_metadata_required', args='resolved_object.pk') -link_setup_metadata_type_create = Link(permissions=[PERMISSION_METADATA_TYPE_CREATE], text=_('Create new'), view='metadata:setup_metadata_type_create') -link_setup_metadata_type_delete = Link(permissions=[PERMISSION_METADATA_TYPE_DELETE], tags='dangerous', text=_('Delete'), view='metadata:setup_metadata_type_delete', args='object.pk') -link_setup_metadata_type_edit = Link(permissions=[PERMISSION_METADATA_TYPE_EDIT], text=_('Edit'), view='metadata:setup_metadata_type_edit', args='object.pk') -link_setup_metadata_type_list = Link(icon='fa fa-pencil', permissions=[PERMISSION_METADATA_TYPE_VIEW], text=_('Metadata types'), view='metadata:setup_metadata_type_list') +link_metadata_add = Link(permissions=[permission_metadata_document_add], text=_('add metadata'), view='metadata:metadata_add', args='object.pk') +link_metadata_edit = Link(permissions=[permission_metadata_document_edit], text=_('edit metadata'), view='metadata:metadata_edit', args='object.pk') +link_metadata_multiple_add = Link(permissions=[permission_metadata_document_add], text=_('add metadata'), view='metadata:metadata_multiple_add') +link_metadata_multiple_edit = Link(permissions=[permission_metadata_document_edit], text=_('edit metadata'), view='metadata:metadata_multiple_edit') +link_metadata_multiple_remove = Link(permissions=[permission_metadata_document_remove], text=_('remove metadata'), view='metadata:metadata_multiple_remove') +link_metadata_remove = Link(permissions=[permission_metadata_document_remove], text=_('remove metadata'), view='metadata:metadata_remove', args='object.pk') +link_metadata_view = Link(permissions=[permission_metadata_document_view], text=_('metadata'), view='metadata:metadata_view', args='object.pk') +link_setup_document_type_metadata = Link(permissions=[permission_document_type_edit], text=_('optional metadata'), view='metadata:setup_document_type_metadata', args='resolved_object.pk') +link_setup_document_type_metadata_required = Link(permissions=[permission_document_type_edit], text=_('required metadata'), view='metadata:setup_document_type_metadata_required', args='resolved_object.pk') +link_setup_metadata_type_create = Link(permissions=[permission_metadata_type_create], text=_('create new'), view='metadata:setup_metadata_type_create') +link_setup_metadata_type_delete = Link(permissions=[permission_metadata_type_delete], tags='dangerous', text=_('delete'), view='metadata:setup_metadata_type_delete', args='object.pk') +link_setup_metadata_type_edit = Link(permissions=[permission_metadata_type_edit], text=_('edit'), view='metadata:setup_metadata_type_edit', args='object.pk') +link_setup_metadata_type_list = Link(icon='fa fa-pencil', permissions=[permission_metadata_type_view], text=_('metadata types'), view='metadata:setup_metadata_type_list') diff --git a/mayan/apps/metadata/permissions.py b/mayan/apps/metadata/permissions.py index 4af727ef6e..daa2849217 100644 --- a/mayan/apps/metadata/permissions.py +++ b/mayan/apps/metadata/permissions.py @@ -2,16 +2,16 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import Permission, PermissionNamespace +from permissions.models import PermissionNamespace -metadata_namespace = PermissionNamespace('metadata', _('Metadata')) -PERMISSION_METADATA_DOCUMENT_EDIT = Permission.objects.register(metadata_namespace, 'metadata_document_edit', _('Edit a document\'s metadata')) -PERMISSION_METADATA_DOCUMENT_ADD = Permission.objects.register(metadata_namespace, 'metadata_document_add', _('Add metadata to a document')) -PERMISSION_METADATA_DOCUMENT_REMOVE = Permission.objects.register(metadata_namespace, 'metadata_document_remove', _('Remove metadata from a document')) -PERMISSION_METADATA_DOCUMENT_VIEW = Permission.objects.register(metadata_namespace, 'metadata_document_view', _('View metadata from a document')) +namespace = PermissionNamespace('metadata', _('Metadata')) +permission_metadata_document_edit = namespace.add_permission(name='metadata_document_edit', label=_('Edit a document\'s metadata')) +permission_metadata_document_add = namespace.add_permission(name='metadata_document_add', label=_('Add metadata to a document')) +permission_metadata_document_remove = namespace.add_permission(name='metadata_document_remove', label=_('Remove metadata from a document')) +permission_metadata_document_view = namespace.add_permission(name='metadata_document_view', label=_('View metadata from a document')) -metadata_setup_namespace = PermissionNamespace('metadata_setup', _('Metadata setup')) -PERMISSION_METADATA_TYPE_EDIT = Permission.objects.register(metadata_setup_namespace, 'metadata_type_edit', _('Edit metadata types')) -PERMISSION_METADATA_TYPE_CREATE = Permission.objects.register(metadata_setup_namespace, 'metadata_type_create', _('Create new metadata types')) -PERMISSION_METADATA_TYPE_DELETE = Permission.objects.register(metadata_setup_namespace, 'metadata_type_delete', _('Delete metadata types')) -PERMISSION_METADATA_TYPE_VIEW = Permission.objects.register(metadata_setup_namespace, 'metadata_type_view', _('View metadata types')) +setup_namespace = PermissionNamespace('metadata_setup', _('Metadata setup')) +permission_metadata_type_edit = setup_namespace.add_permission(name='metadata_type_edit', label=_('Edit metadata types')) +permission_metadata_type_create = setup_namespace.add_permission(name='metadata_type_create', label=_('Create new metadata types')) +permission_metadata_type_delete = setup_namespace.add_permission(name='metadata_type_delete', label=_('Delete metadata types')) +permission_metadata_type_view = setup_namespace.add_permission(name='metadata_type_view', label=_('View metadata types')) diff --git a/mayan/apps/metadata/views.py b/mayan/apps/metadata/views.py index deeb616294..d5d67229cf 100644 --- a/mayan/apps/metadata/views.py +++ b/mayan/apps/metadata/views.py @@ -15,7 +15,7 @@ from common.utils import encapsulate from common.views import AssignRemoveView from documents.models import Document, DocumentType from documents.permissions import ( - PERMISSION_DOCUMENT_TYPE_EDIT + permission_document_type_edit ) from documents.views import DocumentListView from permissions.models import Permission @@ -26,10 +26,10 @@ from .forms import ( ) from .models import DocumentMetadata, MetadataType from .permissions import ( - PERMISSION_METADATA_DOCUMENT_ADD, PERMISSION_METADATA_DOCUMENT_EDIT, - PERMISSION_METADATA_DOCUMENT_REMOVE, PERMISSION_METADATA_DOCUMENT_VIEW, - PERMISSION_METADATA_TYPE_CREATE, PERMISSION_METADATA_TYPE_DELETE, - PERMISSION_METADATA_TYPE_EDIT, PERMISSION_METADATA_TYPE_VIEW + permission_metadata_document_add, permission_metadata_document_edit, + permission_metadata_document_remove, permission_metadata_document_view, + permission_metadata_type_create, permission_metadata_type_delete, + permission_metadata_type_edit, permission_metadata_type_view ) @@ -48,9 +48,9 @@ def metadata_edit(request, document_id=None, document_id_list=None): documents = Document.objects.select_related('metadata').filter(pk__in=document_id_list.split(',')) try: - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_EDIT]) + Permission.objects.check_permissions(request.user, [permission_metadata_document_edit]) except PermissionDenied: - documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_METADATA_DOCUMENT_EDIT, request.user, documents) + documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_edit, request.user, documents) if not documents: if document_id: @@ -156,9 +156,9 @@ def metadata_add(request, document_id=None, document_id_list=None): return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) try: - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_ADD]) + Permission.objects.check_permissions(request.user, [permission_metadata_document_add]) except PermissionDenied: - documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_METADATA_DOCUMENT_ADD, request.user, documents) + documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_add, request.user, documents) if not documents: messages.error(request, _('Must provide at least one document.')) @@ -235,9 +235,9 @@ def metadata_remove(request, document_id=None, document_id_list=None): documents = Document.objects.select_related('metadata').filter(pk__in=document_id_list.split(',')) try: - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_REMOVE]) + Permission.objects.check_permissions(request.user, [permission_metadata_document_remove]) except PermissionDenied: - documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_METADATA_DOCUMENT_REMOVE, request.user, documents) + documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_remove, request.user, documents) if not documents: if document_id: @@ -329,9 +329,9 @@ def metadata_view(request, document_id): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_metadata_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_METADATA_DOCUMENT_VIEW, request.user, document) + AccessEntry.objects.check_access(permission_metadata_document_view, request.user, document) return render_to_response('appearance/generic_list.html', { 'title': _('Metadata for document: %s') % document, @@ -347,7 +347,7 @@ def metadata_view(request, document_id): # Setup views def setup_metadata_type_list(request): - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_TYPE_VIEW]) + Permission.objects.check_permissions(request.user, [permission_metadata_type_view]) context = { 'object_list': MetadataType.objects.all(), @@ -366,7 +366,7 @@ def setup_metadata_type_list(request): def setup_metadata_type_edit(request, metadatatype_id): - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_TYPE_EDIT]) + Permission.objects.check_permissions(request.user, [permission_metadata_type_edit]) metadata_type = get_object_or_404(MetadataType, pk=metadatatype_id) @@ -391,7 +391,7 @@ def setup_metadata_type_edit(request, metadatatype_id): def setup_metadata_type_create(request): - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_TYPE_CREATE]) + Permission.objects.check_permissions(request.user, [permission_metadata_type_create]) if request.method == 'POST': form = MetadataTypeForm(request.POST) @@ -409,7 +409,7 @@ def setup_metadata_type_create(request): def setup_metadata_type_delete(request, metadatatype_id): - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_TYPE_DELETE]) + Permission.objects.check_permissions(request.user, [permission_metadata_type_delete]) metadata_type = get_object_or_404(MetadataType, pk=metadatatype_id) @@ -447,7 +447,7 @@ class SetupDocumentTypeMetadataOptionalView(AssignRemoveView): self.document_type.metadata.create(metadata_type=item, required=False) def dispatch(self, request, *args, **kwargs): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) + Permission.objects.check_permissions(request.user, [permission_document_type_edit]) self.document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_id']) return super(SetupDocumentTypeMetadataOptionalView, self).dispatch(request, *args, **kwargs) diff --git a/mayan/apps/ocr/api_views.py b/mayan/apps/ocr/api_views.py index 75d5bb338a..843d92f8ad 100644 --- a/mayan/apps/ocr/api_views.py +++ b/mayan/apps/ocr/api_views.py @@ -12,7 +12,7 @@ from documents.models import DocumentVersion from permissions.models import Permission from rest_api.permissions import MayanPermission -from .permissions import PERMISSION_OCR_DOCUMENT +from .permissions import permission_ocr_document from .serializers import DocumentVersionOCRSerializer @@ -30,9 +30,9 @@ class DocumentVersionOCRView(generics.GenericAPIView): document_version = get_object_or_404(DocumentVersion, pk=serializer.data['document_version_id']) try: - Permission.objects.check_permissions(request.user, [PERMISSION_OCR_DOCUMENT]) + Permission.objects.check_permissions(request.user, [permission_ocr_document]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_OCR_DOCUMENT, request.user, document_version.document) + AccessEntry.objects.check_access(permission_ocr_document, request.user, document_version.document) document_version.submit_for_ocr() diff --git a/mayan/apps/ocr/apps.py b/mayan/apps/ocr/apps.py index 8edc0c35a5..0aac61c4b4 100644 --- a/mayan/apps/ocr/apps.py +++ b/mayan/apps/ocr/apps.py @@ -28,7 +28,7 @@ from .links import ( link_entry_re_queue, link_entry_re_queue_multiple ) from .models import DocumentVersionOCRError -from .permissions import PERMISSION_OCR_DOCUMENT, PERMISSION_OCR_CONTENT_VIEW +from .permissions import permission_ocr_document, permission_ocr_content_view from .settings import setting_pdftotext_path, setting_tesseract_path, setting_unpaper_path from .tasks import task_do_ocr @@ -61,7 +61,7 @@ class OCRApp(MayanAppConfig): class_permissions( Document, [ - PERMISSION_OCR_DOCUMENT, PERMISSION_OCR_CONTENT_VIEW + permission_ocr_document, permission_ocr_content_view ] ) diff --git a/mayan/apps/ocr/links.py b/mayan/apps/ocr/links.py index 6bfce33c7e..93a654b046 100644 --- a/mayan/apps/ocr/links.py +++ b/mayan/apps/ocr/links.py @@ -5,16 +5,16 @@ from django.utils.translation import ugettext_lazy as _ from navigation import Link from .permissions import ( - PERMISSION_OCR_CONTENT_VIEW, PERMISSION_OCR_DOCUMENT, - PERMISSION_OCR_DOCUMENT_DELETE, PERMISSION_DOCUMENT_TYPE_OCR_SETUP + permission_ocr_content_view, permission_ocr_document, + permission_ocr_document_delete, permission_document_type_ocr_setup ) -link_document_content = Link(permissions=[PERMISSION_OCR_CONTENT_VIEW], text=_('Content'), view='ocr:document_content', args='resolved_object.id') -link_document_submit = Link(permissions=[PERMISSION_OCR_DOCUMENT], text=_('Submit to OCR queue'), view='ocr:document_submit', args='object.id') +link_document_content = Link(permissions=[permission_ocr_content_view], text=_('content'), view='ocr:document_content', args='resolved_object.id') +link_document_submit = Link(permissions=[permission_ocr_document], text=_('submit to ocr queue'), view='ocr:document_submit', args='object.id') link_document_submit_multiple = Link(text=_('Submit to OCR queue'), view='ocr:document_submit_multiple') -link_document_type_ocr_settings = Link(permissions=[PERMISSION_DOCUMENT_TYPE_OCR_SETUP], text=_('Setup OCR'), view='ocr:document_type_ocr_settings', args='resolved_object.id') -link_entry_delete = Link(permissions=[PERMISSION_OCR_DOCUMENT_DELETE], text=_('Delete'), view='ocr:entry_delete', args='object.id') +link_document_type_ocr_settings = Link(permissions=[permission_document_type_ocr_setup], text=_('setup ocr'), view='ocr:document_type_ocr_settings', args='resolved_object.id') +link_entry_delete = Link(permissions=[permission_ocr_document_delete], text=_('delete'), view='ocr:entry_delete', args='object.id') link_entry_delete_multiple = Link(text=_('Delete'), view='ocr:entry_delete_multiple') -link_entry_list = Link(icon='fa fa-file-text-o', permissions=[PERMISSION_OCR_DOCUMENT], text=_('OCR Errors'), view='ocr:entry_list') -link_entry_re_queue = Link(permissions=[PERMISSION_OCR_DOCUMENT], text=_('Re-queue'), view='ocr:entry_re_queue', args='object.id') +link_entry_list = Link(icon='fa fa-file-text-o', permissions=[permission_ocr_document], text=_('ocr errors'), view='ocr:entry_list') +link_entry_re_queue = Link(permissions=[permission_ocr_document], text=_('re-queue'), view='ocr:entry_re_queue', args='object.id') link_entry_re_queue_multiple = Link(text=_('Re-queue'), view='ocr:entry_re_queue_multiple') diff --git a/mayan/apps/ocr/permissions.py b/mayan/apps/ocr/permissions.py index 038ce7a4e1..51fa8067ae 100644 --- a/mayan/apps/ocr/permissions.py +++ b/mayan/apps/ocr/permissions.py @@ -2,10 +2,11 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import Permission, PermissionNamespace +from permissions.models import PermissionNamespace -ocr_namespace = PermissionNamespace('ocr', _('OCR')) -PERMISSION_OCR_DOCUMENT = Permission.objects.register(ocr_namespace, 'ocr_document', _('Submit documents for OCR')) -PERMISSION_OCR_DOCUMENT_DELETE = Permission.objects.register(ocr_namespace, 'ocr_document_delete', _('Delete documents from OCR queue')) -PERMISSION_OCR_CONTENT_VIEW = Permission.objects.register(ocr_namespace, 'ocr_content_view', _('Can view the transcribed text from document')) -PERMISSION_DOCUMENT_TYPE_OCR_SETUP = Permission.objects.register(ocr_namespace, 'ocr_document_type_setup', _('Change document type OCR settings')) +namespace = PermissionNamespace('ocr', _('OCR')) + +permission_ocr_document = namespace.add_permission(name='ocr_document', label=_('Submit documents for OCR')) +permission_ocr_document_delete = namespace.add_permission(name='ocr_document_delete', label=_('Delete documents from OCR queue')) +permission_ocr_content_view = namespace.add_permission(name='ocr_content_view', label=_('Can view the transcribed text from document')) +permission_document_type_ocr_setup = namespace.add_permission(name='ocr_document_type_setup', label=_('Change document type OCR settings')) diff --git a/mayan/apps/ocr/views.py b/mayan/apps/ocr/views.py index f375b8729b..291d5eaee0 100644 --- a/mayan/apps/ocr/views.py +++ b/mayan/apps/ocr/views.py @@ -17,8 +17,8 @@ from permissions.models import Permission from .forms import DocumentContentForm from .models import DocumentTypeSettings, DocumentVersionOCRError from .permissions import ( - PERMISSION_OCR_CONTENT_VIEW, PERMISSION_OCR_DOCUMENT, - PERMISSION_OCR_DOCUMENT_DELETE, PERMISSION_DOCUMENT_TYPE_OCR_SETUP + permission_ocr_content_view, permission_ocr_document, + permission_ocr_document_delete, permission_document_type_ocr_setup ) @@ -38,9 +38,9 @@ class DocumentSubmitView(ConfirmView): document = obj try: - Permission.objects.check_permissions(request.user, [PERMISSION_OCR_DOCUMENT]) + Permission.objects.check_permissions(request.user, [permission_ocr_document]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_OCR_DOCUMENT, request.user, document) + AccessEntry.objects.check_access(permission_ocr_document, request.user, document) document.submit_for_ocr() messages.success(request, _('Document: %(document)s was added to the OCR queue.') % { @@ -79,7 +79,7 @@ class DocumentManySubmitView(DocumentSubmitView): class DocumentTypeSettingsEditView(SingleObjectEditView): fields = ('auto_ocr',) - view_permission = PERMISSION_DOCUMENT_TYPE_OCR_SETUP + view_permission = permission_document_type_ocr_setup def get_object(self, queryset=None): document_type = get_object_or_404(DocumentType, pk=self.kwargs['pk']) @@ -102,9 +102,9 @@ def document_content(request, document_id): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_OCR_CONTENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_ocr_content_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_OCR_CONTENT_VIEW, request.user, document) + AccessEntry.objects.check_access(permission_ocr_content_view, request.user, document) document.add_as_recent_document_for_user(request.user) @@ -121,7 +121,7 @@ def document_content(request, document_id): def entry_list(request): - Permission.objects.check_permissions(request.user, [PERMISSION_OCR_DOCUMENT]) + Permission.objects.check_permissions(request.user, [permission_ocr_document]) context = { 'object_list': DocumentVersionOCRError.objects.all(), @@ -134,7 +134,7 @@ def entry_list(request): def entry_delete(request, pk=None, pk_list=None): - Permission.objects.check_permissions(request.user, [PERMISSION_OCR_DOCUMENT_DELETE]) + Permission.objects.check_permissions(request.user, [permission_ocr_document_delete]) if pk: entries = [get_object_or_404(DocumentVersionOCRError, pk=pk)] @@ -183,7 +183,7 @@ def entry_delete_multiple(request): def entry_re_queue(request, pk=None, pk_list=None): - Permission.objects.check_permissions(request.user, [PERMISSION_OCR_DOCUMENT]) + Permission.objects.check_permissions(request.user, [permission_ocr_document]) if pk: entries = [get_object_or_404(DocumentVersionOCRError, pk=pk)] diff --git a/mayan/apps/permissions/api_views.py b/mayan/apps/permissions/api_views.py index 900fd771c9..30d00ad5bd 100644 --- a/mayan/apps/permissions/api_views.py +++ b/mayan/apps/permissions/api_views.py @@ -7,8 +7,8 @@ from rest_api.permissions import MayanPermission from .models import Role from .permissions import ( - PERMISSION_ROLE_CREATE, PERMISSION_ROLE_DELETE, PERMISSION_ROLE_EDIT, - PERMISSION_ROLE_VIEW + permission_role_create, permission_role_delete, permission_role_edit, + permission_role_view ) from .serializers import RoleSerializer @@ -19,8 +19,8 @@ class APIRoleListView(generics.ListCreateAPIView): permission_classes = (MayanPermission,) filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_ROLE_VIEW]} - mayan_view_permissions = {'POST': [PERMISSION_ROLE_CREATE]} + mayan_object_permissions = {'GET': [permission_role_view]} + mayan_view_permissions = {'POST': [permission_role_create]} def get(self, *args, **kwargs): """Returns a list of all the roles.""" @@ -37,10 +37,10 @@ class APIRoleView(generics.RetrieveUpdateDestroyAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_ROLE_VIEW], - 'PUT': [PERMISSION_ROLE_EDIT], - 'PATCH': [PERMISSION_ROLE_EDIT], - 'DELETE': [PERMISSION_ROLE_DELETE] + 'GET': [permission_role_view], + 'PUT': [permission_role_edit], + 'PATCH': [permission_role_edit], + 'DELETE': [permission_role_delete] } def delete(self, *args, **kwargs): diff --git a/mayan/apps/permissions/links.py b/mayan/apps/permissions/links.py index 0ad49b4507..b8748d482f 100644 --- a/mayan/apps/permissions/links.py +++ b/mayan/apps/permissions/links.py @@ -5,16 +5,16 @@ from django.utils.translation import ugettext_lazy as _ from navigation import Link from .permissions import ( - PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE, - PERMISSION_ROLE_CREATE, PERMISSION_ROLE_DELETE, PERMISSION_ROLE_EDIT, - PERMISSION_ROLE_VIEW + permission_permission_grant, permission_permission_revoke, + permission_role_create, permission_role_delete, permission_role_edit, + permission_role_view ) -link_permission_grant = Link(permissions=[PERMISSION_PERMISSION_GRANT], text=_('Grant'), view='permissions:permission_multiple_grant') -link_permission_revoke = Link(permissions=[PERMISSION_PERMISSION_REVOKE], text=_('Revoke'), view='permissions:permission_multiple_revoke') -link_role_create = Link(permissions=[PERMISSION_ROLE_CREATE], text=_('Create new role'), view='permissions:role_create') -link_role_delete = Link(permissions=[PERMISSION_ROLE_DELETE], tags='dangerous', text=_('Delete'), view='permissions:role_delete', args='object.id') -link_role_edit = Link(permissions=[PERMISSION_ROLE_EDIT], text=_('Edit'), view='permissions:role_edit', args='object.id') -link_role_list = Link(icon='fa fa-user-secret', permissions=[PERMISSION_ROLE_VIEW], text=_('Roles'), view='permissions:role_list') -link_role_members = Link(permissions=[PERMISSION_ROLE_EDIT], text=_('Members'), view='permissions:role_members', args='object.id') -link_role_permissions = Link(permissions=[PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE], text=_('Role permissions'), view='permissions:role_permissions', args='object.id') +link_permission_grant = Link(permissions=[permission_permission_grant], text=_('Grant'), view='permissions:permission_multiple_grant') +link_permission_revoke = Link(permissions=[permission_permission_revoke], text=_('Revoke'), view='permissions:permission_multiple_revoke') +link_role_create = Link(permissions=[permission_role_create], text=_('Create new role'), view='permissions:role_create') +link_role_delete = Link(permissions=[permission_role_delete], tags='dangerous', text=_('Delete'), view='permissions:role_delete', args='object.id') +link_role_edit = Link(permissions=[permission_role_edit], text=_('Edit'), view='permissions:role_edit', args='object.id') +link_role_list = Link(icon='fa fa-user-secret', permissions=[permission_role_view], text=_('Roles'), view='permissions:role_list') +link_role_members = Link(permissions=[permission_role_edit], text=_('Members'), view='permissions:role_members', args='object.id') +link_role_permissions = Link(permissions=[permission_permission_grant, permission_permission_revoke], text=_('Role permissions'), view='permissions:role_permissions', args='object.id') diff --git a/mayan/apps/permissions/models.py b/mayan/apps/permissions/models.py index cdbfbeaa0d..b698d3bf1d 100644 --- a/mayan/apps/permissions/models.py +++ b/mayan/apps/permissions/models.py @@ -27,6 +27,9 @@ class PermissionNamespace(object): def __unicode__(self): return unicode(self.label) + def add_permission(self, name, label): + return Permission(namespace=self, name=name, label=label) + class PermissionDoesNotExists(Exception): pass diff --git a/mayan/apps/permissions/permissions.py b/mayan/apps/permissions/permissions.py index 000f127770..e39ac9f6c5 100644 --- a/mayan/apps/permissions/permissions.py +++ b/mayan/apps/permissions/permissions.py @@ -2,13 +2,13 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from .models import Permission, PermissionNamespace +from .models import PermissionNamespace -permissions_namespace = PermissionNamespace('permissions', _('Permissions')) +namespace = PermissionNamespace('permissions', _('Permissions')) -PERMISSION_ROLE_VIEW = Permission.objects.register(permissions_namespace, 'role_view', _('View roles')) -PERMISSION_ROLE_EDIT = Permission.objects.register(permissions_namespace, 'role_edit', _('Edit roles')) -PERMISSION_ROLE_CREATE = Permission.objects.register(permissions_namespace, 'role_create', _('Create roles')) -PERMISSION_ROLE_DELETE = Permission.objects.register(permissions_namespace, 'role_delete', _('Delete roles')) -PERMISSION_PERMISSION_GRANT = Permission.objects.register(permissions_namespace, 'permission_grant', _('Grant permissions')) -PERMISSION_PERMISSION_REVOKE = Permission.objects.register(permissions_namespace, 'permission_revoke', _('Revoke permissions')) +permission_role_view = namespace.add_permission(name='role_view', label=_('View roles')) +permission_role_edit = namespace.add_permission(name='role_edit', label=_('Edit roles')) +permission_role_create = namespace.add_permission(name='role_create', label=_('Create roles')) +permission_role_delete = namespace.add_permission(name='role_delete', label=_('Delete roles')) +permission_permission_grant = namespace.add_permission(name='permission_grant', label=_('Grant permissions')) +permission_permission_revoke = namespace.add_permission(name='permission_revoke', label=_('Revoke permissions')) diff --git a/mayan/apps/permissions/views.py b/mayan/apps/permissions/views.py index 2c55f7754c..7ec43de888 100644 --- a/mayan/apps/permissions/views.py +++ b/mayan/apps/permissions/views.py @@ -25,9 +25,9 @@ from .classes import Member from .forms import RoleForm, RoleForm_view from .models import Permission, Role from .permissions import ( - PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE, - PERMISSION_ROLE_VIEW, PERMISSION_ROLE_CREATE, PERMISSION_ROLE_DELETE, - PERMISSION_ROLE_EDIT + permission_permission_grant, permission_permission_revoke, + permission_role_view, permission_role_create, permission_role_delete, + permission_role_edit ) from .utils import get_non_role_members, get_role_members @@ -35,19 +35,19 @@ from .utils import get_non_role_members, get_role_members class RoleCreateView(SingleObjectCreateView): form_class = RoleForm model = Role - view_permission = PERMISSION_ROLE_CREATE + view_permission = permission_role_create success_url = reverse_lazy('permissions:role_list') class RoleDeleteView(SingleObjectDeleteView): model = Role - view_permission = PERMISSION_ROLE_DELETE + view_permission = permission_role_delete success_url = reverse_lazy('permissions:role_list') class RoleEditView(SingleObjectEditView): model = Role - view_permission = PERMISSION_ROLE_EDIT + view_permission = permission_role_edit class SetupRoleMembersView(AssignRemoveView): @@ -58,7 +58,7 @@ class SetupRoleMembersView(AssignRemoveView): self.role.add_member(member) def dispatch(self, request, *args, **kwargs): - Permission.objects.check_permissions(request.user, [PERMISSION_ROLE_EDIT]) + Permission.objects.check_permissions(request.user, [permission_role_edit]) self.role = get_object_or_404(Role, pk=self.kwargs['role_id']) self.left_list_title = _('Non members of role: %s') % self.role self.right_list_title = _('Members of role: %s') % self.role @@ -85,7 +85,7 @@ class SetupRoleMembersView(AssignRemoveView): def role_list(request): - Permission.objects.check_permissions(request.user, [PERMISSION_ROLE_VIEW]) + Permission.objects.check_permissions(request.user, [permission_role_view]) context = { 'object_list': Role.objects.all(), @@ -98,7 +98,7 @@ def role_list(request): def role_permissions(request, role_id): - Permission.objects.check_permissions(request.user, [PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE]) + Permission.objects.check_permissions(request.user, [permission_permission_grant, permission_permission_revoke]) role = get_object_or_404(Role, pk=role_id) form = RoleForm_view(instance=role) @@ -137,7 +137,7 @@ def role_permissions(request, role_id): def permission_grant(request): - Permission.objects.check_permissions(request.user, [PERMISSION_PERMISSION_GRANT]) + Permission.objects.check_permissions(request.user, [permission_permission_grant]) items_property_list = loads(request.GET.get('items_property_list', [])) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -197,7 +197,7 @@ def permission_grant(request): def permission_revoke(request): - Permission.objects.check_permissions(request.user, [PERMISSION_PERMISSION_REVOKE]) + Permission.objects.check_permissions(request.user, [permission_permission_revoke]) items_property_list = loads(request.GET.get('items_property_list', [])) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None))) diff --git a/mayan/apps/sources/links.py b/mayan/apps/sources/links.py index 243ca8a127..ba94cc8298 100644 --- a/mayan/apps/sources/links.py +++ b/mayan/apps/sources/links.py @@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ from documents.permissions import ( - PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_NEW_VERSION + permission_document_create, permission_document_new_version ) from navigation import Link @@ -12,22 +12,22 @@ from .literals import ( SOURCE_CHOICE_STAGING, SOURCE_CHOICE_WATCH ) from .permissions import ( - PERMISSION_SOURCES_SETUP_CREATE, PERMISSION_SOURCES_SETUP_DELETE, - PERMISSION_SOURCES_SETUP_EDIT, PERMISSION_SOURCES_SETUP_VIEW + permission_sources_setup_create, permission_sources_setup_delete, + permission_sources_setup_edit, permission_sources_setup_view ) -link_document_create_multiple = Link(icon='fa fa-upload', permissions=[PERMISSION_DOCUMENT_CREATE], text=_('New document'), view='sources:document_create_multiple') -link_document_create_siblings = Link(permissions=[PERMISSION_DOCUMENT_CREATE], text=_('Clone'), view='sources:document_create_siblings', args='object.id') -link_setup_sources = Link(icon='fa fa-upload', permissions=[PERMISSION_SOURCES_SETUP_VIEW], text=_('Sources'), view='sources:setup_source_list') -link_setup_source_create_imap_email = Link(permissions=[PERMISSION_SOURCES_SETUP_CREATE], text=_('Add new IMAP email'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_EMAIL_IMAP) -link_setup_source_create_pop3_email = Link(permissions=[PERMISSION_SOURCES_SETUP_CREATE], text=_('Add new POP3 email'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_EMAIL_POP3) -link_setup_source_create_staging_folder = Link(permissions=[PERMISSION_SOURCES_SETUP_CREATE], text=_('Add new staging folder'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_STAGING) -link_setup_source_create_watch_folder = Link(permissions=[PERMISSION_SOURCES_SETUP_CREATE], text=_('Add new watch folder'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_WATCH) -link_setup_source_create_webform = Link(permissions=[PERMISSION_SOURCES_SETUP_CREATE], text=_('Add new webform source'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_WEB_FORM) -link_setup_source_delete = Link(permissions=[PERMISSION_SOURCES_SETUP_DELETE], tags='dangerous', text=_('Delete'), view='sources:setup_source_delete', args=['resolved_object.pk']) -link_setup_source_edit = Link(text=_('Edit'), view='sources:setup_source_edit', args=['resolved_object.pk'], permissions=[PERMISSION_SOURCES_SETUP_EDIT]) -link_source_list = Link(permissions=[PERMISSION_SOURCES_SETUP_VIEW], text=_('Document sources'), view='sources:setup_web_form_list') -link_staging_file_delete = Link(keep_query=True, permissions=[PERMISSION_DOCUMENT_NEW_VERSION, PERMISSION_DOCUMENT_CREATE], tags='dangerous', text=_('Delete'), view='sources:staging_file_delete', args=['source.pk', 'object.encoded_filename']) -link_upload_version = Link(permissions=[PERMISSION_DOCUMENT_NEW_VERSION], text=_('Upload new version'), view='sources:upload_version', args='object.pk') -link_setup_source_logs = Link(text=_('Logs'), view='sources:setup_source_logs', args=['resolved_object.pk'], permissions=[PERMISSION_SOURCES_SETUP_VIEW]) +link_document_create_multiple = Link(icon='fa fa-upload', permissions=[permission_document_create], text=_('new document'), view='sources:document_create_multiple') +link_document_create_siblings = Link(permissions=[permission_document_create], text=_('clone'), view='sources:document_create_siblings', args='object.id') +link_setup_sources = Link(icon='fa fa-upload', permissions=[permission_sources_setup_view], text=_('sources'), view='sources:setup_source_list') +link_setup_source_create_imap_email = Link(permissions=[permission_sources_setup_create], text=_('add new imap email'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_EMAIL_IMAP) +link_setup_source_create_pop3_email = Link(permissions=[permission_sources_setup_create], text=_('add new pop3 email'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_EMAIL_POP3) +link_setup_source_create_staging_folder = Link(permissions=[permission_sources_setup_create], text=_('add new staging folder'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_STAGING) +link_setup_source_create_watch_folder = Link(permissions=[permission_sources_setup_create], text=_('add new watch folder'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_WATCH) +link_setup_source_create_webform = Link(permissions=[permission_sources_setup_create], text=_('add new webform source'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_WEB_FORM) +link_setup_source_delete = Link(permissions=[permission_sources_setup_delete], tags='dangerous', text=_('delete'), view='sources:setup_source_delete', args=['resolved_object.pk']) +link_setup_source_edit = Link(text=_('Edit'), view='sources:setup_source_edit', args=['resolved_object.pk'], permissions=[permission_sources_setup_edit]) +link_source_list = Link(permissions=[permission_sources_setup_view], text=_('document sources'), view='sources:setup_web_form_list') +link_staging_file_delete = Link(keep_query=True, permissions=[permission_document_new_version, permission_document_create], tags='dangerous', text=_('delete'), view='sources:staging_file_delete', args=['source.pk', 'object.encoded_filename']) +link_upload_version = Link(permissions=[permission_document_new_version], text=_('upload new version'), view='sources:upload_version', args='object.pk') +link_setup_source_logs = Link(text=_('Logs'), view='sources:setup_source_logs', args=['resolved_object.pk'], permissions=[permission_sources_setup_view]) diff --git a/mayan/apps/sources/permissions.py b/mayan/apps/sources/permissions.py index 78fa41ec59..fdbe29fa69 100644 --- a/mayan/apps/sources/permissions.py +++ b/mayan/apps/sources/permissions.py @@ -2,10 +2,10 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import Permission, PermissionNamespace +from permissions.models import PermissionNamespace -sources_setup_namespace = PermissionNamespace('sources_setup', _('Sources setup')) -PERMISSION_SOURCES_SETUP_CREATE = Permission.objects.register(sources_setup_namespace, 'sources_setup_create', _('Create new document sources')) -PERMISSION_SOURCES_SETUP_DELETE = Permission.objects.register(sources_setup_namespace, 'sources_setup_delete', _('Delete document sources')) -PERMISSION_SOURCES_SETUP_EDIT = Permission.objects.register(sources_setup_namespace, 'sources_setup_edit', _('Edit document sources')) -PERMISSION_SOURCES_SETUP_VIEW = Permission.objects.register(sources_setup_namespace, 'sources_setup_view', _('View existing document sources')) +namespace = PermissionNamespace('sources_setup', _('Sources setup')) +permission_sources_setup_create = namespace.add_permission(name='sources_setup_create', label=_('Create new document sources')) +permission_sources_setup_delete = namespace.add_permission(name='sources_setup_delete', label=_('Delete document sources')) +permission_sources_setup_edit = namespace.add_permission(name='sources_setup_edit', label=_('Edit document sources')) +permission_sources_setup_view = namespace.add_permission(name='sources_setup_view', label=_('View existing document sources')) diff --git a/mayan/apps/sources/views.py b/mayan/apps/sources/views.py index 725f24f838..8b4f44b784 100644 --- a/mayan/apps/sources/views.py +++ b/mayan/apps/sources/views.py @@ -17,7 +17,7 @@ from common.utils import encapsulate from common.views import MultiFormView, ParentChildListView from documents.models import DocumentType, Document from documents.permissions import ( - PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_NEW_VERSION + permission_document_create, permission_document_new_version ) from documents.tasks import task_upload_new_version from metadata.api import decode_metadata_from_url @@ -35,15 +35,15 @@ from .models import ( InteractiveSource, Source, StagingFolderSource, WebFormSource ) from .permissions import ( - PERMISSION_SOURCES_SETUP_CREATE, PERMISSION_SOURCES_SETUP_DELETE, - PERMISSION_SOURCES_SETUP_EDIT, PERMISSION_SOURCES_SETUP_VIEW + permission_sources_setup_create, permission_sources_setup_delete, + permission_sources_setup_edit, permission_sources_setup_view ) from .tasks import task_source_upload_document from .utils import get_class, get_form_class, get_upload_form_class class SourceLogListView(ParentChildListView): - object_permission = PERMISSION_SOURCES_SETUP_VIEW + object_permission = permission_sources_setup_view parent_queryset = Source.objects.select_subclasses() def get_queryset(self): @@ -73,7 +73,7 @@ class SourceLogListView(ParentChildListView): def document_create_siblings(request, document_id): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE]) + Permission.objects.check_permissions(request.user, [permission_document_create]) document = get_object_or_404(Document, pk=document_id) query_dict = {} @@ -192,7 +192,7 @@ class UploadInteractiveView(UploadBaseView): def dispatch(self, request, *args, **kwargs): self.subtemplates_list = [] - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE]) + Permission.objects.check_permissions(request.user, [permission_document_create]) self.document_type = get_object_or_404(DocumentType, pk=self.request.GET.get('document_type_id', self.request.POST.get('document_type_id'))) @@ -275,9 +275,9 @@ class UploadInteractiveVersionView(UploadBaseView): self.document = get_object_or_404(Document, pk=kwargs['document_pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_NEW_VERSION]) + Permission.objects.check_permissions(self.request.user, [permission_document_new_version]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_NEW_VERSION, self.request.user, self.document) + AccessEntry.objects.check_access(permission_document_new_version, self.request.user, self.document) self.tab_links = get_active_tab_links(self.document) @@ -336,7 +336,7 @@ class UploadInteractiveVersionView(UploadBaseView): def staging_file_delete(request, staging_folder_pk, encoded_filename): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_NEW_VERSION]) + Permission.objects.check_permissions(request.user, [permission_document_create, permission_document_new_version]) staging_folder = get_object_or_404(StagingFolderSource, pk=staging_folder_pk) staging_file = staging_folder.get_file(encoded_filename=encoded_filename) @@ -365,7 +365,7 @@ def staging_file_delete(request, staging_folder_pk, encoded_filename): # Setup views def setup_source_list(request): - Permission.objects.check_permissions(request.user, [PERMISSION_SOURCES_SETUP_VIEW]) + Permission.objects.check_permissions(request.user, [permission_sources_setup_view]) context = { 'object_list': Source.objects.select_subclasses(), @@ -388,7 +388,7 @@ def setup_source_list(request): def setup_source_edit(request, source_id): - Permission.objects.check_permissions(request.user, [PERMISSION_SOURCES_SETUP_EDIT]) + Permission.objects.check_permissions(request.user, [permission_sources_setup_edit]) source = get_object_or_404(Source.objects.select_subclasses(), pk=source_id) form_class = get_form_class(source.source_type) @@ -418,7 +418,7 @@ def setup_source_edit(request, source_id): def setup_source_delete(request, source_id): - Permission.objects.check_permissions(request.user, [PERMISSION_SOURCES_SETUP_DELETE]) + Permission.objects.check_permissions(request.user, [permission_sources_setup_delete]) source = get_object_or_404(Source.objects.select_subclasses(), pk=source_id) redirect_view = reverse('sources:setup_source_list') @@ -448,7 +448,7 @@ def setup_source_delete(request, source_id): def setup_source_create(request, source_type): - Permission.objects.check_permissions(request.user, [PERMISSION_SOURCES_SETUP_CREATE]) + Permission.objects.check_permissions(request.user, [permission_sources_setup_create]) cls = get_class(source_type) form_class = get_form_class(source_type) diff --git a/mayan/apps/sources/wizards.py b/mayan/apps/sources/wizards.py index aafffbd74a..e9b2580488 100644 --- a/mayan/apps/sources/wizards.py +++ b/mayan/apps/sources/wizards.py @@ -9,7 +9,7 @@ from django.utils.translation import ugettext_lazy as _ from common.mixins import ViewPermissionCheckMixin from documents.forms import DocumentTypeSelectForm -from documents.permissions import PERMISSION_DOCUMENT_CREATE +from documents.permissions import permission_document_create from metadata.forms import MetadataFormSet from .models import InteractiveSource @@ -19,7 +19,7 @@ class DocumentCreateWizard(ViewPermissionCheckMixin, SessionWizardView): form_list = [DocumentTypeSelectForm, MetadataFormSet] template_name = 'appearance/generic_wizard.html' extra_context = {} - view_permission = PERMISSION_DOCUMENT_CREATE + view_permission = permission_document_create @staticmethod def _has_metadata_types(wizard): diff --git a/mayan/apps/tags/api_views.py b/mayan/apps/tags/api_views.py index 37d4d5aa39..7a8868a54f 100644 --- a/mayan/apps/tags/api_views.py +++ b/mayan/apps/tags/api_views.py @@ -8,14 +8,14 @@ from rest_framework.response import Response from acls.models import AccessEntry from documents.models import Document -from documents.permissions import PERMISSION_DOCUMENT_VIEW +from documents.permissions import permission_document_view from permissions.models import Permission from rest_api.filters import MayanObjectPermissionsFilter from rest_api.permissions import MayanPermission from .models import Tag from .permissions import ( - PERMISSION_TAG_ATTACH, PERMISSION_TAG_REMOVE, PERMISSION_TAG_VIEW + permission_tag_attach, permission_tag_remove, permission_tag_view ) from .serializers import TagSerializer @@ -25,7 +25,7 @@ class APITagView(generics.RetrieveUpdateDestroyAPIView): queryset = Tag.objects.all() permission_classes = (MayanPermission,) - mayan_object_permissions = {'GET': [PERMISSION_TAG_VIEW]} + mayan_object_permissions = {'GET': [permission_tag_view]} def delete(self, *args, **kwargs): """Delete the selected tag.""" @@ -49,7 +49,7 @@ class APITagListView(generics.ListCreateAPIView): queryset = Tag.objects.all() filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_TAG_VIEW]} + mayan_object_permissions = {'GET': [permission_tag_view]} def get(self, *args, **kwargs): """Returns a list of all the tags.""" @@ -66,7 +66,7 @@ class APITagDocumentListView(generics.ListAPIView): """ filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]} + mayan_object_permissions = {'GET': [permission_document_view]} def get_serializer_class(self): from documents.serializers import DocumentSerializer @@ -75,9 +75,9 @@ class APITagDocumentListView(generics.ListAPIView): def get_queryset(self): tag = get_object_or_404(Tag, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_TAG_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_tag_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_TAG_VIEW, self.request.user, tag) + AccessEntry.objects.check_access(permission_tag_view, self.request.user, tag) queryset = tag.documents.all() return queryset @@ -91,14 +91,14 @@ class APIDocumentTagListView(generics.ListAPIView): serializer_class = TagSerializer filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_TAG_VIEW]} + mayan_object_permissions = {'GET': [permission_tag_view]} def get_queryset(self): document = get_object_or_404(Document, pk=self.kwargs['pk']) try: - Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(self.request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, self.request.user, document) + AccessEntry.objects.check_access(permission_document_view, self.request.user, document) queryset = document.tags.all() return queryset @@ -112,9 +112,9 @@ class APIDocumentTagView(views.APIView): document = get_object_or_404(Document, pk=self.kwargs['document_pk']) try: - Permission.objects.check_permissions(request.user, [PERMISSION_TAG_REMOVE]) + Permission.objects.check_permissions(request.user, [permission_tag_remove]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_TAG_REMOVE, request.user, document) + AccessEntry.objects.check_access(permission_tag_remove, request.user, document) tag = get_object_or_404(Tag, pk=self.kwargs['pk']) tag.documents.remove(document) @@ -127,9 +127,9 @@ class APIDocumentTagView(views.APIView): document = get_object_or_404(Document, pk=self.kwargs['document_pk']) try: - Permission.objects.check_permissions(request.user, [PERMISSION_TAG_ATTACH]) + Permission.objects.check_permissions(request.user, [permission_tag_attach]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_TAG_ATTACH, request.user, document) + AccessEntry.objects.check_access(permission_tag_attach, request.user, document) tag = get_object_or_404(Tag, pk=self.kwargs['pk']) tag.documents.add(document) diff --git a/mayan/apps/tags/apps.py b/mayan/apps/tags/apps.py index 348875fb15..23f1602e4b 100644 --- a/mayan/apps/tags/apps.py +++ b/mayan/apps/tags/apps.py @@ -21,8 +21,8 @@ from .links import ( ) from .models import Tag from .permissions import ( - PERMISSION_TAG_ATTACH, PERMISSION_TAG_DELETE, PERMISSION_TAG_EDIT, - PERMISSION_TAG_REMOVE, PERMISSION_TAG_VIEW + permission_tag_attach, permission_tag_delete, permission_tag_edit, + permission_tag_remove, permission_tag_view ) from .widgets import widget_inline_tags, widget_single_tag @@ -42,10 +42,10 @@ class TagsApp(MayanAppConfig): SourceColumn(source=Tag, label=_('Tagged items'), attribute=encapsulate(lambda tag: tag.documents.count())) class_permissions(Document, [ - PERMISSION_TAG_ATTACH, PERMISSION_TAG_REMOVE, + permission_tag_attach, permission_tag_remove, ]) class_permissions(Tag, [ - PERMISSION_TAG_DELETE, PERMISSION_TAG_EDIT, PERMISSION_TAG_VIEW, + permission_tag_delete, permission_tag_edit, permission_tag_view, ]) document_search.add_model_field(field='tags__label', label=_('Tags')) diff --git a/mayan/apps/tags/forms.py b/mayan/apps/tags/forms.py index 4555acf614..700a40569c 100644 --- a/mayan/apps/tags/forms.py +++ b/mayan/apps/tags/forms.py @@ -10,7 +10,7 @@ from acls.models import AccessEntry from permissions.models import Permission from .models import Tag -from .permissions import PERMISSION_TAG_VIEW +from .permissions import permission_tag_view logger = logging.getLogger(__name__) @@ -33,9 +33,9 @@ class TagListForm(forms.Form): queryset = Tag.objects.all() try: - Permission.objects.check_permissions(user, [PERMISSION_TAG_VIEW]) + Permission.objects.check_permissions(user, [permission_tag_view]) except PermissionDenied: - queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_TAG_VIEW, user, queryset) + queryset = AccessEntry.objects.filter_objects_by_access(permission_tag_view, user, queryset) self.fields['tag'] = forms.ModelChoiceField( queryset=queryset, diff --git a/mayan/apps/tags/links.py b/mayan/apps/tags/links.py index 7861044b28..2c7a34b8a2 100644 --- a/mayan/apps/tags/links.py +++ b/mayan/apps/tags/links.py @@ -2,24 +2,24 @@ from __future__ import unicode_literals from django.utils.translation import ugettext_lazy as _ -from acls.permissions import ACLS_VIEW_ACL +from acls.permissions import acls_view_acl from navigation import Link from .permissions import ( - PERMISSION_TAG_ATTACH, PERMISSION_TAG_CREATE, PERMISSION_TAG_DELETE, - PERMISSION_TAG_EDIT, PERMISSION_TAG_REMOVE + permission_tag_attach, permission_tag_create, permission_tag_delete, + permission_tag_edit, permission_tag_remove ) link_multiple_documents_tag_remove = Link(text=_('Remove tag'), view='tags:multiple_documents_selection_tag_remove') link_multiple_documents_attach_tag = Link(text=_('Attach tag'), view='tags:multiple_documents_tag_attach') -link_single_document_multiple_tag_remove = Link(permissions=[PERMISSION_TAG_REMOVE], text=_('Remove tags'), view='tags:single_document_multiple_tag_remove', args='document.id') -link_tag_acl_list = Link(permissions=[ACLS_VIEW_ACL], text=_('ACLs'), view='tags:tag_acl_list', args='object.pk') -link_tag_attach = Link(permissions=[PERMISSION_TAG_ATTACH], text=_('Attach tag'), view='tags:tag_attach', args='object.pk') -link_tag_create = Link(permissions=[PERMISSION_TAG_CREATE], text=_('Create new tag'), view='tags:tag_create') -link_tag_delete = Link(permissions=[PERMISSION_TAG_DELETE], tags='dangerous', text=_('Delete'), view='tags:tag_delete', args='object.id') -link_tag_edit = Link(permissions=[PERMISSION_TAG_EDIT], text=_('Edit'), view='tags:tag_edit', args='object.id') -link_tag_document_list = Link(permissions=[PERMISSION_TAG_REMOVE, PERMISSION_TAG_ATTACH], text=_('Tags'), view='tags:document_tags', args='object.pk') +link_single_document_multiple_tag_remove = Link(permissions=[permission_tag_remove], text=_('remove tags'), view='tags:single_document_multiple_tag_remove', args='document.id') +link_tag_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='tags:tag_acl_list', args='object.pk') +link_tag_attach = Link(permissions=[permission_tag_attach], text=_('attach tag'), view='tags:tag_attach', args='object.pk') +link_tag_create = Link(permissions=[permission_tag_create], text=_('create new tag'), view='tags:tag_create') +link_tag_delete = Link(permissions=[permission_tag_delete], tags='dangerous', text=_('delete'), view='tags:tag_delete', args='object.id') +link_tag_edit = Link(permissions=[permission_tag_edit], text=_('edit'), view='tags:tag_edit', args='object.id') +link_tag_document_list = Link(permissions=[permission_tag_remove, permission_tag_attach], text=_('tags'), view='tags:document_tags', args='object.pk') link_tag_list = Link(icon='fa fa-tag', text=_('Tags'), view='tags:tag_list') -link_tag_multiple_delete = Link(permissions=[PERMISSION_TAG_DELETE], text=_('Delete'), view='tags:tag_multiple_delete') +link_tag_multiple_delete = Link(permissions=[permission_tag_delete], text=_('delete'), view='tags:tag_multiple_delete') link_tag_tagged_item_list = Link(text=('Documents'), view='tags:tag_tagged_item_list', args='object.id') diff --git a/mayan/apps/tags/permissions.py b/mayan/apps/tags/permissions.py index 49b800b450..4c2532d721 100644 --- a/mayan/apps/tags/permissions.py +++ b/mayan/apps/tags/permissions.py @@ -2,13 +2,13 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace -tags_namespace = PermissionNamespace('tags', _('Tags')) +namespace = PermissionNamespace('tags', _('Tags')) -PERMISSION_TAG_CREATE = Permission.objects.register(tags_namespace, 'tag_create', _('Create new tags')) -PERMISSION_TAG_DELETE = Permission.objects.register(tags_namespace, 'tag_delete', _('Delete tags')) -PERMISSION_TAG_EDIT = Permission.objects.register(tags_namespace, 'tag_edit', _('Edit tags')) -PERMISSION_TAG_VIEW = Permission.objects.register(tags_namespace, 'tag_view', _('View tags')) -PERMISSION_TAG_ATTACH = Permission.objects.register(tags_namespace, 'tag_attach', _('Attach tags to documents')) -PERMISSION_TAG_REMOVE = Permission.objects.register(tags_namespace, 'tag_remove', _('Remove tags from documents')) +permission_tag_create = namespace.add_permission(name='tag_create', label=_('Create new tags')) +permission_tag_delete = namespace.add_permission(name='tag_delete', label=_('Delete tags')) +permission_tag_edit = namespace.add_permission(name='tag_edit', label=_('Edit tags')) +permission_tag_view = namespace.add_permission(name='tag_view', label=_('View tags')) +permission_tag_attach = namespace.add_permission(name='tag_attach', label=_('Attach tags to documents')) +permission_tag_remove = namespace.add_permission(name='tag_remove', label=_('Remove tags from documents')) diff --git a/mayan/apps/tags/views.py b/mayan/apps/tags/views.py index efa2fe1962..6a56265329 100644 --- a/mayan/apps/tags/views.py +++ b/mayan/apps/tags/views.py @@ -16,21 +16,21 @@ from acls.views import acl_list_for from acls.utils import apply_default_acls from documents.models import Document from documents.views import DocumentListView -from documents.permissions import PERMISSION_DOCUMENT_VIEW +from documents.permissions import permission_document_view from permissions.models import Permission from .forms import TagForm, TagListForm from .models import Tag from .permissions import ( - PERMISSION_TAG_ATTACH, PERMISSION_TAG_CREATE, PERMISSION_TAG_DELETE, - PERMISSION_TAG_EDIT, PERMISSION_TAG_REMOVE, PERMISSION_TAG_VIEW + permission_tag_attach, permission_tag_create, permission_tag_delete, + permission_tag_edit, permission_tag_remove, permission_tag_view ) logger = logging.getLogger(__name__) def tag_create(request): - Permission.objects.check_permissions(request.user, [PERMISSION_TAG_CREATE]) + Permission.objects.check_permissions(request.user, [permission_tag_create]) redirect_url = reverse('tags:tag_list') if request.method == 'POST': @@ -61,9 +61,9 @@ def tag_attach(request, document_id=None, document_id_list=None): return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) try: - Permission.objects.check_permissions(request.user, [PERMISSION_TAG_ATTACH]) + Permission.objects.check_permissions(request.user, [permission_tag_attach]) except PermissionDenied: - documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_TAG_ATTACH, request.user, documents) + documents = AccessEntry.objects.filter_objects_by_access(permission_tag_attach, request.user, documents) post_action_redirect = None previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -123,9 +123,9 @@ def tag_list(request, queryset=None, extra_context=None): queryset = queryset if not (queryset is None) else Tag.objects.all() try: - Permission.objects.check_permissions(request.user, [PERMISSION_TAG_VIEW]) + Permission.objects.check_permissions(request.user, [permission_tag_view]) except PermissionDenied: - queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_TAG_VIEW, request.user, queryset) + queryset = AccessEntry.objects.filter_objects_by_access(permission_tag_view, request.user, queryset) context['object_list'] = queryset @@ -146,9 +146,9 @@ def tag_delete(request, tag_id=None, tag_id_list=None): return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) try: - Permission.objects.check_permissions(request.user, [PERMISSION_TAG_DELETE]) + Permission.objects.check_permissions(request.user, [permission_tag_delete]) except PermissionDenied: - tags = AccessEntry.objects.filter_objects_by_access(PERMISSION_TAG_DELETE, request.user, tags) + tags = AccessEntry.objects.filter_objects_by_access(permission_tag_delete, request.user, tags) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -194,9 +194,9 @@ def tag_edit(request, tag_id): tag = get_object_or_404(Tag, pk=tag_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_TAG_EDIT]) + Permission.objects.check_permissions(request.user, [permission_tag_edit]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_TAG_EDIT, request.user, tag) + AccessEntry.objects.check_access(permission_tag_edit, request.user, tag) if request.method == 'POST': form = TagForm(data=request.POST, instance=tag) @@ -233,9 +233,9 @@ def document_tags(request, document_id): document = get_object_or_404(Document, pk=document_id) try: - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) + Permission.objects.check_permissions(request.user, [permission_document_view]) except PermissionDenied: - AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) + AccessEntry.objects.check_access(permission_document_view, request.user, document) context = { 'object': document, @@ -256,9 +256,9 @@ def tag_remove(request, document_id=None, document_id_list=None, tag_id=None, ta return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) try: - Permission.objects.check_permissions(request.user, [PERMISSION_TAG_REMOVE]) + Permission.objects.check_permissions(request.user, [permission_tag_remove]) except PermissionDenied: - documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_TAG_REMOVE, request.user, documents, exception_on_empty=True) + documents = AccessEntry.objects.filter_objects_by_access(permission_tag_remove, request.user, documents, exception_on_empty=True) post_action_redirect = None diff --git a/mayan/apps/user_management/api_views.py b/mayan/apps/user_management/api_views.py index 685ea86387..0039658d19 100644 --- a/mayan/apps/user_management/api_views.py +++ b/mayan/apps/user_management/api_views.py @@ -8,9 +8,9 @@ from rest_api.filters import MayanObjectPermissionsFilter from rest_api.permissions import MayanPermission from .permissions import ( - PERMISSION_GROUP_CREATE, PERMISSION_GROUP_DELETE, PERMISSION_GROUP_EDIT, - PERMISSION_GROUP_VIEW, PERMISSION_USER_CREATE, PERMISSION_USER_DELETE, - PERMISSION_USER_EDIT, PERMISSION_USER_VIEW + permission_group_create, permission_group_delete, permission_group_edit, + permission_group_view, permission_user_create, permission_user_delete, + permission_user_edit, permission_user_view ) from .serializers import GroupSerializer, UserSerializer @@ -21,8 +21,8 @@ class APIGroupListView(generics.ListCreateAPIView): permission_classes = (MayanPermission,) filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_GROUP_VIEW]} - mayan_view_permissions = {'POST': [PERMISSION_GROUP_CREATE]} + mayan_object_permissions = {'GET': [permission_group_view]} + mayan_view_permissions = {'POST': [permission_group_create]} def get(self, *args, **kwargs): """Returns a list of all the groups.""" @@ -39,10 +39,10 @@ class APIGroupView(generics.RetrieveUpdateDestroyAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_GROUP_VIEW], - 'PUT': [PERMISSION_GROUP_EDIT], - 'PATCH': [PERMISSION_GROUP_EDIT], - 'DELETE': [PERMISSION_GROUP_DELETE] + 'GET': [permission_group_view], + 'PUT': [permission_group_edit], + 'PATCH': [permission_group_edit], + 'DELETE': [permission_group_delete] } def delete(self, *args, **kwargs): @@ -68,8 +68,8 @@ class APIUserListView(generics.ListCreateAPIView): permission_classes = (MayanPermission,) filter_backends = (MayanObjectPermissionsFilter,) - mayan_object_permissions = {'GET': [PERMISSION_USER_VIEW]} - mayan_view_permissions = {'POST': [PERMISSION_USER_CREATE]} + mayan_object_permissions = {'GET': [permission_user_view]} + mayan_view_permissions = {'POST': [permission_user_create]} def get(self, *args, **kwargs): """Returns a list of all the users.""" @@ -86,10 +86,10 @@ class APIUserView(generics.RetrieveUpdateDestroyAPIView): permission_classes = (MayanPermission,) mayan_object_permissions = { - 'GET': [PERMISSION_USER_VIEW], - 'PUT': [PERMISSION_USER_EDIT], - 'PATCH': [PERMISSION_USER_EDIT], - 'DELETE': [PERMISSION_USER_DELETE] + 'GET': [permission_user_view], + 'PUT': [permission_user_edit], + 'PATCH': [permission_user_edit], + 'DELETE': [permission_user_delete] } def delete(self, *args, **kwargs): diff --git a/mayan/apps/user_management/links.py b/mayan/apps/user_management/links.py index 8a152572d7..77d724be5b 100644 --- a/mayan/apps/user_management/links.py +++ b/mayan/apps/user_management/links.py @@ -5,24 +5,24 @@ from django.utils.translation import ugettext_lazy as _ from navigation import Link from .permissions import ( - PERMISSION_GROUP_CREATE, PERMISSION_GROUP_DELETE, PERMISSION_GROUP_EDIT, - PERMISSION_GROUP_VIEW, PERMISSION_USER_CREATE, PERMISSION_USER_DELETE, - PERMISSION_USER_EDIT, PERMISSION_USER_VIEW + permission_group_create, permission_group_delete, permission_group_edit, + permission_group_view, permission_user_create, permission_user_delete, + permission_user_edit, permission_user_view ) -link_group_add = Link(permissions=[PERMISSION_GROUP_CREATE], text=_('Create new group'), view='user_management:group_add') -link_group_delete = Link(permissions=[PERMISSION_GROUP_DELETE], tags='dangerous', text=_('Delete'), view='user_management:group_delete', args='object.id') -link_group_edit = Link(permissions=[PERMISSION_GROUP_EDIT], text=_('Edit'), view='user_management:group_edit', args='object.id') -link_group_list = Link(permissions=[PERMISSION_GROUP_VIEW], text=_('Groups'), view='user_management:group_list') -link_group_members = Link(permissions=[PERMISSION_GROUP_EDIT], text=_('Members'), view='user_management:group_members', args='object.id') -link_group_multiple_delete = Link(permissions=[PERMISSION_GROUP_DELETE], text=_('Delete'), view='user_management:group_multiple_delete') -link_group_setup = Link(icon='fa fa-group', permissions=[PERMISSION_GROUP_VIEW], text=_('Groups'), view='user_management:group_list') -link_user_add = Link(permissions=[PERMISSION_USER_CREATE], text=_('Create new user'), view='user_management:user_add') -link_user_delete = Link(permissions=[PERMISSION_USER_DELETE], tags='dangerous', text=_('Delete'), view='user_management:user_delete', args='object.id') -link_user_edit = Link(permissions=[PERMISSION_USER_EDIT], text=_('Edit'), view='user_management:user_edit', args='object.id') -link_user_groups = Link(permissions=[PERMISSION_USER_EDIT], text=_('Groups'), view='user_management:user_groups', args='object.id') -link_user_list = Link(permissions=[PERMISSION_USER_VIEW], text=_('Users'), view='user_management:user_list') -link_user_multiple_delete = Link(permissions=[PERMISSION_USER_DELETE], tags='dangerous', text=_('Delete'), view='user_management:user_multiple_delete') -link_user_multiple_set_password = Link(permissions=[PERMISSION_USER_EDIT], text=_('Reset password'), view='user_management:user_multiple_set_password') -link_user_set_password = Link(permissions=[PERMISSION_USER_EDIT], text=_('Reset password'), view='user_management:user_set_password', args='object.id') -link_user_setup = Link(icon='fa fa-user', permissions=[PERMISSION_USER_VIEW], text=_('Users'), view='user_management:user_list') +link_group_add = Link(permissions=[permission_group_create], text=_('create new group'), view='user_management:group_add') +link_group_delete = Link(permissions=[permission_group_delete], tags='dangerous', text=_('delete'), view='user_management:group_delete', args='object.id') +link_group_edit = Link(permissions=[permission_group_edit], text=_('edit'), view='user_management:group_edit', args='object.id') +link_group_list = Link(permissions=[permission_group_view], text=_('groups'), view='user_management:group_list') +link_group_members = Link(permissions=[permission_group_edit], text=_('members'), view='user_management:group_members', args='object.id') +link_group_multiple_delete = Link(permissions=[permission_group_delete], text=_('delete'), view='user_management:group_multiple_delete') +link_group_setup = Link(icon='fa fa-group', permissions=[permission_group_view], text=_('groups'), view='user_management:group_list') +link_user_add = Link(permissions=[permission_user_create], text=_('create new user'), view='user_management:user_add') +link_user_delete = Link(permissions=[permission_user_delete], tags='dangerous', text=_('delete'), view='user_management:user_delete', args='object.id') +link_user_edit = Link(permissions=[permission_user_edit], text=_('edit'), view='user_management:user_edit', args='object.id') +link_user_groups = Link(permissions=[permission_user_edit], text=_('groups'), view='user_management:user_groups', args='object.id') +link_user_list = Link(permissions=[permission_user_view], text=_('users'), view='user_management:user_list') +link_user_multiple_delete = Link(permissions=[permission_user_delete], tags='dangerous', text=_('delete'), view='user_management:user_multiple_delete') +link_user_multiple_set_password = Link(permissions=[permission_user_edit], text=_('reset password'), view='user_management:user_multiple_set_password') +link_user_set_password = Link(permissions=[permission_user_edit], text=_('reset password'), view='user_management:user_set_password', args='object.id') +link_user_setup = Link(icon='fa fa-user', permissions=[permission_user_view], text=_('users'), view='user_management:user_list') diff --git a/mayan/apps/user_management/permissions.py b/mayan/apps/user_management/permissions.py index af7245e58e..c850ed6748 100644 --- a/mayan/apps/user_management/permissions.py +++ b/mayan/apps/user_management/permissions.py @@ -2,16 +2,15 @@ from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy as _ -from permissions.models import PermissionNamespace, Permission +from permissions.models import PermissionNamespace -user_management_namespace = PermissionNamespace('user_management', _('User management')) +namespace = PermissionNamespace('user_management', _('User management')) -PERMISSION_USER_CREATE = Permission.objects.register(user_management_namespace, 'user_create', _('Create new users')) -PERMISSION_USER_EDIT = Permission.objects.register(user_management_namespace, 'user_edit', _('Edit existing users')) -PERMISSION_USER_VIEW = Permission.objects.register(user_management_namespace, 'user_view', _('View existing users')) -PERMISSION_USER_DELETE = Permission.objects.register(user_management_namespace, 'user_delete', _('Delete existing users')) - -PERMISSION_GROUP_CREATE = Permission.objects.register(user_management_namespace, 'group_create', _('Create new groups')) -PERMISSION_GROUP_EDIT = Permission.objects.register(user_management_namespace, 'group_edit', _('Edit existing groups')) -PERMISSION_GROUP_VIEW = Permission.objects.register(user_management_namespace, 'group_view', _('View existing groups')) -PERMISSION_GROUP_DELETE = Permission.objects.register(user_management_namespace, 'group_delete', _('Delete existing groups')) +permission_user_create = namespace.add_permission(name='user_create', label=_('Create new users')) +permission_user_edit = namespace.add_permission(name='user_edit', label=_('Edit existing users')) +permission_user_view = namespace.add_permission(name='user_view', label=_('View existing users')) +permission_user_delete = namespace.add_permission(name='user_delete', label=_('Delete existing users')) +permission_group_create = namespace.add_permission(name='group_create', label=_('Create new groups')) +permission_group_edit = namespace.add_permission(name='group_edit', label=_('Edit existing groups')) +permission_group_view = namespace.add_permission(name='group_view', label=_('View existing groups')) +permission_group_delete = namespace.add_permission(name='group_delete', label=_('Delete existing groups')) diff --git a/mayan/apps/user_management/views.py b/mayan/apps/user_management/views.py index f647028943..fafeaf9fbd 100644 --- a/mayan/apps/user_management/views.py +++ b/mayan/apps/user_management/views.py @@ -17,14 +17,14 @@ from permissions.models import Permission from .forms import GroupForm, PasswordForm, UserForm from .permissions import ( - PERMISSION_GROUP_CREATE, PERMISSION_GROUP_DELETE, PERMISSION_GROUP_EDIT, - PERMISSION_GROUP_VIEW, PERMISSION_USER_CREATE, PERMISSION_USER_DELETE, - PERMISSION_USER_EDIT, PERMISSION_USER_VIEW + permission_group_create, permission_group_delete, permission_group_edit, + permission_group_view, permission_user_create, permission_user_delete, + permission_user_edit, permission_user_view ) def user_list(request): - Permission.objects.check_permissions(request.user, [PERMISSION_USER_VIEW]) + Permission.objects.check_permissions(request.user, [permission_user_view]) context = { 'object_list': get_user_model().objects.exclude(is_superuser=True).exclude(is_staff=True).order_by('username'), @@ -55,7 +55,7 @@ def user_list(request): def user_edit(request, user_id): - Permission.objects.check_permissions(request.user, [PERMISSION_USER_EDIT]) + Permission.objects.check_permissions(request.user, [permission_user_edit]) user = get_object_or_404(User, pk=user_id) if user.is_superuser or user.is_staff: @@ -79,7 +79,7 @@ def user_edit(request, user_id): def user_add(request): - Permission.objects.check_permissions(request.user, [PERMISSION_USER_CREATE]) + Permission.objects.check_permissions(request.user, [permission_user_create]) if request.method == 'POST': form = UserForm(request.POST) @@ -99,7 +99,7 @@ def user_add(request): def user_delete(request, user_id=None, user_id_list=None): - Permission.objects.check_permissions(request.user, [PERMISSION_USER_DELETE]) + Permission.objects.check_permissions(request.user, [permission_user_delete]) post_action_redirect = None if user_id: @@ -151,7 +151,7 @@ def user_multiple_delete(request): def user_set_password(request, user_id=None, user_id_list=None): - Permission.objects.check_permissions(request.user, [PERMISSION_USER_EDIT]) + Permission.objects.check_permissions(request.user, [permission_user_edit]) post_action_redirect = None if user_id: @@ -226,7 +226,7 @@ class UserGroupsView(AssignRemoveView): item.user_set.add(self.user) def dispatch(self, request, *args, **kwargs): - Permission.objects.check_permissions(request.user, [PERMISSION_USER_EDIT]) + Permission.objects.check_permissions(request.user, [permission_user_edit]) self.user = get_object_or_404(User, pk=self.kwargs['user_id']) self.left_list_title = _('Non groups of user: %s') % self.user self.right_list_title = _('Groups of user: %s') % self.user @@ -253,7 +253,7 @@ class UserGroupsView(AssignRemoveView): # Group views def group_list(request): - Permission.objects.check_permissions(request.user, [PERMISSION_GROUP_VIEW]) + Permission.objects.check_permissions(request.user, [permission_group_view]) context = { 'object_list': Group.objects.all(), @@ -272,7 +272,7 @@ def group_list(request): def group_edit(request, group_id): - Permission.objects.check_permissions(request.user, [PERMISSION_GROUP_EDIT]) + Permission.objects.check_permissions(request.user, [permission_group_edit]) group = get_object_or_404(Group, pk=group_id) if request.method == 'POST': @@ -292,7 +292,7 @@ def group_edit(request, group_id): def group_add(request): - Permission.objects.check_permissions(request.user, [PERMISSION_GROUP_CREATE]) + Permission.objects.check_permissions(request.user, [permission_group_create]) if request.method == 'POST': form = GroupForm(request.POST) @@ -310,7 +310,7 @@ def group_add(request): def group_delete(request, group_id=None, group_id_list=None): - Permission.objects.check_permissions(request.user, [PERMISSION_GROUP_DELETE]) + Permission.objects.check_permissions(request.user, [permission_group_delete]) post_action_redirect = None if group_id: @@ -365,7 +365,7 @@ class GroupMembersView(AssignRemoveView): self.group.user_set.add(item) def dispatch(self, request, *args, **kwargs): - Permission.objects.check_permissions(request.user, [PERMISSION_GROUP_EDIT]) + Permission.objects.check_permissions(request.user, [permission_group_edit]) self.group = get_object_or_404(Group, pk=self.kwargs['group_id']) self.left_list_title = _('Non members of group: %s') % self.group self.right_list_title = _('Members of group: %s') % self.group