matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow registering permission from the permission namespace. Replace all permission variables to be lowercase (style guide reserver uppercase variables for constants and literals).

Browse Source
This commit is contained in:
Roberto Rosario
2015-06-28 00:19:49 -04:00
parent 956ca08cbd
commit d26402974a
82 changed files with 898 additions and 895 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
mayan/apps/acls/links.py
View File

@@ -5,20 +5,20 @@ from django.utils.translation import ugettext_lazy as _
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
ACLS_CLASS_EDIT_ACL, ACLS_CLASS_VIEW_ACL, ACLS_EDIT_ACL, ACLS_VIEW_ACL acls_class_edit_acl, acls_class_view_acl, acls_edit_acl, acls_view_acl
) )
link_acl_list = Link(permissions=[ACLS_VIEW_ACL], text=_('ACLs'), view='acls:acl_list') link_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='acls:acl_list')
link_acl_detail = Link(permissions=[ACLS_VIEW_ACL], text=_('Details'), view='acls:acl_detail', args=['access_object.gid', 'object.gid']) link_acl_detail = Link(permissions=[acls_view_acl], text=_('Details'), view='acls:acl_detail', args=['access_object.gid', 'object.gid'])
link_acl_grant = Link(permissions=[ACLS_EDIT_ACL], text=_('Grant'), view='acls:acl_multiple_grant') link_acl_grant = Link(permissions=[acls_edit_acl], text=_('Grant'), view='acls:acl_multiple_grant')
link_acl_revoke = Link(permissions=[ACLS_EDIT_ACL], text=_('Revoke'), view='acls:acl_multiple_revoke') link_acl_revoke = Link(permissions=[acls_edit_acl], text=_('Revoke'), view='acls:acl_multiple_revoke')
link_acl_holder_new = Link(permissions=[ACLS_EDIT_ACL], text=_('New holder'), view='acls:acl_holder_new', args='access_object.gid') link_acl_holder_new = Link(permissions=[acls_edit_acl], text=_('New holder'), view='acls:acl_holder_new', args='access_object.gid')
link_acl_setup_valid_classes = Link(icon='fa fa-lock', permissions=[ACLS_CLASS_VIEW_ACL], text=_('Default ACLs'), view='acls:acl_setup_valid_classes') link_acl_setup_valid_classes = Link(icon='fa fa-lock', permissions=[acls_class_view_acl], text=_('Default ACLs'), view='acls:acl_setup_valid_classes')
link_acl_class_list = Link(permissions=[ACLS_CLASS_VIEW_ACL], text=_('Classes'), view='acls:acl_setup_valid_classes') link_acl_class_list = Link(permissions=[acls_class_view_acl], text=_('Classes'), view='acls:acl_setup_valid_classes')
link_acl_class_acl_list = Link(permissions=[ACLS_CLASS_VIEW_ACL], text=_('ACLs for class'), view='acls:acl_class_acl_list', args='object.gid') link_acl_class_acl_list = Link(permissions=[acls_class_view_acl], text=_('ACLs for class'), view='acls:acl_class_acl_list', args='object.gid')
link_acl_class_acl_detail = Link(permissions=[ACLS_CLASS_VIEW_ACL], text=_('Details'), view='acls:acl_class_acl_detail', args=['access_object_class.gid', 'object.gid']) link_acl_class_acl_detail = Link(permissions=[acls_class_view_acl], text=_('Details'), view='acls:acl_class_acl_detail', args=['access_object_class.gid', 'object.gid'])
link_acl_class_new_holder_for = Link(permissions=[ACLS_CLASS_EDIT_ACL], text=_('New holder'), view='acls:acl_class_new_holder_for', args='object.gid') link_acl_class_new_holder_for = Link(permissions=[acls_class_edit_acl], text=_('New holder'), view='acls:acl_class_new_holder_for', args='object.gid')
link_acl_class_grant = Link(permissions=[ACLS_CLASS_EDIT_ACL], text=_('Grant'), view='acls:acl_class_multiple_grant') link_acl_class_grant = Link(permissions=[acls_class_edit_acl], text=_('Grant'), view='acls:acl_class_multiple_grant')
link_acl_class_revoke = Link(permissions=[ACLS_CLASS_EDIT_ACL], text=_('Revoke'), view='acls:acl_class_multiple_revoke') link_acl_class_revoke = Link(permissions=[acls_class_edit_acl], text=_('Revoke'), view='acls:acl_class_multiple_revoke')

10
mayan/apps/acls/permissions.py
View File

@@ -2,13 +2,13 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
acls_namespace = PermissionNamespace('acls', _('Access control lists')) acls_namespace = PermissionNamespace('acls', _('Access control lists'))
acls_setup_namespace = PermissionNamespace('acls_setup', _('Access control lists')) acls_setup_namespace = PermissionNamespace('acls_setup', _('Access control lists'))
ACLS_EDIT_ACL = Permission.objects.register(acls_namespace, 'acl_edit', _('Edit ACLs')) acls_edit_acl = acls_namespace.add_permission(name='acl_edit', label=_('Edit ACLs'))
ACLS_VIEW_ACL = Permission.objects.register(acls_namespace, 'acl_view', _('View ACLs')) acls_view_acl = acls_namespace.add_permission(name='acl_view', label=_('View ACLs'))
ACLS_CLASS_EDIT_ACL = Permission.objects.register(acls_setup_namespace, 'acl_class_edit', _('Edit class default ACLs')) acls_class_edit_acl = acls_setup_namespace.add_permission(name='acl_class_edit', label=_('Edit class default ACLs'))
ACLS_CLASS_VIEW_ACL = Permission.objects.register(acls_setup_namespace, 'acl_class_view', _('View class default ACLs')) acls_class_view_acl = acls_setup_namespace.add_permission(name='acl_class_view', label=_('View class default ACLs'))

34
mayan/apps/acls/views.py
View File

@@ -25,7 +25,7 @@ from .classes import (
from .forms import ClassHolderSelectionForm, HolderSelectionForm from .forms import ClassHolderSelectionForm, HolderSelectionForm
from .models import AccessEntry, DefaultAccessEntry from .models import AccessEntry, DefaultAccessEntry
from .permissions import ( from .permissions import (
ACLS_EDIT_ACL, ACLS_CLASS_EDIT_ACL, ACLS_CLASS_VIEW_ACL, ACLS_VIEW_ACL acls_edit_acl, acls_class_edit_acl, acls_class_view_acl, acls_view_acl
) )
from .widgets import object_indentifier from .widgets import object_indentifier
@@ -38,9 +38,9 @@ def _permission_titles(permission_list):
def acl_list_for(request, obj, extra_context=None): def acl_list_for(request, obj, extra_context=None):
try: try:
Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL]) Permission.objects.check_permissions(request.user, [acls_view_acl])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(ACLS_VIEW_ACL, request.user, obj) AccessEntry.objects.check_access(acls_view_acl, request.user, obj)
logger.debug('obj: %s', obj) logger.debug('obj: %s', obj)
@@ -83,9 +83,9 @@ def acl_detail(request, access_object_gid, holder_object_gid):
def acl_detail_for(request, actor, obj): def acl_detail_for(request, actor, obj):
try: try:
Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL]) Permission.objects.check_permissions(request.user, [acls_view_acl])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_accesses([ACLS_VIEW_ACL], actor, obj) AccessEntry.objects.check_accesses([acls_view_acl], actor, obj)
permission_list = get_class_permissions_for(obj.source_object) permission_list = get_class_permissions_for(obj.source_object)
# TODO : get all globally assigned permission, new function get_permissions_for_holder (roles aware) # TODO : get all globally assigned permission, new function get_permissions_for_holder (roles aware)
@@ -153,10 +153,10 @@ def acl_grant(request):
raise Http404 raise Http404
try: try:
Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL]) Permission.objects.check_permissions(request.user, [acls_edit_acl])
except PermissionDenied: except PermissionDenied:
try: try:
AccessEntry.objects.check_access(ACLS_EDIT_ACL, request.user, access_object) AccessEntry.objects.check_access(acls_edit_acl, request.user, access_object)
except PermissionDenied: except PermissionDenied:
raise raise
else: else:
@@ -244,10 +244,10 @@ def acl_revoke(request):
raise Http404 raise Http404
try: try:
Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL]) Permission.objects.check_permissions(request.user, [acls_edit_acl])
except PermissionDenied: except PermissionDenied:
try: try:
AccessEntry.objects.check_access(ACLS_EDIT_ACL, request.user, access_object) AccessEntry.objects.check_access(acls_edit_acl, request.user, access_object)
except PermissionDenied: except PermissionDenied:
raise raise
else: else:
@@ -313,9 +313,9 @@ def acl_revoke(request):
def acl_new_holder_for(request, obj, extra_context=None, navigation_object=None): def acl_new_holder_for(request, obj, extra_context=None, navigation_object=None):
try: try:
Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL]) Permission.objects.check_permissions(request.user, [acls_edit_acl])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(ACLS_EDIT_ACL, request.user, obj) AccessEntry.objects.check_access(acls_edit_acl, request.user, obj)
if request.method == 'POST': if request.method == 'POST':
form = HolderSelectionForm(request.POST) form = HolderSelectionForm(request.POST)
@@ -364,7 +364,7 @@ def acl_holder_new(request, access_object_gid):
# Setup views # Setup views
def acl_setup_valid_classes(request): def acl_setup_valid_classes(request):
Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL]) Permission.objects.check_permissions(request.user, [acls_class_view_acl])
context = { context = {
'object_list': DefaultAccessEntry.get_classes(), 'object_list': DefaultAccessEntry.get_classes(),
@@ -382,7 +382,7 @@ def acl_setup_valid_classes(request):
def acl_class_acl_list(request, access_object_class_gid): def acl_class_acl_list(request, access_object_class_gid):
logger.debug('access_object_class_gid: %s', access_object_class_gid) logger.debug('access_object_class_gid: %s', access_object_class_gid)
Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL]) Permission.objects.check_permissions(request.user, [acls_class_view_acl])
access_object_class = AccessObjectClass.get(gid=access_object_class_gid) access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
logger.debug('access_object_class: %s', access_object_class) logger.debug('access_object_class: %s', access_object_class)
@@ -404,7 +404,7 @@ def acl_class_acl_list(request, access_object_class_gid):
def acl_class_acl_detail(request, access_object_class_gid, holder_object_gid): def acl_class_acl_detail(request, access_object_class_gid, holder_object_gid):
Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL]) Permission.objects.check_permissions(request.user, [acls_class_view_acl])
try: try:
actor = AccessHolder.get(gid=holder_object_gid) actor = AccessHolder.get(gid=holder_object_gid)
access_object_class = AccessObjectClass.get(gid=access_object_class_gid) access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
@@ -448,7 +448,7 @@ def acl_class_acl_detail(request, access_object_class_gid, holder_object_gid):
def acl_class_new_holder_for(request, access_object_class_gid): def acl_class_new_holder_for(request, access_object_class_gid):
Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) Permission.objects.check_permissions(request.user, [acls_class_edit_acl])
access_object_class = AccessObjectClass.get(gid=access_object_class_gid) access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
if request.method == 'POST': if request.method == 'POST':
@@ -475,7 +475,7 @@ def acl_class_new_holder_for(request, access_object_class_gid):
def acl_class_multiple_grant(request): def acl_class_multiple_grant(request):
Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) Permission.objects.check_permissions(request.user, [acls_class_edit_acl])
items_property_list = loads(request.GET.get('items_property_list', [])) items_property_list = loads(request.GET.get('items_property_list', []))
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -552,7 +552,7 @@ def acl_class_multiple_grant(request):
def acl_class_multiple_revoke(request): def acl_class_multiple_revoke(request):
Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) Permission.objects.check_permissions(request.user, [acls_class_edit_acl])
items_property_list = loads(request.GET.get('items_property_list', [])) items_property_list = loads(request.GET.get('items_property_list', []))
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))

24
mayan/apps/checkouts/api_views.py
View File

@@ -10,11 +10,11 @@ from rest_framework.response import Response
from acls.models import AccessEntry from acls.models import AccessEntry
from documents.models import Document from documents.models import Document
from documents.permissions import PERMISSION_DOCUMENT_VIEW from documents.permissions import permission_document_view
from permissions.models import Permission from permissions.models import Permission
from .models import DocumentCheckout from .models import DocumentCheckout
from .permissions import PERMISSION_DOCUMENT_CHECKOUT, PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE from .permissions import permission_document_checkout, permission_document_checkin, permission_document_checkin_override
from .serializers import DocumentCheckoutSerializer, NewDocumentCheckoutSerializer from .serializers import DocumentCheckoutSerializer, NewDocumentCheckoutSerializer
@@ -29,9 +29,9 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
documents = DocumentCheckout.objects.checked_out_documents() documents = DocumentCheckout.objects.checked_out_documents()
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
filtered_documents = AccessEntry.objects.filter_objects_by_access([PERMISSION_DOCUMENT_VIEW], self.request.user, documents) filtered_documents = AccessEntry.objects.filter_objects_by_access([permission_document_view], self.request.user, documents)
else: else:
filtered_documents = documents filtered_documents = documents
@@ -52,9 +52,9 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
if serializer.is_valid(): if serializer.is_valid():
document = get_object_or_404(Document, pk=serializer.data['document']) document = get_object_or_404(Document, pk=serializer.data['document'])
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKOUT]) Permission.objects.check_permissions(request.user, [permission_document_checkout])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKOUT, request.user, document) AccessEntry.objects.check_access(permission_document_checkout, request.user, document)
timezone = pytz.utc timezone = pytz.utc
@@ -81,9 +81,9 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
documents = DocumentCheckout.objects.checked_out_documents() documents = DocumentCheckout.objects.checked_out_documents()
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
filtered_documents = AccessEntry.objects.filter_objects_by_access([PERMISSION_DOCUMENT_VIEW], self.request.user, documents) filtered_documents = AccessEntry.objects.filter_objects_by_access([permission_document_view], self.request.user, documents)
else: else:
filtered_documents = documents filtered_documents = documents
@@ -107,13 +107,13 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
if document.checkout_info().user == request.user: if document.checkout_info().user == request.user:
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKIN]) Permission.objects.check_permissions(request.user, [permission_document_checkin])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKIN, request.user, document) AccessEntry.objects.check_access(permission_document_checkin, request.user, document)
else: else:
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKIN_OVERRIDE]) Permission.objects.check_permissions(request.user, [permission_document_checkin_override])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, request.user, document) AccessEntry.objects.check_access(permission_document_checkin_override, request.user, document)
return super(APICheckedoutDocumentView, self).delete(request, *args, **kwargs) return super(APICheckedoutDocumentView, self).delete(request, *args, **kwargs)

10
mayan/apps/checkouts/apps.py
View File

@@ -18,8 +18,8 @@ from .links import (
) )
from .models import DocumentCheckout from .models import DocumentCheckout
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, permission_document_checkin, permission_document_checkin_override,
PERMISSION_DOCUMENT_CHECKOUT permission_document_checkout
) )
CHECK_EXPIRED_CHECK_OUTS_INTERVAL = 60 # Lowest check out expiration allowed CHECK_EXPIRED_CHECK_OUTS_INTERVAL = 60 # Lowest check out expiration allowed
@@ -48,9 +48,9 @@ class CheckoutsApp(MayanAppConfig):
}) })
class_permissions(Document, [ class_permissions(Document, [
PERMISSION_DOCUMENT_CHECKOUT, permission_document_checkout,
PERMISSION_DOCUMENT_CHECKIN, permission_document_checkin,
PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, permission_document_checkin_override,
]) ])
menu_facet.bind_links(links=[link_checkout_info], sources=[Document]) menu_facet.bind_links(links=[link_checkout_info], sources=[Document])

10
mayan/apps/checkouts/links.py
View File

@@ -5,8 +5,8 @@ from django.utils.translation import ugettext_lazy as _
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_CHECKOUT, PERMISSION_DOCUMENT_CHECKIN, permission_document_checkout, permission_document_checkin,
PERMISSION_DOCUMENT_CHECKIN_OVERRIDE permission_document_checkin_override
) )
@@ -19,6 +19,6 @@ def is_not_checked_out(context):
link_checkout_list = Link(icon='fa fa-shopping-cart', text=_('Checkouts'), view='checkouts:checkout_list') link_checkout_list = Link(icon='fa fa-shopping-cart', text=_('Checkouts'), view='checkouts:checkout_list')
link_checkout_document = Link(condition=is_not_checked_out, permissions=[PERMISSION_DOCUMENT_CHECKOUT], text=_('Check out document'), view='checkouts:checkout_document', args='object.pk') link_checkout_document = Link(condition=is_not_checked_out, permissions=[permission_document_checkout], text=_('Check out document'), view='checkouts:checkout_document', args='object.pk')
link_checkin_document = Link(condition=is_checked_out, permissions=[PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE], text=_('Check in document'), view='checkouts:checkin_document', args='object.pk') link_checkin_document = Link(condition=is_checked_out, permissions=[permission_document_checkin, permission_document_checkin_override], text=_('Check in document'), view='checkouts:checkin_document', args='object.pk')
link_checkout_info = Link(permissions=[PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, PERMISSION_DOCUMENT_CHECKOUT], text=_('Check in/out'), view='checkouts:checkout_info', args='object.pk') link_checkout_info = Link(permissions=[permission_document_checkin, permission_document_checkin_override, permission_document_checkout], text=_('Check in/out'), view='checkouts:checkout_info', args='object.pk')

8
mayan/apps/checkouts/permissions.py
View File

@@ -2,10 +2,10 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
namespace = PermissionNamespace('checkouts', _('Document checkout')) namespace = PermissionNamespace('checkouts', _('Document checkout'))
PERMISSION_DOCUMENT_CHECKOUT = Permission.objects.register(namespace, 'checkout_document', _('Check out documents')) permission_document_checkout = namespace.add_permission(name='checkout_document', label=_('Check out documents'))
PERMISSION_DOCUMENT_CHECKIN = Permission.objects.register(namespace, 'checkin_document', _('Check in documents')) permission_document_checkin = namespace.add_permission(name='checkin_document', label=_('Check in documents'))
PERMISSION_DOCUMENT_CHECKIN_OVERRIDE = Permission.objects.register(namespace, 'checkin_document_override', _('Forcefully check in documents')) permission_document_checkin_override = namespace.add_permission(name='checkin_document_override', label=_('Forcefully check in documents'))

20
mayan/apps/checkouts/views.py
View File

@@ -21,8 +21,8 @@ from .forms import DocumentCheckoutForm
from .literals import STATE_LABELS from .literals import STATE_LABELS
from .models import DocumentCheckout from .models import DocumentCheckout
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_CHECKIN, PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, permission_document_checkin, permission_document_checkin_override,
PERMISSION_DOCUMENT_CHECKOUT permission_document_checkout
) )
@@ -43,9 +43,9 @@ class CheckoutListView(DocumentListView):
def checkout_info(request, document_pk): def checkout_info(request, document_pk):
document = get_object_or_404(Document, pk=document_pk) document = get_object_or_404(Document, pk=document_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKOUT, PERMISSION_DOCUMENT_CHECKIN]) Permission.objects.check_permissions(request.user, [permission_document_checkout, permission_document_checkin])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_accesses([PERMISSION_DOCUMENT_CHECKOUT, PERMISSION_DOCUMENT_CHECKIN], request.user, document) AccessEntry.objects.check_accesses([permission_document_checkout, permission_document_checkin], request.user, document)
paragraphs = [_('Document status: %s') % STATE_LABELS[document.checkout_state()]] paragraphs = [_('Document status: %s') % STATE_LABELS[document.checkout_state()]]
@@ -66,9 +66,9 @@ def checkout_info(request, document_pk):
def checkout_document(request, document_pk): def checkout_document(request, document_pk):
document = get_object_or_404(Document, pk=document_pk) document = get_object_or_404(Document, pk=document_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKOUT]) Permission.objects.check_permissions(request.user, [permission_document_checkout])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKOUT, request.user, document) AccessEntry.objects.check_access(permission_document_checkout, request.user, document)
if request.method == 'POST': if request.method == 'POST':
form = DocumentCheckoutForm(data=request.POST, initial={'document': document}) form = DocumentCheckoutForm(data=request.POST, initial={'document': document})
@@ -114,14 +114,14 @@ def checkin_document(request, document_pk):
# checkin permission # checkin permission
if document.checkout_info().user == request.user: if document.checkout_info().user == request.user:
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKIN]) Permission.objects.check_permissions(request.user, [permission_document_checkin])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKIN, request.user, document) AccessEntry.objects.check_access(permission_document_checkin, request.user, document)
else: else:
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CHECKIN_OVERRIDE]) Permission.objects.check_permissions(request.user, [permission_document_checkin_override])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_CHECKIN_OVERRIDE, request.user, document) AccessEntry.objects.check_access(permission_document_checkin_override, request.user, document)
if request.method == 'POST': if request.method == 'POST':
try: try:

12
mayan/apps/converter/links.py
View File

@@ -6,8 +6,8 @@ from django.utils.translation import ugettext_lazy as _
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_TRANSFORMATION_CREATE, PERMISSION_TRANSFORMATION_DELETE, permission_transformation_create, permission_transformation_delete,
PERMISSION_TRANSFORMATION_EDIT, PERMISSION_TRANSFORMATION_VIEW permission_transformation_edit, permission_transformation_view
) )
@@ -19,7 +19,7 @@ def get_kwargs_factory(variable_name):
return get_kwargs return get_kwargs
link_transformation_create = Link(kwargs=get_kwargs_factory('content_object'), permissions=[PERMISSION_TRANSFORMATION_CREATE], text=_('Create new transformation'), view='converter:transformation_create') link_transformation_create = Link(kwargs=get_kwargs_factory('content_object'), permissions=[permission_transformation_create], text=_('create new transformation'), view='converter:transformation_create')
link_transformation_delete = Link(args='resolved_object.pk', permissions=[PERMISSION_TRANSFORMATION_DELETE], tags='dangerous', text=_('Delete'), view='converter:transformation_delete') link_transformation_delete = Link(args='resolved_object.pk', permissions=[permission_transformation_delete], tags='dangerous', text=_('delete'), view='converter:transformation_delete')
link_transformation_edit = Link(args='resolved_object.pk', permissions=[PERMISSION_TRANSFORMATION_EDIT], text=_('Edit'), view='converter:transformation_edit') link_transformation_edit = Link(args='resolved_object.pk', permissions=[permission_transformation_edit], text=_('edit'), view='converter:transformation_edit')
link_transformation_list = Link(kwargs=get_kwargs_factory('resolved_object'), permissions=[PERMISSION_TRANSFORMATION_VIEW], text=_('Transformations'), view='converter:transformation_list') link_transformation_list = Link(kwargs=get_kwargs_factory('resolved_object'), permissions=[permission_transformation_view], text=_('transformations'), view='converter:transformation_list')

8
mayan/apps/converter/permissions.py
View File

@@ -5,7 +5,7 @@ from django.utils.translation import ugettext_lazy as _
from permissions.models import Permission, PermissionNamespace from permissions.models import Permission, PermissionNamespace
namespace = PermissionNamespace('converter', _('Converter')) namespace = PermissionNamespace('converter', _('Converter'))
PERMISSION_TRANSFORMATION_CREATE = Permission.objects.register(namespace, 'transformation_create', _('Create new transformations')) permission_transformation_create = Permission.objects.register(namespace, 'transformation_create', _('Create new transformations'))
PERMISSION_TRANSFORMATION_DELETE = Permission.objects.register(namespace, 'transformation_delete', _('Delete transformations')) permission_transformation_delete = Permission.objects.register(namespace, 'transformation_delete', _('Delete transformations'))
PERMISSION_TRANSFORMATION_EDIT = Permission.objects.register(namespace, 'transformation_edit', _('Edit transformations')) permission_transformation_edit = Permission.objects.register(namespace, 'transformation_edit', _('Edit transformations'))
PERMISSION_TRANSFORMATION_VIEW = Permission.objects.register(namespace, 'transformation_view', _('View existing transformations')) permission_transformation_view = Permission.objects.register(namespace, 'transformation_view', _('View existing transformations'))

20
mayan/apps/converter/views.py
View File

@@ -18,8 +18,8 @@ from permissions.models import Permission
from .forms import TransformationForm from .forms import TransformationForm
from .models import Transformation from .models import Transformation
from .permissions import ( from .permissions import (
PERMISSION_TRANSFORMATION_CREATE, PERMISSION_TRANSFORMATION_DELETE, permission_transformation_create, permission_transformation_delete,
PERMISSION_TRANSFORMATION_EDIT, PERMISSION_TRANSFORMATION_VIEW permission_transformation_edit, permission_transformation_view
) )
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -34,9 +34,9 @@ def transformation_list(request, app_label, model, object_id):
raise Http404 raise Http404
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TRANSFORMATION_VIEW]) Permission.objects.check_permissions(request.user, [permission_transformation_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_TRANSFORMATION_VIEW, request.user, content_object) AccessEntry.objects.check_access(permission_transformation_view, request.user, content_object)
context = { context = {
'object_list': Transformation.objects.get_for_model(content_object), 'object_list': Transformation.objects.get_for_model(content_object),
@@ -65,9 +65,9 @@ def transformation_create(request, app_label, model, object_id):
raise Http404 raise Http404
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TRANSFORMATION_CREATE]) Permission.objects.check_permissions(request.user, [permission_transformation_create])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_TRANSFORMATION_CREATE, request.user, content_object) AccessEntry.objects.check_access(permission_transformation_create, request.user, content_object)
if request.method == 'POST': if request.method == 'POST':
form = TransformationForm(request.POST, initial={'content_object': content_object}) form = TransformationForm(request.POST, initial={'content_object': content_object})
@@ -92,9 +92,9 @@ def transformation_delete(request, object_id):
transformation = get_object_or_404(Transformation, pk=object_id) transformation = get_object_or_404(Transformation, pk=object_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TRANSFORMATION_DELETE]) Permission.objects.check_permissions(request.user, [permission_transformation_delete])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_TRANSFORMATION_DELETE, request.user, transformation.content_object) AccessEntry.objects.check_access(permission_transformation_delete, request.user, transformation.content_object)
if request.method == 'POST': if request.method == 'POST':
transformation.delete() transformation.delete()
@@ -117,9 +117,9 @@ def transformation_edit(request, object_id):
transformation = get_object_or_404(Transformation, pk=object_id) transformation = get_object_or_404(Transformation, pk=object_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TRANSFORMATION_EDIT]) Permission.objects.check_permissions(request.user, [permission_transformation_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_TRANSFORMATION_EDIT, request.user, transformation.content_object) AccessEntry.objects.check_access(permission_transformation_edit, request.user, transformation.content_object)
if request.method == 'POST': if request.method == 'POST':
form = TransformationForm(request.POST, instance=transformation) form = TransformationForm(request.POST, instance=transformation)

16
mayan/apps/django_gpg/links.py
View File

@@ -5,13 +5,13 @@ from django.utils.translation import ugettext_lazy as _
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_KEY_DELETE, PERMISSION_KEY_RECEIVE, PERMISSION_KEY_VIEW, permission_key_delete, permission_key_receive, permission_key_view,
PERMISSION_KEYSERVER_QUERY permission_keyserver_query
) )
link_private_keys = Link(icon='fa fa-key', permissions=[PERMISSION_KEY_VIEW], text=_('Private keys'), view='django_gpg:key_private_list') link_private_keys = Link(icon='fa fa-key', permissions=[permission_key_view], text=_('private keys'), view='django_gpg:key_private_list')
link_public_keys = Link(icon='fa fa-key', permissions=[PERMISSION_KEY_VIEW], text=_('Public keys'), view='django_gpg:key_public_list') link_public_keys = Link(icon='fa fa-key', permissions=[permission_key_view], text=_('public keys'), view='django_gpg:key_public_list')
link_key_delete = Link(permissions=[PERMISSION_KEY_DELETE], tags='dangerous', text=_('Delete'), view='django_gpg:key_delete', args=['object.fingerprint', 'object.type']) link_key_delete = Link(permissions=[permission_key_delete], tags='dangerous', text=_('delete'), view='django_gpg:key_delete', args=['object.fingerprint', 'object.type'])
link_key_query = Link(text=_('Query keyservers'), view='django_gpg:key_query', permissions=[PERMISSION_KEYSERVER_QUERY]) link_key_query = Link(text=_('Query keyservers'), view='django_gpg:key_query', permissions=[permission_keyserver_query])
link_key_receive = Link(keep_query=True, permissions=[PERMISSION_KEY_RECEIVE], text=_('Import'), view='django_gpg:key_receive', args='object.key_id') link_key_receive = Link(keep_query=True, permissions=[permission_key_receive], text=_('import'), view='django_gpg:key_receive', args='object.key_id')
link_key_setup = Link(icon='fa fa-key', permissions=[PERMISSION_KEY_VIEW], text=_('Key management'), view='django_gpg:key_public_list') link_key_setup = Link(icon='fa fa-key', permissions=[permission_key_view], text=_('key management'), view='django_gpg:key_public_list')

12
mayan/apps/django_gpg/permissions.py
View File

@@ -2,11 +2,11 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
django_gpg_namespace = PermissionNamespace('django_gpg', _('Key management')) namespace = PermissionNamespace('django_gpg', _('Key management'))
PERMISSION_KEY_VIEW = Permission.objects.register(django_gpg_namespace, 'key_view', _('View keys')) permission_key_view = namespace.add_permission(name='key_view', label=_('View keys'))
PERMISSION_KEY_DELETE = Permission.objects.register(django_gpg_namespace, 'key_delete', _('Delete keys')) permission_key_delete = namespace.add_permission(name='key_delete', label=_('Delete keys'))
PERMISSION_KEYSERVER_QUERY = Permission.objects.register(django_gpg_namespace, 'keyserver_query', _('Query keyservers')) permission_keyserver_query = namespace.add_permission(name='keyserver_query', label=_('Query keyservers'))
PERMISSION_KEY_RECEIVE = Permission.objects.register(django_gpg_namespace, 'key_receive', _('Import keys from keyservers')) permission_key_receive = namespace.add_permission(name='key_receive', label=_('Import keys from keyservers'))

12
mayan/apps/django_gpg/views.py
View File

@@ -17,8 +17,8 @@ from permissions.models import Permission
from .api import Key from .api import Key
from .forms import KeySearchForm from .forms import KeySearchForm
from .permissions import ( from .permissions import (
PERMISSION_KEY_DELETE, PERMISSION_KEY_RECEIVE, PERMISSION_KEY_VIEW, permission_key_delete, permission_key_receive, permission_key_view,
PERMISSION_KEYSERVER_QUERY permission_keyserver_query
) )
from .runtime import gpg from .runtime import gpg
@@ -26,7 +26,7 @@ logger = logging.getLogger(__name__)
def key_receive(request, key_id): def key_receive(request, key_id):
Permission.objects.check_permissions(request.user, [PERMISSION_KEY_RECEIVE]) Permission.objects.check_permissions(request.user, [permission_key_receive])
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -64,7 +64,7 @@ def key_receive(request, key_id):
def key_list(request, secret=True): def key_list(request, secret=True):
Permission.objects.check_permissions(request.user, [PERMISSION_KEY_VIEW]) Permission.objects.check_permissions(request.user, [permission_key_view])
if secret: if secret:
object_list = Key.get_all(gpg, secret=True) object_list = Key.get_all(gpg, secret=True)
@@ -91,7 +91,7 @@ def key_list(request, secret=True):
def key_delete(request, fingerprint, key_type): def key_delete(request, fingerprint, key_type):
Permission.objects.check_permissions(request.user, [PERMISSION_KEY_DELETE]) Permission.objects.check_permissions(request.user, [permission_key_delete])
secret = key_type == 'sec' secret = key_type == 'sec'
key = Key.get(gpg, fingerprint, secret=secret) key = Key.get(gpg, fingerprint, secret=secret)
@@ -119,7 +119,7 @@ def key_delete(request, fingerprint, key_type):
def key_query(request): def key_query(request):
Permission.objects.check_permissions(request.user, [PERMISSION_KEYSERVER_QUERY]) Permission.objects.check_permissions(request.user, [permission_keyserver_query])
subtemplates_list = [] subtemplates_list = []
term = request.GET.get('term') term = request.GET.get('term')

10
mayan/apps/document_comments/apps.py
View File

@@ -15,8 +15,8 @@ from .links import (
link_comment_add, link_comment_delete, link_comments_for_document link_comment_add, link_comment_delete, link_comments_for_document
) )
from .permissions import ( from .permissions import (
PERMISSION_COMMENT_CREATE, PERMISSION_COMMENT_DELETE, permission_comment_create, permission_comment_delete,
PERMISSION_COMMENT_VIEW permission_comment_view
) )
@@ -45,9 +45,9 @@ class DocumentCommentsApp(MayanAppConfig):
SourceColumn(source=Comment, label=_('Comment'), attribute='comment') SourceColumn(source=Comment, label=_('Comment'), attribute='comment')
class_permissions(Document, [ class_permissions(Document, [
PERMISSION_COMMENT_CREATE, permission_comment_create,
PERMISSION_COMMENT_DELETE, permission_comment_delete,
PERMISSION_COMMENT_VIEW] permission_comment_view]
) )
menu_sidebar.bind_links(links=[link_comment_add], sources=['comments:comments_for_document', 'comments:comment_add', 'comments:comment_delete', 'comments:comment_multiple_delete']) menu_sidebar.bind_links(links=[link_comment_add], sources=['comments:comments_for_document', 'comments:comment_add', 'comments:comment_delete', 'comments:comment_multiple_delete'])

12
mayan/apps/document_comments/links.py
View File

@@ -5,11 +5,11 @@ from django.utils.translation import ugettext_lazy as _
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_COMMENT_CREATE, PERMISSION_COMMENT_DELETE, permission_comment_create, permission_comment_delete,
PERMISSION_COMMENT_VIEW permission_comment_view
) )
link_comment_add = Link(permissions=[PERMISSION_COMMENT_CREATE], text=_('Add comment'), view='comments:comment_add', args='object.pk') link_comment_add = Link(permissions=[permission_comment_create], text=_('add comment'), view='comments:comment_add', args='object.pk')
link_comment_delete = Link(permissions=[PERMISSION_COMMENT_DELETE], tags='dangerous', text=_('Delete'), view='comments:comment_delete', args='object.pk') link_comment_delete = Link(permissions=[permission_comment_delete], tags='dangerous', text=_('delete'), view='comments:comment_delete', args='object.pk')
link_comment_multiple_delete = Link(permissions=[PERMISSION_COMMENT_DELETE], tags='dangerous', text=_('Delete'), view='comments:comment_multiple_delete', args='object.pk') link_comment_multiple_delete = Link(permissions=[permission_comment_delete], tags='dangerous', text=_('delete'), view='comments:comment_multiple_delete', args='object.pk')
link_comments_for_document = Link(permissions=[PERMISSION_COMMENT_VIEW], text=_('Comments'), view='comments:comments_for_document', args='object.pk') link_comments_for_document = Link(permissions=[permission_comment_view], text=_('comments'), view='comments:comments_for_document', args='object.pk')

10
mayan/apps/document_comments/permissions.py
View File

@@ -2,10 +2,10 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
comments_namespace = PermissionNamespace('comments', _('Comments')) namespace = PermissionNamespace('comments', _('Comments'))
PERMISSION_COMMENT_CREATE = Permission.objects.register(comments_namespace, 'comment_create', _('Create new comments')) permission_comment_create = namespace.add_permission(name='comment_create', label=_('Create new comments'))
PERMISSION_COMMENT_DELETE = Permission.objects.register(comments_namespace, 'comment_delete', _('Delete comments')) permission_comment_delete = namespace.add_permission(name='comment_delete', label=_('Delete comments'))
PERMISSION_COMMENT_VIEW = Permission.objects.register(comments_namespace, 'comment_view', _('View comments')) permission_comment_view = namespace.add_permission(name='comment_view', label=_('View comments'))

16
mayan/apps/document_comments/views.py
View File

@@ -18,8 +18,8 @@ from permissions.models import Permission
from .forms import CommentForm from .forms import CommentForm
from .permissions import ( from .permissions import (
PERMISSION_COMMENT_CREATE, PERMISSION_COMMENT_DELETE, permission_comment_create, permission_comment_delete,
PERMISSION_COMMENT_VIEW permission_comment_view
) )
@@ -32,9 +32,9 @@ def comment_delete(request, comment_id=None, comment_id_list=None):
comments = [get_object_or_404(Comment, pk=comment_id) for comment_id in comment_id_list.split(',')] comments = [get_object_or_404(Comment, pk=comment_id) for comment_id in comment_id_list.split(',')]
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_COMMENT_DELETE]) Permission.objects.check_permissions(request.user, [permission_comment_delete])
except PermissionDenied: except PermissionDenied:
comments = AccessEntry.objects.filter_objects_by_access(PERMISSION_COMMENT_DELETE, request.user, comments, related='content_object') comments = AccessEntry.objects.filter_objects_by_access(permission_comment_delete, request.user, comments, related='content_object')
if not comments: if not comments:
messages.error(request, _('Must provide at least one comment.')) messages.error(request, _('Must provide at least one comment.'))
@@ -80,9 +80,9 @@ def comment_add(request, document_id):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_COMMENT_CREATE]) Permission.objects.check_permissions(request.user, [permission_comment_create])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_COMMENT_CREATE, request.user, document) AccessEntry.objects.check_access(permission_comment_create, request.user, document)
post_action_redirect = None post_action_redirect = None
@@ -118,9 +118,9 @@ def comments_for_document(request, document_id):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_COMMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_comment_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_COMMENT_VIEW, request.user, document) AccessEntry.objects.check_access(permission_comment_view, request.user, document)
return render_to_response('appearance/generic_list.html', { return render_to_response('appearance/generic_list.html', {
'object': document, 'object': document,

44
mayan/apps/document_indexing/api_views.py
View File

@@ -7,16 +7,16 @@ from rest_framework import generics
from acls.models import AccessEntry from acls.models import AccessEntry
from documents.models import Document from documents.models import Document
from documents.permissions import PERMISSION_DOCUMENT_VIEW from documents.permissions import permission_document_view
from permissions.models import Permission from permissions.models import Permission
from rest_api.filters import MayanObjectPermissionsFilter from rest_api.filters import MayanObjectPermissionsFilter
from rest_api.permissions import MayanPermission from rest_api.permissions import MayanPermission
from .models import Index, IndexInstanceNode, IndexTemplateNode from .models import Index, IndexInstanceNode, IndexTemplateNode
from .permissions import (PERMISSION_DOCUMENT_INDEXING_CREATE, from .permissions import (permission_document_indexing_create,
PERMISSION_DOCUMENT_INDEXING_DELETE, permission_document_indexing_delete,
PERMISSION_DOCUMENT_INDEXING_EDIT, permission_document_indexing_edit,
PERMISSION_DOCUMENT_INDEXING_VIEW) permission_document_indexing_view)
from .serializers import (IndexInstanceNodeSerializer, IndexSerializer, from .serializers import (IndexInstanceNodeSerializer, IndexSerializer,
IndexTemplateNodeSerializer) IndexTemplateNodeSerializer)
@@ -26,8 +26,8 @@ class APIIndexListView(generics.ListCreateAPIView):
queryset = Index.objects.all() queryset = Index.objects.all()
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW]} mayan_object_permissions = {'GET': [permission_document_indexing_view]}
mayan_view_permissions = {'POST': [PERMISSION_DOCUMENT_INDEXING_CREATE]} mayan_view_permissions = {'POST': [permission_document_indexing_create]}
def get(self, *args, **kwargs): def get(self, *args, **kwargs):
"""Returns a list of all the defined indexes.""" """Returns a list of all the defined indexes."""
@@ -44,10 +44,10 @@ class APIIndexView(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW], 'GET': [permission_document_indexing_view],
'PUT': [PERMISSION_DOCUMENT_INDEXING_EDIT], 'PUT': [permission_document_indexing_edit],
'PATCH': [PERMISSION_DOCUMENT_INDEXING_EDIT], 'PATCH': [permission_document_indexing_edit],
'DELETE': [PERMISSION_DOCUMENT_INDEXING_DELETE] 'DELETE': [permission_document_indexing_delete]
} }
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):
@@ -73,7 +73,7 @@ class APIIndexNodeInstanceDocumentListView(generics.ListAPIView):
""" """
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]} mayan_object_permissions = {'GET': [permission_document_view]}
def get_serializer_class(self): def get_serializer_class(self):
from documents.serializers import DocumentSerializer from documents.serializers import DocumentSerializer
@@ -82,9 +82,9 @@ class APIIndexNodeInstanceDocumentListView(generics.ListAPIView):
def get_queryset(self): def get_queryset(self):
index_node_instance = get_object_or_404(IndexInstanceNode, pk=self.kwargs['pk']) index_node_instance = get_object_or_404(IndexInstanceNode, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_INDEXING_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_document_indexing_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_VIEW, self.request.user, index_node_instance.index) AccessEntry.objects.check_access(permission_document_indexing_view, self.request.user, index_node_instance.index)
return index_node_instance.documents.all() return index_node_instance.documents.all()
@@ -93,7 +93,7 @@ class APIIndexTemplateListView(generics.ListAPIView):
serializer_class = IndexTemplateNodeSerializer serializer_class = IndexTemplateNodeSerializer
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW]} mayan_object_permissions = {'GET': [permission_document_indexing_view]}
def get(self, *args, **kwargs): def get(self, *args, **kwargs):
"""Returns a list of all the template nodes for the selected index.""" """Returns a list of all the template nodes for the selected index."""
@@ -106,10 +106,10 @@ class APIIndexTemplateView(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW], 'GET': [permission_document_indexing_view],
'PUT': [PERMISSION_DOCUMENT_INDEXING_EDIT], 'PUT': [permission_document_indexing_edit],
'PATCH': [PERMISSION_DOCUMENT_INDEXING_EDIT], 'PATCH': [permission_document_indexing_edit],
'DELETE': [PERMISSION_DOCUMENT_INDEXING_EDIT] 'DELETE': [permission_document_indexing_edit]
} }
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):
@@ -137,13 +137,13 @@ class APIDocumentIndexListView(generics.ListAPIView):
serializer_class = IndexInstanceNodeSerializer serializer_class = IndexInstanceNodeSerializer
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW]} mayan_object_permissions = {'GET': [permission_document_indexing_view]}
def get_queryset(self): def get_queryset(self):
document = get_object_or_404(Document, pk=self.kwargs['pk']) document = get_object_or_404(Document, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, self.request.user, document) AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
return document.node_instances.all() return document.node_instances.all()

38
mayan/apps/document_indexing/links.py
View File

@@ -2,14 +2,14 @@ from __future__ import unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from documents.permissions import PERMISSION_DOCUMENT_VIEW from documents.permissions import permission_document_view
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_INDEXING_CREATE, PERMISSION_DOCUMENT_INDEXING_EDIT, permission_document_indexing_create, permission_document_indexing_edit,
PERMISSION_DOCUMENT_INDEXING_DELETE, permission_document_indexing_delete,
PERMISSION_DOCUMENT_INDEXING_REBUILD_INDEXES, permission_document_indexing_rebuild_indexes,
PERMISSION_DOCUMENT_INDEXING_SETUP, PERMISSION_DOCUMENT_INDEXING_VIEW permission_document_indexing_setup, permission_document_indexing_view
) )
@@ -21,22 +21,22 @@ def is_not_root_node(context):
return not context['resolved_object'].is_root_node() return not context['resolved_object'].is_root_node()
link_document_index_list = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_VIEW, PERMISSION_DOCUMENT_VIEW], text=_('Indexes'), view='indexing:document_index_list', args='object.pk') link_document_index_list = Link(permissions=[permission_document_indexing_view, permission_document_view], text=_('indexes'), view='indexing:document_index_list', args='object.pk')
link_index_list = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_VIEW], text=_('Index list'), view='indexing:index_list') link_index_list = Link(permissions=[permission_document_indexing_view], text=_('index list'), view='indexing:index_list')
link_index_main_menu = Link(icon='fa fa-list-ul', text=_('Indexes'), view='indexing:index_list') link_index_main_menu = Link(icon='fa fa-list-ul', text=_('Indexes'), view='indexing:index_list')
link_index_parent = Link(condition=is_not_instance_root_node, permissions=[PERMISSION_DOCUMENT_INDEXING_VIEW], text=_('Go up one level'), view='indexing:index_instance_node_view', args='object.parent.pk') link_index_parent = Link(condition=is_not_instance_root_node, permissions=[permission_document_indexing_view], text=_('go up one level'), view='indexing:index_instance_node_view', args='object.parent.pk')
link_index_setup = Link(icon='fa fa-list-ul', permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], text=_('Indexes'), view='indexing:index_setup_list') link_index_setup = Link(icon='fa fa-list-ul', permissions=[permission_document_indexing_setup], text=_('indexes'), view='indexing:index_setup_list')
link_index_setup_list = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], text=_('Indexes'), view='indexing:index_setup_list') link_index_setup_list = Link(permissions=[permission_document_indexing_setup], text=_('indexes'), view='indexing:index_setup_list')
link_index_setup_create = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_CREATE], text=_('Create index'), view='indexing:index_setup_create') link_index_setup_create = Link(permissions=[permission_document_indexing_create], text=_('create index'), view='indexing:index_setup_create')
link_index_setup_edit = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_EDIT], text=_('Edit'), view='indexing:index_setup_edit', args='resolved_object.pk') link_index_setup_edit = Link(permissions=[permission_document_indexing_edit], text=_('edit'), view='indexing:index_setup_edit', args='resolved_object.pk')
link_index_setup_delete = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_DELETE], tags='dangerous', text=_('Delete'), view='indexing:index_setup_delete', args='resolved_object.pk') link_index_setup_delete = Link(permissions=[permission_document_indexing_delete], tags='dangerous', text=_('delete'), view='indexing:index_setup_delete', args='resolved_object.pk')
link_index_setup_view = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], text=_('Tree template'), view='indexing:index_setup_view', args='resolved_object.pk') link_index_setup_view = Link(permissions=[permission_document_indexing_setup], text=_('tree template'), view='indexing:index_setup_view', args='resolved_object.pk')
link_index_setup_document_types = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_EDIT], text=_('Document types'), view='indexing:index_setup_document_types', args='resolved_object.pk') link_index_setup_document_types = Link(permissions=[permission_document_indexing_edit], text=_('document types'), view='indexing:index_setup_document_types', args='resolved_object.pk')
link_rebuild_index_instances = Link( link_rebuild_index_instances = Link(
description=_('Deletes and creates from scratch all the document indexes.'), description=_('Deletes and creates from scratch all the document indexes.'),
permissions=[PERMISSION_DOCUMENT_INDEXING_REBUILD_INDEXES], permissions=[permission_document_indexing_rebuild_indexes],
text=_('Rebuild indexes'), view='indexing:rebuild_index_instances' text=_('Rebuild indexes'), view='indexing:rebuild_index_instances'
) )
link_template_node_create = Link(permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], text=_('New child node'), view='indexing:template_node_create', args='resolved_object.pk') link_template_node_create = Link(permissions=[permission_document_indexing_setup], text=_('new child node'), view='indexing:template_node_create', args='resolved_object.pk')
link_template_node_edit = Link(condition=is_not_root_node, permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], text=_('Edit'), view='indexing:template_node_edit', args='resolved_object.pk') link_template_node_edit = Link(condition=is_not_root_node, permissions=[permission_document_indexing_setup], text=_('edit'), view='indexing:template_node_edit', args='resolved_object.pk')
link_template_node_delete = Link(condition=is_not_root_node, permissions=[PERMISSION_DOCUMENT_INDEXING_SETUP], tags='dangerous', text=_('Delete'), view='indexing:template_node_delete', args='resolved_object.pk') link_template_node_delete = Link(condition=is_not_root_node, permissions=[permission_document_indexing_setup], tags='dangerous', text=_('delete'), view='indexing:template_node_delete', args='resolved_object.pk')

17
mayan/apps/document_indexing/permissions.py
View File

@@ -2,14 +2,13 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
document_indexing_namespace = PermissionNamespace('document_indexing', _('Indexing')) namespace = PermissionNamespace('document_indexing', _('Indexing'))
PERMISSION_DOCUMENT_INDEXING_SETUP = Permission.objects.register(document_indexing_namespace, 'document_index_setup', _('Configure document indexes')) permission_document_indexing_setup = namespace.add_permission(name='document_index_setup', label=_('Configure document indexes'))
PERMISSION_DOCUMENT_INDEXING_CREATE = Permission.objects.register(document_indexing_namespace, 'document_index_create', _('Create new document indexes')) permission_document_indexing_create = namespace.add_permission(name='document_index_create', label=_('Create new document indexes'))
PERMISSION_DOCUMENT_INDEXING_EDIT = Permission.objects.register(document_indexing_namespace, 'document_index_edit', _('Edit document indexes')) permission_document_indexing_edit = namespace.add_permission(name='document_index_edit', label=_('Edit document indexes'))
PERMISSION_DOCUMENT_INDEXING_DELETE = Permission.objects.register(document_indexing_namespace, 'document_index_delete', _('Delete document indexes')) permission_document_indexing_delete = namespace.add_permission(name='document_index_delete', label=_('Delete document indexes'))
permission_document_indexing_view = namespace.add_permission(name='document_index_view', label=_('View document indexes'))
PERMISSION_DOCUMENT_INDEXING_VIEW = Permission.objects.register(document_indexing_namespace, 'document_index_view', _('View document indexes')) permission_document_indexing_rebuild_indexes = namespace.add_permission(name='document_rebuild_indexes', label=_('Rebuild document indexes'))
PERMISSION_DOCUMENT_INDEXING_REBUILD_INDEXES = Permission.objects.register(document_indexing_namespace, 'document_rebuild_indexes', _('Rebuild document indexes'))

58
mayan/apps/document_indexing/views.py
View File

@@ -16,17 +16,17 @@ from common.utils import encapsulate
from common.views import AssignRemoveView from common.views import AssignRemoveView
from common.widgets import two_state_template from common.widgets import two_state_template
from documents.models import Document from documents.models import Document
from documents.permissions import PERMISSION_DOCUMENT_VIEW from documents.permissions import permission_document_view
from documents.views import document_list from documents.views import document_list
from permissions.models import Permission from permissions.models import Permission
from .forms import IndexForm, IndexTemplateNodeForm from .forms import IndexForm, IndexTemplateNodeForm
from .models import Index, IndexInstanceNode, IndexTemplateNode from .models import Index, IndexInstanceNode, IndexTemplateNode
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_INDEXING_CREATE, PERMISSION_DOCUMENT_INDEXING_DELETE, permission_document_indexing_create, permission_document_indexing_delete,
PERMISSION_DOCUMENT_INDEXING_EDIT, permission_document_indexing_edit,
PERMISSION_DOCUMENT_INDEXING_REBUILD_INDEXES, permission_document_indexing_rebuild_indexes,
PERMISSION_DOCUMENT_INDEXING_SETUP, PERMISSION_DOCUMENT_INDEXING_VIEW permission_document_indexing_setup, permission_document_indexing_view
) )
from .tasks import task_do_rebuild_all_indexes from .tasks import task_do_rebuild_all_indexes
from .widgets import index_instance_item_link, get_breadcrumbs, node_level from .widgets import index_instance_item_link, get_breadcrumbs, node_level
@@ -48,9 +48,9 @@ def index_setup_list(request):
queryset = Index.objects.all() queryset = Index.objects.all()
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_SETUP]) Permission.objects.check_permissions(request.user, [permission_document_indexing_setup])
except PermissionDenied: except PermissionDenied:
queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_INDEXING_SETUP, request.user, queryset) queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_setup, request.user, queryset)
context['object_list'] = queryset context['object_list'] = queryset
@@ -59,7 +59,7 @@ def index_setup_list(request):
def index_setup_create(request): def index_setup_create(request):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_CREATE]) Permission.objects.check_permissions(request.user, [permission_document_indexing_create])
if request.method == 'POST': if request.method == 'POST':
form = IndexForm(request.POST) form = IndexForm(request.POST)
@@ -81,9 +81,9 @@ def index_setup_edit(request, index_pk):
index = get_object_or_404(Index, pk=index_pk) index = get_object_or_404(Index, pk=index_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_indexing_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_CREATE, request.user, index) AccessEntry.objects.check_access(permission_document_indexing_create, request.user, index)
if request.method == 'POST': if request.method == 'POST':
form = IndexForm(request.POST, instance=index) form = IndexForm(request.POST, instance=index)
@@ -106,9 +106,9 @@ def index_setup_delete(request, index_pk):
index = get_object_or_404(Index, pk=index_pk) index = get_object_or_404(Index, pk=index_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_DELETE]) Permission.objects.check_permissions(request.user, [permission_document_indexing_delete])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_DELETE, request.user, index) AccessEntry.objects.check_access(permission_document_indexing_delete, request.user, index)
post_action_redirect = reverse('indexing:index_setup_list') post_action_redirect = reverse('indexing:index_setup_list')
@@ -142,9 +142,9 @@ def index_setup_view(request, index_pk):
index = get_object_or_404(Index, pk=index_pk) index = get_object_or_404(Index, pk=index_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_SETUP]) Permission.objects.check_permissions(request.user, [permission_document_indexing_setup])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_SETUP, request.user, index) AccessEntry.objects.check_access(permission_document_indexing_setup, request.user, index)
object_list = index.template_root.get_descendants(include_self=True) object_list = index.template_root.get_descendants(include_self=True)
@@ -175,9 +175,9 @@ class SetupIndexDocumentTypesView(AssignRemoveView):
self.index = get_object_or_404(Index, pk=self.kwargs['index_pk']) self.index = get_object_or_404(Index, pk=self.kwargs['index_pk'])
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_indexing_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_EDIT, request.user, self.index) AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, self.index)
self.left_list_title = _('Document types not in index: %s') % self.index self.left_list_title = _('Document types not in index: %s') % self.index
self.right_list_title = _('Document types for index: %s') % self.index self.right_list_title = _('Document types for index: %s') % self.index
@@ -208,9 +208,9 @@ def template_node_create(request, parent_pk):
parent_node = get_object_or_404(IndexTemplateNode, pk=parent_pk) parent_node = get_object_or_404(IndexTemplateNode, pk=parent_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_indexing_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_EDIT, request.user, parent_node.index) AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, parent_node.index)
if request.method == 'POST': if request.method == 'POST':
form = IndexTemplateNodeForm(request.POST) form = IndexTemplateNodeForm(request.POST)
@@ -233,9 +233,9 @@ def template_node_edit(request, node_pk):
node = get_object_or_404(IndexTemplateNode, pk=node_pk) node = get_object_or_404(IndexTemplateNode, pk=node_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_indexing_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_EDIT, request.user, node.index) AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, node.index)
if request.method == 'POST': if request.method == 'POST':
form = IndexTemplateNodeForm(request.POST, instance=node) form = IndexTemplateNodeForm(request.POST, instance=node)
@@ -259,9 +259,9 @@ def template_node_delete(request, node_pk):
node = get_object_or_404(IndexTemplateNode, pk=node_pk) node = get_object_or_404(IndexTemplateNode, pk=node_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_indexing_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_EDIT, request.user, node.index) AccessEntry.objects.check_access(permission_document_indexing_edit, request.user, node.index)
post_action_redirect = reverse('indexing:index_setup_view', args=[node.index.pk]) post_action_redirect = reverse('indexing:index_setup_view', args=[node.index.pk])
@@ -309,9 +309,9 @@ def index_list(request):
queryset = Index.objects.filter(enabled=True) queryset = Index.objects.filter(enabled=True)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_indexing_view])
except PermissionDenied: except PermissionDenied:
queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_INDEXING_VIEW, request.user, queryset) queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_view, request.user, queryset)
context['object_list'] = queryset context['object_list'] = queryset
@@ -329,9 +329,9 @@ def index_instance_node_view(request, index_instance_node_pk):
breadcrumbs = get_breadcrumbs(index_instance) breadcrumbs = get_breadcrumbs(index_instance)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_indexing_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_VIEW, request.user, index_instance.index) AccessEntry.objects.check_access(permission_document_indexing_view, request.user, index_instance.index)
title = mark_safe(_('Contents for index: %s') % breadcrumbs) title = mark_safe(_('Contents for index: %s') % breadcrumbs)
@@ -371,7 +371,7 @@ def rebuild_index_instances(request):
""" """
Confirmation view to execute the tool: do_rebuild_all_indexes Confirmation view to execute the tool: do_rebuild_all_indexes
""" """
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_INDEXING_REBUILD_INDEXES]) Permission.objects.check_permissions(request.user, [permission_document_indexing_rebuild_indexes])
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -399,9 +399,9 @@ def document_index_list(request, document_id):
queryset = document.node_instances.all() queryset = document.node_instances.all()
try: try:
# TODO: should be AND not OR # TODO: should be AND not OR
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW, PERMISSION_DOCUMENT_INDEXING_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view, permission_document_indexing_view])
except PermissionDenied: except PermissionDenied:
queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_INDEXING_VIEW, request.user, queryset, related='index') queryset = AccessEntry.objects.filter_objects_by_access(permission_document_indexing_view, request.user, queryset, related='index')
for index_instance in queryset: for index_instance in queryset:
object_list.append(get_breadcrumbs(index_instance, single_link=True, include_count=True)) object_list.append(get_breadcrumbs(index_instance, single_link=True, include_count=True))

12
mayan/apps/document_signatures/apps.py
View File

@@ -21,8 +21,8 @@ from .links import (
) )
from .models import DocumentVersionSignature from .models import DocumentVersionSignature
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_VERIFY, PERMISSION_SIGNATURE_DELETE, permission_document_verify, permission_signature_delete,
PERMISSION_SIGNATURE_DOWNLOAD, PERMISSION_SIGNATURE_UPLOAD permission_signature_download, permission_signature_upload
) )
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -68,10 +68,10 @@ class DocumentSignaturesApp(MayanAppConfig):
DocumentVersion.register_pre_open_hook(1, document_pre_open_hook) DocumentVersion.register_pre_open_hook(1, document_pre_open_hook)
class_permissions(Document, [ class_permissions(Document, [
PERMISSION_DOCUMENT_VERIFY, permission_document_verify,
PERMISSION_SIGNATURE_DELETE, permission_signature_delete,
PERMISSION_SIGNATURE_DOWNLOAD, permission_signature_download,
PERMISSION_SIGNATURE_UPLOAD, permission_signature_upload,
]) ])
menu_facet.bind_links(links=[link_document_verify], sources=[Document]) menu_facet.bind_links(links=[link_document_verify], sources=[Document])

12
mayan/apps/document_signatures/links.py
View File

@@ -6,8 +6,8 @@ from navigation import Link
from .models import DocumentVersionSignature from .models import DocumentVersionSignature
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_VERIFY, PERMISSION_SIGNATURE_DELETE, permission_document_verify, permission_signature_delete,
PERMISSION_SIGNATURE_DOWNLOAD, PERMISSION_SIGNATURE_UPLOAD, permission_signature_download, permission_signature_upload,
) )
@@ -19,7 +19,7 @@ def can_delete_detached_signature(context):
return DocumentVersionSignature.objects.has_detached_signature(context['object'].latest_version) return DocumentVersionSignature.objects.has_detached_signature(context['object'].latest_version)
link_document_signature_delete = Link(condition=can_delete_detached_signature, permissions=[PERMISSION_SIGNATURE_DELETE], tags='dangerous', text=_('Delete signature'), view='signatures:document_signature_delete', args='object.pk') link_document_signature_delete = Link(condition=can_delete_detached_signature, permissions=[permission_signature_delete], tags='dangerous', text=_('delete signature'), view='signatures:document_signature_delete', args='object.pk')
link_document_signature_download = Link(condition=can_delete_detached_signature, text=_('Download signature'), view='signatures:document_signature_download', args='object.pk', permissions=[PERMISSION_SIGNATURE_DOWNLOAD]) link_document_signature_download = Link(condition=can_delete_detached_signature, text=_('Download signature'), view='signatures:document_signature_download', args='object.pk', permissions=[permission_signature_download])
link_document_signature_upload = Link(condition=can_upload_detached_signature, permissions=[PERMISSION_SIGNATURE_UPLOAD], text=_('Upload signature'), view='signatures:document_signature_upload', args='object.pk') link_document_signature_upload = Link(condition=can_upload_detached_signature, permissions=[permission_signature_upload], text=_('upload signature'), view='signatures:document_signature_upload', args='object.pk')
link_document_verify = Link(permissions=[PERMISSION_DOCUMENT_VERIFY], text=_('Signatures'), view='signatures:document_verify', args='object.pk') link_document_verify = Link(permissions=[permission_document_verify], text=_('signatures'), view='signatures:document_verify', args='object.pk')

13
mayan/apps/document_signatures/permissions.py
View File

@@ -2,10 +2,11 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
document_signatures_namespace = PermissionNamespace('document_signatures', _('Document signatures')) namespace = PermissionNamespace('document_signatures', _('Document signatures'))
PERMISSION_DOCUMENT_VERIFY = Permission.objects.register(document_signatures_namespace, 'document_verify', _('Verify document signatures'))
PERMISSION_SIGNATURE_DELETE = Permission.objects.register(document_signatures_namespace, 'signature_delete', _('Delete detached signatures')) permission_document_verify = namespace.add_permission(name='document_verify', label=_('Verify document signatures'))
PERMISSION_SIGNATURE_DOWNLOAD = Permission.objects.register(document_signatures_namespace, 'signature_download', _('Download detached signatures')) permission_signature_delete = namespace.add_permission(name='signature_delete', label=_('Delete detached signatures'))
PERMISSION_SIGNATURE_UPLOAD = Permission.objects.register(document_signatures_namespace, 'signature_upload', _('Upload detached signatures')) permission_signature_download = namespace.add_permission(name='signature_download', label=_('Download detached signatures'))
permission_signature_upload = namespace.add_permission(name='signature_upload', label=_('Upload detached signatures'))

20
mayan/apps/document_signatures/views.py
View File

@@ -22,8 +22,8 @@ from permissions.models import Permission
from .forms import DetachedSignatureForm from .forms import DetachedSignatureForm
from .models import DocumentVersionSignature from .models import DocumentVersionSignature
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_VERIFY, PERMISSION_SIGNATURE_UPLOAD, permission_document_verify, permission_signature_upload,
PERMISSION_SIGNATURE_DOWNLOAD, PERMISSION_SIGNATURE_DELETE permission_signature_download, permission_signature_delete
) )
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -33,9 +33,9 @@ def document_verify(request, document_pk):
document = get_object_or_404(Document, pk=document_pk) document = get_object_or_404(Document, pk=document_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VERIFY]) Permission.objects.check_permissions(request.user, [permission_document_verify])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VERIFY, request.user, document) AccessEntry.objects.check_access(permission_document_verify, request.user, document)
document.add_as_recent_document_for_user(request.user) document.add_as_recent_document_for_user(request.user)
@@ -80,9 +80,9 @@ def document_signature_upload(request, document_pk):
document = get_object_or_404(Document, pk=document_pk) document = get_object_or_404(Document, pk=document_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SIGNATURE_UPLOAD]) Permission.objects.check_permissions(request.user, [permission_signature_upload])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_SIGNATURE_UPLOAD, request.user, document) AccessEntry.objects.check_access(permission_signature_upload, request.user, document)
document.add_as_recent_document_for_user(request.user) document.add_as_recent_document_for_user(request.user)
@@ -116,9 +116,9 @@ def document_signature_download(request, document_pk):
document = get_object_or_404(Document, pk=document_pk) document = get_object_or_404(Document, pk=document_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SIGNATURE_DOWNLOAD]) Permission.objects.check_permissions(request.user, [permission_signature_download])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_SIGNATURE_DOWNLOAD, request.user, document) AccessEntry.objects.check_access(permission_signature_download, request.user, document)
try: try:
if DocumentVersionSignature.objects.has_detached_signature(document.latest_version): if DocumentVersionSignature.objects.has_detached_signature(document.latest_version):
@@ -140,9 +140,9 @@ def document_signature_delete(request, document_pk):
document = get_object_or_404(Document, pk=document_pk) document = get_object_or_404(Document, pk=document_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SIGNATURE_DELETE]) Permission.objects.check_permissions(request.user, [permission_signature_delete])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_SIGNATURE_DELETE, request.user, document) AccessEntry.objects.check_access(permission_signature_delete, request.user, document)
document.add_as_recent_document_for_user(request.user) document.add_as_recent_document_for_user(request.user)

14
mayan/apps/document_states/permissions.py
View File

@@ -2,13 +2,13 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
namespace = PermissionNamespace('document_states', _('States')) namespace = PermissionNamespace('document_states', _('States'))
PERMISSION_WORKFLOW_CREATE = Permission.objects.register(namespace, 'workflow_create', _('Create workflows'))
PERMISSION_WORKFLOW_DELETE = Permission.objects.register(namespace, 'workflow_delte', _('Delete workflows'))
PERMISSION_WORKFLOW_EDIT = Permission.objects.register(namespace, 'workflow_edit', _('Edit workflows'))
PERMISSION_WORKFLOW_VIEW = Permission.objects.register(namespace, 'workflow_view', _('View workflows'))
PERMISSION_DOCUMENT_WORKFLOW_VIEW = Permission.objects.register(namespace, 'document_workflow_view', _('View document workflows')) permission_workflow_create = namespace.add_permission(name='workflow_create', label=_('Create workflows'))
PERMISSION_DOCUMENT_WORKFLOW_TRANSITION = Permission.objects.register(namespace, 'document_workflow_transition', _('Transition document workflows')) permission_workflow_delete = namespace.add_permission(name='workflow_delte', label=_('Delete workflows'))
permission_workflow_edit = namespace.add_permission(name='workflow_edit', label=_('Edit workflows'))
permission_workflow_view = namespace.add_permission(name='workflow_view', label=_('View workflows'))
permission_document_workflow_view = namespace.add_permission(name='document_workflow_view', label=_('View document workflows'))
permission_document_workflow_transition = namespace.add_permission(name='document_workflow_transition', label=_('Transition document workflows'))

54
mayan/apps/document_states/views.py
View File

@@ -23,18 +23,18 @@ from .forms import (
) )
from .models import Workflow, WorkflowInstance, WorkflowState, WorkflowTransition from .models import Workflow, WorkflowInstance, WorkflowState, WorkflowTransition
from .permissions import ( from .permissions import (
PERMISSION_WORKFLOW_CREATE, PERMISSION_WORKFLOW_DELETE, permission_workflow_create, permission_workflow_delete,
PERMISSION_WORKFLOW_EDIT, PERMISSION_WORKFLOW_VIEW, permission_workflow_edit, permission_workflow_view,
PERMISSION_DOCUMENT_WORKFLOW_VIEW, PERMISSION_DOCUMENT_WORKFLOW_TRANSITION permission_document_workflow_view, permission_document_workflow_transition
) )
class DocumentWorkflowInstanceListView(SingleObjectListView): class DocumentWorkflowInstanceListView(SingleObjectListView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_WORKFLOW_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_workflow_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_WORKFLOW_VIEW, request.user, self.get_document()) AccessEntry.objects.check_access(permission_document_workflow_view, request.user, self.get_document())
return super(DocumentWorkflowInstanceListView, self).dispatch(request, *args, **kwargs) return super(DocumentWorkflowInstanceListView, self).dispatch(request, *args, **kwargs)
@@ -60,9 +60,9 @@ class DocumentWorkflowInstanceListView(SingleObjectListView):
class WorkflowInstanceDetailView(SingleObjectListView): class WorkflowInstanceDetailView(SingleObjectListView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_WORKFLOW_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_workflow_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_WORKFLOW_VIEW, request.user, self.get_workflow_instance().document) AccessEntry.objects.check_access(permission_document_workflow_view, request.user, self.get_workflow_instance().document)
return super(WorkflowInstanceDetailView, self).dispatch(request, *args, **kwargs) return super(WorkflowInstanceDetailView, self).dispatch(request, *args, **kwargs)
@@ -94,9 +94,9 @@ class WorkflowInstanceTransitionView(FormView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_WORKFLOW_TRANSITION]) Permission.objects.check_permissions(request.user, [permission_document_workflow_transition])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_WORKFLOW_TRANSITION, request.user, self.get_workflow_instance().document) AccessEntry.objects.check_access(permission_document_workflow_transition, request.user, self.get_workflow_instance().document)
return super(WorkflowInstanceTransitionView, self).dispatch(request, *args, **kwargs) return super(WorkflowInstanceTransitionView, self).dispatch(request, *args, **kwargs)
@@ -140,26 +140,26 @@ class SetupWorkflowListView(SingleObjectListView):
'hide_link': True, 'hide_link': True,
} }
model = Workflow model = Workflow
view_permission = PERMISSION_WORKFLOW_VIEW view_permission = permission_workflow_view
class SetupWorkflowCreateView(SingleObjectCreateView): class SetupWorkflowCreateView(SingleObjectCreateView):
form_class = WorkflowForm form_class = WorkflowForm
model = Workflow model = Workflow
view_permission = PERMISSION_WORKFLOW_CREATE view_permission = permission_workflow_create
success_url = reverse_lazy('document_states:setup_workflow_list') success_url = reverse_lazy('document_states:setup_workflow_list')
class SetupWorkflowEditView(SingleObjectEditView): class SetupWorkflowEditView(SingleObjectEditView):
form_class = WorkflowForm form_class = WorkflowForm
model = Workflow model = Workflow
view_permission = PERMISSION_WORKFLOW_EDIT view_permission = permission_workflow_edit
success_url = reverse_lazy('document_states:setup_workflow_list') success_url = reverse_lazy('document_states:setup_workflow_list')
class SetupWorkflowDeleteView(SingleObjectDeleteView): class SetupWorkflowDeleteView(SingleObjectDeleteView):
model = Workflow model = Workflow
view_permission = PERMISSION_WORKFLOW_DELETE view_permission = permission_workflow_delete
success_url = reverse_lazy('document_states:setup_workflow_list') success_url = reverse_lazy('document_states:setup_workflow_list')
@@ -175,9 +175,9 @@ class SetupWorkflowDocumentTypesView(AssignRemoveView):
self.workflow = get_object_or_404(Workflow, pk=self.kwargs['pk']) self.workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_WORKFLOW_EDIT]) Permission.objects.check_permissions(self.request.user, [permission_workflow_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_WORKFLOW_EDIT, self.request.user, self.workflow) AccessEntry.objects.check_access(permission_workflow_edit, self.request.user, self.workflow)
return super(SetupWorkflowDocumentTypesView, self).dispatch(request, *args, **kwargs) return super(SetupWorkflowDocumentTypesView, self).dispatch(request, *args, **kwargs)
@@ -205,9 +205,9 @@ class SetupWorkflowDocumentTypesView(AssignRemoveView):
class SetupWorkflowStateListView(SingleObjectListView): class SetupWorkflowStateListView(SingleObjectListView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_WORKFLOW_EDIT]) Permission.objects.check_permissions(request.user, [permission_workflow_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_WORKFLOW_EDIT, request.user, self.get_workflow()) AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
return super(SetupWorkflowStateListView, self).dispatch(request, *args, **kwargs) return super(SetupWorkflowStateListView, self).dispatch(request, *args, **kwargs)
@@ -235,9 +235,9 @@ class SetupWorkflowStateCreateView(SingleObjectCreateView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_WORKFLOW_EDIT]) Permission.objects.check_permissions(request.user, [permission_workflow_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_WORKFLOW_EDIT, request.user, self.get_workflow()) AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
return super(SetupWorkflowStateCreateView, self).dispatch(request, *args, **kwargs) return super(SetupWorkflowStateCreateView, self).dispatch(request, *args, **kwargs)
@@ -269,7 +269,7 @@ class SetupWorkflowStateCreateView(SingleObjectCreateView):
class SetupWorkflowStateDeleteView(SingleObjectDeleteView): class SetupWorkflowStateDeleteView(SingleObjectDeleteView):
model = WorkflowState model = WorkflowState
view_permission = PERMISSION_WORKFLOW_DELETE view_permission = permission_workflow_delete
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super(SetupWorkflowStateDeleteView, self).get_context_data(**kwargs) context = super(SetupWorkflowStateDeleteView, self).get_context_data(**kwargs)
@@ -291,7 +291,7 @@ class SetupWorkflowStateDeleteView(SingleObjectDeleteView):
class SetupWorkflowStateEditView(SingleObjectEditView): class SetupWorkflowStateEditView(SingleObjectEditView):
form_class = WorkflowStateForm form_class = WorkflowStateForm
model = WorkflowState model = WorkflowState
view_permission = PERMISSION_WORKFLOW_EDIT view_permission = permission_workflow_edit
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super(SetupWorkflowStateEditView, self).get_context_data(**kwargs) context = super(SetupWorkflowStateEditView, self).get_context_data(**kwargs)
@@ -316,9 +316,9 @@ class SetupWorkflowStateEditView(SingleObjectEditView):
class SetupWorkflowTransitionListView(SingleObjectListView): class SetupWorkflowTransitionListView(SingleObjectListView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_WORKFLOW_EDIT]) Permission.objects.check_permissions(request.user, [permission_workflow_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_WORKFLOW_EDIT, request.user, self.get_workflow()) AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
return super(SetupWorkflowTransitionListView, self).dispatch(request, *args, **kwargs) return super(SetupWorkflowTransitionListView, self).dispatch(request, *args, **kwargs)
@@ -346,9 +346,9 @@ class SetupWorkflowTransitionCreateView(SingleObjectCreateView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_WORKFLOW_EDIT]) Permission.objects.check_permissions(request.user, [permission_workflow_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_WORKFLOW_EDIT, request.user, self.get_workflow()) AccessEntry.objects.check_access(permission_workflow_edit, request.user, self.get_workflow())
return super(SetupWorkflowTransitionCreateView, self).dispatch(request, *args, **kwargs) return super(SetupWorkflowTransitionCreateView, self).dispatch(request, *args, **kwargs)
@@ -390,7 +390,7 @@ class SetupWorkflowTransitionCreateView(SingleObjectCreateView):
class SetupWorkflowTransitionDeleteView(SingleObjectDeleteView): class SetupWorkflowTransitionDeleteView(SingleObjectDeleteView):
model = WorkflowTransition model = WorkflowTransition
view_permission = PERMISSION_WORKFLOW_DELETE view_permission = permission_workflow_delete
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super(SetupWorkflowTransitionDeleteView, self).get_context_data(**kwargs) context = super(SetupWorkflowTransitionDeleteView, self).get_context_data(**kwargs)
@@ -412,7 +412,7 @@ class SetupWorkflowTransitionDeleteView(SingleObjectDeleteView):
class SetupWorkflowTransitionEditView(SingleObjectEditView): class SetupWorkflowTransitionEditView(SingleObjectEditView):
form_class = WorkflowTransitionForm form_class = WorkflowTransitionForm
model = WorkflowTransition model = WorkflowTransition
view_permission = PERMISSION_WORKFLOW_EDIT view_permission = permission_workflow_edit
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super(SetupWorkflowTransitionEditView, self).get_context_data(**kwargs) context = super(SetupWorkflowTransitionEditView, self).get_context_data(**kwargs)

54
mayan/apps/documents/api_views.py
View File

@@ -24,11 +24,11 @@ from .models import (
Document, DocumentPage, DocumentType, DocumentVersion, RecentDocument Document, DocumentPage, DocumentType, DocumentVersion, RecentDocument
) )
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_DELETE, permission_document_create, permission_document_delete,
PERMISSION_DOCUMENT_EDIT, PERMISSION_DOCUMENT_NEW_VERSION, permission_document_edit, permission_document_new_version,
PERMISSION_DOCUMENT_PROPERTIES_EDIT, PERMISSION_DOCUMENT_VIEW, permission_document_properties_edit, permission_document_view,
PERMISSION_DOCUMENT_TYPE_CREATE, PERMISSION_DOCUMENT_TYPE_DELETE, permission_document_type_create, permission_document_type_delete,
PERMISSION_DOCUMENT_TYPE_EDIT, PERMISSION_DOCUMENT_TYPE_VIEW permission_document_type_edit, permission_document_type_view
) )
from .serializers import ( from .serializers import (
DocumentImageSerializer, DocumentPageSerializer, DocumentSerializer, DocumentImageSerializer, DocumentPageSerializer, DocumentSerializer,
@@ -50,8 +50,8 @@ class APIDocumentListView(generics.ListAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW], mayan_object_permissions = {'GET': [permission_document_view],
'POST': [PERMISSION_DOCUMENT_CREATE]} 'POST': [permission_document_create]}
def get_serializer_class(self): def get_serializer_class(self):
if self.request.method == 'GET': if self.request.method == 'GET':
@@ -105,10 +105,10 @@ class APIDocumentView(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_DOCUMENT_VIEW], 'GET': [permission_document_view],
'PUT': [PERMISSION_DOCUMENT_PROPERTIES_EDIT], 'PUT': [permission_document_properties_edit],
'PATCH': [PERMISSION_DOCUMENT_PROPERTIES_EDIT], 'PATCH': [permission_document_properties_edit],
'DELETE': [PERMISSION_DOCUMENT_DELETE] 'DELETE': [permission_document_delete]
} }
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):
@@ -137,7 +137,7 @@ class APIDocumentVersionCreateView(generics.CreateAPIView):
queryset = DocumentVersion.objects.all() queryset = DocumentVersion.objects.all()
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_view_permissions = {'POST': [PERMISSION_DOCUMENT_NEW_VERSION]} mayan_view_permissions = {'POST': [permission_document_new_version]}
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.DATA, files=request.FILES) serializer = self.get_serializer(data=request.DATA, files=request.FILES)
@@ -166,7 +166,7 @@ class APIDocumentVersionView(generics.RetrieveAPIView):
queryset = DocumentVersion.objects.all() queryset = DocumentVersion.objects.all()
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]} mayan_object_permissions = {'GET': [permission_document_view]}
mayan_permission_attribute_check = 'document' mayan_permission_attribute_check = 'document'
@@ -184,9 +184,9 @@ class APIDocumentImageView(generics.GenericAPIView):
document = get_object_or_404(Document, pk=pk) document = get_object_or_404(Document, pk=pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) AccessEntry.objects.check_access(permission_document_view, request.user, document)
size = request.GET.get('size', setting_display_size.value) size = request.GET.get('size', setting_display_size.value)
@@ -230,9 +230,9 @@ class APIDocumentPageView(generics.RetrieveUpdateAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_DOCUMENT_VIEW], 'GET': [permission_document_view],
'PUT': [PERMISSION_DOCUMENT_EDIT], 'PUT': [permission_document_edit],
'PATCH': [PERMISSION_DOCUMENT_EDIT] 'PATCH': [permission_document_edit]
} }
mayan_permission_attribute_check = 'document' mayan_permission_attribute_check = 'document'
@@ -255,8 +255,8 @@ class APIDocumentTypeListView(generics.ListCreateAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_TYPE_VIEW]} mayan_object_permissions = {'GET': [permission_document_type_view]}
mayan_view_permissions = {'POST': [PERMISSION_DOCUMENT_TYPE_CREATE]} mayan_view_permissions = {'POST': [permission_document_type_create]}
def get(self, *args, **kwargs): def get(self, *args, **kwargs):
"""Returns a list of all the document types.""" """Returns a list of all the document types."""
@@ -277,10 +277,10 @@ class APIDocumentTypeView(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_DOCUMENT_TYPE_VIEW], 'GET': [permission_document_type_view],
'PUT': [PERMISSION_DOCUMENT_TYPE_EDIT], 'PUT': [permission_document_type_edit],
'PATCH': [PERMISSION_DOCUMENT_TYPE_EDIT], 'PATCH': [permission_document_type_edit],
'DELETE': [PERMISSION_DOCUMENT_TYPE_DELETE] 'DELETE': [permission_document_type_delete]
} }
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):
@@ -306,7 +306,7 @@ class APIDocumentTypeDocumentListView(generics.ListAPIView):
""" """
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]} mayan_object_permissions = {'GET': [permission_document_view]}
def get_serializer_class(self): def get_serializer_class(self):
from documents.serializers import DocumentSerializer from documents.serializers import DocumentSerializer
@@ -315,9 +315,9 @@ class APIDocumentTypeDocumentListView(generics.ListAPIView):
def get_queryset(self): def get_queryset(self):
document_type = get_object_or_404(DocumentType, pk=self.kwargs['pk']) document_type = get_object_or_404(DocumentType, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_TYPE_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_document_type_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_TYPE_VIEW, self.request.user, document_type) AccessEntry.objects.check_access(permission_document_type_view, self.request.user, document_type)
return document_type.documents.all() return document_type.documents.all()

34
mayan/apps/documents/apps.py
View File

@@ -5,7 +5,7 @@ from django.utils.translation import ugettext_lazy as _
from actstream import registry from actstream import registry
from acls.api import class_permissions from acls.api import class_permissions
from acls.permissions import ACLS_VIEW_ACL, ACLS_EDIT_ACL from acls.permissions import acls_view_acl, acls_edit_acl
from common import ( from common import (
MayanAppConfig, MissingItem, menu_facet, menu_front_page, menu_object, MayanAppConfig, MissingItem, menu_facet, menu_front_page, menu_object,
menu_secondary, menu_setup, menu_sidebar, menu_multi_item menu_secondary, menu_setup, menu_sidebar, menu_multi_item
@@ -16,11 +16,11 @@ from common.signals import post_initial_setup
from common.utils import encapsulate from common.utils import encapsulate
from converter.links import link_transformation_list from converter.links import link_transformation_list
from converter.permissions import ( from converter.permissions import (
PERMISSION_TRANSFORMATION_CREATE, permission_transformation_create,
PERMISSION_TRANSFORMATION_DELETE, PERMISSION_TRANSFORMATION_EDIT, permission_transformation_delete, permission_transformation_edit,
PERMISSION_TRANSFORMATION_VIEW, permission_transformation_view,
) )
from events.permissions import PERMISSION_EVENTS_VIEW from events.permissions import permission_events_view
from navigation import SourceColumn from navigation import SourceColumn
from rest_api.classes import APIEndPoint from rest_api.classes import APIEndPoint
from statistics.classes import StatisticNamespace from statistics.classes import StatisticNamespace
@@ -55,10 +55,10 @@ from .models import (
DocumentVersion DocumentVersion
) )
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_DELETE, PERMISSION_DOCUMENT_DOWNLOAD, permission_document_delete, permission_document_download,
PERMISSION_DOCUMENT_EDIT, PERMISSION_DOCUMENT_NEW_VERSION, permission_document_edit, permission_document_new_version,
PERMISSION_DOCUMENT_PRINT, PERMISSION_DOCUMENT_PROPERTIES_EDIT, permission_document_print, permission_document_properties_edit,
PERMISSION_DOCUMENT_VERSION_REVERT, PERMISSION_DOCUMENT_VIEW permission_document_version_revert, permission_document_view
) )
from .settings import setting_thumbnail_size from .settings import setting_thumbnail_size
from .statistics import DocumentStatistics, DocumentUsageStatistics from .statistics import DocumentStatistics, DocumentUsageStatistics
@@ -82,14 +82,14 @@ class DocumentsApp(MayanAppConfig):
]) ])
class_permissions(Document, [ class_permissions(Document, [
ACLS_VIEW_ACL, ACLS_EDIT_ACL, PERMISSION_DOCUMENT_DELETE, acls_view_acl, acls_edit_acl, permission_document_delete,
PERMISSION_DOCUMENT_DOWNLOAD, PERMISSION_DOCUMENT_EDIT, permission_document_download, permission_document_edit,
PERMISSION_DOCUMENT_NEW_VERSION, PERMISSION_DOCUMENT_PRINT, permission_document_new_version, permission_document_print,
PERMISSION_DOCUMENT_PROPERTIES_EDIT, permission_document_properties_edit,
PERMISSION_DOCUMENT_VERSION_REVERT, PERMISSION_DOCUMENT_VIEW, permission_document_version_revert, permission_document_view,
PERMISSION_EVENTS_VIEW, PERMISSION_TRANSFORMATION_CREATE, permission_events_view, permission_transformation_create,
PERMISSION_TRANSFORMATION_DELETE, PERMISSION_TRANSFORMATION_EDIT, permission_transformation_delete, permission_transformation_edit,
PERMISSION_TRANSFORMATION_VIEW, permission_transformation_view,
]) ])
menu_front_page.bind_links(links=[link_document_list_recent, link_document_list]) menu_front_page.bind_links(links=[link_document_list_recent, link_document_list])

100
mayan/apps/documents/links.py
View File

@@ -2,18 +2,18 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from acls.permissions import ACLS_VIEW_ACL from acls.permissions import acls_view_acl
from converter.permissions import PERMISSION_TRANSFORMATION_DELETE from converter.permissions import permission_transformation_delete
from events.permissions import PERMISSION_EVENTS_VIEW from events.permissions import permission_events_view
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_DELETE, PERMISSION_DOCUMENT_DOWNLOAD, permission_document_delete, permission_document_download,
PERMISSION_DOCUMENT_PROPERTIES_EDIT, PERMISSION_DOCUMENT_PRINT, permission_document_properties_edit, permission_document_print,
PERMISSION_DOCUMENT_TOOLS, PERMISSION_DOCUMENT_VERSION_REVERT, permission_document_tools, permission_document_version_revert,
PERMISSION_DOCUMENT_VIEW, PERMISSION_DOCUMENT_TYPE_CREATE, permission_document_view, permission_document_type_create,
PERMISSION_DOCUMENT_TYPE_DELETE, PERMISSION_DOCUMENT_TYPE_EDIT, permission_document_type_delete, permission_document_type_edit,
PERMISSION_DOCUMENT_TYPE_VIEW permission_document_type_view
) )
from .settings import setting_zoom_max_level, setting_zoom_min_level from .settings import setting_zoom_max_level, setting_zoom_min_level
@@ -39,62 +39,62 @@ def is_min_zoom(context):
# Facet # Facet
link_document_acl_list = Link(permissions=[ACLS_VIEW_ACL], text=_('ACLs'), view='documents:document_acl_list', args='object.pk') link_document_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='documents:document_acl_list', args='object.pk')
link_document_events_view = Link(permissions=[PERMISSION_EVENTS_VIEW], text=_('Events'), view='events:events_for_object', args=['"documents"', '"document"', 'object.id']) link_document_events_view = Link(permissions=[permission_events_view], text=_('events'), view='events:events_for_object', args=['"documents"', '"document"', 'object.id'])
link_document_preview = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Preview'), view='documents:document_preview', args='object.id') link_document_preview = Link(permissions=[permission_document_view], text=_('preview'), view='documents:document_preview', args='object.id')
link_document_properties = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Properties'), view='documents:document_properties', args='object.id') link_document_properties = Link(permissions=[permission_document_view], text=_('properties'), view='documents:document_properties', args='object.id')
link_document_version_list = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Versions'), view='documents:document_version_list', args='object.pk') link_document_version_list = Link(permissions=[permission_document_view], text=_('versions'), view='documents:document_version_list', args='object.pk')
link_document_pages = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Pages'), view='documents:document_pages', args='resolved_object.pk') link_document_pages = Link(permissions=[permission_document_view], text=_('pages'), view='documents:document_pages', args='resolved_object.pk')
# Actions # Actions
link_document_clear_transformations = Link(permissions=[PERMISSION_TRANSFORMATION_DELETE], text=_('Clear transformations'), view='documents:document_clear_transformations', args='object.id') link_document_clear_transformations = Link(permissions=[permission_transformation_delete], text=_('clear transformations'), view='documents:document_clear_transformations', args='object.id')
link_document_delete = Link(permissions=[PERMISSION_DOCUMENT_DELETE], tags='dangerous', text=_('Delete'), view='documents:document_delete', args='object.id') link_document_delete = Link(permissions=[permission_document_delete], tags='dangerous', text=_('delete'), view='documents:document_delete', args='object.id')
link_document_edit = Link(permissions=[PERMISSION_DOCUMENT_PROPERTIES_EDIT], text=_('Edit properties'), view='documents:document_edit', args='object.id') link_document_edit = Link(permissions=[permission_document_properties_edit], text=_('edit properties'), view='documents:document_edit', args='object.id')
link_document_document_type_edit = Link(permissions=[PERMISSION_DOCUMENT_PROPERTIES_EDIT], text=_('Change type'), view='documents:document_document_type_edit', args='object.id') link_document_document_type_edit = Link(permissions=[permission_document_properties_edit], text=_('change type'), view='documents:document_document_type_edit', args='object.id')
link_document_download = Link(permissions=[PERMISSION_DOCUMENT_DOWNLOAD], text=_('Download'), view='documents:document_download', args='object.id') link_document_download = Link(permissions=[permission_document_download], text=_('download'), view='documents:document_download', args='object.id')
link_document_print = Link(permissions=[PERMISSION_DOCUMENT_PRINT], text=_('Print'), view='documents:document_print', args='object.id') link_document_print = Link(permissions=[permission_document_print], text=_('print'), view='documents:document_print', args='object.id')
link_document_update_page_count = Link(permissions=[PERMISSION_DOCUMENT_TOOLS], text=_('Reset page count'), view='documents:document_update_page_count', args='object.pk') link_document_update_page_count = Link(permissions=[permission_document_tools], text=_('reset page count'), view='documents:document_update_page_count', args='object.pk')
# Views # Views
link_document_list = Link(icon='fa fa-file', text=_('All documents'), view='documents:document_list') link_document_list = Link(icon='fa fa-file', text=_('All documents'), view='documents:document_list')
link_document_list_recent = Link(icon='fa fa-clock-o', text=_('Recent documents'), view='documents:document_list_recent') link_document_list_recent = Link(icon='fa fa-clock-o', text=_('Recent documents'), view='documents:document_list_recent')
link_document_multiple_clear_transformations = Link(permissions=[PERMISSION_TRANSFORMATION_DELETE], text=_('Clear transformations'), view='documents:document_multiple_clear_transformations') link_document_multiple_clear_transformations = Link(permissions=[permission_transformation_delete], text=_('clear transformations'), view='documents:document_multiple_clear_transformations')
link_document_multiple_delete = Link(permissions=[PERMISSION_DOCUMENT_DELETE], tags='dangerous', text=_('Delete'), view='documents:document_multiple_delete') link_document_multiple_delete = Link(permissions=[permission_document_delete], tags='dangerous', text=_('delete'), view='documents:document_multiple_delete')
link_document_multiple_document_type_edit = Link(permissions=[PERMISSION_DOCUMENT_PROPERTIES_EDIT], text=_('Change type'), view='documents:document_multiple_document_type_edit') link_document_multiple_document_type_edit = Link(permissions=[permission_document_properties_edit], text=_('change type'), view='documents:document_multiple_document_type_edit')
link_document_multiple_download = Link(permissions=[PERMISSION_DOCUMENT_DOWNLOAD], text=_('Download'), view='documents:document_multiple_download') link_document_multiple_download = Link(permissions=[permission_document_download], text=_('download'), view='documents:document_multiple_download')
link_document_multiple_update_page_count = Link(permissions=[PERMISSION_DOCUMENT_TOOLS], text=_('Reset page count'), view='documents:document_multiple_update_page_count') link_document_multiple_update_page_count = Link(permissions=[permission_document_tools], text=_('reset page count'), view='documents:document_multiple_update_page_count')
link_document_version_download = Link(args='object.pk', permissions=[PERMISSION_DOCUMENT_DOWNLOAD], text=_('Download'), view='documents:document_version_download') link_document_version_download = Link(args='object.pk', permissions=[permission_document_download], text=_('download'), view='documents:document_version_download')
# Tools # Tools
link_clear_image_cache = Link( link_clear_image_cache = Link(
description=_('Clear the graphics representations used to speed up the documents\' display and interactive transformations results.'), description=_('Clear the graphics representations used to speed up the documents\' display and interactive transformations results.'),
permissions=[PERMISSION_DOCUMENT_TOOLS], text=_('Clear the document image cache'), permissions=[permission_document_tools], text=_('Clear the document image cache'),
view='documents:document_clear_image_cache' view='documents:document_clear_image_cache'
) )
# Document pages # Document pages
link_document_page_navigation_first = Link(conditional_disable=is_first_page, icon='fa fa-step-backward', keep_query=True, permissions=[PERMISSION_DOCUMENT_VIEW], text=_('First page'), view='documents:document_page_navigation_first', args='resolved_object.pk') link_document_page_navigation_first = Link(conditional_disable=is_first_page, icon='fa fa-step-backward', keep_query=True, permissions=[permission_document_view], text=_('first page'), view='documents:document_page_navigation_first', args='resolved_object.pk')
link_document_page_navigation_last = Link(conditional_disable=is_last_page, icon='fa fa-step-forward', keep_query=True, text=_('Last page'), permissions=[PERMISSION_DOCUMENT_VIEW], view='documents:document_page_navigation_last', args='resolved_object.pk') link_document_page_navigation_last = Link(conditional_disable=is_last_page, icon='fa fa-step-forward', keep_query=True, text=_('Last page'), permissions=[permission_document_view], view='documents:document_page_navigation_last', args='resolved_object.pk')
link_document_page_navigation_previous = Link(conditional_disable=is_first_page, icon='fa fa-arrow-left', keep_query=True, permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Previous page'), view='documents:document_page_navigation_previous', args='resolved_object.pk') link_document_page_navigation_previous = Link(conditional_disable=is_first_page, icon='fa fa-arrow-left', keep_query=True, permissions=[permission_document_view], text=_('previous page'), view='documents:document_page_navigation_previous', args='resolved_object.pk')
link_document_page_navigation_next = Link(conditional_disable=is_last_page, icon='fa fa-arrow-right', keep_query=True, text=_('Next page'), permissions=[PERMISSION_DOCUMENT_VIEW], view='documents:document_page_navigation_next', args='resolved_object.pk') link_document_page_navigation_next = Link(conditional_disable=is_last_page, icon='fa fa-arrow-right', keep_query=True, text=_('Next page'), permissions=[permission_document_view], view='documents:document_page_navigation_next', args='resolved_object.pk')
link_document_page_return = Link(icon='fa fa-file', permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Document'), view='documents:document_preview', args='resolved_object.document.pk') link_document_page_return = Link(icon='fa fa-file', permissions=[permission_document_view], text=_('document'), view='documents:document_preview', args='resolved_object.document.pk')
link_document_page_rotate_left = Link(icon='fa fa-rotate-left', permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Rotate left'), view='documents:document_page_rotate_left', args='resolved_object.pk') link_document_page_rotate_left = Link(icon='fa fa-rotate-left', permissions=[permission_document_view], text=_('rotate left'), view='documents:document_page_rotate_left', args='resolved_object.pk')
link_document_page_rotate_right = Link(icon='fa fa-rotate-right', permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Rotate right'), view='documents:document_page_rotate_right', args='resolved_object.pk') link_document_page_rotate_right = Link(icon='fa fa-rotate-right', permissions=[permission_document_view], text=_('rotate right'), view='documents:document_page_rotate_right', args='resolved_object.pk')
link_document_page_view = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Page image'), view='documents:document_page_view', args='resolved_object.pk') link_document_page_view = Link(permissions=[permission_document_view], text=_('page image'), view='documents:document_page_view', args='resolved_object.pk')
link_document_page_view_reset = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Reset view'), view='documents:document_page_view_reset', args='resolved_object.pk') link_document_page_view_reset = Link(permissions=[permission_document_view], text=_('reset view'), view='documents:document_page_view_reset', args='resolved_object.pk')
link_document_page_zoom_in = Link(conditional_disable=is_max_zoom, icon='fa fa-search-plus', permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Zoom in'), view='documents:document_page_zoom_in', args='resolved_object.pk') link_document_page_zoom_in = Link(conditional_disable=is_max_zoom, icon='fa fa-search-plus', permissions=[permission_document_view], text=_('zoom in'), view='documents:document_page_zoom_in', args='resolved_object.pk')
link_document_page_zoom_out = Link(conditional_disable=is_min_zoom, icon='fa fa-search-minus', permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Zoom out'), view='documents:document_page_zoom_out', args='resolved_object.pk') link_document_page_zoom_out = Link(conditional_disable=is_min_zoom, icon='fa fa-search-minus', permissions=[permission_document_view], text=_('zoom out'), view='documents:document_page_zoom_out', args='resolved_object.pk')
# Document versions # Document versions
link_document_version_revert = Link(condition=is_not_current_version, permissions=[PERMISSION_DOCUMENT_VERSION_REVERT], tags='dangerous', text=_('Revert'), view='documents:document_version_revert', args='object.pk') link_document_version_revert = Link(condition=is_not_current_version, permissions=[permission_document_version_revert], tags='dangerous', text=_('revert'), view='documents:document_version_revert', args='object.pk')
# Document type related links # Document type related links
link_document_type_create = Link(permissions=[PERMISSION_DOCUMENT_TYPE_CREATE], text=_('Create document type'), view='documents:document_type_create') link_document_type_create = Link(permissions=[permission_document_type_create], text=_('create document type'), view='documents:document_type_create')
link_document_type_delete = Link(permissions=[PERMISSION_DOCUMENT_TYPE_DELETE], tags='dangerous', text=_('Delete'), view='documents:document_type_delete', args='resolved_object.id') link_document_type_delete = Link(permissions=[permission_document_type_delete], tags='dangerous', text=_('delete'), view='documents:document_type_delete', args='resolved_object.id')
link_document_type_edit = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], text=_('Edit'), view='documents:document_type_edit', args='resolved_object.id') link_document_type_edit = Link(permissions=[permission_document_type_edit], text=_('edit'), view='documents:document_type_edit', args='resolved_object.id')
link_document_type_filename_create = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], text=_('Add filename to document type'), view='documents:document_type_filename_create', args='document_type.id') link_document_type_filename_create = Link(permissions=[permission_document_type_edit], text=_('add filename to document type'), view='documents:document_type_filename_create', args='document_type.id')
link_document_type_filename_delete = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], tags='dangerous', text=_('Delete'), view='documents:document_type_filename_delete', args='resolved_object.id') link_document_type_filename_delete = Link(permissions=[permission_document_type_edit], tags='dangerous', text=_('delete'), view='documents:document_type_filename_delete', args='resolved_object.id')
link_document_type_filename_edit = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], text=_('Edit'), view='documents:document_type_filename_edit', args='resolved_object.id') link_document_type_filename_edit = Link(permissions=[permission_document_type_edit], text=_('edit'), view='documents:document_type_filename_edit', args='resolved_object.id')
link_document_type_filename_list = Link(permissions=[PERMISSION_DOCUMENT_TYPE_VIEW], text=_('Filenames'), view='documents:document_type_filename_list', args='resolved_object.id') link_document_type_filename_list = Link(permissions=[permission_document_type_view], text=_('filenames'), view='documents:document_type_filename_list', args='resolved_object.id')
link_document_type_list = Link(permissions=[PERMISSION_DOCUMENT_TYPE_VIEW], text=_('Document types'), view='documents:document_type_list') link_document_type_list = Link(permissions=[permission_document_type_view], text=_('document types'), view='documents:document_type_list')
link_document_type_setup = Link(icon='fa fa-file', permissions=[PERMISSION_DOCUMENT_TYPE_VIEW], text=_('Document types'), view='documents:document_type_list') link_document_type_setup = Link(icon='fa fa-file', permissions=[permission_document_type_view], text=_('document types'), view='documents:document_type_list')

34
mayan/apps/documents/permissions.py
View File

@@ -2,24 +2,24 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
document_namespace = PermissionNamespace('documents', _('Documents')) namespace = PermissionNamespace('documents', _('Documents'))
PERMISSION_DOCUMENT_CREATE = Permission.objects.register(document_namespace, 'document_create', _('Create documents')) permission_document_create = namespace.add_permission(name='document_create', label=_('Create documents'))
PERMISSION_DOCUMENT_DELETE = Permission.objects.register(document_namespace, 'document_delete', _('Delete documents')) permission_document_delete = namespace.add_permission(name='document_delete', label=_('Delete documents'))
PERMISSION_DOCUMENT_DOWNLOAD = Permission.objects.register(document_namespace, 'document_download', _('Download documents')) permission_document_download = namespace.add_permission(name='document_download', label=_('Download documents'))
PERMISSION_DOCUMENT_EDIT = Permission.objects.register(document_namespace, 'document_edit', _('Edit documents')) permission_document_edit = namespace.add_permission(name='document_edit', label=_('Edit documents'))
PERMISSION_DOCUMENT_NEW_VERSION = Permission.objects.register(document_namespace, 'document_new_version', _('Create new document versions')) permission_document_new_version = namespace.add_permission(name='document_new_version', label=_('Create new document versions'))
PERMISSION_DOCUMENT_PROPERTIES_EDIT = Permission.objects.register(document_namespace, 'document_properties_edit', _('Edit document properties')) permission_document_properties_edit = namespace.add_permission(name='document_properties_edit', label=_('Edit document properties'))
PERMISSION_DOCUMENT_PRINT = Permission.objects.register(document_namespace, 'document_print', _('Can print documents')) permission_document_print = namespace.add_permission(name='document_print', label=_('Can print documents'))
PERMISSION_DOCUMENT_TOOLS = Permission.objects.register(document_namespace, 'document_tools', _('Execute document modifying tools')) permission_document_tools = namespace.add_permission(name='document_tools', label=_('Execute document modifying tools'))
PERMISSION_DOCUMENT_VERSION_REVERT = Permission.objects.register(document_namespace, 'document_version_revert', _('Revert documents to a previous version')) permission_document_version_revert = namespace.add_permission(name='document_version_revert', label=_('Revert documents to a previous version'))
PERMISSION_DOCUMENT_VIEW = Permission.objects.register(document_namespace, 'document_view', _('View documents')) permission_document_view = namespace.add_permission(name='document_view', label=_('View documents'))
documents_setup_namespace = PermissionNamespace('documents_setup', _('Documents setup')) setup_namespace = PermissionNamespace('documents_setup', label=_('Documents setup'))
PERMISSION_DOCUMENT_TYPE_CREATE = Permission.objects.register(documents_setup_namespace, 'document_type_create', _('Create document types')) permission_document_type_create = setup_namespace.add_permission(name='document_type_create', label=_('Create document types'))
PERMISSION_DOCUMENT_TYPE_DELETE = Permission.objects.register(documents_setup_namespace, 'document_type_delete', _('Delete document types')) permission_document_type_delete = setup_namespace.add_permission(name='document_type_delete', label=_('Delete document types'))
PERMISSION_DOCUMENT_TYPE_EDIT = Permission.objects.register(documents_setup_namespace, 'document_type_edit', _('Edit document types')) permission_document_type_edit = setup_namespace.add_permission(name='document_type_edit', label=_('Edit document types'))
PERMISSION_DOCUMENT_TYPE_VIEW = Permission.objects.register(documents_setup_namespace, 'document_type_view', _('View document types')) permission_document_type_view = setup_namespace.add_permission(name='document_type_view', label=_('View document types'))

4
mayan/apps/documents/search.py
View File

@@ -4,9 +4,9 @@ from django.utils.translation import ugettext_lazy as _
from dynamic_search.classes import SearchModel from dynamic_search.classes import SearchModel
from .permissions import PERMISSION_DOCUMENT_VIEW from .permissions import permission_document_view
document_search = SearchModel('documents', 'Document', permission=PERMISSION_DOCUMENT_VIEW, serializer_string='documents.serializers.DocumentSerializer') document_search = SearchModel('documents', 'Document', permission=permission_document_view, serializer_string='documents.serializers.DocumentSerializer')
document_search.add_model_field(field='document_type__name', label=_('Document type')) document_search.add_model_field(field='document_type__name', label=_('Document type'))
document_search.add_model_field(field='versions__mimetype', label=_('MIME type')) document_search.add_model_field(field='versions__mimetype', label=_('MIME type'))

112
mayan/apps/documents/views.py
View File

@@ -24,7 +24,7 @@ from converter.literals import (
DEFAULT_PAGE_NUMBER, DEFAULT_ROTATION, DEFAULT_ZOOM_LEVEL DEFAULT_PAGE_NUMBER, DEFAULT_ROTATION, DEFAULT_ZOOM_LEVEL
) )
from converter.models import Transformation from converter.models import Transformation
from converter.permissions import PERMISSION_TRANSFORMATION_DELETE from converter.permissions import permission_transformation_delete
from filetransfers.api import serve_file from filetransfers.api import serve_file
from permissions.models import Permission from permissions.models import Permission
@@ -42,12 +42,12 @@ from .models import (
DocumentVersion, RecentDocument DocumentVersion, RecentDocument
) )
from .permissions import ( from .permissions import (
PERMISSION_DOCUMENT_DELETE, PERMISSION_DOCUMENT_DOWNLOAD, permission_document_delete, permission_document_download,
PERMISSION_DOCUMENT_PRINT, PERMISSION_DOCUMENT_PROPERTIES_EDIT, permission_document_print, permission_document_properties_edit,
PERMISSION_DOCUMENT_TOOLS, PERMISSION_DOCUMENT_TYPE_CREATE, permission_document_tools, permission_document_type_create,
PERMISSION_DOCUMENT_TYPE_DELETE, PERMISSION_DOCUMENT_TYPE_EDIT, permission_document_type_delete, permission_document_type_edit,
PERMISSION_DOCUMENT_TYPE_VIEW, PERMISSION_DOCUMENT_VERSION_REVERT, permission_document_type_view, permission_document_version_revert,
PERMISSION_DOCUMENT_VIEW, permission_document_view,
) )
from .settings import ( from .settings import (
setting_preview_size, setting_recent_count, setting_rotation_step, setting_preview_size, setting_recent_count, setting_rotation_step,
@@ -67,12 +67,12 @@ class DocumentListView(SingleObjectListView):
'hide_links': True, 'hide_links': True,
'title': _('All documents'), 'title': _('All documents'),
} }
object_permission = PERMISSION_DOCUMENT_VIEW object_permission = permission_document_view
queryset = Document.objects.all() queryset = Document.objects.all()
class DocumentPageListView(ParentChildListView): class DocumentPageListView(ParentChildListView):
object_permission = PERMISSION_DOCUMENT_VIEW object_permission = permission_document_view
parent_queryset = Document.objects.all() parent_queryset = Document.objects.all()
def get_queryset(self): def get_queryset(self):
@@ -105,13 +105,13 @@ def document_list(request, object_list=None, title=None, extra_context=None):
pre_object_list = object_list if not (object_list is None) else Document.objects.all() pre_object_list = object_list if not (object_list is None) else Document.objects.all()
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
# If user doesn't have global permission, get a list of document # If user doesn't have global permission, get a list of document
# for which he/she does hace access use it to filter the # for which he/she does hace access use it to filter the
# provided object_list # provided object_list
final_object_list = AccessEntry.objects.filter_objects_by_access( final_object_list = AccessEntry.objects.filter_objects_by_access(
PERMISSION_DOCUMENT_VIEW, request.user, pre_object_list) permission_document_view, request.user, pre_object_list)
else: else:
final_object_list = pre_object_list final_object_list = pre_object_list
@@ -131,9 +131,9 @@ def document_properties(request, document_id):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) AccessEntry.objects.check_access(permission_document_view, request.user, document)
document.add_as_recent_document_for_user(request.user) document.add_as_recent_document_for_user(request.user)
@@ -168,9 +168,9 @@ def document_preview(request, document_id):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) AccessEntry.objects.check_access(permission_document_view, request.user, document)
document.add_as_recent_document_for_user(request.user) document.add_as_recent_document_for_user(request.user)
@@ -199,9 +199,9 @@ def document_delete(request, document_id=None, document_id_list=None):
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_DELETE]) Permission.objects.check_permissions(request.user, [permission_document_delete])
except PermissionDenied: except PermissionDenied:
documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_DELETE, request.user, documents, exception_on_empty=True) documents = AccessEntry.objects.filter_objects_by_access(permission_document_delete, request.user, documents, exception_on_empty=True)
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -245,9 +245,9 @@ def document_multiple_delete(request):
def document_edit(request, document_id): def document_edit(request, document_id):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_PROPERTIES_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_properties_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_PROPERTIES_EDIT, request.user, document) AccessEntry.objects.check_access(permission_document_properties_edit, request.user, document)
if request.method == 'POST': if request.method == 'POST':
form = DocumentForm(request.POST, instance=document) form = DocumentForm(request.POST, instance=document)
@@ -290,9 +290,9 @@ def document_document_type_edit(request, document_id=None, document_id_list=None
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_PROPERTIES_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_properties_edit])
except PermissionDenied: except PermissionDenied:
documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_PROPERTIES_EDIT, request.user, documents, exception_on_empty=True) documents = AccessEntry.objects.filter_objects_by_access(permission_document_properties_edit, request.user, documents, exception_on_empty=True)
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -340,9 +340,9 @@ def document_multiple_document_type_edit(request):
def get_document_image(request, document_id, size=setting_preview_size.value): def get_document_image(request, document_id, size=setting_preview_size.value):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) AccessEntry.objects.check_access(permission_document_view, request.user, document)
page = int(request.GET.get('page', DEFAULT_PAGE_NUMBER)) page = int(request.GET.get('page', DEFAULT_PAGE_NUMBER))
@@ -376,9 +376,9 @@ def document_download(request, document_id=None, document_id_list=None, document
document_versions = [get_object_or_404(DocumentVersion, pk=document_version_pk)] document_versions = [get_object_or_404(DocumentVersion, pk=document_version_pk)]
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_DOWNLOAD]) Permission.objects.check_permissions(request.user, [permission_document_download])
except PermissionDenied: except PermissionDenied:
document_versions = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_DOWNLOAD, request.user, document_versions, related='document', exception_on_empty=True) document_versions = AccessEntry.objects.filter_objects_by_access(permission_document_download, request.user, document_versions, related='document', exception_on_empty=True)
subtemplates_list = [] subtemplates_list = []
subtemplates_list.append( subtemplates_list.append(
@@ -484,9 +484,9 @@ def document_update_page_count(request, document_id=None, document_id_list=None)
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TOOLS]) Permission.objects.check_permissions(request.user, [permission_document_tools])
except PermissionDenied: except PermissionDenied:
documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_DOCUMENT_TOOLS, request.user, documents, exception_on_empty=True) documents = AccessEntry.objects.filter_objects_by_access(permission_document_tools, request.user, documents, exception_on_empty=True)
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -536,9 +536,9 @@ def document_clear_transformations(request, document_id=None, document_id_list=N
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TRANSFORMATION_DELETE]) Permission.objects.check_permissions(request.user, [permission_transformation_delete])
except PermissionDenied: except PermissionDenied:
documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_TRANSFORMATION_DELETE, request.user, documents, exception_on_empty=True) documents = AccessEntry.objects.filter_objects_by_access(permission_transformation_delete, request.user, documents, exception_on_empty=True)
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list')))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list')))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
@@ -582,9 +582,9 @@ def document_page_view(request, document_page_id):
document_page = get_object_or_404(DocumentPage, pk=document_page_id) document_page = get_object_or_404(DocumentPage, pk=document_page_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
zoom = int(request.GET.get('zoom', DEFAULT_ZOOM_LEVEL)) zoom = int(request.GET.get('zoom', DEFAULT_ZOOM_LEVEL))
rotation = int(request.GET.get('rotation', DEFAULT_ROTATION)) rotation = int(request.GET.get('rotation', DEFAULT_ROTATION))
@@ -617,9 +617,9 @@ def document_page_navigation_next(request, document_page_id):
document_page = get_object_or_404(DocumentPage, pk=document_page_id) document_page = get_object_or_404(DocumentPage, pk=document_page_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name
@@ -635,9 +635,9 @@ def document_page_navigation_previous(request, document_page_id):
document_page = get_object_or_404(DocumentPage, pk=document_page_id) document_page = get_object_or_404(DocumentPage, pk=document_page_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name
@@ -654,9 +654,9 @@ def document_page_navigation_first(request, document_page_id):
document_page = get_object_or_404(document_page.siblings, page_number=1) document_page = get_object_or_404(document_page.siblings, page_number=1)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name
@@ -668,9 +668,9 @@ def document_page_navigation_last(request, document_page_id):
document_page = get_object_or_404(document_page.siblings, page_number=document_page.siblings.count()) document_page = get_object_or_404(document_page.siblings, page_number=document_page.siblings.count())
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name
@@ -681,9 +681,9 @@ def transform_page(request, document_page_id, zoom_function=None, rotation_funct
document_page = get_object_or_404(DocumentPage, pk=document_page_id) document_page = get_object_or_404(DocumentPage, pk=document_page_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document_page.document) AccessEntry.objects.check_access(permission_document_view, request.user, document_page.document)
view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name
@@ -744,9 +744,9 @@ def document_print(request, document_id):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_PRINT]) Permission.objects.check_permissions(request.user, [permission_document_print])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_PRINT, request.user, document) AccessEntry.objects.check_access(permission_document_print, request.user, document)
document.add_as_recent_document_for_user(request.user) document.add_as_recent_document_for_user(request.user)
@@ -784,7 +784,7 @@ def document_print(request, document_id):
def document_type_list(request): def document_type_list(request):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_type_view])
context = { context = {
'object_list': DocumentType.objects.all(), 'object_list': DocumentType.objects.all(),
@@ -800,7 +800,7 @@ def document_type_list(request):
def document_type_edit(request, document_type_id): def document_type_edit(request, document_type_id):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_type_edit])
document_type = get_object_or_404(DocumentType, pk=document_type_id) document_type = get_object_or_404(DocumentType, pk=document_type_id)
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse('documents:document_type_list')))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse('documents:document_type_list'))))
@@ -827,7 +827,7 @@ def document_type_edit(request, document_type_id):
def document_type_delete(request, document_type_id): def document_type_delete(request, document_type_id):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_DELETE]) Permission.objects.check_permissions(request.user, [permission_document_type_delete])
document_type = get_object_or_404(DocumentType, pk=document_type_id) document_type = get_object_or_404(DocumentType, pk=document_type_id)
post_action_redirect = reverse('documents:document_type_list') post_action_redirect = reverse('documents:document_type_list')
@@ -860,7 +860,7 @@ def document_type_delete(request, document_type_id):
def document_type_create(request): def document_type_create(request):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_CREATE]) Permission.objects.check_permissions(request.user, [permission_document_type_create])
if request.method == 'POST': if request.method == 'POST':
form = DocumentTypeForm(request.POST) form = DocumentTypeForm(request.POST)
@@ -882,7 +882,7 @@ def document_type_create(request):
def document_type_filename_list(request, document_type_id): def document_type_filename_list(request, document_type_id):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_type_view])
document_type = get_object_or_404(DocumentType, pk=document_type_id) document_type = get_object_or_404(DocumentType, pk=document_type_id)
context = { context = {
@@ -904,7 +904,7 @@ def document_type_filename_list(request, document_type_id):
def document_type_filename_edit(request, document_type_filename_id): def document_type_filename_edit(request, document_type_filename_id):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_type_edit])
document_type_filename = get_object_or_404(DocumentTypeFilename, pk=document_type_filename_id) document_type_filename = get_object_or_404(DocumentTypeFilename, pk=document_type_filename_id)
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse('documents:document_type_filename_list', args=[document_type_filename.document_type_id])))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse('documents:document_type_filename_list', args=[document_type_filename.document_type_id]))))
@@ -936,7 +936,7 @@ def document_type_filename_edit(request, document_type_filename_id):
def document_type_filename_delete(request, document_type_filename_id): def document_type_filename_delete(request, document_type_filename_id):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_type_edit])
document_type_filename = get_object_or_404(DocumentTypeFilename, pk=document_type_filename_id) document_type_filename = get_object_or_404(DocumentTypeFilename, pk=document_type_filename_id)
post_action_redirect = reverse('documents:document_type_filename_list', args=[document_type_filename.document_type_id]) post_action_redirect = reverse('documents:document_type_filename_list', args=[document_type_filename.document_type_id])
@@ -971,7 +971,7 @@ def document_type_filename_delete(request, document_type_filename_id):
def document_type_filename_create(request, document_type_id): def document_type_filename_create(request, document_type_id):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_type_edit])
document_type = get_object_or_404(DocumentType, pk=document_type_id) document_type = get_object_or_404(DocumentType, pk=document_type_id)
@@ -1002,7 +1002,7 @@ def document_type_filename_create(request, document_type_id):
def document_clear_image_cache(request): def document_clear_image_cache(request):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TOOLS]) Permission.objects.check_permissions(request.user, [permission_document_tools])
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -1022,9 +1022,9 @@ def document_version_list(request, document_pk):
document = get_object_or_404(Document, pk=document_pk) document = get_object_or_404(Document, pk=document_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) AccessEntry.objects.check_access(permission_document_view, request.user, document)
document.add_as_recent_document_for_user(request.user) document.add_as_recent_document_for_user(request.user)
@@ -1062,9 +1062,9 @@ def document_version_revert(request, document_version_pk):
document_version = get_object_or_404(DocumentVersion, pk=document_version_pk) document_version = get_object_or_404(DocumentVersion, pk=document_version_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VERSION_REVERT]) Permission.objects.check_permissions(request.user, [permission_document_version_revert])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VERSION_REVERT, request.user, document_version.document) AccessEntry.objects.check_access(permission_document_version_revert, request.user, document_version.document)
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))

6
mayan/apps/events/permissions.py
View File

@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
events_namespace = PermissionNamespace('events', _('Events')) namespace = PermissionNamespace('events', _('Events'))
PERMISSION_EVENTS_VIEW = Permission.objects.register(events_namespace, 'events_view', _('Access the events of an object')) permission_events_view = namespace.add_permission(name='events_view', label=_('Access the events of an object'))

14
mayan/apps/events/views.py
View File

@@ -14,7 +14,7 @@ from common.utils import encapsulate
from permissions.models import Permission from permissions.models import Permission
from .classes import Event from .classes import Event
from .permissions import PERMISSION_EVENTS_VIEW from .permissions import permission_events_view
from .widgets import event_object_link from .widgets import event_object_link
@@ -33,9 +33,9 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb=
content_object = get_object_or_404(model, pk=object_id) content_object = get_object_or_404(model, pk=object_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_EVENTS_VIEW]) Permission.objects.check_permissions(request.user, [permission_events_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_EVENTS_VIEW, request.user, content_object) AccessEntry.objects.check_access(permission_events_view, request.user, content_object)
context.update({ context.update({
'object_list': any_stream(content_object), 'object_list': any_stream(content_object),
@@ -46,12 +46,12 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb=
pre_object_list = Action.objects.filter(verb=verb) pre_object_list = Action.objects.filter(verb=verb)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_EVENTS_VIEW]) Permission.objects.check_permissions(request.user, [permission_events_view])
except PermissionDenied: except PermissionDenied:
# If user doesn't have global permission, get a list of document # If user doesn't have global permission, get a list of document
# for which he/she does hace access use it to filter the # for which he/she does hace access use it to filter the
# provided object_list # provided object_list
object_list = AccessEntry.objects.filter_objects_by_access(PERMISSION_EVENTS_VIEW, request.user, pre_object_list, related='content_object') object_list = AccessEntry.objects.filter_objects_by_access(permission_events_view, request.user, pre_object_list, related='content_object')
else: else:
object_list = pre_object_list object_list = pre_object_list
@@ -63,12 +63,12 @@ def events_list(request, app_label=None, module_name=None, object_id=None, verb=
pre_object_list = Action.objects.all() pre_object_list = Action.objects.all()
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_EVENTS_VIEW]) Permission.objects.check_permissions(request.user, [permission_events_view])
except PermissionDenied: except PermissionDenied:
# If user doesn't have global permission, get a list of document # If user doesn't have global permission, get a list of document
# for which he/she does hace access use it to filter the # for which he/she does hace access use it to filter the
# provided object_list # provided object_list
object_list = AccessEntry.objects.filter_objects_by_access(PERMISSION_EVENTS_VIEW, request.user, pre_object_list, related='content_object') object_list = AccessEntry.objects.filter_objects_by_access(permission_events_view, request.user, pre_object_list, related='content_object')
else: else:
object_list = pre_object_list object_list = pre_object_list

40
mayan/apps/folders/api_views.py
View File

@@ -8,16 +8,16 @@ from rest_framework.response import Response
from acls.models import AccessEntry from acls.models import AccessEntry
from documents.models import Document from documents.models import Document
from documents.permissions import PERMISSION_DOCUMENT_VIEW from documents.permissions import permission_document_view
from permissions.models import Permission from permissions.models import Permission
from rest_api.filters import MayanObjectPermissionsFilter from rest_api.filters import MayanObjectPermissionsFilter
from rest_api.permissions import MayanPermission from rest_api.permissions import MayanPermission
from .models import Folder from .models import Folder
from .permissions import ( from .permissions import (
PERMISSION_FOLDER_ADD_DOCUMENT, PERMISSION_FOLDER_CREATE, permission_folder_add_document, permission_folder_create,
PERMISSION_FOLDER_DELETE, PERMISSION_FOLDER_EDIT, permission_folder_delete, permission_folder_edit,
PERMISSION_FOLDER_REMOVE_DOCUMENT, PERMISSION_FOLDER_VIEW permission_folder_remove_document, permission_folder_view
) )
from .serializers import FolderSerializer from .serializers import FolderSerializer
@@ -28,8 +28,8 @@ class APIFolderListView(generics.ListCreateAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_FOLDER_VIEW]} mayan_object_permissions = {'GET': [permission_folder_view]}
mayan_view_permissions = {'POST': [PERMISSION_FOLDER_CREATE]} mayan_view_permissions = {'POST': [permission_folder_create]}
def get(self, *args, **kwargs): def get(self, *args, **kwargs):
"""Returns a list of all the folders.""" """Returns a list of all the folders."""
@@ -60,10 +60,10 @@ class APIFolderView(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_FOLDER_VIEW], 'GET': [permission_folder_view],
'PUT': [PERMISSION_FOLDER_EDIT], 'PUT': [permission_folder_edit],
'PATCH': [PERMISSION_FOLDER_EDIT], 'PATCH': [permission_folder_edit],
'DELETE': [PERMISSION_FOLDER_DELETE] 'DELETE': [permission_folder_delete]
} }
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):
@@ -87,7 +87,7 @@ class APIFolderDocumentListView(generics.ListAPIView):
"""Returns a list of all the documents contained in a particular folder.""" """Returns a list of all the documents contained in a particular folder."""
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]} mayan_object_permissions = {'GET': [permission_document_view]}
def get_serializer_class(self): def get_serializer_class(self):
from documents.serializers import DocumentSerializer from documents.serializers import DocumentSerializer
@@ -96,9 +96,9 @@ class APIFolderDocumentListView(generics.ListAPIView):
def get_queryset(self): def get_queryset(self):
folder = get_object_or_404(Folder, pk=self.kwargs['pk']) folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_FOLDER_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_folder_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_FOLDER_VIEW, self.request.user, folder) AccessEntry.objects.check_access(permission_folder_view, self.request.user, folder)
return folder.documents.all() return folder.documents.all()
@@ -109,14 +109,14 @@ class APIDocumentFolderListView(generics.ListAPIView):
serializer_class = FolderSerializer serializer_class = FolderSerializer
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_FOLDER_VIEW]} mayan_object_permissions = {'GET': [permission_folder_view]}
def get_queryset(self): def get_queryset(self):
document = get_object_or_404(Document, pk=self.kwargs['pk']) document = get_object_or_404(Document, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, self.request.user, document) AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
queryset = document.folders.all() queryset = document.folders.all()
return queryset return queryset
@@ -129,9 +129,9 @@ class APIFolderDocumentView(views.APIView):
folder = get_object_or_404(Folder, pk=self.kwargs['pk']) folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_REMOVE_DOCUMENT]) Permission.objects.check_permissions(request.user, [permission_folder_remove_document])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_FOLDER_REMOVE_DOCUMENT, request.user, folder) AccessEntry.objects.check_access(permission_folder_remove_document, request.user, folder)
document = get_object_or_404(Document, pk=self.kwargs['document_pk']) document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
folder.documents.remove(document) folder.documents.remove(document)
@@ -143,9 +143,9 @@ class APIFolderDocumentView(views.APIView):
folder = get_object_or_404(Folder, pk=self.kwargs['pk']) folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_ADD_DOCUMENT]) Permission.objects.check_permissions(request.user, [permission_folder_add_document])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_FOLDER_ADD_DOCUMENT, request.user, folder) AccessEntry.objects.check_access(permission_folder_add_document, request.user, folder)
document = get_object_or_404(Document, pk=self.kwargs['document_pk']) document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
folder.documents.add(document) folder.documents.add(document)

14
mayan/apps/folders/apps.py
View File

@@ -3,7 +3,7 @@ from __future__ import unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from acls.api import class_permissions from acls.api import class_permissions
from acls.permissions import ACLS_EDIT_ACL, ACLS_VIEW_ACL from acls.permissions import acls_edit_acl, acls_view_acl
from common import ( from common import (
MayanAppConfig, menu_facet, menu_main, menu_object, menu_secondary, MayanAppConfig, menu_facet, menu_main, menu_object, menu_secondary,
menu_sidebar, menu_multi_item menu_sidebar, menu_multi_item
@@ -22,9 +22,9 @@ from .links import (
) )
from .models import Folder from .models import Folder
from .permissions import ( from .permissions import (
PERMISSION_FOLDER_ADD_DOCUMENT, PERMISSION_FOLDER_DELETE, permission_folder_add_document, permission_folder_delete,
PERMISSION_FOLDER_EDIT, PERMISSION_FOLDER_REMOVE_DOCUMENT, permission_folder_edit, permission_folder_remove_document,
PERMISSION_FOLDER_VIEW permission_folder_view
) )
@@ -38,12 +38,12 @@ class FoldersApp(MayanAppConfig):
APIEndPoint('folders') APIEndPoint('folders')
class_permissions(Document, [ class_permissions(Document, [
PERMISSION_FOLDER_ADD_DOCUMENT, PERMISSION_FOLDER_REMOVE_DOCUMENT permission_folder_add_document, permission_folder_remove_document
]) ])
class_permissions(Folder, [ class_permissions(Folder, [
ACLS_EDIT_ACL, ACLS_VIEW_ACL, PERMISSION_FOLDER_DELETE, acls_edit_acl, acls_view_acl, permission_folder_delete,
PERMISSION_FOLDER_EDIT, PERMISSION_FOLDER_VIEW permission_folder_edit, permission_folder_view
]) ])
menu_facet.bind_links(links=[link_document_folder_list], sources=[Document]) menu_facet.bind_links(links=[link_document_folder_list], sources=[Document])

6
mayan/apps/folders/forms.py
View File

@@ -10,7 +10,7 @@ from acls.models import AccessEntry
from permissions.models import Permission from permissions.models import Permission
from .models import Folder from .models import Folder
from .permissions import PERMISSION_FOLDER_VIEW from .permissions import permission_folder_view
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -29,9 +29,9 @@ class FolderListForm(forms.Form):
queryset = Folder.objects.all() queryset = Folder.objects.all()
try: try:
Permission.objects.check_permissions(user, [PERMISSION_FOLDER_VIEW]) Permission.objects.check_permissions(user, [permission_folder_view])
except PermissionDenied: except PermissionDenied:
queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_FOLDER_VIEW, user, queryset) queryset = AccessEntry.objects.filter_objects_by_access(permission_folder_view, user, queryset)
self.fields['folder'] = forms.ModelChoiceField( self.fields['folder'] = forms.ModelChoiceField(
queryset=queryset, queryset=queryset,

26
mayan/apps/folders/links.py
View File

@@ -2,23 +2,23 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from acls.permissions import ACLS_VIEW_ACL from acls.permissions import acls_view_acl
from documents.permissions import PERMISSION_DOCUMENT_VIEW from documents.permissions import permission_document_view
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_FOLDER_ADD_DOCUMENT, PERMISSION_FOLDER_CREATE, permission_folder_add_document, permission_folder_create,
PERMISSION_FOLDER_DELETE, PERMISSION_FOLDER_EDIT, PERMISSION_FOLDER_VIEW, permission_folder_delete, permission_folder_edit, permission_folder_view,
PERMISSION_FOLDER_REMOVE_DOCUMENT permission_folder_remove_document
) )
link_document_folder_list = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Folders'), view='folders:document_folder_list', args='object.pk') link_document_folder_list = Link(permissions=[permission_document_view], text=_('folders'), view='folders:document_folder_list', args='object.pk')
link_folder_acl_list = Link(permissions=[ACLS_VIEW_ACL], text=_('ACLs'), view='folders:folder_acl_list', args='object.pk') link_folder_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='folders:folder_acl_list', args='object.pk')
link_folder_add_document = Link(permissions=[PERMISSION_FOLDER_ADD_DOCUMENT], text=_('Add to a folder'), view='folders:folder_add_document', args='object.pk') link_folder_add_document = Link(permissions=[permission_folder_add_document], text=_('add to a folder'), view='folders:folder_add_document', args='object.pk')
link_folder_add_multiple_documents = Link(text=_('Add to folder'), view='folders:folder_add_multiple_documents') link_folder_add_multiple_documents = Link(text=_('Add to folder'), view='folders:folder_add_multiple_documents')
link_folder_create = Link(permissions=[PERMISSION_FOLDER_CREATE], text=_('Create folder'), view='folders:folder_create') link_folder_create = Link(permissions=[permission_folder_create], text=_('create folder'), view='folders:folder_create')
link_folder_delete = Link(permissions=[PERMISSION_FOLDER_DELETE], tags='dangerous', text=_('Delete'), view='folders:folder_delete', args='object.pk') link_folder_delete = Link(permissions=[permission_folder_delete], tags='dangerous', text=_('delete'), view='folders:folder_delete', args='object.pk')
link_folder_document_multiple_remove = Link(permissions=[PERMISSION_FOLDER_REMOVE_DOCUMENT], text=_('Remove from folder'), view='folders:folder_document_multiple_remove', args='object.pk') link_folder_document_multiple_remove = Link(permissions=[permission_folder_remove_document], text=_('remove from folder'), view='folders:folder_document_multiple_remove', args='object.pk')
link_folder_edit = Link(permissions=[PERMISSION_FOLDER_EDIT], text=_('Edit'), view='folders:folder_edit', args='object.pk') link_folder_edit = Link(permissions=[permission_folder_edit], text=_('edit'), view='folders:folder_edit', args='object.pk')
link_folder_list = Link(icon='fa fa-folder', text=_('Folders'), view='folders:folder_list') link_folder_list = Link(icon='fa fa-folder', text=_('Folders'), view='folders:folder_list')
link_folder_view = Link(permissions=[PERMISSION_FOLDER_VIEW], text=_('Documents'), view='folders:folder_view', args='object.pk') link_folder_view = Link(permissions=[permission_folder_view], text=_('documents'), view='folders:folder_view', args='object.pk')

16
mayan/apps/folders/permissions.py
View File

@@ -2,13 +2,13 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
folder_namespace = PermissionNamespace('folders', _('Folders')) namespace = PermissionNamespace('folders', _('Folders'))
PERMISSION_FOLDER_CREATE = Permission.objects.register(folder_namespace, 'folder_create', _('Create new folders')) permission_folder_create = namespace.add_permission(name='folder_create', label=_('Create new folders'))
PERMISSION_FOLDER_EDIT = Permission.objects.register(folder_namespace, 'folder_edit', _('Edit new folders')) permission_folder_edit = namespace.add_permission(name='folder_edit', label=_('Edit new folders'))
PERMISSION_FOLDER_DELETE = Permission.objects.register(folder_namespace, 'folder_delete', _('Delete new folders')) permission_folder_delete = namespace.add_permission(name='folder_delete', label=_('Delete new folders'))
PERMISSION_FOLDER_REMOVE_DOCUMENT = Permission.objects.register(folder_namespace, 'folder_remove_document', _('Remove documents from folders')) permission_folder_remove_document = namespace.add_permission(name='folder_remove_document', label=_('Remove documents from folders'))
PERMISSION_FOLDER_VIEW = Permission.objects.register(folder_namespace, 'folder_view', _('View existing folders')) permission_folder_view = namespace.add_permission(name='folder_view', label=_('View existing folders'))
PERMISSION_FOLDER_ADD_DOCUMENT = Permission.objects.register(folder_namespace, 'folder_add_document', _('Add documents to existing folders')) permission_folder_add_document = namespace.add_permission(name='folder_add_document', label=_('Add documents to existing folders'))

40
mayan/apps/folders/views.py
View File

@@ -15,7 +15,7 @@ from acls.models import AccessEntry
from acls.utils import apply_default_acls from acls.utils import apply_default_acls
from acls.views import acl_list_for from acls.views import acl_list_for
from common.views import SingleObjectListView from common.views import SingleObjectListView
from documents.permissions import PERMISSION_DOCUMENT_VIEW from documents.permissions import permission_document_view
from documents.models import Document from documents.models import Document
from documents.views import DocumentListView from documents.views import DocumentListView
from permissions.models import Permission from permissions.models import Permission
@@ -23,9 +23,9 @@ from permissions.models import Permission
from .forms import FolderForm, FolderListForm from .forms import FolderForm, FolderListForm
from .models import Folder from .models import Folder
from .permissions import ( from .permissions import (
PERMISSION_FOLDER_ADD_DOCUMENT, PERMISSION_FOLDER_CREATE, permission_folder_add_document, permission_folder_create,
PERMISSION_FOLDER_DELETE, PERMISSION_FOLDER_EDIT, PERMISSION_FOLDER_VIEW, permission_folder_delete, permission_folder_edit, permission_folder_view,
PERMISSION_FOLDER_REMOVE_DOCUMENT permission_folder_remove_document
) )
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -33,7 +33,7 @@ logger = logging.getLogger(__name__)
class FolderListView(SingleObjectListView): class FolderListView(SingleObjectListView):
model = Folder model = Folder
object_permission = PERMISSION_FOLDER_VIEW object_permission = permission_folder_view
def get_extra_context(self): def get_extra_context(self):
return { return {
@@ -43,7 +43,7 @@ class FolderListView(SingleObjectListView):
def folder_create(request): def folder_create(request):
Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_CREATE]) Permission.objects.check_permissions(request.user, [permission_folder_create])
if request.method == 'POST': if request.method == 'POST':
form = FolderForm(request.POST) form = FolderForm(request.POST)
@@ -68,9 +68,9 @@ def folder_edit(request, folder_id):
folder = get_object_or_404(Folder, pk=folder_id) folder = get_object_or_404(Folder, pk=folder_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_EDIT]) Permission.objects.check_permissions(request.user, [permission_folder_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_FOLDER_EDIT, request.user, folder) AccessEntry.objects.check_access(permission_folder_edit, request.user, folder)
if request.method == 'POST': if request.method == 'POST':
form = FolderForm(data=request.POST, instance=folder) form = FolderForm(data=request.POST, instance=folder)
@@ -95,9 +95,9 @@ def folder_delete(request, folder_id):
folder = get_object_or_404(Folder, pk=folder_id) folder = get_object_or_404(Folder, pk=folder_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_DELETE]) Permission.objects.check_permissions(request.user, [permission_folder_delete])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_FOLDER_DELETE, request.user, folder) AccessEntry.objects.check_access(permission_folder_delete, request.user, folder)
post_action_redirect = reverse('folders:folder_list') post_action_redirect = reverse('folders:folder_list')
@@ -131,9 +131,9 @@ class FolderDetailView(DocumentListView):
folder = get_object_or_404(Folder, pk=self.kwargs['pk']) folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_FOLDER_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_folder_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_FOLDER_VIEW, self.request.user, folder) AccessEntry.objects.check_access(permission_folder_view, self.request.user, folder)
return folder return folder
@@ -159,9 +159,9 @@ def folder_add_document(request, document_id=None, document_id_list=None):
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_ADD_DOCUMENT]) Permission.objects.check_permissions(request.user, [permission_folder_add_document])
except PermissionDenied: except PermissionDenied:
documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_FOLDER_ADD_DOCUMENT, request.user, documents) documents = AccessEntry.objects.filter_objects_by_access(permission_folder_add_document, request.user, documents)
post_action_redirect = None post_action_redirect = None
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -207,9 +207,9 @@ def document_folder_list(request, document_id):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) AccessEntry.objects.check_access(permission_document_view, request.user, document)
context = { context = {
'hide_link': True, 'hide_link': True,
@@ -220,9 +220,9 @@ def document_folder_list(request, document_id):
queryset = document.folders.all() queryset = document.folders.all()
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_VIEW]) Permission.objects.check_permissions(request.user, [permission_folder_view])
except PermissionDenied: except PermissionDenied:
queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_FOLDER_VIEW, request.user, queryset) queryset = AccessEntry.objects.filter_objects_by_access(permission_folder_view, request.user, queryset)
context['object_list'] = queryset context['object_list'] = queryset
@@ -245,9 +245,9 @@ def folder_document_remove(request, folder_id, document_id=None, document_id_lis
logger.debug('folder_documents (pre permission check): %s', folder_documents) logger.debug('folder_documents (pre permission check): %s', folder_documents)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_REMOVE_DOCUMENT]) Permission.objects.check_permissions(request.user, [permission_folder_remove_document])
except PermissionDenied: except PermissionDenied:
folder_documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_FOLDER_REMOVE_DOCUMENT, request.user, folder_documents, exception_on_empty=True) folder_documents = AccessEntry.objects.filter_objects_by_access(permission_folder_remove_document, request.user, folder_documents, exception_on_empty=True)
logger.debug('folder_documents (post permission check): %s', folder_documents) logger.debug('folder_documents (post permission check): %s', folder_documents)

8
mayan/apps/installation/links.py
View File

@@ -4,8 +4,8 @@ from django.utils.translation import ugettext_lazy as _
from navigation import Link from navigation import Link
from .permissions import PERMISSION_INSTALLATION_DETAILS from .permissions import permission_installation_details
link_menu_link = Link(icon='fa fa-check-square-o', permissions=[PERMISSION_INSTALLATION_DETAILS], text=_('Installation details'), view='installation:namespace_list') link_menu_link = Link(icon='fa fa-check-square-o', permissions=[permission_installation_details], text=_('installation details'), view='installation:namespace_list')
link_namespace_details = Link(permissions=[PERMISSION_INSTALLATION_DETAILS], text=_('Details'), view='installation:namespace_details', args='object.id') link_namespace_details = Link(permissions=[permission_installation_details], text=_('details'), view='installation:namespace_details', args='object.id')
link_namespace_list = Link(permissions=[PERMISSION_INSTALLATION_DETAILS], text=_('Installation property namespaces'), view='installation:namespace_list') link_namespace_list = Link(permissions=[permission_installation_details], text=_('installation property namespaces'), view='installation:namespace_list')

4
mayan/apps/installation/permissions.py
View File

@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
namespace = PermissionNamespace('installation', _('Installation')) namespace = PermissionNamespace('installation', _('Installation'))
PERMISSION_INSTALLATION_DETAILS = Permission.objects.register(namespace, 'installation_details', _('View installation environment details')) permission_installation_details = namespace.add_permission(name='installation_details', label=_('View installation environment details'))

6
mayan/apps/installation/views.py
View File

@@ -7,11 +7,11 @@ from django.utils.translation import ugettext_lazy as _
from permissions.models import Permission from permissions.models import Permission
from .classes import PropertyNamespace from .classes import PropertyNamespace
from .permissions import PERMISSION_INSTALLATION_DETAILS from .permissions import permission_installation_details
def namespace_list(request): def namespace_list(request):
Permission.objects.check_permissions(request.user, [PERMISSION_INSTALLATION_DETAILS]) Permission.objects.check_permissions(request.user, [permission_installation_details])
return render_to_response('appearance/generic_list.html', { return render_to_response('appearance/generic_list.html', {
'object_list': PropertyNamespace.get_all(), 'object_list': PropertyNamespace.get_all(),
@@ -21,7 +21,7 @@ def namespace_list(request):
def namespace_details(request, namespace_id): def namespace_details(request, namespace_id):
Permission.objects.check_permissions(request.user, [PERMISSION_INSTALLATION_DETAILS]) Permission.objects.check_permissions(request.user, [permission_installation_details])
namespace = PropertyNamespace.get(namespace_id) namespace = PropertyNamespace.get(namespace_id)
object_list = namespace.get_properties() object_list = namespace.get_properties()

10
mayan/apps/linking/apps.py
View File

@@ -3,7 +3,7 @@ from __future__ import unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from acls.api import class_permissions from acls.api import class_permissions
from acls.permissions import ACLS_EDIT_ACL, ACLS_VIEW_ACL from acls.permissions import acls_edit_acl, acls_view_acl
from common import ( from common import (
MayanAppConfig, menu_facet, menu_object, menu_secondary, menu_setup, MayanAppConfig, menu_facet, menu_object, menu_secondary, menu_setup,
menu_sidebar menu_sidebar
@@ -22,8 +22,8 @@ from .links import (
) )
from .models import SmartLink, SmartLinkCondition from .models import SmartLink, SmartLinkCondition
from .permissions import ( from .permissions import (
PERMISSION_SMART_LINK_DELETE, PERMISSION_SMART_LINK_EDIT, permission_smart_link_delete, permission_smart_link_edit,
PERMISSION_SMART_LINK_VIEW permission_smart_link_view
) )
@@ -35,8 +35,8 @@ class LinkingApp(MayanAppConfig):
super(LinkingApp, self).ready() super(LinkingApp, self).ready()
class_permissions(SmartLink, [ class_permissions(SmartLink, [
ACLS_EDIT_ACL, ACLS_VIEW_ACL, PERMISSION_SMART_LINK_DELETE, acls_edit_acl, acls_view_acl, permission_smart_link_delete,
PERMISSION_SMART_LINK_EDIT, PERMISSION_SMART_LINK_VIEW permission_smart_link_edit, permission_smart_link_view
]) ])
menu_facet.bind_links(links=[link_smart_link_instances_for_document], sources=[Document]) menu_facet.bind_links(links=[link_smart_link_instances_for_document], sources=[Document])

34
mayan/apps/linking/links.py
View File

@@ -2,25 +2,25 @@ from __future__ import unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from acls.permissions import ACLS_VIEW_ACL from acls.permissions import acls_view_acl
from documents.permissions import PERMISSION_DOCUMENT_VIEW from documents.permissions import permission_document_view
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_SMART_LINK_CREATE, PERMISSION_SMART_LINK_DELETE, permission_smart_link_create, permission_smart_link_delete,
PERMISSION_SMART_LINK_EDIT, PERMISSION_SMART_LINK_VIEW permission_smart_link_edit, permission_smart_link_view
) )
link_smart_link_acl_list = Link(permissions=[ACLS_VIEW_ACL], text=_('ACLs'), view='linking:smart_link_acl_list', args='object.pk') link_smart_link_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='linking:smart_link_acl_list', args='object.pk')
link_smart_link_condition_create = Link(permissions=[PERMISSION_SMART_LINK_EDIT], text=_('Create condition'), view='linking:smart_link_condition_create', args='object.pk') link_smart_link_condition_create = Link(permissions=[permission_smart_link_edit], text=_('create condition'), view='linking:smart_link_condition_create', args='object.pk')
link_smart_link_condition_delete = Link(permissions=[PERMISSION_SMART_LINK_EDIT], tags='dangerous', text=_('Delete'), view='linking:smart_link_condition_delete', args='resolved_object.pk') link_smart_link_condition_delete = Link(permissions=[permission_smart_link_edit], tags='dangerous', text=_('delete'), view='linking:smart_link_condition_delete', args='resolved_object.pk')
link_smart_link_condition_edit = Link(permissions=[PERMISSION_SMART_LINK_EDIT], text=_('Edit'), view='linking:smart_link_condition_edit', args='resolved_object.pk') link_smart_link_condition_edit = Link(permissions=[permission_smart_link_edit], text=_('edit'), view='linking:smart_link_condition_edit', args='resolved_object.pk')
link_smart_link_condition_list = Link(permissions=[PERMISSION_SMART_LINK_EDIT], text=_('Conditions'), view='linking:smart_link_condition_list', args='object.pk') link_smart_link_condition_list = Link(permissions=[permission_smart_link_edit], text=_('conditions'), view='linking:smart_link_condition_list', args='object.pk')
link_smart_link_create = Link(permissions=[PERMISSION_SMART_LINK_CREATE], text=_('Create new smart link'), view='linking:smart_link_create') link_smart_link_create = Link(permissions=[permission_smart_link_create], text=_('create new smart link'), view='linking:smart_link_create')
link_smart_link_delete = Link(permissions=[PERMISSION_SMART_LINK_DELETE], tags='dangerous', text=_('Delete'), view='linking:smart_link_delete', args='object.pk') link_smart_link_delete = Link(permissions=[permission_smart_link_delete], tags='dangerous', text=_('delete'), view='linking:smart_link_delete', args='object.pk')
link_smart_link_document_types = Link(permissions=[PERMISSION_SMART_LINK_EDIT], text=_('Document types'), view='linking:smart_link_document_types', args='object.pk') link_smart_link_document_types = Link(permissions=[permission_smart_link_edit], text=_('document types'), view='linking:smart_link_document_types', args='object.pk')
link_smart_link_edit = Link(permissions=[PERMISSION_SMART_LINK_EDIT], text=_('Edit'), view='linking:smart_link_edit', args='object.pk') link_smart_link_edit = Link(permissions=[permission_smart_link_edit], text=_('edit'), view='linking:smart_link_edit', args='object.pk')
link_smart_link_instance_view = Link(permissions=[PERMISSION_SMART_LINK_VIEW], text=_('Documents'), view='linking:smart_link_instance_view', args=['document.pk', 'object.smart_link.pk']) link_smart_link_instance_view = Link(permissions=[permission_smart_link_view], text=_('documents'), view='linking:smart_link_instance_view', args=['document.pk', 'object.smart_link.pk'])
link_smart_link_instances_for_document = Link(permissions=[PERMISSION_DOCUMENT_VIEW], text=_('Smart links'), view='linking:smart_link_instances_for_document', args='object.pk') link_smart_link_instances_for_document = Link(permissions=[permission_document_view], text=_('smart links'), view='linking:smart_link_instances_for_document', args='object.pk')
link_smart_link_list = Link(permissions=[PERMISSION_SMART_LINK_CREATE], text=_('Smart links'), view='linking:smart_link_list') link_smart_link_list = Link(permissions=[permission_smart_link_create], text=_('smart links'), view='linking:smart_link_list')
link_smart_link_setup = Link(icon='fa fa-link', permissions=[PERMISSION_SMART_LINK_CREATE], text=_('Smart links'), view='linking:smart_link_list') link_smart_link_setup = Link(icon='fa fa-link', permissions=[permission_smart_link_create], text=_('smart links'), view='linking:smart_link_list')

12
mayan/apps/linking/permissions.py
View File

@@ -2,11 +2,11 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
linking_namespace = PermissionNamespace('linking', _('Smart links')) namespace = PermissionNamespace('linking', _('Smart links'))
PERMISSION_SMART_LINK_VIEW = Permission.objects.register(linking_namespace, 'smart_link_view', _('View existing smart links')) permission_smart_link_view = namespace.add_permission(name='smart_link_view', label=_('View existing smart links'))
PERMISSION_SMART_LINK_CREATE = Permission.objects.register(linking_namespace, 'smart_link_create', _('Create new smart links')) permission_smart_link_create = namespace.add_permission(name='smart_link_create', label=_('Create new smart links'))
PERMISSION_SMART_LINK_DELETE = Permission.objects.register(linking_namespace, 'smart_link_delete', _('Delete smart links')) permission_smart_link_delete = namespace.add_permission(name='smart_link_delete', label=_('Delete smart links'))
PERMISSION_SMART_LINK_EDIT = Permission.objects.register(linking_namespace, 'smart_link_edit', _('Edit smart links')) permission_smart_link_edit = namespace.add_permission(name='smart_link_edit', label=_('Edit smart links'))

46
mayan/apps/linking/views.py
View File

@@ -24,8 +24,8 @@ from permissions.models import Permission
from .forms import SmartLinkConditionForm, SmartLinkForm from .forms import SmartLinkConditionForm, SmartLinkForm
from .models import SmartLink, SmartLinkCondition from .models import SmartLink, SmartLinkCondition
from .permissions import ( from .permissions import (
PERMISSION_SMART_LINK_CREATE, PERMISSION_SMART_LINK_DELETE, permission_smart_link_create, permission_smart_link_delete,
PERMISSION_SMART_LINK_EDIT, PERMISSION_SMART_LINK_VIEW permission_smart_link_edit, permission_smart_link_view
) )
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -41,9 +41,9 @@ class SetupSmartLinkDocumentTypesView(AssignRemoveView):
self.smart_link = get_object_or_404(SmartLink, pk=self.kwargs['smart_link_pk']) self.smart_link = get_object_or_404(SmartLink, pk=self.kwargs['smart_link_pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_SMART_LINK_EDIT]) Permission.objects.check_permissions(self.request.user, [permission_smart_link_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_SMART_LINK_EDIT, self.request.user, self.smart_link) AccessEntry.objects.check_access(permission_smart_link_edit, self.request.user, self.smart_link)
return super(SetupSmartLinkDocumentTypesView, self).dispatch(request, *args, **kwargs) return super(SetupSmartLinkDocumentTypesView, self).dispatch(request, *args, **kwargs)
@@ -71,9 +71,9 @@ def smart_link_instance_view(request, document_id, smart_link_pk):
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk) smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_VIEW]) Permission.objects.check_permissions(request.user, [permission_smart_link_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_SMART_LINK_VIEW, request.user, smart_link) AccessEntry.objects.check_access(permission_smart_link_view, request.user, smart_link)
try: try:
object_list = smart_link.get_linked_document_for(document) object_list = smart_link.get_linked_document_for(document)
@@ -106,9 +106,9 @@ def smart_link_instances_for_document(request, document_id):
) )
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_VIEW]) Permission.objects.check_permissions(request.user, [permission_smart_link_view])
except PermissionDenied: except PermissionDenied:
smart_links = AccessEntry.objects.filter_objects_by_access(PERMISSION_SMART_LINK_VIEW, request.user, queryset) smart_links = AccessEntry.objects.filter_objects_by_access(permission_smart_link_view, request.user, queryset)
else: else:
smart_links = queryset smart_links = queryset
@@ -141,9 +141,9 @@ def smart_link_list(request):
qs = SmartLink.objects.all() qs = SmartLink.objects.all()
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_VIEW]) Permission.objects.check_permissions(request.user, [permission_smart_link_view])
except PermissionDenied: except PermissionDenied:
qs = AccessEntry.objects.filter_objects_by_access(PERMISSION_SMART_LINK_VIEW, request.user, qs) qs = AccessEntry.objects.filter_objects_by_access(permission_smart_link_view, request.user, qs)
return render_to_response('appearance/generic_list.html', { return render_to_response('appearance/generic_list.html', {
'title': _('Smart links'), 'title': _('Smart links'),
@@ -158,7 +158,7 @@ def smart_link_list(request):
def smart_link_create(request): def smart_link_create(request):
Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_CREATE]) Permission.objects.check_permissions(request.user, [permission_smart_link_create])
if request.method == 'POST': if request.method == 'POST':
form = SmartLinkForm(request.POST) form = SmartLinkForm(request.POST)
@@ -180,9 +180,9 @@ def smart_link_edit(request, smart_link_pk):
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk) smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_EDIT]) Permission.objects.check_permissions(request.user, [permission_smart_link_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_SMART_LINK_EDIT, request.user, smart_link) AccessEntry.objects.check_access(permission_smart_link_edit, request.user, smart_link)
if request.method == 'POST': if request.method == 'POST':
form = SmartLinkForm(request.POST, instance=smart_link) form = SmartLinkForm(request.POST, instance=smart_link)
@@ -204,9 +204,9 @@ def smart_link_delete(request, smart_link_pk):
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk) smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_DELETE]) Permission.objects.check_permissions(request.user, [permission_smart_link_delete])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_SMART_LINK_DELETE, request.user, smart_link) AccessEntry.objects.check_access(permission_smart_link_delete, request.user, smart_link)
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -235,9 +235,9 @@ def smart_link_condition_list(request, smart_link_pk):
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk) smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_EDIT]) Permission.objects.check_permissions(request.user, [permission_smart_link_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_accesses([PERMISSION_SMART_LINK_EDIT], request.user, smart_link) AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link)
return render_to_response('appearance/generic_list.html', { return render_to_response('appearance/generic_list.html', {
'title': _('Conditions for smart link: %s') % smart_link, 'title': _('Conditions for smart link: %s') % smart_link,
@@ -254,9 +254,9 @@ def smart_link_condition_create(request, smart_link_pk):
smart_link = get_object_or_404(SmartLink, pk=smart_link_pk) smart_link = get_object_or_404(SmartLink, pk=smart_link_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_EDIT]) Permission.objects.check_permissions(request.user, [permission_smart_link_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_accesses([PERMISSION_SMART_LINK_EDIT], request.user, smart_link) AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link)
if request.method == 'POST': if request.method == 'POST':
form = SmartLinkConditionForm(data=request.POST) form = SmartLinkConditionForm(data=request.POST)
@@ -280,9 +280,9 @@ def smart_link_condition_edit(request, smart_link_condition_pk):
smart_link_condition = get_object_or_404(SmartLinkCondition, pk=smart_link_condition_pk) smart_link_condition = get_object_or_404(SmartLinkCondition, pk=smart_link_condition_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_EDIT]) Permission.objects.check_permissions(request.user, [permission_smart_link_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_accesses([PERMISSION_SMART_LINK_EDIT], request.user, smart_link_condition.smart_link) AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link_condition.smart_link)
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -311,9 +311,9 @@ def smart_link_condition_delete(request, smart_link_condition_pk):
smart_link_condition = get_object_or_404(SmartLinkCondition, pk=smart_link_condition_pk) smart_link_condition = get_object_or_404(SmartLinkCondition, pk=smart_link_condition_pk)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_SMART_LINK_EDIT]) Permission.objects.check_permissions(request.user, [permission_smart_link_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_accesses([PERMISSION_SMART_LINK_EDIT], request.user, smart_link_condition.smart_link) AccessEntry.objects.check_accesses([permission_smart_link_edit], request.user, smart_link_condition.smart_link)
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))

4
mayan/apps/mailer/apps.py
View File

@@ -8,7 +8,7 @@ from documents.models import Document
from .links import link_send_document_link, link_send_document from .links import link_send_document_link, link_send_document
from .permissions import ( from .permissions import (
PERMISSION_MAILING_LINK, PERMISSION_MAILING_SEND_DOCUMENT permission_mailing_link, permission_mailing_send_document
) )
@@ -20,7 +20,7 @@ class MailerApp(MayanAppConfig):
super(MailerApp, self).ready() super(MailerApp, self).ready()
class_permissions(Document, [ class_permissions(Document, [
PERMISSION_MAILING_LINK, PERMISSION_MAILING_SEND_DOCUMENT permission_mailing_link, permission_mailing_send_document
]) ])
menu_object.bind_links(links=[link_send_document_link, link_send_document], sources=[Document]) menu_object.bind_links(links=[link_send_document_link, link_send_document], sources=[Document])

6
mayan/apps/mailer/links.py
View File

@@ -4,7 +4,7 @@ from django.utils.translation import ugettext_lazy as _
from navigation import Link from navigation import Link
from .permissions import PERMISSION_MAILING_LINK, PERMISSION_MAILING_SEND_DOCUMENT from .permissions import permission_mailing_link, permission_mailing_send_document
link_send_document = Link(permissions=[PERMISSION_MAILING_SEND_DOCUMENT], text=_('Email document'), view='mailer:send_document', args='object.pk') link_send_document = Link(permissions=[permission_mailing_send_document], text=_('email document'), view='mailer:send_document', args='object.pk')
link_send_document_link = Link(permissions=[PERMISSION_MAILING_LINK], text=_('Email link'), view='mailer:send_document_link', args='object.pk') link_send_document_link = Link(permissions=[permission_mailing_link], text=_('email link'), view='mailer:send_document_link', args='object.pk')

8
mayan/apps/mailer/permissions.py
View File

@@ -2,9 +2,9 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import Permission, PermissionNamespace from permissions.models import PermissionNamespace
mailer_namespace = PermissionNamespace('mailing', _('Mailing')) namespace = PermissionNamespace('mailing', _('Mailing'))
PERMISSION_MAILING_LINK = Permission.objects.register(mailer_namespace, 'mail_link', _('Send document link via email')) permission_mailing_link = namespace.add_permission(name='mail_link', label=_('Send document link via email'))
PERMISSION_MAILING_SEND_DOCUMENT = Permission.objects.register(mailer_namespace, 'mail_document', _('Send document via email')) permission_mailing_send_document = namespace.add_permission(name='mail_document', label=_('Send document via email'))

6
mayan/apps/mailer/views.py
View File

@@ -17,7 +17,7 @@ from permissions.models import Permission
from .forms import DocumentMailForm from .forms import DocumentMailForm
from .permissions import ( from .permissions import (
PERMISSION_MAILING_LINK, PERMISSION_MAILING_SEND_DOCUMENT permission_mailing_link, permission_mailing_send_document
) )
from .tasks import task_send_document from .tasks import task_send_document
@@ -29,9 +29,9 @@ def send_document_link(request, document_id=None, document_id_list=None, as_atta
documents = [get_object_or_404(Document, pk=document_id) for document_id in document_id_list.split(',')] documents = [get_object_or_404(Document, pk=document_id) for document_id in document_id_list.split(',')]
if as_attachment: if as_attachment:
permission = PERMISSION_MAILING_SEND_DOCUMENT permission = permission_mailing_send_document
else: else:
permission = PERMISSION_MAILING_LINK permission = permission_mailing_link
try: try:
Permission.objects.check_permissions(request.user, [permission]) Permission.objects.check_permissions(request.user, [permission])

52
mayan/apps/metadata/api_views.py
View File

@@ -9,7 +9,7 @@ from rest_framework.response import Response
from acls.models import AccessEntry from acls.models import AccessEntry
from documents.models import Document, DocumentType from documents.models import Document, DocumentType
from documents.permissions import ( from documents.permissions import (
PERMISSION_DOCUMENT_TYPE_VIEW, PERMISSION_DOCUMENT_TYPE_EDIT permission_document_type_view, permission_document_type_edit
) )
from permissions.models import Permission from permissions.models import Permission
from rest_api.filters import MayanObjectPermissionsFilter from rest_api.filters import MayanObjectPermissionsFilter
@@ -17,10 +17,10 @@ from rest_api.permissions import MayanPermission
from .models import DocumentMetadata, MetadataType from .models import DocumentMetadata, MetadataType
from .permissions import ( from .permissions import (
PERMISSION_METADATA_DOCUMENT_ADD, PERMISSION_METADATA_DOCUMENT_REMOVE, permission_metadata_document_add, permission_metadata_document_remove,
PERMISSION_METADATA_DOCUMENT_EDIT, PERMISSION_METADATA_DOCUMENT_VIEW, permission_metadata_document_edit, permission_metadata_document_view,
PERMISSION_METADATA_TYPE_CREATE, PERMISSION_METADATA_TYPE_DELETE, permission_metadata_type_create, permission_metadata_type_delete,
PERMISSION_METADATA_TYPE_EDIT, PERMISSION_METADATA_TYPE_VIEW permission_metadata_type_edit, permission_metadata_type_view
) )
from .serializers import ( from .serializers import (
DocumentMetadataSerializer, DocumentTypeNewMetadataTypeSerializer, DocumentMetadataSerializer, DocumentTypeNewMetadataTypeSerializer,
@@ -34,8 +34,8 @@ class APIMetadataTypeListView(generics.ListCreateAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_METADATA_TYPE_VIEW]} mayan_object_permissions = {'GET': [permission_metadata_type_view]}
mayan_view_permissions = {'POST': [PERMISSION_METADATA_TYPE_CREATE]} mayan_view_permissions = {'POST': [permission_metadata_type_create]}
def get(self, *args, **kwargs): def get(self, *args, **kwargs):
"""Returns a list of all the metadata types.""" """Returns a list of all the metadata types."""
@@ -52,10 +52,10 @@ class APIMetadataTypeView(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_METADATA_TYPE_VIEW], 'GET': [permission_metadata_type_view],
'PUT': [PERMISSION_METADATA_TYPE_EDIT], 'PUT': [permission_metadata_type_edit],
'PATCH': [PERMISSION_METADATA_TYPE_EDIT], 'PATCH': [permission_metadata_type_edit],
'DELETE': [PERMISSION_METADATA_TYPE_DELETE] 'DELETE': [permission_metadata_type_delete]
} }
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):
@@ -88,17 +88,17 @@ class APIDocumentMetadataListView(generics.ListCreateAPIView):
if self.request == 'GET': if self.request == 'GET':
# Make sure the use has the permission to see the metadata for this document # Make sure the use has the permission to see the metadata for this document
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_METADATA_DOCUMENT_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_metadata_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_METADATA_DOCUMENT_VIEW, self.request.user, document) AccessEntry.objects.check_access(permission_metadata_document_view, self.request.user, document)
else: else:
return document.metadata.all() return document.metadata.all()
elif self.request == 'POST': elif self.request == 'POST':
# Make sure the use has the permission to add metadata to this document # Make sure the use has the permission to add metadata to this document
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_METADATA_DOCUMENT_ADD]) Permission.objects.check_permissions(self.request.user, [permission_metadata_document_add])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_METADATA_DOCUMENT_ADD, self.request.user, document) AccessEntry.objects.check_access(permission_metadata_document_add, self.request.user, document)
else: else:
return document.metadata.all() return document.metadata.all()
@@ -120,10 +120,10 @@ class APIDocumentMetadataView(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_METADATA_DOCUMENT_VIEW], 'GET': [permission_metadata_document_view],
'PUT': [PERMISSION_METADATA_DOCUMENT_EDIT], 'PUT': [permission_metadata_document_edit],
'PATCH': [PERMISSION_METADATA_DOCUMENT_EDIT], 'PATCH': [permission_metadata_document_edit],
'DELETE': [PERMISSION_METADATA_DOCUMENT_REMOVE] 'DELETE': [permission_metadata_document_remove]
} }
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):
@@ -155,16 +155,16 @@ class APIDocumentMetadataView(generics.RetrieveUpdateDestroyAPIView):
class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView): class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_view_permissions = {'POST': [PERMISSION_DOCUMENT_TYPE_EDIT]} mayan_view_permissions = {'POST': [permission_document_type_edit]}
required_metadata = False required_metadata = False
def get_queryset(self): def get_queryset(self):
document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk']) document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_TYPE_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_document_type_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_TYPE_VIEW, self.request.user, document_type) AccessEntry.objects.check_access(permission_document_type_view, self.request.user, document_type)
return document_type.metadata.filter(required=self.required_metadata) return document_type.metadata.filter(required=self.required_metadata)
@@ -185,9 +185,9 @@ class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView):
document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk']) document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) Permission.objects.check_permissions(self.request.user, [permission_document_type_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_TYPE_EDIT, self.request.user, document_type) AccessEntry.objects.check_access(permission_document_type_edit, self.request.user, document_type)
serializer = self.get_serializer(data=self.request.POST) serializer = self.get_serializer(data=self.request.POST)
@@ -221,9 +221,9 @@ class APIDocumentTypeMetadataTypeRequiredView(views.APIView):
document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk']) document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) Permission.objects.check_permissions(self.request.user, [permission_document_type_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_TYPE_EDIT, self.request.user, document_type) AccessEntry.objects.check_access(permission_document_type_edit, self.request.user, document_type)
metadata_type = get_object_or_404(MetadataType, pk=self.kwargs['metadata_type_pk']) metadata_type = get_object_or_404(MetadataType, pk=self.kwargs['metadata_type_pk'])
document_type.metadata_type.remove(metadata_type) document_type.metadata_type.remove(metadata_type)

8
mayan/apps/metadata/apps.py
View File

@@ -35,8 +35,8 @@ from .links import (
) )
from .models import DocumentTypeMetadataType, MetadataType from .models import DocumentTypeMetadataType, MetadataType
from .permissions import ( from .permissions import (
PERMISSION_METADATA_DOCUMENT_ADD, PERMISSION_METADATA_DOCUMENT_EDIT, permission_metadata_document_add, permission_metadata_document_edit,
PERMISSION_METADATA_DOCUMENT_REMOVE, PERMISSION_METADATA_DOCUMENT_VIEW permission_metadata_document_remove, permission_metadata_document_view
) )
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -61,8 +61,8 @@ class MetadataApp(MayanAppConfig):
SourceColumn(source=Document, label=_('Metadata'), attribute=encapsulate(lambda document: get_metadata_string(document))) SourceColumn(source=Document, label=_('Metadata'), attribute=encapsulate(lambda document: get_metadata_string(document)))
class_permissions(Document, [ class_permissions(Document, [
PERMISSION_METADATA_DOCUMENT_ADD, PERMISSION_METADATA_DOCUMENT_EDIT, permission_metadata_document_add, permission_metadata_document_edit,
PERMISSION_METADATA_DOCUMENT_REMOVE, PERMISSION_METADATA_DOCUMENT_VIEW, permission_metadata_document_remove, permission_metadata_document_view,
]) ])
document_search.add_model_field(field='metadata__metadata_type__name', label=_('Metadata type')) document_search.add_model_field(field='metadata__metadata_type__name', label=_('Metadata type'))

36
mayan/apps/metadata/links.py
View File

@@ -2,27 +2,27 @@ from __future__ import unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from documents.permissions import PERMISSION_DOCUMENT_TYPE_EDIT from documents.permissions import permission_document_type_edit
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_METADATA_DOCUMENT_ADD, PERMISSION_METADATA_DOCUMENT_EDIT, permission_metadata_document_add, permission_metadata_document_edit,
PERMISSION_METADATA_DOCUMENT_REMOVE, PERMISSION_METADATA_DOCUMENT_VIEW, permission_metadata_document_remove, permission_metadata_document_view,
PERMISSION_METADATA_TYPE_CREATE, PERMISSION_METADATA_TYPE_DELETE, permission_metadata_type_create, permission_metadata_type_delete,
PERMISSION_METADATA_TYPE_EDIT, PERMISSION_METADATA_TYPE_VIEW permission_metadata_type_edit, permission_metadata_type_view
) )
link_documents_missing_required_metadata = Link(icon='fa fa-edit', text=_('Missing metadata'), view='metadata:documents_missing_required_metadata') link_documents_missing_required_metadata = Link(icon='fa fa-edit', text=_('Missing metadata'), view='metadata:documents_missing_required_metadata')
link_metadata_add = Link(permissions=[PERMISSION_METADATA_DOCUMENT_ADD], text=_('Add metadata'), view='metadata:metadata_add', args='object.pk') link_metadata_add = Link(permissions=[permission_metadata_document_add], text=_('add metadata'), view='metadata:metadata_add', args='object.pk')
link_metadata_edit = Link(permissions=[PERMISSION_METADATA_DOCUMENT_EDIT], text=_('Edit metadata'), view='metadata:metadata_edit', args='object.pk') link_metadata_edit = Link(permissions=[permission_metadata_document_edit], text=_('edit metadata'), view='metadata:metadata_edit', args='object.pk')
link_metadata_multiple_add = Link(permissions=[PERMISSION_METADATA_DOCUMENT_ADD], text=_('Add metadata'), view='metadata:metadata_multiple_add') link_metadata_multiple_add = Link(permissions=[permission_metadata_document_add], text=_('add metadata'), view='metadata:metadata_multiple_add')
link_metadata_multiple_edit = Link(permissions=[PERMISSION_METADATA_DOCUMENT_EDIT], text=_('Edit metadata'), view='metadata:metadata_multiple_edit') link_metadata_multiple_edit = Link(permissions=[permission_metadata_document_edit], text=_('edit metadata'), view='metadata:metadata_multiple_edit')
link_metadata_multiple_remove = Link(permissions=[PERMISSION_METADATA_DOCUMENT_REMOVE], text=_('Remove metadata'), view='metadata:metadata_multiple_remove') link_metadata_multiple_remove = Link(permissions=[permission_metadata_document_remove], text=_('remove metadata'), view='metadata:metadata_multiple_remove')
link_metadata_remove = Link(permissions=[PERMISSION_METADATA_DOCUMENT_REMOVE], text=_('Remove metadata'), view='metadata:metadata_remove', args='object.pk') link_metadata_remove = Link(permissions=[permission_metadata_document_remove], text=_('remove metadata'), view='metadata:metadata_remove', args='object.pk')
link_metadata_view = Link(permissions=[PERMISSION_METADATA_DOCUMENT_VIEW], text=_('Metadata'), view='metadata:metadata_view', args='object.pk') link_metadata_view = Link(permissions=[permission_metadata_document_view], text=_('metadata'), view='metadata:metadata_view', args='object.pk')
link_setup_document_type_metadata = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], text=_('Optional metadata'), view='metadata:setup_document_type_metadata', args='resolved_object.pk') link_setup_document_type_metadata = Link(permissions=[permission_document_type_edit], text=_('optional metadata'), view='metadata:setup_document_type_metadata', args='resolved_object.pk')
link_setup_document_type_metadata_required = Link(permissions=[PERMISSION_DOCUMENT_TYPE_EDIT], text=_('Required metadata'), view='metadata:setup_document_type_metadata_required', args='resolved_object.pk') link_setup_document_type_metadata_required = Link(permissions=[permission_document_type_edit], text=_('required metadata'), view='metadata:setup_document_type_metadata_required', args='resolved_object.pk')
link_setup_metadata_type_create = Link(permissions=[PERMISSION_METADATA_TYPE_CREATE], text=_('Create new'), view='metadata:setup_metadata_type_create') link_setup_metadata_type_create = Link(permissions=[permission_metadata_type_create], text=_('create new'), view='metadata:setup_metadata_type_create')
link_setup_metadata_type_delete = Link(permissions=[PERMISSION_METADATA_TYPE_DELETE], tags='dangerous', text=_('Delete'), view='metadata:setup_metadata_type_delete', args='object.pk') link_setup_metadata_type_delete = Link(permissions=[permission_metadata_type_delete], tags='dangerous', text=_('delete'), view='metadata:setup_metadata_type_delete', args='object.pk')
link_setup_metadata_type_edit = Link(permissions=[PERMISSION_METADATA_TYPE_EDIT], text=_('Edit'), view='metadata:setup_metadata_type_edit', args='object.pk') link_setup_metadata_type_edit = Link(permissions=[permission_metadata_type_edit], text=_('edit'), view='metadata:setup_metadata_type_edit', args='object.pk')
link_setup_metadata_type_list = Link(icon='fa fa-pencil', permissions=[PERMISSION_METADATA_TYPE_VIEW], text=_('Metadata types'), view='metadata:setup_metadata_type_list') link_setup_metadata_type_list = Link(icon='fa fa-pencil', permissions=[permission_metadata_type_view], text=_('metadata types'), view='metadata:setup_metadata_type_list')

22
mayan/apps/metadata/permissions.py
View File

@@ -2,16 +2,16 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import Permission, PermissionNamespace from permissions.models import PermissionNamespace
metadata_namespace = PermissionNamespace('metadata', _('Metadata')) namespace = PermissionNamespace('metadata', _('Metadata'))
PERMISSION_METADATA_DOCUMENT_EDIT = Permission.objects.register(metadata_namespace, 'metadata_document_edit', _('Edit a document\'s metadata')) permission_metadata_document_edit = namespace.add_permission(name='metadata_document_edit', label=_('Edit a document\'s metadata'))
PERMISSION_METADATA_DOCUMENT_ADD = Permission.objects.register(metadata_namespace, 'metadata_document_add', _('Add metadata to a document')) permission_metadata_document_add = namespace.add_permission(name='metadata_document_add', label=_('Add metadata to a document'))
PERMISSION_METADATA_DOCUMENT_REMOVE = Permission.objects.register(metadata_namespace, 'metadata_document_remove', _('Remove metadata from a document')) permission_metadata_document_remove = namespace.add_permission(name='metadata_document_remove', label=_('Remove metadata from a document'))
PERMISSION_METADATA_DOCUMENT_VIEW = Permission.objects.register(metadata_namespace, 'metadata_document_view', _('View metadata from a document')) permission_metadata_document_view = namespace.add_permission(name='metadata_document_view', label=_('View metadata from a document'))
metadata_setup_namespace = PermissionNamespace('metadata_setup', _('Metadata setup')) setup_namespace = PermissionNamespace('metadata_setup', _('Metadata setup'))
PERMISSION_METADATA_TYPE_EDIT = Permission.objects.register(metadata_setup_namespace, 'metadata_type_edit', _('Edit metadata types')) permission_metadata_type_edit = setup_namespace.add_permission(name='metadata_type_edit', label=_('Edit metadata types'))
PERMISSION_METADATA_TYPE_CREATE = Permission.objects.register(metadata_setup_namespace, 'metadata_type_create', _('Create new metadata types')) permission_metadata_type_create = setup_namespace.add_permission(name='metadata_type_create', label=_('Create new metadata types'))
PERMISSION_METADATA_TYPE_DELETE = Permission.objects.register(metadata_setup_namespace, 'metadata_type_delete', _('Delete metadata types')) permission_metadata_type_delete = setup_namespace.add_permission(name='metadata_type_delete', label=_('Delete metadata types'))
PERMISSION_METADATA_TYPE_VIEW = Permission.objects.register(metadata_setup_namespace, 'metadata_type_view', _('View metadata types')) permission_metadata_type_view = setup_namespace.add_permission(name='metadata_type_view', label=_('View metadata types'))

36
mayan/apps/metadata/views.py
View File

@@ -15,7 +15,7 @@ from common.utils import encapsulate
from common.views import AssignRemoveView from common.views import AssignRemoveView
from documents.models import Document, DocumentType from documents.models import Document, DocumentType
from documents.permissions import ( from documents.permissions import (
PERMISSION_DOCUMENT_TYPE_EDIT permission_document_type_edit
) )
from documents.views import DocumentListView from documents.views import DocumentListView
from permissions.models import Permission from permissions.models import Permission
@@ -26,10 +26,10 @@ from .forms import (
) )
from .models import DocumentMetadata, MetadataType from .models import DocumentMetadata, MetadataType
from .permissions import ( from .permissions import (
PERMISSION_METADATA_DOCUMENT_ADD, PERMISSION_METADATA_DOCUMENT_EDIT, permission_metadata_document_add, permission_metadata_document_edit,
PERMISSION_METADATA_DOCUMENT_REMOVE, PERMISSION_METADATA_DOCUMENT_VIEW, permission_metadata_document_remove, permission_metadata_document_view,
PERMISSION_METADATA_TYPE_CREATE, PERMISSION_METADATA_TYPE_DELETE, permission_metadata_type_create, permission_metadata_type_delete,
PERMISSION_METADATA_TYPE_EDIT, PERMISSION_METADATA_TYPE_VIEW permission_metadata_type_edit, permission_metadata_type_view
) )
@@ -48,9 +48,9 @@ def metadata_edit(request, document_id=None, document_id_list=None):
documents = Document.objects.select_related('metadata').filter(pk__in=document_id_list.split(',')) documents = Document.objects.select_related('metadata').filter(pk__in=document_id_list.split(','))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_EDIT]) Permission.objects.check_permissions(request.user, [permission_metadata_document_edit])
except PermissionDenied: except PermissionDenied:
documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_METADATA_DOCUMENT_EDIT, request.user, documents) documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_edit, request.user, documents)
if not documents: if not documents:
if document_id: if document_id:
@@ -156,9 +156,9 @@ def metadata_add(request, document_id=None, document_id_list=None):
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_ADD]) Permission.objects.check_permissions(request.user, [permission_metadata_document_add])
except PermissionDenied: except PermissionDenied:
documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_METADATA_DOCUMENT_ADD, request.user, documents) documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_add, request.user, documents)
if not documents: if not documents:
messages.error(request, _('Must provide at least one document.')) messages.error(request, _('Must provide at least one document.'))
@@ -235,9 +235,9 @@ def metadata_remove(request, document_id=None, document_id_list=None):
documents = Document.objects.select_related('metadata').filter(pk__in=document_id_list.split(',')) documents = Document.objects.select_related('metadata').filter(pk__in=document_id_list.split(','))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_REMOVE]) Permission.objects.check_permissions(request.user, [permission_metadata_document_remove])
except PermissionDenied: except PermissionDenied:
documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_METADATA_DOCUMENT_REMOVE, request.user, documents) documents = AccessEntry.objects.filter_objects_by_access(permission_metadata_document_remove, request.user, documents)
if not documents: if not documents:
if document_id: if document_id:
@@ -329,9 +329,9 @@ def metadata_view(request, document_id):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_metadata_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_METADATA_DOCUMENT_VIEW, request.user, document) AccessEntry.objects.check_access(permission_metadata_document_view, request.user, document)
return render_to_response('appearance/generic_list.html', { return render_to_response('appearance/generic_list.html', {
'title': _('Metadata for document: %s') % document, 'title': _('Metadata for document: %s') % document,
@@ -347,7 +347,7 @@ def metadata_view(request, document_id):
# Setup views # Setup views
def setup_metadata_type_list(request): def setup_metadata_type_list(request):
Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_TYPE_VIEW]) Permission.objects.check_permissions(request.user, [permission_metadata_type_view])
context = { context = {
'object_list': MetadataType.objects.all(), 'object_list': MetadataType.objects.all(),
@@ -366,7 +366,7 @@ def setup_metadata_type_list(request):
def setup_metadata_type_edit(request, metadatatype_id): def setup_metadata_type_edit(request, metadatatype_id):
Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_TYPE_EDIT]) Permission.objects.check_permissions(request.user, [permission_metadata_type_edit])
metadata_type = get_object_or_404(MetadataType, pk=metadatatype_id) metadata_type = get_object_or_404(MetadataType, pk=metadatatype_id)
@@ -391,7 +391,7 @@ def setup_metadata_type_edit(request, metadatatype_id):
def setup_metadata_type_create(request): def setup_metadata_type_create(request):
Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_TYPE_CREATE]) Permission.objects.check_permissions(request.user, [permission_metadata_type_create])
if request.method == 'POST': if request.method == 'POST':
form = MetadataTypeForm(request.POST) form = MetadataTypeForm(request.POST)
@@ -409,7 +409,7 @@ def setup_metadata_type_create(request):
def setup_metadata_type_delete(request, metadatatype_id): def setup_metadata_type_delete(request, metadatatype_id):
Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_TYPE_DELETE]) Permission.objects.check_permissions(request.user, [permission_metadata_type_delete])
metadata_type = get_object_or_404(MetadataType, pk=metadatatype_id) metadata_type = get_object_or_404(MetadataType, pk=metadatatype_id)
@@ -447,7 +447,7 @@ class SetupDocumentTypeMetadataOptionalView(AssignRemoveView):
self.document_type.metadata.create(metadata_type=item, required=False) self.document_type.metadata.create(metadata_type=item, required=False)
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_TYPE_EDIT]) Permission.objects.check_permissions(request.user, [permission_document_type_edit])
self.document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_id']) self.document_type = get_object_or_404(DocumentType, pk=self.kwargs['document_type_id'])
return super(SetupDocumentTypeMetadataOptionalView, self).dispatch(request, *args, **kwargs) return super(SetupDocumentTypeMetadataOptionalView, self).dispatch(request, *args, **kwargs)

6
mayan/apps/ocr/api_views.py
View File

@@ -12,7 +12,7 @@ from documents.models import DocumentVersion
from permissions.models import Permission from permissions.models import Permission
from rest_api.permissions import MayanPermission from rest_api.permissions import MayanPermission
from .permissions import PERMISSION_OCR_DOCUMENT from .permissions import permission_ocr_document
from .serializers import DocumentVersionOCRSerializer from .serializers import DocumentVersionOCRSerializer
@@ -30,9 +30,9 @@ class DocumentVersionOCRView(generics.GenericAPIView):
document_version = get_object_or_404(DocumentVersion, pk=serializer.data['document_version_id']) document_version = get_object_or_404(DocumentVersion, pk=serializer.data['document_version_id'])
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_OCR_DOCUMENT]) Permission.objects.check_permissions(request.user, [permission_ocr_document])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_OCR_DOCUMENT, request.user, document_version.document) AccessEntry.objects.check_access(permission_ocr_document, request.user, document_version.document)
document_version.submit_for_ocr() document_version.submit_for_ocr()

4
mayan/apps/ocr/apps.py
View File

@@ -28,7 +28,7 @@ from .links import (
link_entry_re_queue, link_entry_re_queue_multiple link_entry_re_queue, link_entry_re_queue_multiple
) )
from .models import DocumentVersionOCRError from .models import DocumentVersionOCRError
from .permissions import PERMISSION_OCR_DOCUMENT, PERMISSION_OCR_CONTENT_VIEW from .permissions import permission_ocr_document, permission_ocr_content_view
from .settings import setting_pdftotext_path, setting_tesseract_path, setting_unpaper_path from .settings import setting_pdftotext_path, setting_tesseract_path, setting_unpaper_path
from .tasks import task_do_ocr from .tasks import task_do_ocr
@@ -61,7 +61,7 @@ class OCRApp(MayanAppConfig):
class_permissions( class_permissions(
Document, [ Document, [
PERMISSION_OCR_DOCUMENT, PERMISSION_OCR_CONTENT_VIEW permission_ocr_document, permission_ocr_content_view
] ]
) )

16
mayan/apps/ocr/links.py
View File

@@ -5,16 +5,16 @@ from django.utils.translation import ugettext_lazy as _
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_OCR_CONTENT_VIEW, PERMISSION_OCR_DOCUMENT, permission_ocr_content_view, permission_ocr_document,
PERMISSION_OCR_DOCUMENT_DELETE, PERMISSION_DOCUMENT_TYPE_OCR_SETUP permission_ocr_document_delete, permission_document_type_ocr_setup
) )
link_document_content = Link(permissions=[PERMISSION_OCR_CONTENT_VIEW], text=_('Content'), view='ocr:document_content', args='resolved_object.id') link_document_content = Link(permissions=[permission_ocr_content_view], text=_('content'), view='ocr:document_content', args='resolved_object.id')
link_document_submit = Link(permissions=[PERMISSION_OCR_DOCUMENT], text=_('Submit to OCR queue'), view='ocr:document_submit', args='object.id') link_document_submit = Link(permissions=[permission_ocr_document], text=_('submit to ocr queue'), view='ocr:document_submit', args='object.id')
link_document_submit_multiple = Link(text=_('Submit to OCR queue'), view='ocr:document_submit_multiple') link_document_submit_multiple = Link(text=_('Submit to OCR queue'), view='ocr:document_submit_multiple')
link_document_type_ocr_settings = Link(permissions=[PERMISSION_DOCUMENT_TYPE_OCR_SETUP], text=_('Setup OCR'), view='ocr:document_type_ocr_settings', args='resolved_object.id') link_document_type_ocr_settings = Link(permissions=[permission_document_type_ocr_setup], text=_('setup ocr'), view='ocr:document_type_ocr_settings', args='resolved_object.id')
link_entry_delete = Link(permissions=[PERMISSION_OCR_DOCUMENT_DELETE], text=_('Delete'), view='ocr:entry_delete', args='object.id') link_entry_delete = Link(permissions=[permission_ocr_document_delete], text=_('delete'), view='ocr:entry_delete', args='object.id')
link_entry_delete_multiple = Link(text=_('Delete'), view='ocr:entry_delete_multiple') link_entry_delete_multiple = Link(text=_('Delete'), view='ocr:entry_delete_multiple')
link_entry_list = Link(icon='fa fa-file-text-o', permissions=[PERMISSION_OCR_DOCUMENT], text=_('OCR Errors'), view='ocr:entry_list') link_entry_list = Link(icon='fa fa-file-text-o', permissions=[permission_ocr_document], text=_('ocr errors'), view='ocr:entry_list')
link_entry_re_queue = Link(permissions=[PERMISSION_OCR_DOCUMENT], text=_('Re-queue'), view='ocr:entry_re_queue', args='object.id') link_entry_re_queue = Link(permissions=[permission_ocr_document], text=_('re-queue'), view='ocr:entry_re_queue', args='object.id')
link_entry_re_queue_multiple = Link(text=_('Re-queue'), view='ocr:entry_re_queue_multiple') link_entry_re_queue_multiple = Link(text=_('Re-queue'), view='ocr:entry_re_queue_multiple')

13
mayan/apps/ocr/permissions.py
View File

@@ -2,10 +2,11 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import Permission, PermissionNamespace from permissions.models import PermissionNamespace
ocr_namespace = PermissionNamespace('ocr', _('OCR')) namespace = PermissionNamespace('ocr', _('OCR'))
PERMISSION_OCR_DOCUMENT = Permission.objects.register(ocr_namespace, 'ocr_document', _('Submit documents for OCR'))
PERMISSION_OCR_DOCUMENT_DELETE = Permission.objects.register(ocr_namespace, 'ocr_document_delete', _('Delete documents from OCR queue')) permission_ocr_document = namespace.add_permission(name='ocr_document', label=_('Submit documents for OCR'))
PERMISSION_OCR_CONTENT_VIEW = Permission.objects.register(ocr_namespace, 'ocr_content_view', _('Can view the transcribed text from document')) permission_ocr_document_delete = namespace.add_permission(name='ocr_document_delete', label=_('Delete documents from OCR queue'))
PERMISSION_DOCUMENT_TYPE_OCR_SETUP = Permission.objects.register(ocr_namespace, 'ocr_document_type_setup', _('Change document type OCR settings')) permission_ocr_content_view = namespace.add_permission(name='ocr_content_view', label=_('Can view the transcribed text from document'))
permission_document_type_ocr_setup = namespace.add_permission(name='ocr_document_type_setup', label=_('Change document type OCR settings'))

20
mayan/apps/ocr/views.py
View File

@@ -17,8 +17,8 @@ from permissions.models import Permission
from .forms import DocumentContentForm from .forms import DocumentContentForm
from .models import DocumentTypeSettings, DocumentVersionOCRError from .models import DocumentTypeSettings, DocumentVersionOCRError
from .permissions import ( from .permissions import (
PERMISSION_OCR_CONTENT_VIEW, PERMISSION_OCR_DOCUMENT, permission_ocr_content_view, permission_ocr_document,
PERMISSION_OCR_DOCUMENT_DELETE, PERMISSION_DOCUMENT_TYPE_OCR_SETUP permission_ocr_document_delete, permission_document_type_ocr_setup
) )
@@ -38,9 +38,9 @@ class DocumentSubmitView(ConfirmView):
document = obj document = obj
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_OCR_DOCUMENT]) Permission.objects.check_permissions(request.user, [permission_ocr_document])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_OCR_DOCUMENT, request.user, document) AccessEntry.objects.check_access(permission_ocr_document, request.user, document)
document.submit_for_ocr() document.submit_for_ocr()
messages.success(request, _('Document: %(document)s was added to the OCR queue.') % { messages.success(request, _('Document: %(document)s was added to the OCR queue.') % {
@@ -79,7 +79,7 @@ class DocumentManySubmitView(DocumentSubmitView):
class DocumentTypeSettingsEditView(SingleObjectEditView): class DocumentTypeSettingsEditView(SingleObjectEditView):
fields = ('auto_ocr',) fields = ('auto_ocr',)
view_permission = PERMISSION_DOCUMENT_TYPE_OCR_SETUP view_permission = permission_document_type_ocr_setup
def get_object(self, queryset=None): def get_object(self, queryset=None):
document_type = get_object_or_404(DocumentType, pk=self.kwargs['pk']) document_type = get_object_or_404(DocumentType, pk=self.kwargs['pk'])
@@ -102,9 +102,9 @@ def document_content(request, document_id):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_OCR_CONTENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_ocr_content_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_OCR_CONTENT_VIEW, request.user, document) AccessEntry.objects.check_access(permission_ocr_content_view, request.user, document)
document.add_as_recent_document_for_user(request.user) document.add_as_recent_document_for_user(request.user)
@@ -121,7 +121,7 @@ def document_content(request, document_id):
def entry_list(request): def entry_list(request):
Permission.objects.check_permissions(request.user, [PERMISSION_OCR_DOCUMENT]) Permission.objects.check_permissions(request.user, [permission_ocr_document])
context = { context = {
'object_list': DocumentVersionOCRError.objects.all(), 'object_list': DocumentVersionOCRError.objects.all(),
@@ -134,7 +134,7 @@ def entry_list(request):
def entry_delete(request, pk=None, pk_list=None): def entry_delete(request, pk=None, pk_list=None):
Permission.objects.check_permissions(request.user, [PERMISSION_OCR_DOCUMENT_DELETE]) Permission.objects.check_permissions(request.user, [permission_ocr_document_delete])
if pk: if pk:
entries = [get_object_or_404(DocumentVersionOCRError, pk=pk)] entries = [get_object_or_404(DocumentVersionOCRError, pk=pk)]
@@ -183,7 +183,7 @@ def entry_delete_multiple(request):
def entry_re_queue(request, pk=None, pk_list=None): def entry_re_queue(request, pk=None, pk_list=None):
Permission.objects.check_permissions(request.user, [PERMISSION_OCR_DOCUMENT]) Permission.objects.check_permissions(request.user, [permission_ocr_document])
if pk: if pk:
entries = [get_object_or_404(DocumentVersionOCRError, pk=pk)] entries = [get_object_or_404(DocumentVersionOCRError, pk=pk)]

16
mayan/apps/permissions/api_views.py
View File

@@ -7,8 +7,8 @@ from rest_api.permissions import MayanPermission
from .models import Role from .models import Role
from .permissions import ( from .permissions import (
PERMISSION_ROLE_CREATE, PERMISSION_ROLE_DELETE, PERMISSION_ROLE_EDIT, permission_role_create, permission_role_delete, permission_role_edit,
PERMISSION_ROLE_VIEW permission_role_view
) )
from .serializers import RoleSerializer from .serializers import RoleSerializer
@@ -19,8 +19,8 @@ class APIRoleListView(generics.ListCreateAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_ROLE_VIEW]} mayan_object_permissions = {'GET': [permission_role_view]}
mayan_view_permissions = {'POST': [PERMISSION_ROLE_CREATE]} mayan_view_permissions = {'POST': [permission_role_create]}
def get(self, *args, **kwargs): def get(self, *args, **kwargs):
"""Returns a list of all the roles.""" """Returns a list of all the roles."""
@@ -37,10 +37,10 @@ class APIRoleView(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_ROLE_VIEW], 'GET': [permission_role_view],
'PUT': [PERMISSION_ROLE_EDIT], 'PUT': [permission_role_edit],
'PATCH': [PERMISSION_ROLE_EDIT], 'PATCH': [permission_role_edit],
'DELETE': [PERMISSION_ROLE_DELETE] 'DELETE': [permission_role_delete]
} }
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):

22
mayan/apps/permissions/links.py
View File

@@ -5,16 +5,16 @@ from django.utils.translation import ugettext_lazy as _
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE, permission_permission_grant, permission_permission_revoke,
PERMISSION_ROLE_CREATE, PERMISSION_ROLE_DELETE, PERMISSION_ROLE_EDIT, permission_role_create, permission_role_delete, permission_role_edit,
PERMISSION_ROLE_VIEW permission_role_view
) )
link_permission_grant = Link(permissions=[PERMISSION_PERMISSION_GRANT], text=_('Grant'), view='permissions:permission_multiple_grant') link_permission_grant = Link(permissions=[permission_permission_grant], text=_('Grant'), view='permissions:permission_multiple_grant')
link_permission_revoke = Link(permissions=[PERMISSION_PERMISSION_REVOKE], text=_('Revoke'), view='permissions:permission_multiple_revoke') link_permission_revoke = Link(permissions=[permission_permission_revoke], text=_('Revoke'), view='permissions:permission_multiple_revoke')
link_role_create = Link(permissions=[PERMISSION_ROLE_CREATE], text=_('Create new role'), view='permissions:role_create') link_role_create = Link(permissions=[permission_role_create], text=_('Create new role'), view='permissions:role_create')
link_role_delete = Link(permissions=[PERMISSION_ROLE_DELETE], tags='dangerous', text=_('Delete'), view='permissions:role_delete', args='object.id') link_role_delete = Link(permissions=[permission_role_delete], tags='dangerous', text=_('Delete'), view='permissions:role_delete', args='object.id')
link_role_edit = Link(permissions=[PERMISSION_ROLE_EDIT], text=_('Edit'), view='permissions:role_edit', args='object.id') link_role_edit = Link(permissions=[permission_role_edit], text=_('Edit'), view='permissions:role_edit', args='object.id')
link_role_list = Link(icon='fa fa-user-secret', permissions=[PERMISSION_ROLE_VIEW], text=_('Roles'), view='permissions:role_list') link_role_list = Link(icon='fa fa-user-secret', permissions=[permission_role_view], text=_('Roles'), view='permissions:role_list')
link_role_members = Link(permissions=[PERMISSION_ROLE_EDIT], text=_('Members'), view='permissions:role_members', args='object.id') link_role_members = Link(permissions=[permission_role_edit], text=_('Members'), view='permissions:role_members', args='object.id')
link_role_permissions = Link(permissions=[PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE], text=_('Role permissions'), view='permissions:role_permissions', args='object.id') link_role_permissions = Link(permissions=[permission_permission_grant, permission_permission_revoke], text=_('Role permissions'), view='permissions:role_permissions', args='object.id')

3
mayan/apps/permissions/models.py
View File

@@ -27,6 +27,9 @@ class PermissionNamespace(object):
def __unicode__(self): def __unicode__(self):
return unicode(self.label) return unicode(self.label)
def add_permission(self, name, label):
return Permission(namespace=self, name=name, label=label)
class PermissionDoesNotExists(Exception): class PermissionDoesNotExists(Exception):
pass pass

16
mayan/apps/permissions/permissions.py
View File

@@ -2,13 +2,13 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from .models import Permission, PermissionNamespace from .models import PermissionNamespace
permissions_namespace = PermissionNamespace('permissions', _('Permissions')) namespace = PermissionNamespace('permissions', _('Permissions'))
PERMISSION_ROLE_VIEW = Permission.objects.register(permissions_namespace, 'role_view', _('View roles')) permission_role_view = namespace.add_permission(name='role_view', label=_('View roles'))
PERMISSION_ROLE_EDIT = Permission.objects.register(permissions_namespace, 'role_edit', _('Edit roles')) permission_role_edit = namespace.add_permission(name='role_edit', label=_('Edit roles'))
PERMISSION_ROLE_CREATE = Permission.objects.register(permissions_namespace, 'role_create', _('Create roles')) permission_role_create = namespace.add_permission(name='role_create', label=_('Create roles'))
PERMISSION_ROLE_DELETE = Permission.objects.register(permissions_namespace, 'role_delete', _('Delete roles')) permission_role_delete = namespace.add_permission(name='role_delete', label=_('Delete roles'))
PERMISSION_PERMISSION_GRANT = Permission.objects.register(permissions_namespace, 'permission_grant', _('Grant permissions')) permission_permission_grant = namespace.add_permission(name='permission_grant', label=_('Grant permissions'))
PERMISSION_PERMISSION_REVOKE = Permission.objects.register(permissions_namespace, 'permission_revoke', _('Revoke permissions')) permission_permission_revoke = namespace.add_permission(name='permission_revoke', label=_('Revoke permissions'))

22
mayan/apps/permissions/views.py
View File

@@ -25,9 +25,9 @@ from .classes import Member
from .forms import RoleForm, RoleForm_view from .forms import RoleForm, RoleForm_view
from .models import Permission, Role from .models import Permission, Role
from .permissions import ( from .permissions import (
PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE, permission_permission_grant, permission_permission_revoke,
PERMISSION_ROLE_VIEW, PERMISSION_ROLE_CREATE, PERMISSION_ROLE_DELETE, permission_role_view, permission_role_create, permission_role_delete,
PERMISSION_ROLE_EDIT permission_role_edit
) )
from .utils import get_non_role_members, get_role_members from .utils import get_non_role_members, get_role_members
@@ -35,19 +35,19 @@ from .utils import get_non_role_members, get_role_members
class RoleCreateView(SingleObjectCreateView): class RoleCreateView(SingleObjectCreateView):
form_class = RoleForm form_class = RoleForm
model = Role model = Role
view_permission = PERMISSION_ROLE_CREATE view_permission = permission_role_create
success_url = reverse_lazy('permissions:role_list') success_url = reverse_lazy('permissions:role_list')
class RoleDeleteView(SingleObjectDeleteView): class RoleDeleteView(SingleObjectDeleteView):
model = Role model = Role
view_permission = PERMISSION_ROLE_DELETE view_permission = permission_role_delete
success_url = reverse_lazy('permissions:role_list') success_url = reverse_lazy('permissions:role_list')
class RoleEditView(SingleObjectEditView): class RoleEditView(SingleObjectEditView):
model = Role model = Role
view_permission = PERMISSION_ROLE_EDIT view_permission = permission_role_edit
class SetupRoleMembersView(AssignRemoveView): class SetupRoleMembersView(AssignRemoveView):
@@ -58,7 +58,7 @@ class SetupRoleMembersView(AssignRemoveView):
self.role.add_member(member) self.role.add_member(member)
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
Permission.objects.check_permissions(request.user, [PERMISSION_ROLE_EDIT]) Permission.objects.check_permissions(request.user, [permission_role_edit])
self.role = get_object_or_404(Role, pk=self.kwargs['role_id']) self.role = get_object_or_404(Role, pk=self.kwargs['role_id'])
self.left_list_title = _('Non members of role: %s') % self.role self.left_list_title = _('Non members of role: %s') % self.role
self.right_list_title = _('Members of role: %s') % self.role self.right_list_title = _('Members of role: %s') % self.role
@@ -85,7 +85,7 @@ class SetupRoleMembersView(AssignRemoveView):
def role_list(request): def role_list(request):
Permission.objects.check_permissions(request.user, [PERMISSION_ROLE_VIEW]) Permission.objects.check_permissions(request.user, [permission_role_view])
context = { context = {
'object_list': Role.objects.all(), 'object_list': Role.objects.all(),
@@ -98,7 +98,7 @@ def role_list(request):
def role_permissions(request, role_id): def role_permissions(request, role_id):
Permission.objects.check_permissions(request.user, [PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE]) Permission.objects.check_permissions(request.user, [permission_permission_grant, permission_permission_revoke])
role = get_object_or_404(Role, pk=role_id) role = get_object_or_404(Role, pk=role_id)
form = RoleForm_view(instance=role) form = RoleForm_view(instance=role)
@@ -137,7 +137,7 @@ def role_permissions(request, role_id):
def permission_grant(request): def permission_grant(request):
Permission.objects.check_permissions(request.user, [PERMISSION_PERMISSION_GRANT]) Permission.objects.check_permissions(request.user, [permission_permission_grant])
items_property_list = loads(request.GET.get('items_property_list', [])) items_property_list = loads(request.GET.get('items_property_list', []))
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -197,7 +197,7 @@ def permission_grant(request):
def permission_revoke(request): def permission_revoke(request):
Permission.objects.check_permissions(request.user, [PERMISSION_PERMISSION_REVOKE]) Permission.objects.check_permissions(request.user, [permission_permission_revoke])
items_property_list = loads(request.GET.get('items_property_list', [])) items_property_list = loads(request.GET.get('items_property_list', []))
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))

34
mayan/apps/sources/links.py
View File

@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from documents.permissions import ( from documents.permissions import (
PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_NEW_VERSION permission_document_create, permission_document_new_version
) )
from navigation import Link from navigation import Link
@@ -12,22 +12,22 @@ from .literals import (
SOURCE_CHOICE_STAGING, SOURCE_CHOICE_WATCH SOURCE_CHOICE_STAGING, SOURCE_CHOICE_WATCH
) )
from .permissions import ( from .permissions import (
PERMISSION_SOURCES_SETUP_CREATE, PERMISSION_SOURCES_SETUP_DELETE, permission_sources_setup_create, permission_sources_setup_delete,
PERMISSION_SOURCES_SETUP_EDIT, PERMISSION_SOURCES_SETUP_VIEW permission_sources_setup_edit, permission_sources_setup_view
) )
link_document_create_multiple = Link(icon='fa fa-upload', permissions=[PERMISSION_DOCUMENT_CREATE], text=_('New document'), view='sources:document_create_multiple') link_document_create_multiple = Link(icon='fa fa-upload', permissions=[permission_document_create], text=_('new document'), view='sources:document_create_multiple')
link_document_create_siblings = Link(permissions=[PERMISSION_DOCUMENT_CREATE], text=_('Clone'), view='sources:document_create_siblings', args='object.id') link_document_create_siblings = Link(permissions=[permission_document_create], text=_('clone'), view='sources:document_create_siblings', args='object.id')
link_setup_sources = Link(icon='fa fa-upload', permissions=[PERMISSION_SOURCES_SETUP_VIEW], text=_('Sources'), view='sources:setup_source_list') link_setup_sources = Link(icon='fa fa-upload', permissions=[permission_sources_setup_view], text=_('sources'), view='sources:setup_source_list')
link_setup_source_create_imap_email = Link(permissions=[PERMISSION_SOURCES_SETUP_CREATE], text=_('Add new IMAP email'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_EMAIL_IMAP) link_setup_source_create_imap_email = Link(permissions=[permission_sources_setup_create], text=_('add new imap email'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_EMAIL_IMAP)
link_setup_source_create_pop3_email = Link(permissions=[PERMISSION_SOURCES_SETUP_CREATE], text=_('Add new POP3 email'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_EMAIL_POP3) link_setup_source_create_pop3_email = Link(permissions=[permission_sources_setup_create], text=_('add new pop3 email'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_EMAIL_POP3)
link_setup_source_create_staging_folder = Link(permissions=[PERMISSION_SOURCES_SETUP_CREATE], text=_('Add new staging folder'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_STAGING) link_setup_source_create_staging_folder = Link(permissions=[permission_sources_setup_create], text=_('add new staging folder'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_STAGING)
link_setup_source_create_watch_folder = Link(permissions=[PERMISSION_SOURCES_SETUP_CREATE], text=_('Add new watch folder'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_WATCH) link_setup_source_create_watch_folder = Link(permissions=[permission_sources_setup_create], text=_('add new watch folder'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_WATCH)
link_setup_source_create_webform = Link(permissions=[PERMISSION_SOURCES_SETUP_CREATE], text=_('Add new webform source'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_WEB_FORM) link_setup_source_create_webform = Link(permissions=[permission_sources_setup_create], text=_('add new webform source'), view='sources:setup_source_create', args='"%s"' % SOURCE_CHOICE_WEB_FORM)
link_setup_source_delete = Link(permissions=[PERMISSION_SOURCES_SETUP_DELETE], tags='dangerous', text=_('Delete'), view='sources:setup_source_delete', args=['resolved_object.pk']) link_setup_source_delete = Link(permissions=[permission_sources_setup_delete], tags='dangerous', text=_('delete'), view='sources:setup_source_delete', args=['resolved_object.pk'])
link_setup_source_edit = Link(text=_('Edit'), view='sources:setup_source_edit', args=['resolved_object.pk'], permissions=[PERMISSION_SOURCES_SETUP_EDIT]) link_setup_source_edit = Link(text=_('Edit'), view='sources:setup_source_edit', args=['resolved_object.pk'], permissions=[permission_sources_setup_edit])
link_source_list = Link(permissions=[PERMISSION_SOURCES_SETUP_VIEW], text=_('Document sources'), view='sources:setup_web_form_list') link_source_list = Link(permissions=[permission_sources_setup_view], text=_('document sources'), view='sources:setup_web_form_list')
link_staging_file_delete = Link(keep_query=True, permissions=[PERMISSION_DOCUMENT_NEW_VERSION, PERMISSION_DOCUMENT_CREATE], tags='dangerous', text=_('Delete'), view='sources:staging_file_delete', args=['source.pk', 'object.encoded_filename']) link_staging_file_delete = Link(keep_query=True, permissions=[permission_document_new_version, permission_document_create], tags='dangerous', text=_('delete'), view='sources:staging_file_delete', args=['source.pk', 'object.encoded_filename'])
link_upload_version = Link(permissions=[PERMISSION_DOCUMENT_NEW_VERSION], text=_('Upload new version'), view='sources:upload_version', args='object.pk') link_upload_version = Link(permissions=[permission_document_new_version], text=_('upload new version'), view='sources:upload_version', args='object.pk')
link_setup_source_logs = Link(text=_('Logs'), view='sources:setup_source_logs', args=['resolved_object.pk'], permissions=[PERMISSION_SOURCES_SETUP_VIEW]) link_setup_source_logs = Link(text=_('Logs'), view='sources:setup_source_logs', args=['resolved_object.pk'], permissions=[permission_sources_setup_view])

12
mayan/apps/sources/permissions.py
View File

@@ -2,10 +2,10 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import Permission, PermissionNamespace from permissions.models import PermissionNamespace
sources_setup_namespace = PermissionNamespace('sources_setup', _('Sources setup')) namespace = PermissionNamespace('sources_setup', _('Sources setup'))
PERMISSION_SOURCES_SETUP_CREATE = Permission.objects.register(sources_setup_namespace, 'sources_setup_create', _('Create new document sources')) permission_sources_setup_create = namespace.add_permission(name='sources_setup_create', label=_('Create new document sources'))
PERMISSION_SOURCES_SETUP_DELETE = Permission.objects.register(sources_setup_namespace, 'sources_setup_delete', _('Delete document sources')) permission_sources_setup_delete = namespace.add_permission(name='sources_setup_delete', label=_('Delete document sources'))
PERMISSION_SOURCES_SETUP_EDIT = Permission.objects.register(sources_setup_namespace, 'sources_setup_edit', _('Edit document sources')) permission_sources_setup_edit = namespace.add_permission(name='sources_setup_edit', label=_('Edit document sources'))
PERMISSION_SOURCES_SETUP_VIEW = Permission.objects.register(sources_setup_namespace, 'sources_setup_view', _('View existing document sources')) permission_sources_setup_view = namespace.add_permission(name='sources_setup_view', label=_('View existing document sources'))

26
mayan/apps/sources/views.py
View File

@@ -17,7 +17,7 @@ from common.utils import encapsulate
from common.views import MultiFormView, ParentChildListView from common.views import MultiFormView, ParentChildListView
from documents.models import DocumentType, Document from documents.models import DocumentType, Document
from documents.permissions import ( from documents.permissions import (
PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_NEW_VERSION permission_document_create, permission_document_new_version
) )
from documents.tasks import task_upload_new_version from documents.tasks import task_upload_new_version
from metadata.api import decode_metadata_from_url from metadata.api import decode_metadata_from_url
@@ -35,15 +35,15 @@ from .models import (
InteractiveSource, Source, StagingFolderSource, WebFormSource InteractiveSource, Source, StagingFolderSource, WebFormSource
) )
from .permissions import ( from .permissions import (
PERMISSION_SOURCES_SETUP_CREATE, PERMISSION_SOURCES_SETUP_DELETE, permission_sources_setup_create, permission_sources_setup_delete,
PERMISSION_SOURCES_SETUP_EDIT, PERMISSION_SOURCES_SETUP_VIEW permission_sources_setup_edit, permission_sources_setup_view
) )
from .tasks import task_source_upload_document from .tasks import task_source_upload_document
from .utils import get_class, get_form_class, get_upload_form_class from .utils import get_class, get_form_class, get_upload_form_class
class SourceLogListView(ParentChildListView): class SourceLogListView(ParentChildListView):
object_permission = PERMISSION_SOURCES_SETUP_VIEW object_permission = permission_sources_setup_view
parent_queryset = Source.objects.select_subclasses() parent_queryset = Source.objects.select_subclasses()
def get_queryset(self): def get_queryset(self):
@@ -73,7 +73,7 @@ class SourceLogListView(ParentChildListView):
def document_create_siblings(request, document_id): def document_create_siblings(request, document_id):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE]) Permission.objects.check_permissions(request.user, [permission_document_create])
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
query_dict = {} query_dict = {}
@@ -192,7 +192,7 @@ class UploadInteractiveView(UploadBaseView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
self.subtemplates_list = [] self.subtemplates_list = []
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE]) Permission.objects.check_permissions(request.user, [permission_document_create])
self.document_type = get_object_or_404(DocumentType, pk=self.request.GET.get('document_type_id', self.request.POST.get('document_type_id'))) self.document_type = get_object_or_404(DocumentType, pk=self.request.GET.get('document_type_id', self.request.POST.get('document_type_id')))
@@ -275,9 +275,9 @@ class UploadInteractiveVersionView(UploadBaseView):
self.document = get_object_or_404(Document, pk=kwargs['document_pk']) self.document = get_object_or_404(Document, pk=kwargs['document_pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_NEW_VERSION]) Permission.objects.check_permissions(self.request.user, [permission_document_new_version])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_NEW_VERSION, self.request.user, self.document) AccessEntry.objects.check_access(permission_document_new_version, self.request.user, self.document)
self.tab_links = get_active_tab_links(self.document) self.tab_links = get_active_tab_links(self.document)
@@ -336,7 +336,7 @@ class UploadInteractiveVersionView(UploadBaseView):
def staging_file_delete(request, staging_folder_pk, encoded_filename): def staging_file_delete(request, staging_folder_pk, encoded_filename):
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_NEW_VERSION]) Permission.objects.check_permissions(request.user, [permission_document_create, permission_document_new_version])
staging_folder = get_object_or_404(StagingFolderSource, pk=staging_folder_pk) staging_folder = get_object_or_404(StagingFolderSource, pk=staging_folder_pk)
staging_file = staging_folder.get_file(encoded_filename=encoded_filename) staging_file = staging_folder.get_file(encoded_filename=encoded_filename)
@@ -365,7 +365,7 @@ def staging_file_delete(request, staging_folder_pk, encoded_filename):
# Setup views # Setup views
def setup_source_list(request): def setup_source_list(request):
Permission.objects.check_permissions(request.user, [PERMISSION_SOURCES_SETUP_VIEW]) Permission.objects.check_permissions(request.user, [permission_sources_setup_view])
context = { context = {
'object_list': Source.objects.select_subclasses(), 'object_list': Source.objects.select_subclasses(),
@@ -388,7 +388,7 @@ def setup_source_list(request):
def setup_source_edit(request, source_id): def setup_source_edit(request, source_id):
Permission.objects.check_permissions(request.user, [PERMISSION_SOURCES_SETUP_EDIT]) Permission.objects.check_permissions(request.user, [permission_sources_setup_edit])
source = get_object_or_404(Source.objects.select_subclasses(), pk=source_id) source = get_object_or_404(Source.objects.select_subclasses(), pk=source_id)
form_class = get_form_class(source.source_type) form_class = get_form_class(source.source_type)
@@ -418,7 +418,7 @@ def setup_source_edit(request, source_id):
def setup_source_delete(request, source_id): def setup_source_delete(request, source_id):
Permission.objects.check_permissions(request.user, [PERMISSION_SOURCES_SETUP_DELETE]) Permission.objects.check_permissions(request.user, [permission_sources_setup_delete])
source = get_object_or_404(Source.objects.select_subclasses(), pk=source_id) source = get_object_or_404(Source.objects.select_subclasses(), pk=source_id)
redirect_view = reverse('sources:setup_source_list') redirect_view = reverse('sources:setup_source_list')
@@ -448,7 +448,7 @@ def setup_source_delete(request, source_id):
def setup_source_create(request, source_type): def setup_source_create(request, source_type):
Permission.objects.check_permissions(request.user, [PERMISSION_SOURCES_SETUP_CREATE]) Permission.objects.check_permissions(request.user, [permission_sources_setup_create])
cls = get_class(source_type) cls = get_class(source_type)
form_class = get_form_class(source_type) form_class = get_form_class(source_type)

4
mayan/apps/sources/wizards.py
View File

@@ -9,7 +9,7 @@ from django.utils.translation import ugettext_lazy as _
from common.mixins import ViewPermissionCheckMixin from common.mixins import ViewPermissionCheckMixin
from documents.forms import DocumentTypeSelectForm from documents.forms import DocumentTypeSelectForm
from documents.permissions import PERMISSION_DOCUMENT_CREATE from documents.permissions import permission_document_create
from metadata.forms import MetadataFormSet from metadata.forms import MetadataFormSet
from .models import InteractiveSource from .models import InteractiveSource
@@ -19,7 +19,7 @@ class DocumentCreateWizard(ViewPermissionCheckMixin, SessionWizardView):
form_list = [DocumentTypeSelectForm, MetadataFormSet] form_list = [DocumentTypeSelectForm, MetadataFormSet]
template_name = 'appearance/generic_wizard.html' template_name = 'appearance/generic_wizard.html'
extra_context = {} extra_context = {}
view_permission = PERMISSION_DOCUMENT_CREATE view_permission = permission_document_create
@staticmethod @staticmethod
def _has_metadata_types(wizard): def _has_metadata_types(wizard):

28
mayan/apps/tags/api_views.py
View File

@@ -8,14 +8,14 @@ from rest_framework.response import Response
from acls.models import AccessEntry from acls.models import AccessEntry
from documents.models import Document from documents.models import Document
from documents.permissions import PERMISSION_DOCUMENT_VIEW from documents.permissions import permission_document_view
from permissions.models import Permission from permissions.models import Permission
from rest_api.filters import MayanObjectPermissionsFilter from rest_api.filters import MayanObjectPermissionsFilter
from rest_api.permissions import MayanPermission from rest_api.permissions import MayanPermission
from .models import Tag from .models import Tag
from .permissions import ( from .permissions import (
PERMISSION_TAG_ATTACH, PERMISSION_TAG_REMOVE, PERMISSION_TAG_VIEW permission_tag_attach, permission_tag_remove, permission_tag_view
) )
from .serializers import TagSerializer from .serializers import TagSerializer
@@ -25,7 +25,7 @@ class APITagView(generics.RetrieveUpdateDestroyAPIView):
queryset = Tag.objects.all() queryset = Tag.objects.all()
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = {'GET': [PERMISSION_TAG_VIEW]} mayan_object_permissions = {'GET': [permission_tag_view]}
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):
"""Delete the selected tag.""" """Delete the selected tag."""
@@ -49,7 +49,7 @@ class APITagListView(generics.ListCreateAPIView):
queryset = Tag.objects.all() queryset = Tag.objects.all()
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_TAG_VIEW]} mayan_object_permissions = {'GET': [permission_tag_view]}
def get(self, *args, **kwargs): def get(self, *args, **kwargs):
"""Returns a list of all the tags.""" """Returns a list of all the tags."""
@@ -66,7 +66,7 @@ class APITagDocumentListView(generics.ListAPIView):
""" """
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]} mayan_object_permissions = {'GET': [permission_document_view]}
def get_serializer_class(self): def get_serializer_class(self):
from documents.serializers import DocumentSerializer from documents.serializers import DocumentSerializer
@@ -75,9 +75,9 @@ class APITagDocumentListView(generics.ListAPIView):
def get_queryset(self): def get_queryset(self):
tag = get_object_or_404(Tag, pk=self.kwargs['pk']) tag = get_object_or_404(Tag, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_TAG_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_tag_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_TAG_VIEW, self.request.user, tag) AccessEntry.objects.check_access(permission_tag_view, self.request.user, tag)
queryset = tag.documents.all() queryset = tag.documents.all()
return queryset return queryset
@@ -91,14 +91,14 @@ class APIDocumentTagListView(generics.ListAPIView):
serializer_class = TagSerializer serializer_class = TagSerializer
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_TAG_VIEW]} mayan_object_permissions = {'GET': [permission_tag_view]}
def get_queryset(self): def get_queryset(self):
document = get_object_or_404(Document, pk=self.kwargs['pk']) document = get_object_or_404(Document, pk=self.kwargs['pk'])
try: try:
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(self.request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, self.request.user, document) AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
queryset = document.tags.all() queryset = document.tags.all()
return queryset return queryset
@@ -112,9 +112,9 @@ class APIDocumentTagView(views.APIView):
document = get_object_or_404(Document, pk=self.kwargs['document_pk']) document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TAG_REMOVE]) Permission.objects.check_permissions(request.user, [permission_tag_remove])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_TAG_REMOVE, request.user, document) AccessEntry.objects.check_access(permission_tag_remove, request.user, document)
tag = get_object_or_404(Tag, pk=self.kwargs['pk']) tag = get_object_or_404(Tag, pk=self.kwargs['pk'])
tag.documents.remove(document) tag.documents.remove(document)
@@ -127,9 +127,9 @@ class APIDocumentTagView(views.APIView):
document = get_object_or_404(Document, pk=self.kwargs['document_pk']) document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TAG_ATTACH]) Permission.objects.check_permissions(request.user, [permission_tag_attach])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_TAG_ATTACH, request.user, document) AccessEntry.objects.check_access(permission_tag_attach, request.user, document)
tag = get_object_or_404(Tag, pk=self.kwargs['pk']) tag = get_object_or_404(Tag, pk=self.kwargs['pk'])
tag.documents.add(document) tag.documents.add(document)

8
mayan/apps/tags/apps.py
View File

@@ -21,8 +21,8 @@ from .links import (
) )
from .models import Tag from .models import Tag
from .permissions import ( from .permissions import (
PERMISSION_TAG_ATTACH, PERMISSION_TAG_DELETE, PERMISSION_TAG_EDIT, permission_tag_attach, permission_tag_delete, permission_tag_edit,
PERMISSION_TAG_REMOVE, PERMISSION_TAG_VIEW permission_tag_remove, permission_tag_view
) )
from .widgets import widget_inline_tags, widget_single_tag from .widgets import widget_inline_tags, widget_single_tag
@@ -42,10 +42,10 @@ class TagsApp(MayanAppConfig):
SourceColumn(source=Tag, label=_('Tagged items'), attribute=encapsulate(lambda tag: tag.documents.count())) SourceColumn(source=Tag, label=_('Tagged items'), attribute=encapsulate(lambda tag: tag.documents.count()))
class_permissions(Document, [ class_permissions(Document, [
PERMISSION_TAG_ATTACH, PERMISSION_TAG_REMOVE, permission_tag_attach, permission_tag_remove,
]) ])
class_permissions(Tag, [ class_permissions(Tag, [
PERMISSION_TAG_DELETE, PERMISSION_TAG_EDIT, PERMISSION_TAG_VIEW, permission_tag_delete, permission_tag_edit, permission_tag_view,
]) ])
document_search.add_model_field(field='tags__label', label=_('Tags')) document_search.add_model_field(field='tags__label', label=_('Tags'))

6
mayan/apps/tags/forms.py
View File

@@ -10,7 +10,7 @@ from acls.models import AccessEntry
from permissions.models import Permission from permissions.models import Permission
from .models import Tag from .models import Tag
from .permissions import PERMISSION_TAG_VIEW from .permissions import permission_tag_view
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -33,9 +33,9 @@ class TagListForm(forms.Form):
queryset = Tag.objects.all() queryset = Tag.objects.all()
try: try:
Permission.objects.check_permissions(user, [PERMISSION_TAG_VIEW]) Permission.objects.check_permissions(user, [permission_tag_view])
except PermissionDenied: except PermissionDenied:
queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_TAG_VIEW, user, queryset) queryset = AccessEntry.objects.filter_objects_by_access(permission_tag_view, user, queryset)
self.fields['tag'] = forms.ModelChoiceField( self.fields['tag'] = forms.ModelChoiceField(
queryset=queryset, queryset=queryset,

22
mayan/apps/tags/links.py
View File

@@ -2,24 +2,24 @@ from __future__ import unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from acls.permissions import ACLS_VIEW_ACL from acls.permissions import acls_view_acl
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_TAG_ATTACH, PERMISSION_TAG_CREATE, PERMISSION_TAG_DELETE, permission_tag_attach, permission_tag_create, permission_tag_delete,
PERMISSION_TAG_EDIT, PERMISSION_TAG_REMOVE permission_tag_edit, permission_tag_remove
) )
link_multiple_documents_tag_remove = Link(text=_('Remove tag'), view='tags:multiple_documents_selection_tag_remove') link_multiple_documents_tag_remove = Link(text=_('Remove tag'), view='tags:multiple_documents_selection_tag_remove')
link_multiple_documents_attach_tag = Link(text=_('Attach tag'), view='tags:multiple_documents_tag_attach') link_multiple_documents_attach_tag = Link(text=_('Attach tag'), view='tags:multiple_documents_tag_attach')
link_single_document_multiple_tag_remove = Link(permissions=[PERMISSION_TAG_REMOVE], text=_('Remove tags'), view='tags:single_document_multiple_tag_remove', args='document.id') link_single_document_multiple_tag_remove = Link(permissions=[permission_tag_remove], text=_('remove tags'), view='tags:single_document_multiple_tag_remove', args='document.id')
link_tag_acl_list = Link(permissions=[ACLS_VIEW_ACL], text=_('ACLs'), view='tags:tag_acl_list', args='object.pk') link_tag_acl_list = Link(permissions=[acls_view_acl], text=_('ACLs'), view='tags:tag_acl_list', args='object.pk')
link_tag_attach = Link(permissions=[PERMISSION_TAG_ATTACH], text=_('Attach tag'), view='tags:tag_attach', args='object.pk') link_tag_attach = Link(permissions=[permission_tag_attach], text=_('attach tag'), view='tags:tag_attach', args='object.pk')
link_tag_create = Link(permissions=[PERMISSION_TAG_CREATE], text=_('Create new tag'), view='tags:tag_create') link_tag_create = Link(permissions=[permission_tag_create], text=_('create new tag'), view='tags:tag_create')
link_tag_delete = Link(permissions=[PERMISSION_TAG_DELETE], tags='dangerous', text=_('Delete'), view='tags:tag_delete', args='object.id') link_tag_delete = Link(permissions=[permission_tag_delete], tags='dangerous', text=_('delete'), view='tags:tag_delete', args='object.id')
link_tag_edit = Link(permissions=[PERMISSION_TAG_EDIT], text=_('Edit'), view='tags:tag_edit', args='object.id') link_tag_edit = Link(permissions=[permission_tag_edit], text=_('edit'), view='tags:tag_edit', args='object.id')
link_tag_document_list = Link(permissions=[PERMISSION_TAG_REMOVE, PERMISSION_TAG_ATTACH], text=_('Tags'), view='tags:document_tags', args='object.pk') link_tag_document_list = Link(permissions=[permission_tag_remove, permission_tag_attach], text=_('tags'), view='tags:document_tags', args='object.pk')
link_tag_list = Link(icon='fa fa-tag', text=_('Tags'), view='tags:tag_list') link_tag_list = Link(icon='fa fa-tag', text=_('Tags'), view='tags:tag_list')
link_tag_multiple_delete = Link(permissions=[PERMISSION_TAG_DELETE], text=_('Delete'), view='tags:tag_multiple_delete') link_tag_multiple_delete = Link(permissions=[permission_tag_delete], text=_('delete'), view='tags:tag_multiple_delete')
link_tag_tagged_item_list = Link(text=('Documents'), view='tags:tag_tagged_item_list', args='object.id') link_tag_tagged_item_list = Link(text=('Documents'), view='tags:tag_tagged_item_list', args='object.id')

16
mayan/apps/tags/permissions.py
View File

@@ -2,13 +2,13 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
tags_namespace = PermissionNamespace('tags', _('Tags')) namespace = PermissionNamespace('tags', _('Tags'))
PERMISSION_TAG_CREATE = Permission.objects.register(tags_namespace, 'tag_create', _('Create new tags')) permission_tag_create = namespace.add_permission(name='tag_create', label=_('Create new tags'))
PERMISSION_TAG_DELETE = Permission.objects.register(tags_namespace, 'tag_delete', _('Delete tags')) permission_tag_delete = namespace.add_permission(name='tag_delete', label=_('Delete tags'))
PERMISSION_TAG_EDIT = Permission.objects.register(tags_namespace, 'tag_edit', _('Edit tags')) permission_tag_edit = namespace.add_permission(name='tag_edit', label=_('Edit tags'))
PERMISSION_TAG_VIEW = Permission.objects.register(tags_namespace, 'tag_view', _('View tags')) permission_tag_view = namespace.add_permission(name='tag_view', label=_('View tags'))
PERMISSION_TAG_ATTACH = Permission.objects.register(tags_namespace, 'tag_attach', _('Attach tags to documents')) permission_tag_attach = namespace.add_permission(name='tag_attach', label=_('Attach tags to documents'))
PERMISSION_TAG_REMOVE = Permission.objects.register(tags_namespace, 'tag_remove', _('Remove tags from documents')) permission_tag_remove = namespace.add_permission(name='tag_remove', label=_('Remove tags from documents'))

32
mayan/apps/tags/views.py
View File

@@ -16,21 +16,21 @@ from acls.views import acl_list_for
from acls.utils import apply_default_acls from acls.utils import apply_default_acls
from documents.models import Document from documents.models import Document
from documents.views import DocumentListView from documents.views import DocumentListView
from documents.permissions import PERMISSION_DOCUMENT_VIEW from documents.permissions import permission_document_view
from permissions.models import Permission from permissions.models import Permission
from .forms import TagForm, TagListForm from .forms import TagForm, TagListForm
from .models import Tag from .models import Tag
from .permissions import ( from .permissions import (
PERMISSION_TAG_ATTACH, PERMISSION_TAG_CREATE, PERMISSION_TAG_DELETE, permission_tag_attach, permission_tag_create, permission_tag_delete,
PERMISSION_TAG_EDIT, PERMISSION_TAG_REMOVE, PERMISSION_TAG_VIEW permission_tag_edit, permission_tag_remove, permission_tag_view
) )
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
def tag_create(request): def tag_create(request):
Permission.objects.check_permissions(request.user, [PERMISSION_TAG_CREATE]) Permission.objects.check_permissions(request.user, [permission_tag_create])
redirect_url = reverse('tags:tag_list') redirect_url = reverse('tags:tag_list')
if request.method == 'POST': if request.method == 'POST':
@@ -61,9 +61,9 @@ def tag_attach(request, document_id=None, document_id_list=None):
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TAG_ATTACH]) Permission.objects.check_permissions(request.user, [permission_tag_attach])
except PermissionDenied: except PermissionDenied:
documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_TAG_ATTACH, request.user, documents) documents = AccessEntry.objects.filter_objects_by_access(permission_tag_attach, request.user, documents)
post_action_redirect = None post_action_redirect = None
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -123,9 +123,9 @@ def tag_list(request, queryset=None, extra_context=None):
queryset = queryset if not (queryset is None) else Tag.objects.all() queryset = queryset if not (queryset is None) else Tag.objects.all()
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TAG_VIEW]) Permission.objects.check_permissions(request.user, [permission_tag_view])
except PermissionDenied: except PermissionDenied:
queryset = AccessEntry.objects.filter_objects_by_access(PERMISSION_TAG_VIEW, request.user, queryset) queryset = AccessEntry.objects.filter_objects_by_access(permission_tag_view, request.user, queryset)
context['object_list'] = queryset context['object_list'] = queryset
@@ -146,9 +146,9 @@ def tag_delete(request, tag_id=None, tag_id_list=None):
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TAG_DELETE]) Permission.objects.check_permissions(request.user, [permission_tag_delete])
except PermissionDenied: except PermissionDenied:
tags = AccessEntry.objects.filter_objects_by_access(PERMISSION_TAG_DELETE, request.user, tags) tags = AccessEntry.objects.filter_objects_by_access(permission_tag_delete, request.user, tags)
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -194,9 +194,9 @@ def tag_edit(request, tag_id):
tag = get_object_or_404(Tag, pk=tag_id) tag = get_object_or_404(Tag, pk=tag_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TAG_EDIT]) Permission.objects.check_permissions(request.user, [permission_tag_edit])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_TAG_EDIT, request.user, tag) AccessEntry.objects.check_access(permission_tag_edit, request.user, tag)
if request.method == 'POST': if request.method == 'POST':
form = TagForm(data=request.POST, instance=tag) form = TagForm(data=request.POST, instance=tag)
@@ -233,9 +233,9 @@ def document_tags(request, document_id):
document = get_object_or_404(Document, pk=document_id) document = get_object_or_404(Document, pk=document_id)
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW]) Permission.objects.check_permissions(request.user, [permission_document_view])
except PermissionDenied: except PermissionDenied:
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, request.user, document) AccessEntry.objects.check_access(permission_document_view, request.user, document)
context = { context = {
'object': document, 'object': document,
@@ -256,9 +256,9 @@ def tag_remove(request, document_id=None, document_id_list=None, tag_id=None, ta
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try: try:
Permission.objects.check_permissions(request.user, [PERMISSION_TAG_REMOVE]) Permission.objects.check_permissions(request.user, [permission_tag_remove])
except PermissionDenied: except PermissionDenied:
documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_TAG_REMOVE, request.user, documents, exception_on_empty=True) documents = AccessEntry.objects.filter_objects_by_access(permission_tag_remove, request.user, documents, exception_on_empty=True)
post_action_redirect = None post_action_redirect = None

30
mayan/apps/user_management/api_views.py
View File

@@ -8,9 +8,9 @@ from rest_api.filters import MayanObjectPermissionsFilter
from rest_api.permissions import MayanPermission from rest_api.permissions import MayanPermission
from .permissions import ( from .permissions import (
PERMISSION_GROUP_CREATE, PERMISSION_GROUP_DELETE, PERMISSION_GROUP_EDIT, permission_group_create, permission_group_delete, permission_group_edit,
PERMISSION_GROUP_VIEW, PERMISSION_USER_CREATE, PERMISSION_USER_DELETE, permission_group_view, permission_user_create, permission_user_delete,
PERMISSION_USER_EDIT, PERMISSION_USER_VIEW permission_user_edit, permission_user_view
) )
from .serializers import GroupSerializer, UserSerializer from .serializers import GroupSerializer, UserSerializer
@@ -21,8 +21,8 @@ class APIGroupListView(generics.ListCreateAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_GROUP_VIEW]} mayan_object_permissions = {'GET': [permission_group_view]}
mayan_view_permissions = {'POST': [PERMISSION_GROUP_CREATE]} mayan_view_permissions = {'POST': [permission_group_create]}
def get(self, *args, **kwargs): def get(self, *args, **kwargs):
"""Returns a list of all the groups.""" """Returns a list of all the groups."""
@@ -39,10 +39,10 @@ class APIGroupView(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_GROUP_VIEW], 'GET': [permission_group_view],
'PUT': [PERMISSION_GROUP_EDIT], 'PUT': [permission_group_edit],
'PATCH': [PERMISSION_GROUP_EDIT], 'PATCH': [permission_group_edit],
'DELETE': [PERMISSION_GROUP_DELETE] 'DELETE': [permission_group_delete]
} }
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):
@@ -68,8 +68,8 @@ class APIUserListView(generics.ListCreateAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
filter_backends = (MayanObjectPermissionsFilter,) filter_backends = (MayanObjectPermissionsFilter,)
mayan_object_permissions = {'GET': [PERMISSION_USER_VIEW]} mayan_object_permissions = {'GET': [permission_user_view]}
mayan_view_permissions = {'POST': [PERMISSION_USER_CREATE]} mayan_view_permissions = {'POST': [permission_user_create]}
def get(self, *args, **kwargs): def get(self, *args, **kwargs):
"""Returns a list of all the users.""" """Returns a list of all the users."""
@@ -86,10 +86,10 @@ class APIUserView(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (MayanPermission,) permission_classes = (MayanPermission,)
mayan_object_permissions = { mayan_object_permissions = {
'GET': [PERMISSION_USER_VIEW], 'GET': [permission_user_view],
'PUT': [PERMISSION_USER_EDIT], 'PUT': [permission_user_edit],
'PATCH': [PERMISSION_USER_EDIT], 'PATCH': [permission_user_edit],
'DELETE': [PERMISSION_USER_DELETE] 'DELETE': [permission_user_delete]
} }
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):

38
mayan/apps/user_management/links.py
View File

@@ -5,24 +5,24 @@ from django.utils.translation import ugettext_lazy as _
from navigation import Link from navigation import Link
from .permissions import ( from .permissions import (
PERMISSION_GROUP_CREATE, PERMISSION_GROUP_DELETE, PERMISSION_GROUP_EDIT, permission_group_create, permission_group_delete, permission_group_edit,
PERMISSION_GROUP_VIEW, PERMISSION_USER_CREATE, PERMISSION_USER_DELETE, permission_group_view, permission_user_create, permission_user_delete,
PERMISSION_USER_EDIT, PERMISSION_USER_VIEW permission_user_edit, permission_user_view
) )
link_group_add = Link(permissions=[PERMISSION_GROUP_CREATE], text=_('Create new group'), view='user_management:group_add') link_group_add = Link(permissions=[permission_group_create], text=_('create new group'), view='user_management:group_add')
link_group_delete = Link(permissions=[PERMISSION_GROUP_DELETE], tags='dangerous', text=_('Delete'), view='user_management:group_delete', args='object.id') link_group_delete = Link(permissions=[permission_group_delete], tags='dangerous', text=_('delete'), view='user_management:group_delete', args='object.id')
link_group_edit = Link(permissions=[PERMISSION_GROUP_EDIT], text=_('Edit'), view='user_management:group_edit', args='object.id') link_group_edit = Link(permissions=[permission_group_edit], text=_('edit'), view='user_management:group_edit', args='object.id')
link_group_list = Link(permissions=[PERMISSION_GROUP_VIEW], text=_('Groups'), view='user_management:group_list') link_group_list = Link(permissions=[permission_group_view], text=_('groups'), view='user_management:group_list')
link_group_members = Link(permissions=[PERMISSION_GROUP_EDIT], text=_('Members'), view='user_management:group_members', args='object.id') link_group_members = Link(permissions=[permission_group_edit], text=_('members'), view='user_management:group_members', args='object.id')
link_group_multiple_delete = Link(permissions=[PERMISSION_GROUP_DELETE], text=_('Delete'), view='user_management:group_multiple_delete') link_group_multiple_delete = Link(permissions=[permission_group_delete], text=_('delete'), view='user_management:group_multiple_delete')
link_group_setup = Link(icon='fa fa-group', permissions=[PERMISSION_GROUP_VIEW], text=_('Groups'), view='user_management:group_list') link_group_setup = Link(icon='fa fa-group', permissions=[permission_group_view], text=_('groups'), view='user_management:group_list')
link_user_add = Link(permissions=[PERMISSION_USER_CREATE], text=_('Create new user'), view='user_management:user_add') link_user_add = Link(permissions=[permission_user_create], text=_('create new user'), view='user_management:user_add')
link_user_delete = Link(permissions=[PERMISSION_USER_DELETE], tags='dangerous', text=_('Delete'), view='user_management:user_delete', args='object.id') link_user_delete = Link(permissions=[permission_user_delete], tags='dangerous', text=_('delete'), view='user_management:user_delete', args='object.id')
link_user_edit = Link(permissions=[PERMISSION_USER_EDIT], text=_('Edit'), view='user_management:user_edit', args='object.id') link_user_edit = Link(permissions=[permission_user_edit], text=_('edit'), view='user_management:user_edit', args='object.id')
link_user_groups = Link(permissions=[PERMISSION_USER_EDIT], text=_('Groups'), view='user_management:user_groups', args='object.id') link_user_groups = Link(permissions=[permission_user_edit], text=_('groups'), view='user_management:user_groups', args='object.id')
link_user_list = Link(permissions=[PERMISSION_USER_VIEW], text=_('Users'), view='user_management:user_list') link_user_list = Link(permissions=[permission_user_view], text=_('users'), view='user_management:user_list')
link_user_multiple_delete = Link(permissions=[PERMISSION_USER_DELETE], tags='dangerous', text=_('Delete'), view='user_management:user_multiple_delete') link_user_multiple_delete = Link(permissions=[permission_user_delete], tags='dangerous', text=_('delete'), view='user_management:user_multiple_delete')
link_user_multiple_set_password = Link(permissions=[PERMISSION_USER_EDIT], text=_('Reset password'), view='user_management:user_multiple_set_password') link_user_multiple_set_password = Link(permissions=[permission_user_edit], text=_('reset password'), view='user_management:user_multiple_set_password')
link_user_set_password = Link(permissions=[PERMISSION_USER_EDIT], text=_('Reset password'), view='user_management:user_set_password', args='object.id') link_user_set_password = Link(permissions=[permission_user_edit], text=_('reset password'), view='user_management:user_set_password', args='object.id')
link_user_setup = Link(icon='fa fa-user', permissions=[PERMISSION_USER_VIEW], text=_('Users'), view='user_management:user_list') link_user_setup = Link(icon='fa fa-user', permissions=[permission_user_view], text=_('users'), view='user_management:user_list')

21
mayan/apps/user_management/permissions.py
View File

@@ -2,16 +2,15 @@ from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from permissions.models import PermissionNamespace, Permission from permissions.models import PermissionNamespace
user_management_namespace = PermissionNamespace('user_management', _('User management')) namespace = PermissionNamespace('user_management', _('User management'))
PERMISSION_USER_CREATE = Permission.objects.register(user_management_namespace, 'user_create', _('Create new users')) permission_user_create = namespace.add_permission(name='user_create', label=_('Create new users'))
PERMISSION_USER_EDIT = Permission.objects.register(user_management_namespace, 'user_edit', _('Edit existing users')) permission_user_edit = namespace.add_permission(name='user_edit', label=_('Edit existing users'))
PERMISSION_USER_VIEW = Permission.objects.register(user_management_namespace, 'user_view', _('View existing users')) permission_user_view = namespace.add_permission(name='user_view', label=_('View existing users'))
PERMISSION_USER_DELETE = Permission.objects.register(user_management_namespace, 'user_delete', _('Delete existing users')) permission_user_delete = namespace.add_permission(name='user_delete', label=_('Delete existing users'))
permission_group_create = namespace.add_permission(name='group_create', label=_('Create new groups'))
PERMISSION_GROUP_CREATE = Permission.objects.register(user_management_namespace, 'group_create', _('Create new groups')) permission_group_edit = namespace.add_permission(name='group_edit', label=_('Edit existing groups'))
PERMISSION_GROUP_EDIT = Permission.objects.register(user_management_namespace, 'group_edit', _('Edit existing groups')) permission_group_view = namespace.add_permission(name='group_view', label=_('View existing groups'))
PERMISSION_GROUP_VIEW = Permission.objects.register(user_management_namespace, 'group_view', _('View existing groups')) permission_group_delete = namespace.add_permission(name='group_delete', label=_('Delete existing groups'))
PERMISSION_GROUP_DELETE = Permission.objects.register(user_management_namespace, 'group_delete', _('Delete existing groups'))

28
mayan/apps/user_management/views.py
View File

@@ -17,14 +17,14 @@ from permissions.models import Permission
from .forms import GroupForm, PasswordForm, UserForm from .forms import GroupForm, PasswordForm, UserForm
from .permissions import ( from .permissions import (
PERMISSION_GROUP_CREATE, PERMISSION_GROUP_DELETE, PERMISSION_GROUP_EDIT, permission_group_create, permission_group_delete, permission_group_edit,
PERMISSION_GROUP_VIEW, PERMISSION_USER_CREATE, PERMISSION_USER_DELETE, permission_group_view, permission_user_create, permission_user_delete,
PERMISSION_USER_EDIT, PERMISSION_USER_VIEW permission_user_edit, permission_user_view
) )
def user_list(request): def user_list(request):
Permission.objects.check_permissions(request.user, [PERMISSION_USER_VIEW]) Permission.objects.check_permissions(request.user, [permission_user_view])
context = { context = {
'object_list': get_user_model().objects.exclude(is_superuser=True).exclude(is_staff=True).order_by('username'), 'object_list': get_user_model().objects.exclude(is_superuser=True).exclude(is_staff=True).order_by('username'),
@@ -55,7 +55,7 @@ def user_list(request):
def user_edit(request, user_id): def user_edit(request, user_id):
Permission.objects.check_permissions(request.user, [PERMISSION_USER_EDIT]) Permission.objects.check_permissions(request.user, [permission_user_edit])
user = get_object_or_404(User, pk=user_id) user = get_object_or_404(User, pk=user_id)
if user.is_superuser or user.is_staff: if user.is_superuser or user.is_staff:
@@ -79,7 +79,7 @@ def user_edit(request, user_id):
def user_add(request): def user_add(request):
Permission.objects.check_permissions(request.user, [PERMISSION_USER_CREATE]) Permission.objects.check_permissions(request.user, [permission_user_create])
if request.method == 'POST': if request.method == 'POST':
form = UserForm(request.POST) form = UserForm(request.POST)
@@ -99,7 +99,7 @@ def user_add(request):
def user_delete(request, user_id=None, user_id_list=None): def user_delete(request, user_id=None, user_id_list=None):
Permission.objects.check_permissions(request.user, [PERMISSION_USER_DELETE]) Permission.objects.check_permissions(request.user, [permission_user_delete])
post_action_redirect = None post_action_redirect = None
if user_id: if user_id:
@@ -151,7 +151,7 @@ def user_multiple_delete(request):
def user_set_password(request, user_id=None, user_id_list=None): def user_set_password(request, user_id=None, user_id_list=None):
Permission.objects.check_permissions(request.user, [PERMISSION_USER_EDIT]) Permission.objects.check_permissions(request.user, [permission_user_edit])
post_action_redirect = None post_action_redirect = None
if user_id: if user_id:
@@ -226,7 +226,7 @@ class UserGroupsView(AssignRemoveView):
item.user_set.add(self.user) item.user_set.add(self.user)
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
Permission.objects.check_permissions(request.user, [PERMISSION_USER_EDIT]) Permission.objects.check_permissions(request.user, [permission_user_edit])
self.user = get_object_or_404(User, pk=self.kwargs['user_id']) self.user = get_object_or_404(User, pk=self.kwargs['user_id'])
self.left_list_title = _('Non groups of user: %s') % self.user self.left_list_title = _('Non groups of user: %s') % self.user
self.right_list_title = _('Groups of user: %s') % self.user self.right_list_title = _('Groups of user: %s') % self.user
@@ -253,7 +253,7 @@ class UserGroupsView(AssignRemoveView):
# Group views # Group views
def group_list(request): def group_list(request):
Permission.objects.check_permissions(request.user, [PERMISSION_GROUP_VIEW]) Permission.objects.check_permissions(request.user, [permission_group_view])
context = { context = {
'object_list': Group.objects.all(), 'object_list': Group.objects.all(),
@@ -272,7 +272,7 @@ def group_list(request):
def group_edit(request, group_id): def group_edit(request, group_id):
Permission.objects.check_permissions(request.user, [PERMISSION_GROUP_EDIT]) Permission.objects.check_permissions(request.user, [permission_group_edit])
group = get_object_or_404(Group, pk=group_id) group = get_object_or_404(Group, pk=group_id)
if request.method == 'POST': if request.method == 'POST':
@@ -292,7 +292,7 @@ def group_edit(request, group_id):
def group_add(request): def group_add(request):
Permission.objects.check_permissions(request.user, [PERMISSION_GROUP_CREATE]) Permission.objects.check_permissions(request.user, [permission_group_create])
if request.method == 'POST': if request.method == 'POST':
form = GroupForm(request.POST) form = GroupForm(request.POST)
@@ -310,7 +310,7 @@ def group_add(request):
def group_delete(request, group_id=None, group_id_list=None): def group_delete(request, group_id=None, group_id_list=None):
Permission.objects.check_permissions(request.user, [PERMISSION_GROUP_DELETE]) Permission.objects.check_permissions(request.user, [permission_group_delete])
post_action_redirect = None post_action_redirect = None
if group_id: if group_id:
@@ -365,7 +365,7 @@ class GroupMembersView(AssignRemoveView):
self.group.user_set.add(item) self.group.user_set.add(item)
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
Permission.objects.check_permissions(request.user, [PERMISSION_GROUP_EDIT]) Permission.objects.check_permissions(request.user, [permission_group_edit])
self.group = get_object_or_404(Group, pk=self.kwargs['group_id']) self.group = get_object_or_404(Group, pk=self.kwargs['group_id'])
self.left_list_title = _('Non members of group: %s') % self.group self.left_list_title = _('Non members of group: %s') % self.group
self.right_list_title = _('Members of group: %s') % self.group self.right_list_title = _('Members of group: %s') % self.group