Add ACL support to the history app

apps/documents/__init__.py

@@ -11,6 +11,7 @@ from navigation.api import register_links, register_top_menu, \
 from main.api import register_diagnostic, register_maintenance_links
 from tags.widgets import get_tags_inline_widget_simple
 from history.api import register_history_type
+from history.permissions import PERMISSION_HISTORY_VIEW
 from metadata.api import get_metadata_string
 from project_setup.api import register_setup
 from acls.api import class_permissions
@@ -75,7 +76,7 @@ document_update_page_count = {'text': _(u'update office documents\' page count')
 document_clear_transformations = {'text': _(u'clear transformations'), 'view': 'document_clear_transformations', 'args': 'object.id', 'famfam': 'page_paintbrush', 'permissions': [PERMISSION_DOCUMENT_TRANSFORM]}
 document_multiple_clear_transformations = {'text': _(u'clear transformations'), 'view': 'document_multiple_clear_transformations', 'famfam': 'page_paintbrush', 'permissions': [PERMISSION_DOCUMENT_TRANSFORM]}
 document_print = {'text': _(u'print'), 'view': 'document_print', 'args': 'object.id', 'famfam': 'printer', 'permissions': [PERMISSION_DOCUMENT_VIEW]}
-document_history_view = {'text': _(u'history'), 'view': 'history_for_object', 'args': ['"documents"', '"document"', 'object.id'], 'famfam': 'book_go', 'permissions': [PERMISSION_DOCUMENT_VIEW]}
+document_history_view = {'text': _(u'history'), 'view': 'history_for_object', 'args': ['"documents"', '"document"', 'object.id'], 'famfam': 'book_go', 'permissions': [PERMISSION_HISTORY_VIEW]}
 document_missing_list = {'text': _(u'Find missing document files'), 'view': 'document_missing_list', 'famfam': 'folder_page', 'permissions': [PERMISSION_DOCUMENT_VIEW]}
 
 # Tools
@@ -204,5 +205,6 @@ class_permissions(Document, [
     PERMISSION_DOCUMENT_DELETE,
     PERMISSION_DOCUMENT_DOWNLOAD,
     PERMISSION_DOCUMENT_TRANSFORM,
-    PERMISSION_DOCUMENT_VERSION_REVERT
+    PERMISSION_DOCUMENT_VERSION_REVERT,
+    PERMISSION_HISTORY_VIEW    
 ])

apps/history/__init__.py

@@ -6,8 +6,7 @@ from project_tools.api import register_tool
 
 from .permissions import PERMISSION_HISTORY_VIEW
 
-# TODO: support permissions AND operand
-# encapsulate into document_history_list and require DOCUMENT_VIEW and HISTORY_VIEW
+
 history_list = {'text': _(u'history'), 'view': 'history_list', 'famfam': 'book', 'icon': 'book.png', 'permissions': [PERMISSION_HISTORY_VIEW], 'children_views': ['history_view']}
 
 register_tool(history_list)

apps/history/permissions.py

@@ -5,5 +5,4 @@ from django.utils.translation import ugettext_lazy as _
 from permissions.models import PermissionNamespace, Permission
 
 history_namespace = PermissionNamespace('history', _(u'History'))
-
-PERMISSION_HISTORY_VIEW = Permission.objects.register(history_namespace, 'history_view', _(u'Access the history app'))
+PERMISSION_HISTORY_VIEW = Permission.objects.register(history_namespace, 'history_view', _(u'Access the history of an object'))

apps/history/views.py

@@ -7,9 +7,11 @@ from django.shortcuts import get_object_or_404
 from django.contrib.contenttypes.models import ContentType
 from django.db.models.loading import get_model
 from django.http import Http404
+from django.core.exceptions import PermissionDenied
 
 from permissions.models import Permission
 from common.utils import encapsulate
+from acls.models import AccessEntry
 
 from .models import History
 from .forms import HistoryDetailForm
@@ -45,14 +47,17 @@ def history_list(request):
 
 
 def history_for_object(request, app_label, module_name, object_id):
-    Permission.objects.check_permissions(request.user, [PERMISSION_HISTORY_VIEW])
-
     model = get_model(app_label, module_name)
     if not model:
         raise Http404
     content_object = get_object_or_404(model, pk=object_id)
     content_type = ContentType.objects.get_for_model(model)
 
+    try:
+        Permission.objects.check_permissions(request.user, [PERMISSION_HISTORY_VIEW])
+    except PermissionDenied:
+        AccessEntry.objects.check_access(PERMISSION_HISTORY_VIEW, request.user, content_object)
+
     context = {
         'object_list': History.objects.filter(content_type=content_type, object_id=object_id),
         'title': _(u'history events for: %s') % content_object,
@@ -75,9 +80,12 @@ def history_for_object(request, app_label, module_name, object_id):
 
 
 def history_view(request, object_id):
-    Permission.objects.check_permissions(request.user, [PERMISSION_HISTORY_VIEW])
-
     history = get_object_or_404(History, pk=object_id)
+    
+    try:
+        Permission.objects.check_permissions(request.user, [PERMISSION_HISTORY_VIEW])
+    except PermissionDenied:
+        AccessEntry.objects.check_access(PERMISSION_HISTORY_VIEW, request.user, history.content_object)    
 
     form = HistoryDetailForm(instance=history, extra_fields=[
         {'label': _(u'Date'), 'field':lambda x: x.datetime.date()},