Add document ACLs workflow actions

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
2019-06-10 03:40:09 -04:00
parent 505e0bd68b
commit f66328139e
6 changed files with 140 additions and 7 deletions
--- a/mayan/apps/acls/workflow_actions.py
+++ b/mayan/apps/acls/workflow_actions.py
@@ -8,6 +8,7 @@ from django.core.exceptions import ValidationError
 from django.utils.translation import ugettext_lazy as _

 from mayan.apps.acls.models import AccessControlList
+from mayan.apps.documents.models import Document
 from mayan.apps.document_states.classes import WorkflowAction
 from mayan.apps.permissions.classes import Permission
 from mayan.apps.permissions.models import Role
@@ -149,3 +150,74 @@ class RevokeAccessAction(GrantAccessAction):
                AccessControlList.objects.revoke(
                    obj=self.obj, permission=permission, role=role
                )
+
+
+class GrantDocumentAccessAction(WorkflowAction):
+    fields = {
+        'roles': {
+            'label': _('Roles'),
+            'class': 'django.forms.ModelMultipleChoiceField', 'kwargs': {
+                'help_text': _('Roles whose access will be modified.'),
+                'queryset': Role.objects.all(), 'required': True
+            }
+        }, 'permissions': {
+            'label': _('Permissions'),
+            'class': 'django.forms.MultipleChoiceField', 'kwargs': {
+                'help_text': _(
+                    'Permissions to grant/revoke to/from the role for the '
+                    'object selected above.'
+                ), 'choices': (),
+                'required': True
+            }
+        }
+    }
+    field_order = ('roles', 'permissions')
+    label = _('Grant document access')
+    widgets = {
+        'roles': {
+            'class': 'django.forms.widgets.SelectMultiple', 'kwargs': {
+                'attrs': {'class': 'select2'},
+            }
+        },
+        'permissions': {
+            'class': 'django.forms.widgets.SelectMultiple', 'kwargs': {
+                'attrs': {'class': 'select2'},
+            }
+        }
+    }
+
+    def get_form_schema(self, *args, **kwargs):
+        self.fields['permissions']['kwargs']['choices'] = ModelPermission.get_for_class(
+            klass=Document, as_choices=True
+        )
+        return super(GrantDocumentAccessAction, self).get_form_schema(*args, **kwargs)
+
+    def get_execute_data(self):
+        self.roles = Role.objects.filter(pk__in=self.form_data['roles'])
+        self.permissions = [
+            Permission.get(
+                pk=permission, proxy_only=True
+            ) for permission in self.form_data['permissions']
+        ]
+
+    def execute(self, context):
+        self.get_execute_data()
+
+        for role in self.roles:
+            for permission in self.permissions:
+                AccessControlList.objects.grant(
+                    obj=context['document'], permission=permission, role=role
+                )
+
+
+class RevokeDocumentAccessAction(GrantDocumentAccessAction):
+    label = _('Revoke document access')
+
+    def execute(self, context):
+        self.get_execute_data()
+
+        for role in self.roles:
+            for permission in self.permissions:
+                AccessControlList.objects.revoke(
+                    obj=context['document'], permission=permission, role=role
+                )