matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'origin/versions/micro' into merges/micro_to_minor

Browse Source
This commit is contained in:
Roberto Rosario
2019-11-28 02:24:18 -04:00
parent 64f02aa771 85f7167fd4
commit fc3a8f13c6
16 changed files with 137 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
HISTORY.rst
View File

@@ -200,6 +200,10 @@
- Fix reverse inheritance permissions.
- Remove index create permission as an ACL permission
for indexes.
- Fix API example.
- Fix document check in via the API. GitLab issue #688.
Thanks to inam ul haq (@inam.sys) for the report.
- Improve supervisord upgrade instructions. Forum topic 880.
3.2.10 (2019-11-19)
===================

2
docs/chapters/api.rst
View File

@@ -57,7 +57,7 @@ Get a list of document types::
Upload a new document::
with open('test_document.pdf', mode='rb') as
with open('test_document.pdf', mode='rb') as file_object:
requests.post('http://127.0.0.1:8000/api/documents/', auth=('username', 'password'), files={'file': file_object}, data={'document_type': 1}).json()
{u'description': u'',

4
docs/releases/3.2.1.rst
View File

@@ -79,10 +79,10 @@ variables values show here with your respective settings. This step will refresh
the supervisord configuration file with the new queues and the latest
recommended layout::
MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
sudo sh -c "MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf"
Edit the supervisord configuration file and update any setting the template
generator missed::

4
docs/releases/3.2.10.rst
View File

@@ -133,10 +133,10 @@ variables values show here with your respective settings. This step will refresh
the supervisord configuration file with the new queues and the latest
recommended layout::
sudo MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
sudo sh -c "MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=|MAYAN_MEDIA_ROOT| \
|MAYAN_BIN| platformtemplate supervisord > |MAYAN_SUPERVISOR_CONF|
|MAYAN_BIN| platformtemplate supervisord > |MAYAN_SUPERVISOR_CONF|"
Edit the supervisord configuration file and update any setting the template
generator missed::

4
docs/releases/3.2.2.rst
View File

@@ -72,10 +72,10 @@ variables values show here with your respective settings. This step will refresh
the supervisord configuration file with the new queues and the latest
recommended layout::
MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
sudo sh -c "MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf"
Edit the supervisord configuration file and update any setting the template
generator missed::

4
docs/releases/3.2.3.rst
View File

@@ -77,10 +77,10 @@ variables values show here with your respective settings. This step will refresh
the supervisord configuration file with the new queues and the latest
recommended layout::
MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
sudo sh -c "MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf"
Edit the supervisord configuration file and update any setting the template
generator missed::

4
docs/releases/3.2.4.rst
View File

@@ -95,10 +95,10 @@ variables values show here with your respective settings. This step will refresh
the supervisord configuration file with the new queues and the latest
recommended layout::
sudo MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
sudo sh -c "MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf"
Edit the supervisord configuration file and update any setting the template
generator missed::

4
docs/releases/3.2.5.rst
View File

@@ -80,10 +80,10 @@ variables values show here with your respective settings. This step will refresh
the supervisord configuration file with the new queues and the latest
recommended layout::
sudo MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
sudo sh -c "MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf"
Edit the supervisord configuration file and update any setting the template
generator missed::

4
docs/releases/3.2.6.rst
View File

@@ -72,10 +72,10 @@ variables values show here with your respective settings. This step will refresh
the supervisord configuration file with the new queues and the latest
recommended layout::
sudo MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
sudo sh -c "MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf"
Edit the supervisord configuration file and update any setting the template
generator missed::

4
docs/releases/3.2.7.rst
View File

@@ -99,10 +99,10 @@ variables values show here with your respective settings. This step will refresh
the supervisord configuration file with the new queues and the latest
recommended layout::
sudo MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
sudo sh -c "MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf"
Edit the supervisord configuration file and update any setting the template
generator missed::

4
docs/releases/3.2.8.rst
View File

@@ -119,10 +119,10 @@ variables values show here with your respective settings. This step will refresh
the supervisord configuration file with the new queues and the latest
recommended layout::
sudo MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
sudo sh -c "MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf"
Edit the supervisord configuration file and update any setting the template
generator missed::

4
docs/releases/3.2.9.rst
View File

@@ -182,10 +182,10 @@ variables values show here with your respective settings. This step will refresh
the supervisord configuration file with the new queues and the latest
recommended layout::
sudo MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
sudo sh -c "MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf
/opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf"
Edit the supervisord configuration file and update any setting the template
generator missed::

2
mayan/apps/checkouts/api_views.py
View File

@@ -76,7 +76,7 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
def delete(self, request, *args, **kwargs):
document = self.get_object().document
if document.checkout_info().user == request.user:
if document.get_check_out_info().user == request.user:
AccessControlList.objects.check_access(
obj=document, permissions=(permission_document_check_in,),
user=request.user

22
mayan/apps/checkouts/tests/mixins.py
View File

@@ -11,13 +11,7 @@ from ..models import DocumentCheckout
class DocumentCheckoutsAPIViewTestMixin(object):
def _request_checkedout_document_view(self):
return self.get(
viewname='rest_api:checkedout-document-view',
kwargs={'pk': self.test_check_out.pk}
)
def _request_test_document_check_out_view(self):
def _request_test_document_check_out_create_api_view(self):
return self.post(
viewname='rest_api:checkout-document-list', data={
'document_pk': self.test_document.pk,
@@ -25,7 +19,19 @@ class DocumentCheckoutsAPIViewTestMixin(object):
}
)
def _request_checkout_list_view(self):
def _request_test_document_check_out_delete_api_view(self):
return self.delete(
viewname='rest_api:checkedout-document-view',
kwargs={'pk': self.test_check_out.pk}
)
def _request_test_document_check_out_detail_api_view(self):
return self.get(
viewname='rest_api:checkedout-document-view',
kwargs={'pk': self.test_check_out.pk}
)
def _request_test_document_check_out_list_api_view(self):
return self.get(viewname='rest_api:checkout-document-list')

137
mayan/apps/checkouts/tests/test_api.py
View File

@@ -8,8 +8,8 @@ from mayan.apps.documents.permissions import permission_document_view
from mayan.apps.documents.tests.mixins import DocumentTestMixin
from mayan.apps.rest_api.tests.base import BaseAPITestCase
from ..models import DocumentCheckout
from ..permissions import (
permission_document_check_in, permission_document_check_in_override,
permission_document_check_out, permission_document_check_out_detail_view
)
@@ -22,32 +22,95 @@ class CheckoutsAPITestCase(
DocumentCheckoutsAPIViewTestMixin, DocumentCheckoutTestMixin,
DocumentTestMixin, BaseAPITestCase
):
def test_checkedout_document_view_no_access(self):
def test_document_check_out_create_api_view_no_permission(self):
response = self._request_test_document_check_out_create_api_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertFalse(self.test_document.is_checked_out())
def test_document_check_out_create_api_view_with_access(self):
self.grant_access(
obj=self.test_document, permission=permission_document_check_out
)
response = self._request_test_document_check_out_create_api_view()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertTrue(self.test_document.is_checked_out())
def test_document_check_out_delete_api_view_no_permission(self):
self._check_out_test_document()
response = self._request_checkedout_document_view()
response = self._request_test_document_check_out_delete_api_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertTrue(self.test_document.is_checked_out())
def test_document_check_out_delete_api_view_with_access(self):
self._check_out_test_document()
self.grant_access(
obj=self.test_document, permission=permission_document_check_in
)
response = self._request_test_document_check_out_delete_api_view()
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertFalse(self.test_document.is_checked_out())
def test_document_check_in_forcefull_api_view_no_permission(self):
self._create_test_user()
self._check_out_test_document(user=self.test_user)
self.grant_access(
obj=self.test_document, permission=permission_document_check_in
)
response = self._request_test_document_check_out_delete_api_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertTrue(self.test_document.is_checked_out())
def test_document_check_in_forcefull_api_view_with_access(self):
self._create_test_user()
self._check_out_test_document(user=self.test_user)
self.grant_access(
obj=self.test_document,
permission=permission_document_check_in_override
)
response = self._request_test_document_check_out_delete_api_view()
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertFalse(self.test_document.is_checked_out())
def test_document_check_out_detail_api_view_no_permission(self):
self._check_out_test_document()
response = self._request_test_document_check_out_detail_api_view()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_checkedout_document_view_with_checkout_access(self):
def test_document_check_out_detail_api_view_with_check_out_detail_access(self):
self._check_out_test_document()
self.grant_access(
obj=self.test_document,
permission=permission_document_check_out_detail_view
)
response = self._request_checkedout_document_view()
response = self._request_test_document_check_out_detail_api_view()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_checkedout_document_view_with_document_access(self):
def test_document_check_out_detail_api_view_with_document_access(self):
self._check_out_test_document()
self.grant_access(
obj=self.test_document, permission=permission_document_view
)
response = self._request_checkedout_document_view()
response = self._request_test_document_check_out_detail_api_view()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_checkedout_document_view_with_access(self):
def test_document_check_out_detail_api_view_with_full_access(self):
self._check_out_test_document()
self.grant_access(
obj=self.test_document, permission=permission_document_view
@@ -57,58 +120,48 @@ class CheckoutsAPITestCase(
permission=permission_document_check_out_detail_view
)
response = self._request_checkedout_document_view()
response = self._request_test_document_check_out_detail_api_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(
response.data['document']['uuid'],
force_text(self.test_document.uuid)
)
def test_document_checkout_no_access(self):
response = self._request_test_document_check_out_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(DocumentCheckout.objects.count(), 0)
def test_document_checkout_with_access(self):
self.grant_access(permission=permission_document_check_out, obj=self.test_document)
response = self._request_test_document_check_out_view()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(
DocumentCheckout.objects.first().document, self.test_document
)
def test_checkout_list_view_no_access(self):
def test_document_check_out_list_api_view_no_permission(self):
self._check_out_test_document()
response = self._request_checkout_list_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotContains(response=response, text=self.test_document.uuid)
response = self._request_test_document_check_out_list_api_view()
self.assertNotContains(
response=response, text=self.test_document.uuid,
status_code=status.HTTP_200_OK
)
def test_checkout_list_view_with_document_access(self):
def test_document_check_out_list_api_view_with_document_access(self):
self._check_out_test_document()
self.grant_access(
permission=permission_document_view, obj=self.test_document
)
response = self._request_checkout_list_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotContains(response=response, text=self.test_document.uuid)
response = self._request_test_document_check_out_list_api_view()
self.assertNotContains(
response=response, text=self.test_document.uuid,
status_code=status.HTTP_200_OK
)
def test_checkout_list_view_with_checkout_access(self):
def test_document_check_out_list_api_view_with_check_out_detail_access(self):
self._check_out_test_document()
self.grant_access(
obj=self.test_document,
permission=permission_document_check_out_detail_view
)
response = self._request_checkout_list_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotContains(response=response, text=self.test_document.uuid)
response = self._request_test_document_check_out_list_api_view()
self.assertNotContains(
response=response, text=self.test_document.uuid,
status_code=status.HTTP_200_OK
)
def test_checkout_list_view_with_access(self):
def test_document_check_out_list_api_view_with_full_access(self):
self._check_out_test_document()
self.grant_access(
@@ -119,6 +172,8 @@ class CheckoutsAPITestCase(
permission=permission_document_check_out_detail_view
)
response = self._request_checkout_list_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertContains(response=response, text=self.test_document.uuid)
response = self._request_test_document_check_out_list_api_view()
self.assertContains(
response=response, text=self.test_document.uuid,
status_code=status.HTTP_200_OK
)

3
mayan/apps/document_indexing/apps.py
View File

@@ -40,8 +40,7 @@ from .links import (
link_index_template_node_delete, link_index_template_node_edit
)
from .permissions import (
permission_document_indexing_create, permission_document_indexing_delete,
permission_document_indexing_edit,
permission_document_indexing_delete, permission_document_indexing_edit,
permission_document_indexing_instance_view,
permission_document_indexing_rebuild, permission_document_indexing_view
)