matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7,617 Commits 36 Branches 0 Tags
0917bd57b39f9aaa1fb2d53954f68a6fbc93ec7f
Commit Graph

52 Commits

Author SHA1 Message Date
Roberto Rosario
0917bd57b3 Add ACL filter support for case 6 
Support inherited field of a related field that is Generic
Foreign Key.

Signed-off-by: Roberto Rosario <roberto.rosario@mayan-edms.com>
 2019-08-20 00:09:56 -04:00
Roberto Rosario
eb1fb8511b Move manager get code to ModelPermission class 
Signed-off-by: Roberto Rosario <roberto.rosario@mayan-edms.com>
 2019-08-05 00:20:06 -04:00
Roberto Rosario
3c9454160f Support custom model managers for check_access() 
Allow app to specify which model manager will be used
when creating the queryset that is passed to check_access.

Signed-off-by: Roberto Rosario <roberto.rosario@mayan-edms.com>
 2019-07-30 03:10:15 -04:00
Roberto Rosario
33929576fc Allow passing a manager 
Add a manager argument to check_access to avoid using the
the default manager blindly. Used for models with more than one
manager like the Document model.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-05-31 00:22:52 -04:00
Roberto Rosario
1beb44d85d PEP8 cleanups 
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-05-08 18:15:39 -04:00
Roberto Rosario
5e4518211f Remove related attribute of check_access 
Remove filter_by_access. Replaced by restrict_queryset.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-05-07 02:26:50 -04:00
Roberto Rosario
95a1df8072 Backport common mixin and generics improvements 
* Rename get_object_list to get_source_queryset.
* Add uniqueness validation to SingleObjectCreateView.
* Remove MultipleInstanceActionMixin.
* Backport MultipleObjectMixin improvements.
* Remove ObjectListPermissionFilterMixin.
* Add and improve tests.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-05-06 02:07:35 -04:00
Roberto Rosario
8e731d6280 Backport ACL computation improvements 
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-05-04 03:27:30 -04:00
Roberto Rosario
e042c5275b Stop inherited permission recursion check 
Recursive objects are not supported by this method and need
to specify their own function to calculate their own filtered
queryset.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-04-29 15:17:42 -04:00
Roberto Rosario
6069c67342 Improve inherited permission computation 
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-04-27 19:13:06 -04:00
Roberto Rosario
f3413b4283 Backport and remove code from the permission app 
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-04-13 01:43:03 -04:00
Roberto Rosario
36a51eeb73 Switch to full app paths 
Instead of inserting the path of the apps into the Python app,
the apps are now referenced by their full import path.

This solves name clashes with external or native Python libraries.
Example: Mayan statistics app vs. Python new statistics library.

Every app reference is now prepended with 'mayan.apps'.

Existing config.yml files need to be updated manually.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-04-05 02:02:57 -04:00
Roberto Rosario
8419facb8a PEP8 cleanups 
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-04-04 02:46:25 -04:00
Roberto Rosario
912675bf99 Force object to text 
Force text display of object when raising PermissionDenied
to avoid UnicodeDecodeError. Thanks to Mathias Behrle
(@mbehrle) for the report and the debug information.
GitLab issue #576.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2019-04-04 01:39:06 -04:00
Roberto Rosario
75f6d44509 Add to the AccessControlList parent accesor code to handle related fields. 
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2018-08-23 16:20:35 -04:00
Michael Price
e2cc939260 Fix indentation. 
Signed-off-by: Michael Price <loneviking72@gmail.com>
 2018-04-01 18:39:04 -04:00
Michael Price
3165912837 Format line according to best practices. 
Signed-off-by: Michael Price <loneviking72@gmail.com>
 2018-04-01 18:36:30 -04:00
Michael Price
e3d400c70d Add common.utils.return_related function to support double underscore related model references. 
Signed-off-by: Michael Price <loneviking72@gmail.com>
 2018-04-01 18:21:26 -04:00
Roberto Rosario
4dcaa5f883 Add text description to the PermissionDenied exception raised by 
the acls managers.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2017-08-26 02:54:43 -04:00
Roberto Rosario
2052caada4 Remove PreserveGetQuerySet mixin. Update SingleObjectList and 
MultipleObjectFormActionView views to use a new get_object_list method.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2017-08-16 22:12:24 -04:00
Roberto Rosario
3cbe90567f Add method to grant and revoke access via ACLs. 
Granting will also check if the permission has been
authorized to the object class using ModelPermission.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2017-07-17 20:39:41 -04:00
Roberto Rosario
e04e3040bb Allow model ACL inheritance related to be a callable. 
If it is a callable iterative queryset filter will be performed.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2017-07-14 05:13:32 -04:00
Roberto Rosario
63682a2945 Merge remote-tracking branch 'origin/master' into feature/master_merge 
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
 2017-03-14 15:57:38 -04:00
Roger Hunwicks
ed0145cc1c More detailed logging for permissions checks - see #321 
Signed-off-by: Roger Hunwicks <roger@tonic-solutions.com>
 2017-02-23 16:29:20 +02:00
Roberto Rosario
1133577e4d Fix ACL resolution for non model objects. 2016-11-14 02:57:41 -04:00
Roberto Rosario
5893e149e0 Reduce the check_access boilerplate code. 2016-11-02 04:58:05 -04:00
Roberto Rosario
621c988809 Simplify filter_by_access boilerplate code 2016-11-02 03:48:16 -04:00
Roberto Rosario
e3200511ac Small query optimization. 2016-04-04 23:04:35 -04:00
Roberto Rosario
739b96ed37 Add related object link permission support. 2016-03-29 16:27:53 -04:00
Roberto Rosario
e708e0250e Support related object permission ACLs for more than just 1 level of relationship. 2016-03-27 03:28:14 -04:00
Roberto Rosario
8c1d5319dd Test an object's parent for permission but also test the child object if the parent test fails. 2015-11-01 02:47:24 -04:00
Roberto Rosario
7b2eae4b5c ACL access check now check the object for permission inheritance too. IE: page navigation links. 2015-10-28 01:06:18 -04:00
Roberto Rosario
6d80b40ed4 Remove unused related parameter for the ACL filter method. 2015-10-21 03:40:13 -04:00
Roberto Rosario
ff97dd55e7 Implement related object ACL access check. 2015-08-14 14:50:55 -04:00
Roberto Rosario
1e746c700a PEP8 cleanups. 2015-07-27 23:53:14 -04:00
Roberto Rosario
4527563d89 PEP8 cleanups, specially E501 line too long. 2015-07-22 18:21:37 -04:00
Roberto Rosario
8d7a9df7e8 Add optimization reminder. 2015-07-13 23:44:43 -04:00
Roberto Rosario
ba1e36146d Calculate inherited permission by id of parent object not pk of ACL of parent. 2015-07-13 19:44:45 -04:00
Roberto Rosario
ee83624704 Don't fail if model has not inherited permissions. 2015-07-13 02:28:24 -04:00
Roberto Rosario
76c3ff7374 Remove the acl filter option 'exception_on_empty'. 2015-07-10 01:49:42 -04:00
Roberto Rosario
bc3eed143c Add permission inheritance by parent object. Add ACLs app model tests. 2015-07-10 01:40:21 -04:00
Roberto Rosario
f0cfe314f0 PEP8 cleanups 2015-07-01 16:45:33 -04:00
Roberto Rosario
49f86cd331 Finish refactoring access control list's queryset filtering by access level code. 2015-07-01 16:33:07 -04:00
Roberto Rosario
f65fb2cd6c Remove anonymous user support 2015-07-01 02:45:58 -04:00
Roberto Rosario
ee1b05fb57 Refactor code to associate a model with a set of permissions. Update related apps. 2015-06-30 22:00:14 -04:00
Roberto Rosario
070c3b648c Refactor acls app 2015-06-30 02:38:22 -04:00
Roberto Rosario
5be41af1cf Remove DefaultAccessControlList support 2015-06-29 14:51:37 -04:00
Roberto Rosario
3754f45001 Reduce checked out document column label string size. Refactor roles: roles can only have groups as members, only roles can hold permissions. 2015-06-29 14:07:02 -04:00
Roberto Rosario
1c084aa07b Split Permission and StoredPermission class and model into different modules. Simplified the Permission class. 2015-06-28 01:03:29 -04:00
Roberto Rosario
d59ea3ede2 Add from __future__ import unicode_literals, issue #37 2015-01-19 04:06:40 -04:00