Improve the configuration process of the FilteredSelectionForm form
by adding Meta child class support. The child Meta class
is defined in FilteredSelectionFormOptions.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Remove explict support for raising 404 error when the
object access fails.
The new method to use is to restrict the queryset using
the .restrict_queryset manager method and then .get() the
desired object. If the object access control failed then
the desired object will not be found in the queryset
and an error 404 will be raised. The end result is the same:
error 404, the method to raise the error is what differs now.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Update the API entries for content types and templates to use
viewsets and the new api_router_entries URL registraion
method.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add the get_related_field function to resolve a
model's related field reference by a path separate
by Django's default field separator '__'.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add the mayan.apps.common.warnings module with an
initial InterfaceWarning warning class used to mark
use of deprecated internal interfaces.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Rename all instance of `pk` or `acl_pk` to `acl_id`
to match the preferred URL parameter naming conventions of
using `id` instead of `pk`.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Rewrite the ACL queryset filtering to move most of the
computation to the database manager view the ORM.
Add support for cascading access control checking.
Update the .check_access() method to work as a front
end of the new .restrict_queryset method. The workflow
for access control now follow Django convention of
first generating a queryset and then attempt to .get()
the desired element of the queryset.
This update also allows restricting a queryset by related
fields which can be Generic Foreign Keys.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Move the code to purge obsolete permissions from the management
command to the StoredPermission default manager.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add a new class method named check_user_permission.
This method is smaller as it only accepts a single permission
instead of a single or a list of permission like check_permissions
does. check_user_permission is meant to replace check_permissions.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Convert the user permission check from a double Python loop
to a single ORM query.
Add methods to the Role model to grant or revoke permissions.
Rename the method requester_has_this to user_has_this for clarity.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Extract test views and user code into their own separate test case
mixins. Append TestCase to test case mixins with base test code
to differentiate them from test mixins with reusable view calls.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add support to override settings of the FilteredSelectionForm
via subclass attributes. Add keyword arguments to calls.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Modernize tests. Use the FilteredSelectionForm in the view
to add new cabinets to documents. Add missing icons.
Rename some view names to be more consistent.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Modernize view tests by using self.<method> instead of
self.client.method. Reduce repetition of reverse method with literal
view name usage.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add a mixin to ease the amount of code and imports required
for views that extract the content type from URL parameters.
Improve ExternalObjectViewMixin by adding a new class attribute
"external_object_pk_url_kwargs" to mechanize URL parameter
extraction. The external_object_pk_url_kwargs maps model
attributes using during manager get or filter from URL parameters.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add an extra step before creation of the instance to validate
for duplication. Add the error_message_duplicate class
attribute to allow customization of the error message.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Update the entire with keyword arguments. Update the views
to comply with MERC 6 by returning error 404 on access
failure. API are untouched. Add icon to the ACL delete
button. Add additional view tests. Use the new filtered
choice form to display a select2 enabled role selection
widget. Update the ACL creation view to not redirect to an
existing ACL in case of duplication but to instead stop
and display an error with a suggestion to the user
to instead edit the existing ACL.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Addionally the permission workflow is updated to work in a
reciprocal manner. In order to attach a tag, the user's role
will need the tag attach permissions for both, the document
and the tag.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add keyword arguments to URL definitions and reverse resolution.
Raise HTTP error 404 instead of 403 to reduce the information
divulged. Add view tests.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Use a dynamic subclass instead that always deconstructs to a fake
subclass with a __eq__ method that always returns True. This should
trick makemigrations into never creating a new migrations for
changes to the storage class or the arguments.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Wrap storages directly connected to file model fields to avoid
Django triggering a migration change when an attribute of the
storage is changed, like the location.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add new icons for the apps: Document comments, documents, file metadata,
parsing and OCR.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Use the new icon classes to add custom icons. Improve
the URL schemes of some apps for uniformity.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Improve the code that restores the menu state after a refresh.
Add hover styling for menu sub links. Add an active class
for the menu sub links and JavaScript to assign it to the
link clicked or restored.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add new icon classes based on Font Awesome that support
layering, masking and combining glyphs.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Update the class to disable displaying the column label by default
and only so when the include_label argument is True.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
