Update the SingleObject Delete, Detail and Download views
to force use of a get_object_list method instead of allowing
subclasses to override the get_queryset method and bypass
the object permission checks.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add a new mixin to monkey patch the Model class to
force each newly created model instance to use a randomly
generated primary key.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Remove support for passing a related field argument when
checking for access for restricting a queryset.
Remove a duplicate permission check.
Fix bug when filtering the direct ACL for an object,
the ACL query was filtering by the ACL ID instead of the
object ID.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Remove Link class support for multiple permissions. Accept
only one permission for each link. Remove support for the
permission related field.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Instead of class attributes, make a generic reusable the
FormOption class and update the DetailForm to use a Meta
class for options.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Fix displaying the name of the subclass when the
queryset is missing.
Add support for passing a new argument to specify
if the field is required or not.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
With the interface finalized, replace .filter_by_access() in
the generic view mixins with restrict_queryset().
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Change the app view namespace from 'document_states' to
'workflows'.
Add missing icons.
Improve view names.
Split views into 3 modules: workflows views, runtime proxy views
and instance views.
Update views to comply with new MERCs 5 and 6.
Fix failing tests.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Sort methods. Update use of .filter_by_access() to
.restrict_queryset().
Change the method to so the final object
filtering. Instead of expressing the pk list and remove the
duplicated using a set, pass the queryset as a subquery to
the object filter. This moves the processing to the database
instead of holding a list of an unknown number of primary
keys in the memory.
Add keyword arguments.
Update tests to use the latest user test case mixin interface.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Sort arguments. Add keyword arguments. Update URL parameters
to the '_id' form. Remove use of .check_access() from views.
Sort methods.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add keyword arguments. Sort imports. Move settings and test
literals to their own module.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add keyword arguments. Update URLs for uniformity.
Update URL parameters to the '_id' form. Update
views to remove use of .check_access(). Fix escape
sequence warning in migration 0005.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add keyword arguments. Update URL parameters to the '_id' form.
Movernize tests and update them to use the latest test case
improvements.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Update URL parameters to the "_id" forms. Add keyword arguments.
Remove use of is_path in the DOCUMENT_PARSING_PDFTOTEXT_PATH
setting.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add keyword arguments to all calls. Rename URL parameters to be
explicit ("key_id"). Add key delete view test. Update tests
to use a mixin for repeated key creation code. Grant permissions
and access the proper way using self.grant_permission and
self.grant_access.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add keyword arguments to links and test views.
Update URL parameters to use the _id form.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add keyword arguments to the app links.
Remove use of `raise_404`.
Update URL parameters to use document_id and comment_id.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Improve the configuration process of the FilteredSelectionForm form
by adding Meta child class support. The child Meta class
is defined in FilteredSelectionFormOptions.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Remove explict support for raising 404 error when the
object access fails.
The new method to use is to restrict the queryset using
the .restrict_queryset manager method and then .get() the
desired object. If the object access control failed then
the desired object will not be found in the queryset
and an error 404 will be raised. The end result is the same:
error 404, the method to raise the error is what differs now.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Update the API entries for content types and templates to use
viewsets and the new api_router_entries URL registraion
method.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add the get_related_field function to resolve a
model's related field reference by a path separate
by Django's default field separator '__'.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add the mayan.apps.common.warnings module with an
initial InterfaceWarning warning class used to mark
use of deprecated internal interfaces.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Rename all instance of `pk` or `acl_pk` to `acl_id`
to match the preferred URL parameter naming conventions of
using `id` instead of `pk`.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Rewrite the ACL queryset filtering to move most of the
computation to the database manager view the ORM.
Add support for cascading access control checking.
Update the .check_access() method to work as a front
end of the new .restrict_queryset method. The workflow
for access control now follow Django convention of
first generating a queryset and then attempt to .get()
the desired element of the queryset.
This update also allows restricting a queryset by related
fields which can be Generic Foreign Keys.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Move the code to purge obsolete permissions from the management
command to the StoredPermission default manager.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Add a new class method named check_user_permission.
This method is smaller as it only accepts a single permission
instead of a single or a list of permission like check_permissions
does. check_user_permission is meant to replace check_permissions.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Convert the user permission check from a double Python loop
to a single ORM query.
Add methods to the Role model to grant or revoke permissions.
Rename the method requester_has_this to user_has_this for clarity.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
Extract test views and user code into their own separate test case
mixins. Append TestCase to test case mixins with base test code
to differentiate them from test mixins with reusable view calls.
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
