8 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
8 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
9 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS |
9 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS |
10 # FOR A PARTICULAR PURPOSE. |
10 # FOR A PARTICULAR PURPOSE. |
11 # |
11 # |
12 |
12 |
13 __docformat__ = 'restructuredtext' |
|
14 |
|
15 from datetime import datetime, timedelta |
13 from datetime import datetime, timedelta |
16 |
14 |
17 from pyramid.threadlocal import get_current_registry |
15 from pyramid.threadlocal import get_current_registry |
18 from zope.copy import copy |
16 from zope.copy import copy |
19 from zope.interface import implementer |
17 from zope.interface import implementer |
20 from zope.intid import IIntIds |
18 from zope.intid import IIntIds |
21 from zope.location import locate |
19 from zope.location import locate |
22 from zope.schema.vocabulary import SimpleTerm, SimpleVocabulary |
20 from zope.schema.vocabulary import SimpleTerm, SimpleVocabulary |
23 |
21 |
24 from pyams_content import _ |
22 from pyams_content.interfaces import CREATE_VERSION_PERMISSION, MANAGE_CONTENT_PERMISSION, \ |
25 from pyams_content.interfaces import CREATE_VERSION_PERMISSION, MANAGE_CONTENT_PERMISSION, MANAGE_SITE_ROOT_PERMISSION, \ |
23 MANAGE_SITE_ROOT_PERMISSION, PUBLISH_CONTENT_PERMISSION |
26 PUBLISH_CONTENT_PERMISSION |
24 from pyams_content.interfaces import MANAGER_ROLE, OWNER_ROLE, PILOT_ROLE, READER_ROLE, \ |
27 from pyams_content.interfaces import MANAGER_ROLE, OWNER_ROLE, PILOT_ROLE, READER_ROLE, WEBMASTER_ROLE |
25 WEBMASTER_ROLE |
28 from pyams_content.shared.common.interfaces import IManagerRestrictions, IWfSharedContentRoles |
26 from pyams_content.shared.common.interfaces import IContributorRestrictions, IManagerRestrictions, \ |
|
27 IWfSharedContentRoles |
29 from pyams_content.workflow.interfaces import IContentWorkflow |
28 from pyams_content.workflow.interfaces import IContentWorkflow |
30 from pyams_content.workflow.task import ContentArchivingTask, ContentPublishingTask |
29 from pyams_content.workflow.task import ContentArchivingTask, ContentPublishingTask |
31 from pyams_scheduler.interfaces import IDateTaskScheduling, IScheduler |
30 from pyams_scheduler.interfaces import IDateTaskScheduling, IScheduler |
32 from pyams_security.interfaces import IRoleProtectedObject |
31 from pyams_security.interfaces import IRoleProtectedObject |
33 from pyams_sequence.interfaces import ISequentialIdInfo |
32 from pyams_sequence.interfaces import ISequentialIdInfo |
34 from pyams_utils.adapter import ContextAdapter, adapter_config |
33 from pyams_utils.adapter import ContextAdapter, adapter_config |
35 from pyams_utils.date import format_datetime |
34 from pyams_utils.date import format_datetime |
36 from pyams_utils.registry import get_utility, query_utility, utility_config |
35 from pyams_utils.registry import get_utility, query_utility, utility_config |
37 from pyams_utils.request import check_request |
36 from pyams_utils.request import check_request |
38 from pyams_utils.timezone import gmtime |
37 from pyams_utils.timezone import gmtime |
39 from pyams_workflow.interfaces import AUTOMATIC, IWorkflow, IWorkflowInfo, IWorkflowPublicationInfo, IWorkflowState, \ |
38 from pyams_workflow.interfaces import AUTOMATIC, IWorkflow, IWorkflowInfo, \ |
40 IWorkflowStateLabel, IWorkflowVersions, ObjectClonedEvent, SYSTEM |
39 IWorkflowPublicationInfo, IWorkflowState, IWorkflowStateLabel, IWorkflowVersions, \ |
|
40 ObjectClonedEvent, SYSTEM |
41 from pyams_workflow.workflow import Transition, Workflow |
41 from pyams_workflow.workflow import Transition, Workflow |
|
42 |
|
43 |
|
44 __docformat__ = 'restructuredtext' |
|
45 |
|
46 from pyams_content import _ |
42 |
47 |
43 |
48 |
44 # |
49 # |
45 # Workflow states |
50 # Workflow states |
46 # |
51 # |
135 return True |
140 return True |
136 # grant access to owner, creator and local contributors |
141 # grant access to owner, creator and local contributors |
137 principal_id = request.principal.id |
142 principal_id = request.principal.id |
138 if principal_id in context.owner | {context.creator} | context.contributors: |
143 if principal_id in context.owner | {context.creator} | context.contributors: |
139 return True |
144 return True |
|
145 # grant access to allowed contributors |
|
146 restrictions = IContributorRestrictions(context).get_restrictions(principal_id) |
|
147 if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, |
|
148 request=request): |
|
149 return True |
140 # grant access to local content managers |
150 # grant access to local content managers |
141 if principal_id in context.managers: |
151 if principal_id in context.managers: |
142 return True |
152 return True |
143 # grant access to shared tool managers if restrictions apply |
153 # grant access to shared tool managers if restrictions apply |
144 restrictions = IManagerRestrictions(context).get_restrictions(principal_id) |
154 restrictions = IManagerRestrictions(context).get_restrictions(principal_id) |
145 return restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, request=request) |
155 return restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, |
|
156 request=request) |
146 |
157 |
147 |
158 |
148 def can_backdraft_content(wf, context): |
159 def can_backdraft_content(wf, context): |
149 """Check if content can return to DRAFT state""" |
160 """Check if content can return to DRAFT state""" |
150 return IWorkflowPublicationInfo(context).publication_date is None |
161 return IWorkflowPublicationInfo(context).publication_date is None |
171 return True |
182 return True |
172 # grant access to owner, creator and local contributors |
183 # grant access to owner, creator and local contributors |
173 principal_id = request.principal.id |
184 principal_id = request.principal.id |
174 if principal_id in context.owner | {context.creator} | context.contributors: |
185 if principal_id in context.owner | {context.creator} | context.contributors: |
175 return True |
186 return True |
|
187 # grant access to allowed contributors |
|
188 restrictions = IContributorRestrictions(context).get_restrictions(principal_id) |
|
189 if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, |
|
190 request=request): |
|
191 return True |
176 # grant access to local content managers |
192 # grant access to local content managers |
177 if principal_id in context.managers: |
193 if principal_id in context.managers: |
178 return True |
194 return True |
179 # grant access to shared tool managers if restrictions apply |
195 # grant access to shared tool managers if restrictions apply |
180 restrictions = IManagerRestrictions(context).get_restrictions(principal_id) |
196 restrictions = IManagerRestrictions(context).get_restrictions(principal_id) |
189 return True |
205 return True |
190 # grant access to owner, creator and local contributors |
206 # grant access to owner, creator and local contributors |
191 principal_id = request.principal.id |
207 principal_id = request.principal.id |
192 if principal_id in context.owner | {context.creator} | context.contributors: |
208 if principal_id in context.owner | {context.creator} | context.contributors: |
193 return True |
209 return True |
|
210 # grant access to allowed contributors |
|
211 restrictions = IContributorRestrictions(context).get_restrictions(principal_id) |
|
212 if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, |
|
213 request=request): |
|
214 return True |
194 # grant access to local content managers |
215 # grant access to local content managers |
195 if principal_id in context.managers: |
216 if principal_id in context.managers: |
196 return True |
217 return True |
197 # grant access to shared tool managers if restrictions apply |
218 # grant access to shared tool managers if restrictions apply |
198 restrictions = IManagerRestrictions(context).get_restrictions(principal_id) |
219 restrictions = IManagerRestrictions(context).get_restrictions(principal_id) |
224 # workflow actor can cancel it's own request |
245 # workflow actor can cancel it's own request |
225 if principal_id == IWorkflowState(context).state_principal: |
246 if principal_id == IWorkflowState(context).state_principal: |
226 return True |
247 return True |
227 # owner, creator and contributors can cancel workflow request |
248 # owner, creator and contributors can cancel workflow request |
228 if principal_id in context.owner | {context.creator} | context.contributors: |
249 if principal_id in context.owner | {context.creator} | context.contributors: |
|
250 return True |
|
251 # grant access to allowed contributors |
|
252 restrictions = IContributorRestrictions(context).get_restrictions(principal_id) |
|
253 if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, |
|
254 request=request): |
229 return True |
255 return True |
230 # local content managers can cancel workflow request |
256 # local content managers can cancel workflow request |
231 if principal_id in context.managers: |
257 if principal_id in context.managers: |
232 return True |
258 return True |
233 # shared tool managers can cancel workflow request if restrictions apply |
259 # shared tool managers can cancel workflow request if restrictions apply |