pyams/pyams_content: comparison src/pyams_content/workflow/__init_

equal deleted inserted replaced

-:329116e5f8e3
+:c682811fa1ea
 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
 # FOR A PARTICULAR PURPOSE.
 #
-__docformat__ = 'restructuredtext'
 from datetime import datetime, timedelta
 from pyramid.threadlocal import get_current_registry
 from zope.copy import copy
 from zope.interface import implementer
 from zope.intid import IIntIds
 from zope.location import locate
 from zope.schema.vocabulary import SimpleTerm, SimpleVocabulary
-from pyams_content import _
+from pyams_content.interfaces import CREATE_VERSION_PERMISSION, MANAGE_CONTENT_PERMISSION, \
-from pyams_content.interfaces import CREATE_VERSION_PERMISSION, MANAGE_CONTENT_PERMISSION, MANAGE_SITE_ROOT_PERMISSION, \
+MANAGE_SITE_ROOT_PERMISSION, PUBLISH_CONTENT_PERMISSION
-PUBLISH_CONTENT_PERMISSION
+from pyams_content.interfaces import MANAGER_ROLE, OWNER_ROLE, PILOT_ROLE, READER_ROLE, \
-from pyams_content.interfaces import MANAGER_ROLE, OWNER_ROLE, PILOT_ROLE, READER_ROLE, WEBMASTER_ROLE
+WEBMASTER_ROLE
-from pyams_content.shared.common.interfaces import IManagerRestrictions, IWfSharedContentRoles
+from pyams_content.shared.common.interfaces import IContributorRestrictions, IManagerRestrictions, \
+IWfSharedContentRoles
 from pyams_content.workflow.interfaces import IContentWorkflow
 from pyams_content.workflow.task import ContentArchivingTask, ContentPublishingTask
 from pyams_scheduler.interfaces import IDateTaskScheduling, IScheduler
 from pyams_security.interfaces import IRoleProtectedObject
 from pyams_sequence.interfaces import ISequentialIdInfo
 from pyams_utils.adapter import ContextAdapter, adapter_config
 from pyams_utils.date import format_datetime
 from pyams_utils.registry import get_utility, query_utility, utility_config
 from pyams_utils.request import check_request
 from pyams_utils.timezone import gmtime
-from pyams_workflow.interfaces import AUTOMATIC, IWorkflow, IWorkflowInfo, IWorkflowPublicationInfo, IWorkflowState, \
+from pyams_workflow.interfaces import AUTOMATIC, IWorkflow, IWorkflowInfo, \
-IWorkflowStateLabel, IWorkflowVersions, ObjectClonedEvent, SYSTEM
+IWorkflowPublicationInfo, IWorkflowState, IWorkflowStateLabel, IWorkflowVersions, \
+ObjectClonedEvent, SYSTEM
 from pyams_workflow.workflow import Transition, Workflow
+__docformat__ = 'restructuredtext'
+from pyams_content import _
 #
 # Workflow states
 #
 return True
 # grant access to owner, creator and local contributors
 principal_id = request.principal.id
 if principal_id in context.owner | {context.creator} | context.contributors:
 return True
+# grant access to allowed contributors
+restrictions = IContributorRestrictions(context).get_restrictions(principal_id)
+if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION,
+request=request):
+return True
 # grant access to local content managers
 if principal_id in context.managers:
 return True
 # grant access to shared tool managers if restrictions apply
 restrictions = IManagerRestrictions(context).get_restrictions(principal_id)
-return restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, request=request)
+return restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION,
+request=request)
 def can_backdraft_content(wf, context):
 """Check if content can return to DRAFT state"""
 return IWorkflowPublicationInfo(context).publication_date is None
 return True
 # grant access to owner, creator and local contributors
 principal_id = request.principal.id
 if principal_id in context.owner | {context.creator} | context.contributors:
 return True
+# grant access to allowed contributors
+restrictions = IContributorRestrictions(context).get_restrictions(principal_id)
+if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION,
+request=request):
+return True
 # grant access to local content managers
 if principal_id in context.managers:
 return True
 # grant access to shared tool managers if restrictions apply
 restrictions = IManagerRestrictions(context).get_restrictions(principal_id)
 return True
 # grant access to owner, creator and local contributors
 principal_id = request.principal.id
 if principal_id in context.owner | {context.creator} | context.contributors:
 return True
+# grant access to allowed contributors
+restrictions = IContributorRestrictions(context).get_restrictions(principal_id)
+if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION,
+request=request):
+return True
 # grant access to local content managers
 if principal_id in context.managers:
 return True
 # grant access to shared tool managers if restrictions apply
 restrictions = IManagerRestrictions(context).get_restrictions(principal_id)
 # workflow actor can cancel it's own request
 if principal_id == IWorkflowState(context).state_principal:
 return True
 # owner, creator and contributors can cancel workflow request
 if principal_id in context.owner | {context.creator} | context.contributors:
+return True
+# grant access to allowed contributors
+restrictions = IContributorRestrictions(context).get_restrictions(principal_id)
+if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION,
+request=request):
 return True
 # local content managers can cancel workflow request
 if principal_id in context.managers:
 return True
 # shared tool managers can cancel workflow request if restrictions apply

changeset 1358	c682811fa1ea
parent 1328	6f8aa24ab286