Mercurial Mercurial > pyams > pyams_content / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/pyams_content/workflow/__init__.py
changeset 1358 c682811fa1ea
parent 1328 6f8aa24ab286 
--- a/src/pyams_content/workflow/__init__.py	Tue Oct 01 08:31:43 2019 +0200
+++ b/src/pyams_content/workflow/__init__.py	Tue Oct 01 12:04:20 2019 +0200
@@ -10,8 +10,6 @@
 # FOR A PARTICULAR PURPOSE.
 #
 
-__docformat__ = 'restructuredtext'
-
 from datetime import datetime, timedelta
 
 from pyramid.threadlocal import get_current_registry
@@ -21,11 +19,12 @@
 from zope.location import locate
 from zope.schema.vocabulary import SimpleTerm, SimpleVocabulary
 
-from pyams_content import _
-from pyams_content.interfaces import CREATE_VERSION_PERMISSION, MANAGE_CONTENT_PERMISSION, MANAGE_SITE_ROOT_PERMISSION, \
-    PUBLISH_CONTENT_PERMISSION
-from pyams_content.interfaces import MANAGER_ROLE, OWNER_ROLE, PILOT_ROLE, READER_ROLE, WEBMASTER_ROLE
-from pyams_content.shared.common.interfaces import IManagerRestrictions, IWfSharedContentRoles
+from pyams_content.interfaces import CREATE_VERSION_PERMISSION, MANAGE_CONTENT_PERMISSION, \
+    MANAGE_SITE_ROOT_PERMISSION, PUBLISH_CONTENT_PERMISSION
+from pyams_content.interfaces import MANAGER_ROLE, OWNER_ROLE, PILOT_ROLE, READER_ROLE, \
+    WEBMASTER_ROLE
+from pyams_content.shared.common.interfaces import IContributorRestrictions, IManagerRestrictions, \
+    IWfSharedContentRoles
 from pyams_content.workflow.interfaces import IContentWorkflow
 from pyams_content.workflow.task import ContentArchivingTask, ContentPublishingTask
 from pyams_scheduler.interfaces import IDateTaskScheduling, IScheduler
@@ -36,11 +35,17 @@
 from pyams_utils.registry import get_utility, query_utility, utility_config
 from pyams_utils.request import check_request
 from pyams_utils.timezone import gmtime
-from pyams_workflow.interfaces import AUTOMATIC, IWorkflow, IWorkflowInfo, IWorkflowPublicationInfo, IWorkflowState, \
-    IWorkflowStateLabel, IWorkflowVersions, ObjectClonedEvent, SYSTEM
+from pyams_workflow.interfaces import AUTOMATIC, IWorkflow, IWorkflowInfo, \
+    IWorkflowPublicationInfo, IWorkflowState, IWorkflowStateLabel, IWorkflowVersions, \
+    ObjectClonedEvent, SYSTEM
 from pyams_workflow.workflow import Transition, Workflow
 
 
+__docformat__ = 'restructuredtext'
+
+from pyams_content import _
+
+
 #
 # Workflow states
 #
@@ -137,12 +142,18 @@
     principal_id = request.principal.id
     if principal_id in context.owner | {context.creator} | context.contributors:
         return True
+    # grant access to allowed contributors
+    restrictions = IContributorRestrictions(context).get_restrictions(principal_id)
+    if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION,
+                                                  request=request):
+        return True
     # grant access to local content managers
     if principal_id in context.managers:
         return True
     # grant access to shared tool managers if restrictions apply
     restrictions = IManagerRestrictions(context).get_restrictions(principal_id)
-    return restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, request=request)
+    return restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION,
+                                                      request=request)
 
 
 def can_backdraft_content(wf, context):
@@ -173,6 +184,11 @@
     principal_id = request.principal.id
     if principal_id in context.owner | {context.creator} | context.contributors:
         return True
+    # grant access to allowed contributors
+    restrictions = IContributorRestrictions(context).get_restrictions(principal_id)
+    if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION,
+                                                  request=request):
+        return True
     # grant access to local content managers
     if principal_id in context.managers:
         return True
@@ -191,6 +207,11 @@
     principal_id = request.principal.id
     if principal_id in context.owner | {context.creator} | context.contributors:
         return True
+    # grant access to allowed contributors
+    restrictions = IContributorRestrictions(context).get_restrictions(principal_id)
+    if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION,
+                                                  request=request):
+        return True
     # grant access to local content managers
     if principal_id in context.managers:
         return True
@@ -227,6 +248,11 @@
     # owner, creator and contributors can cancel workflow request
     if principal_id in context.owner | {context.creator} | context.contributors:
         return True
+    # grant access to allowed contributors
+    restrictions = IContributorRestrictions(context).get_restrictions(principal_id)
+    if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION,
+                                                  request=request):
+        return True
     # local content managers can cancel workflow request
     if principal_id in context.managers:
         return True
pyams/pyams_content