# HG changeset patch # User Thierry Florac # Date 1544785152 -3600 # Node ID 49cba50f36cbbe1b5ed02fbb9e885150c81bc13a # Parent 04cf19b3985fc1815d6c29f56fa7859048e01d87 Updated "create version" permission management in workflows diff -r 04cf19b3985f -r 49cba50f36cb src/pyams_content/__init__.py --- a/src/pyams_content/__init__.py Fri Dec 14 11:30:56 2018 +0100 +++ b/src/pyams_content/__init__.py Fri Dec 14 11:59:12 2018 +0100 @@ -24,7 +24,8 @@ include_package(config) from pyams_content.interfaces import MANAGE_SITE_ROOT_PERMISSION, MANAGE_SITE_PERMISSION, MANAGE_TOOL_PERMISSION, \ - CREATE_CONTENT_PERMISSION, MANAGE_CONTENT_PERMISSION, COMMENT_CONTENT_PERMISSION, PUBLISH_CONTENT_PERMISSION + CREATE_CONTENT_PERMISSION, MANAGE_CONTENT_PERMISSION, CREATE_VERSION_PERMISSION, COMMENT_CONTENT_PERMISSION, \ + PUBLISH_CONTENT_PERMISSION from pyams_content.interfaces import WEBMASTER_ROLE, PILOT_ROLE, MANAGER_ROLE, OWNER_ROLE, CONTRIBUTOR_ROLE, \ READER_ROLE, OPERATOR_ROLE, GUEST_ROLE from pyams_security.interfaces import ADMIN_USER_ID, SYSTEM_ADMIN_ROLE @@ -43,6 +44,8 @@ 'title': _("Create content")}) config.register_permission({'id': MANAGE_CONTENT_PERMISSION, 'title': _("Manage content")}) + config.register_permission({'id': CREATE_VERSION_PERMISSION, + 'title': _("Create version")}) config.register_permission({'id': COMMENT_CONTENT_PERMISSION, 'title': _("Comment content")}) config.register_permission({'id': PUBLISH_CONTENT_PERMISSION, @@ -62,7 +65,8 @@ VIEW_SYSTEM_PERMISSION, MANAGE_ROLES_PERMISSION, CREATE_THESAURUS_PERMISSION, ADMIN_THESAURUS_PERMISSION, MANAGE_SITE_ROOT_PERMISSION, MANAGE_SITE_PERMISSION, MANAGE_TOOL_PERMISSION, - CREATE_CONTENT_PERMISSION, MANAGE_CONTENT_PERMISSION, MANAGE_SKIN_PERMISSION, + CREATE_CONTENT_PERMISSION, MANAGE_CONTENT_PERMISSION, + CREATE_VERSION_PERMISSION, MANAGE_SKIN_PERMISSION, COMMENT_CONTENT_PERMISSION, PUBLISH_CONTENT_PERMISSION}, 'managers': {ADMIN_USER_ID, 'role:{0}'.format(SYSTEM_ADMIN_ROLE), @@ -81,7 +85,8 @@ 'title': _("Manager (role)"), 'permissions': {PUBLIC_PERMISSION, VIEW_PERMISSION, MANAGE_PERMISSION, VIEW_SYSTEM_PERMISSION, MANAGE_CONTENT_PERMISSION, - COMMENT_CONTENT_PERMISSION, PUBLISH_CONTENT_PERMISSION}, + CREATE_VERSION_PERMISSION, COMMENT_CONTENT_PERMISSION, + PUBLISH_CONTENT_PERMISSION}, 'managers': {ADMIN_USER_ID, 'role:{0}'.format(SYSTEM_ADMIN_ROLE), 'role:{0}'.format(WEBMASTER_ROLE), @@ -96,7 +101,7 @@ 'permissions': {PUBLIC_PERMISSION, VIEW_PERMISSION, MANAGE_PERMISSION, VIEW_SYSTEM_PERMISSION, CREATE_CONTENT_PERMISSION, MANAGE_CONTENT_PERMISSION, - COMMENT_CONTENT_PERMISSION}, + CREATE_VERSION_PERMISSION, COMMENT_CONTENT_PERMISSION}, 'managers': {ADMIN_USER_ID, 'role:{0}'.format(SYSTEM_ADMIN_ROLE), 'role:{0}'.format(WEBMASTER_ROLE), diff -r 04cf19b3985f -r 49cba50f36cb src/pyams_content/workflow/__init__.py --- a/src/pyams_content/workflow/__init__.py Fri Dec 14 11:30:56 2018 +0100 +++ b/src/pyams_content/workflow/__init__.py Fri Dec 14 11:59:12 2018 +0100 @@ -20,7 +20,7 @@ from zope.location import locate from zope.schema.vocabulary import SimpleTerm, SimpleVocabulary -from pyams_content.interfaces import CREATE_CONTENT_PERMISSION, MANAGE_CONTENT_PERMISSION, MANAGE_SITE_ROOT_PERMISSION, \ +from pyams_content.interfaces import CREATE_VERSION_PERMISSION, MANAGE_CONTENT_PERMISSION, MANAGE_SITE_ROOT_PERMISSION, \ PUBLISH_CONTENT_PERMISSION from pyams_content.interfaces import MANAGER_ROLE, OWNER_ROLE, PILOT_ROLE, READER_ROLE, WEBMASTER_ROLE from pyams_content.shared.common.interfaces import IManagerRestrictions, IWfSharedContentRoles @@ -165,7 +165,7 @@ return True # grant access to shared tool managers if restrictions apply restrictions = IManagerRestrictions(context).get_restrictions(principal_id) - return restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, request=request) + return restrictions and restrictions.check_access(context, permission=CREATE_VERSION_PERMISSION, request=request) def can_delete_version(wf, context): @@ -498,7 +498,7 @@ title=_("Create new version"), source=PUBLISHED, destination=DRAFT, - permission=CREATE_CONTENT_PERMISSION, + permission=CREATE_VERSION_PERMISSION, condition=can_create_new_version, action=clone_action, menu_css_class='fa fa-fw fa-file-o', @@ -510,7 +510,7 @@ title=_("Create new version"), source=RETIRING, destination=DRAFT, - permission=CREATE_CONTENT_PERMISSION, + permission=CREATE_VERSION_PERMISSION, condition=can_create_new_version, action=clone_action, menu_css_class='fa fa-fw fa-file-o', @@ -522,7 +522,7 @@ title=_("Create new version"), source=RETIRED, destination=DRAFT, - permission=CREATE_CONTENT_PERMISSION, + permission=CREATE_VERSION_PERMISSION, condition=can_create_new_version, action=clone_action, menu_css_class='fa fa-fw fa-file-o', @@ -534,7 +534,7 @@ title=_("Create new version"), source=ARCHIVING, destination=DRAFT, - permission=CREATE_CONTENT_PERMISSION, + permission=CREATE_VERSION_PERMISSION, condition=can_create_new_version, action=clone_action, menu_css_class='fa fa-fw fa-file-o', @@ -546,7 +546,7 @@ title=_("Create new version"), source=ARCHIVED, destination=DRAFT, - permission=CREATE_CONTENT_PERMISSION, + permission=CREATE_VERSION_PERMISSION, condition=can_create_new_version, action=clone_action, menu_css_class='fa fa-fw fa-file-o', diff -r 04cf19b3985f -r 49cba50f36cb src/pyams_content/workflow/basic.py --- a/src/pyams_content/workflow/basic.py Fri Dec 14 11:30:56 2018 +0100 +++ b/src/pyams_content/workflow/basic.py Fri Dec 14 11:59:12 2018 +0100 @@ -12,30 +12,27 @@ __docformat__ = 'restructuredtext' - -# import standard library from datetime import datetime -# import interfaces -from pyams_content.interfaces import PUBLISH_CONTENT_PERMISSION, MANAGE_SITE_ROOT_PERMISSION, WEBMASTER_ROLE, \ - PILOT_ROLE, MANAGER_ROLE, OWNER_ROLE, READER_ROLE, MANAGE_CONTENT_PERMISSION, CREATE_CONTENT_PERMISSION -from pyams_content.shared.common.interfaces import IWfSharedContentRoles -from pyams_content.workflow.interfaces import IBasicWorkflow -from pyams_content.shared.common.interfaces import IManagerRestrictions -from pyams_security.interfaces import IRoleProtectedObject -from pyams_workflow.interfaces import IWorkflowStateLabel, IWorkflowState, IWorkflow, IWorkflowPublicationInfo, \ - IWorkflowVersions, IWorkflowInfo, ObjectClonedEvent - -# import packages -from pyams_utils.adapter import adapter_config, ContextAdapter -from pyams_utils.date import format_datetime -from pyams_utils.registry import utility_config, get_current_registry -from pyams_utils.request import check_request -from pyams_workflow.workflow import Transition, Workflow from zope.copy import copy from zope.interface import implementer from zope.location import locate -from zope.schema.vocabulary import SimpleVocabulary, SimpleTerm +from zope.schema.vocabulary import SimpleTerm, SimpleVocabulary + +from pyams_content.interfaces import CREATE_CONTENT_PERMISSION, CREATE_VERSION_PERMISSION, MANAGER_ROLE, \ + MANAGE_CONTENT_PERMISSION, MANAGE_SITE_ROOT_PERMISSION, OWNER_ROLE, PILOT_ROLE, PUBLISH_CONTENT_PERMISSION, \ + READER_ROLE, WEBMASTER_ROLE +from pyams_content.shared.common.interfaces import IManagerRestrictions +from pyams_content.shared.common.interfaces import IWfSharedContentRoles +from pyams_content.workflow.interfaces import IBasicWorkflow +from pyams_security.interfaces import IRoleProtectedObject +from pyams_utils.adapter import ContextAdapter, adapter_config +from pyams_utils.date import format_datetime +from pyams_utils.registry import get_current_registry, utility_config +from pyams_utils.request import check_request +from pyams_workflow.interfaces import IWorkflow, IWorkflowInfo, IWorkflowPublicationInfo, IWorkflowState, \ + IWorkflowStateLabel, IWorkflowVersions, ObjectClonedEvent +from pyams_workflow.workflow import Transition, Workflow from pyams_content import _ @@ -121,7 +118,7 @@ return True # grant access to shared tool managers if restrictions apply restrictions = IManagerRestrictions(context).get_restrictions(principal_id) - return restrictions and restrictions.check_access(context, permission=CREATE_CONTENT_PERMISSION, request=request) + return restrictions and restrictions.check_access(context, permission=CREATE_VERSION_PERMISSION, request=request) def can_delete_version(wf, context): @@ -225,7 +222,7 @@ title=_("Create new version"), source=PUBLISHED, destination=DRAFT, - permission=CREATE_CONTENT_PERMISSION, + permission=CREATE_VERSION_PERMISSION, condition=can_create_new_version, action=clone_action, menu_css_class='fa fa-fw fa-file-o', @@ -237,7 +234,7 @@ title=_("Create new version"), source=ARCHIVED, destination=DRAFT, - permission=CREATE_CONTENT_PERMISSION, + permission=CREATE_VERSION_PERMISSION, condition=can_create_new_version, action=clone_action, menu_css_class='fa fa-fw fa-file-o',