PermissionsService,
PermissionType,
} from 'src/app/services/permissions.service'
+import { UserService } from 'src/app/services/rest/user.service'
+import { PaperlessUser } from 'src/app/data/paperless-user'
@Component({
selector: 'app-document-detail',
correspondents: PaperlessCorrespondent[]
documentTypes: PaperlessDocumentType[]
storagePaths: PaperlessStoragePath[]
+ users: PaperlessUser[]
documentForm: FormGroup = new FormGroup({
title: new FormControl(''),
storage_path: new FormControl(),
archive_serial_number: new FormControl(),
tags: new FormControl([]),
+ set_permissions: new FormGroup({
+ view: new FormControl(null),
+ change: new FormControl(null),
+ }),
})
previewCurrentPage: number = 1
private toastService: ToastService,
private settings: SettingsService,
private storagePathService: StoragePathService,
- private permissionsService: PermissionsService
+ private permissionsService: PermissionsService,
+ private userService: UserService
) {}
titleKeyUp(event) {
.pipe(first())
.subscribe((result) => (this.storagePaths = result.results))
+ this.userService
+ .listAll()
+ .pipe(first())
+ .subscribe((result) => (this.users = result.results))
+
this.route.paramMap
.pipe(
takeUntil(this.unsubscribeNotifier),
storage_path: doc.storage_path,
archive_serial_number: doc.archive_serial_number,
tags: [...doc.tags],
+ set_permissions: {
+ view: doc.permissions
+ .filter((p) => (p[1] as string).includes('view'))
+ .map((p) => p[0]),
+ change: doc.permissions
+ .filter((p) => (p[1] as string).includes('change'))
+ .map((p) => p[0]),
+ },
})
this.isDirty$ = dirtyCheck(
},
})
this.title = this.documentTitlePipe.transform(doc.title)
+ doc['set_permissions'] = {
+ view: doc.permissions
+ .filter((p) => (p[1] as string).includes('view'))
+ .map((p) => p[0]),
+ change: doc.permissions
+ .filter((p) => (p[1] as string).includes('change'))
+ .map((p) => p[0]),
+ }
this.documentForm.patchValue(doc)
}
.update(this.document)
.pipe(first())
.subscribe({
- next: (result) => {
+ next: () => {
this.close()
this.networkActive = false
this.error = null
from guardian.models import UserObjectPermission
from guardian.shortcuts import assign_perm
from guardian.shortcuts import remove_perm
+from guardian.shortcuts import get_users_with_perms
from django.contrib.contenttypes.models import ContentType
).values_list("user", "permission__codename")
return list(user_object_perms)
- permissions = SerializerMethodField()
+ permissions = SerializerMethodField(read_only=True)
- grant_permissions = serializers.DictField(
- label="Grant permissions",
+ set_permissions = serializers.DictField(
+ label="Set permissions",
allow_empty=True,
required=False,
write_only=True,
)
def _validate_user_ids(self, user_ids):
- users = User.objects.filter(id__in=user_ids)
- if not users.count() == len(users):
- raise serializers.ValidationError(
- "Some users in don't exist or were specified twice.",
- )
+ users = User.objects.none()
+ if user_ids is not None:
+ users = User.objects.filter(id__in=user_ids)
+ if not users.count() == len(user_ids):
+ raise serializers.ValidationError(
+ "Some users in don't exist or were specified twice.",
+ )
return users
- def validate_grant_permissions(self, grant_permissions):
- user_dict = {
- "view": User.objects.none(),
- "change": User.objects.none(),
- }
- if grant_permissions is not None:
- if "view" in grant_permissions:
- view_list = grant_permissions["view"]
- user_dict["view"] = self._validate_user_ids(view_list)
- if "change" in grant_permissions:
- change_list = grant_permissions["change"]
- user_dict["change"] = self._validate_user_ids(change_list)
- return user_dict
-
- revoke_permissions = serializers.DictField(
- label="Revoke permissions",
- allow_empty=True,
- required=False,
- write_only=True,
- )
-
- def validate_revoke_permissions(self, revoke_permissions):
+ def validate_set_permissions(self, set_permissions):
user_dict = {
"view": User.objects.none(),
"change": User.objects.none(),
}
- if revoke_permissions is not None:
- if "view" in revoke_permissions:
- view_list = revoke_permissions["view"]
+ if set_permissions is not None:
+ if "view" in set_permissions:
+ view_list = set_permissions["view"]
user_dict["view"] = self._validate_user_ids(view_list)
- if "change" in revoke_permissions:
- change_list = revoke_permissions["change"]
+ if "change" in set_permissions:
+ change_list = set_permissions["change"]
user_dict["change"] = self._validate_user_ids(change_list)
return user_dict
self.user = kwargs.pop("user", None)
return super().__init__(*args, **kwargs)
- def _adjust_permissions(self, users, object, type="view", grant=True):
- if grant:
- for user in users:
- assign_perm(
- f"{type}_{object.__class__.__name__.lower()}",
- user,
- object,
- )
- else:
- for user in users:
- remove_perm(
- f"{type}_{object.__class__.__name__.lower()}",
- user,
- object,
- )
+ def _set_permissions(self, permissions, object):
+ for action in permissions:
+ permission = f"{action}_{object.__class__.__name__.lower()}"
+ users_to_add = permissions[action]
+ users_to_remove = get_users_with_perms(
+ object,
+ only_with_perms_in=[permission],
+ ).difference(users_to_add)
+ for user in users_to_remove:
+ remove_perm(permission, user, object)
+ for user in users_to_add:
+ assign_perm(permission, user, object)
+ if action == "change":
+ # change gives view too
+ assign_perm(
+ f"view_{object.__class__.__name__.lower()}",
+ user,
+ object,
+ )
def create(self, validated_data):
if self.user and (
):
validated_data["owner"] = self.user
instance = super().create(validated_data)
- if "grant_permissions" in validated_data:
- self._adjust_permissions(
- validated_data["grant_permissions"]["view"],
- instance,
- )
- self._adjust_permissions(
- validated_data["grant_permissions"]["change"],
- instance,
- "change",
- )
- if "revoke_permissions" in validated_data:
- self._adjust_permissions(
- validated_data["revoke_permissions"]["view"],
- instance,
- "view",
- False,
- )
- self._adjust_permissions(
- validated_data["revoke_permissions"]["change"],
- instance,
- "change",
- False,
- )
+ if "set_permissions" in validated_data:
+ self._set_permissions(validated_data["set_permissions"], instance)
return instance
def update(self, instance, validated_data):
- if "grant_permissions" in validated_data:
- self._adjust_permissions(
- validated_data["grant_permissions"]["view"],
- instance,
- )
- self._adjust_permissions(
- validated_data["grant_permissions"]["change"],
- instance,
- "change",
- )
- if "revoke_permissions" in validated_data:
- self._adjust_permissions(
- validated_data["revoke_permissions"]["view"],
- instance,
- "view",
- False,
- )
- self._adjust_permissions(
- validated_data["revoke_permissions"]["change"],
- instance,
- "change",
- False,
- )
+ if "set_permissions" in validated_data:
+ self._set_permissions(validated_data["set_permissions"], instance)
return super().update(instance, validated_data)
"last_correspondence",
"owner",
"permissions",
- "grant_permissions",
- "revoke_permissions",
+ "set_permissions",
)
"document_count",
"owner",
"permissions",
- "grant_permissions",
- "revoke_permissions",
+ "set_permissions",
)
"document_count",
"owner",
"permissions",
- "grant_permissions",
- "revoke_permissions",
+ "set_permissions",
)
def validate_color(self, color):
"archived_file_name",
"owner",
"permissions",
- "grant_permissions",
- "revoke_permissions",
+ "set_permissions",
)
"filter_rules",
"owner",
"permissions",
- "grant_permissions",
- "revoke_permissions",
+ "set_permissions",
]
def update(self, instance, validated_data):
"document_count",
"owner",
"permissions",
- "grant_permissions",
- "revoke_permissions",
+ "set_permissions",
)
def validate_path(self, path):
projects / thirdparty / paperless-ngx.git / commitdiff
