That is a fantastic idea and a good candidate for a MERC proposal
(http://docs.mayan-edms.com/en/stable/mercs/)
Some tip when working with the permission system.
These don't directly apply to the mountindex command since we don't have a
way to know which user is accesing the mounted index. But for the normal
web stuff here is how to filter data:
Don't specify the role label or the permission name, the role label might
get updated by another user and the permission name could change between
releases (unlikely but possible). Use the filter_by_access method of the
AccessControlList manager.
filtered_queryset = AccessControlList.objects.filter_by_access(
permission=permission_document_view, user=self.request.user,
queryset=queryset
)
The permission is obtiained by importing from the .permissions.py module
found in each app. This code here filters the queryset of documents and
allows only those for this the user currently logged (obtained from
self.request, the HTTP request object). The filter code first check if the
use has the global permission assigned (document view for all documents).
And then iterates over all the groups and roles to which the user belongs
as an user can inherit the permission by subscription to a role or an ACL.
If the are no permissions in any of the user's roles, the queryset is
returned empty.
If you just want to know if an user can or cannot to an action use the
"check_access" method.
AccessControlList.objects.check_access(
permissions=permission_document_view, user=request.user,
obj=self.document
)
If works in the same way. First check for a global permission and then for
the permission in each role and then for the ACLs. If not permission is
found the method raised the PERMISSION_DENIED expection and the user
interface redirects to the insufficient permission template.
It would be great to find a way to find which OS user is trying to access a
document from a mounted index and correlate with the Mayan user in the
database to be able to do dynamic filesystem filtering.
On Friday, August 17, 2018 at 9:59:23 AM UTC-4, LeVon Smoker wrote:
>
> And it would be neat to have some document info/metadata be made available
> as extended file attributes through listxattr and getxattr...
>
> On Thursday, August 9, 2018 at 2:32:56 PM UTC-4, LeVon Smoker wrote:
>>
>> I ended up creating my own version of the mountindex management command
>> in a custom app
>>
>> On Wednesday, August 8, 2018 at 5:16:01 PM UTC-4, Roberto Rosario wrote:
>>>
>>> Makes sense to filter documents. An ideal solution would be to
>>> correlation the OS username to a Mayan user to inherit the permission. Or
>>> in the mean time a filtering method via the mountindex command line to
>>> avoid needing to change the code. Your question brings an interesting
>>> proposition to the mountindex feature.
>>>
>>> On Tuesday, July 31, 2018 at 8:52:01 AM UTC-4, LeVon Smoker wrote:
>>>>
>>>> I figured it out eventually. In the
>>>> mirroring/management/commands/mountindex.py, I added...
>>>> acls = AccessControlList.objects.filter(role__label='My Role',
>>>> permissions__name='document_view')
>>>> queryset = queryset.filter(acls__in=acls)
>>>>
>>>>
>>>>
>>>> On Friday, July 27, 2018 at 10:12:21 AM UTC-4, LeVon Smoker wrote:
>>>>>
>>>>> How can I do this? I intend to make my own version of the mountindex
>>>>> command that would allow filtering documents based on a role. I assume
>>>>> it's
>>>>> like filtering on a Generic Relation, but I can't figure it out...
>>>>>
>>>>>
>>>>> https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation
>>>>>
>>>>
--
---
You received this message because you are subscribed to the Google Groups
"Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
