Discussion:
[Mayan EDMS: 2261] Help with Permissions
Ray Hendricks
2018-01-30 20:07:20 UTC
Permalink
I have two document types "Default" and "Personal"

I have two roles "Default Owner" and "Personal Owner"

I have two Groups "Work" and "Personal"

Jim is a member of the group "Work" and Kelly is a member of the group
"Personal"

The Group "Personal" is a member of the Role "Personal Owner" and the Group
"Work" is a member of the the Role "Default Owner"

This works in that Jim can't view "Personal" documents but Jim also can't
search pages (he can search documents though). Is this expected behavior?
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
LeVon Smoker
2018-02-28 14:48:40 UTC
Permalink
I am having the same problem. Did you find a solution to this?
Post by Ray Hendricks
I have two document types "Default" and "Personal"
I have two roles "Default Owner" and "Personal Owner"
I have two Groups "Work" and "Personal"
Jim is a member of the group "Work" and Kelly is a member of the group
"Personal"
The Group "Personal" is a member of the Role "Personal Owner" and the
Group "Work" is a member of the the Role "Default Owner"
This works in that Jim can't view "Personal" documents but Jim also can't
search pages (he can search documents though). Is this expected behavior?
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ray Hendricks
2018-02-28 16:43:18 UTC
Permalink
No, I didn't. I'm currently interviewing developers to work on Mayan-EDMS for us.
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
LeVon Smoker
2018-02-28 21:26:24 UTC
Permalink
I have a hackish, hard-coded fix for this. A better fix would involve some
to the DocumentPageResult model, but this works and I didn't feel like
refactoring a bunch of code...

In /usr/share/mayan-edms/mayan/apps/acls/managers.py, after line 144 (in
the filter_by_access function), paste this in:
# added for fix page search bug-BEGIN
# Perform iterative filtering.
if str(queryset.model) == "<class
'documents.models.DocumentPageResult'>":
result = []
for entry in queryset:
try:
self.check_access(permissions=permission, user=
user, obj=entry.document)
except PermissionDenied:
pass
else:
result.append(entry.pk)
return queryset.filter(pk__in=result)
# END

Here's a wider view of the code in context:
def filter_by_access(self, permission, user, queryset):
if user.is_superuser or user.is_staff:
logger.debug('Unfiltered queryset returned to user "%s" as
superuser or staff',
user)
return queryset

try:
Permission.check_permissions(
requester=user, permissions=(permission,)
)
except PermissionDenied:
user_roles = []
for group in user.groups.all():
for role in group.roles.all():
user_roles.append(role)

try:
parent_accessor = ModelPermission.get_inheritance(
model=queryset.model
)
except KeyError:
parent_acl_query = Q()
# added for fix page search bug-BEGIN
# Perform iterative filtering.
if str(queryset.model) == "<class
'documents.models.DocumentPageResult'>":
result = []
for entry in queryset:
try:
self.check_access(permissions=permission, user=
user, obj=entry.document)
except PermissionDenied:
pass
else:
result.append(entry.pk)
return queryset.filter(pk__in=result)
# END
else:
instance = queryset.first()
if instance:
parent_object = getattr(instance, parent_accessor)

try:
# Try to see if parent_object is a function

and restart your web server.
Post by Ray Hendricks
No, I didn't. I'm currently interviewing developers to work on Mayan-EDMS for us.
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
l***@gmail.com
2018-03-01 01:00:38 UTC
Permalink
So to summarize, the document search works but the page search is broken,
using that permissions scheme?

Mayan's permission system supports permission inheritance. That means that
if an object is a child object, it will inherit the permission requirements
of its parent. If you hold the view permission for a document type, you
automatically have that same permission for all the documents of that type
and all the pages of the documents of that type. By what you are describing
it seems the pages are not inheriting the permissions of their parent
documents.
Post by Ray Hendricks
I have two document types "Default" and "Personal"
I have two roles "Default Owner" and "Personal Owner"
I have two Groups "Work" and "Personal"
Jim is a member of the group "Work" and Kelly is a member of the group
"Personal"
The Group "Personal" is a member of the Role "Personal Owner" and the
Group "Work" is a member of the the Role "Default Owner"
This works in that Jim can't view "Personal" documents but Jim also can't
search pages (he can search documents though). Is this expected behavior?
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
LeVon Smoker
2018-03-01 14:14:49 UTC
Permalink
Yes. This specific case is with the DocumentPageResult model which inherits
from DocumentPage which inherits from the standard Django model not the
Document model. DocumentPage as a 'document' property which I used for my
workaround.

Maybe there's a way to trick the function into using the document property
in certain cases.

And while I have your attention, (I think) pagination needs to be added to
the Cabinets details views and Index views. I ran into a situation where a
Cabinet had over 1000 documents and the browser could not handle rendering
all of those thumbnails...

And thank you for picking up this great project.
Post by l***@gmail.com
So to summarize, the document search works but the page search is broken,
using that permissions scheme?
Mayan's permission system supports permission inheritance. That means that
if an object is a child object, it will inherit the permission requirements
of its parent. If you hold the view permission for a document type, you
automatically have that same permission for all the documents of that type
and all the pages of the documents of that type. By what you are describing
it seems the pages are not inheriting the permissions of their parent
documents.
Post by Ray Hendricks
I have two document types "Default" and "Personal"
I have two roles "Default Owner" and "Personal Owner"
I have two Groups "Work" and "Personal"
Jim is a member of the group "Work" and Kelly is a member of the group
"Personal"
The Group "Personal" is a member of the Role "Personal Owner" and the
Group "Work" is a member of the the Role "Default Owner"
This works in that Jim can't view "Personal" documents but Jim also can't
search pages (he can search documents though). Is this expected behavior?
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
l***@gmail.com
2018-03-01 19:13:26 UTC
Permalink
I was referring to Mayan's custom permission inheritance which is handled
by the acls.classes.ModelPermission class. This is different than the model
inheritance used by Django which is limited to just database fields and
methods. Django's model inheritance is meant to emulate Python's class
inheritance whose purpose is reduce repetition of code. Mayan permission
inheritance should be called permission relationships instead to better
reflect its purpose.

Mayan uses two method of the ModelPermission to determine how an object
inherit permission from another. In the documents.apps file it is using the
.register_inheritance to correlate the DocumentPage and the Document model.

ModelPermission.register_inheritance(
model=DocumentPage, related='document',
)

Before that it is using the .register_proxy to correlate the Document model
with the DocumentType model. I don't understand the difference. I'm tying
to figure it out before bothering Roberto for an explanation.
Post by LeVon Smoker
Yes. This specific case is with the DocumentPageResult model which
inherits from DocumentPage which inherits from the standard Django model
not the Document model. DocumentPage as a 'document' property which I used
for my workaround.
Maybe there's a way to trick the function into using the document property
in certain cases.
And while I have your attention, (I think) pagination needs to be added to
the Cabinets details views and Index views. I ran into a situation where a
Cabinet had over 1000 documents and the browser could not handle rendering
all of those thumbnails...
And thank you for picking up this great project.
Post by l***@gmail.com
So to summarize, the document search works but the page search is broken,
using that permissions scheme?
Mayan's permission system supports permission inheritance. That means
that if an object is a child object, it will inherit the permission
requirements of its parent. If you hold the view permission for a document
type, you automatically have that same permission for all the documents of
that type and all the pages of the documents of that type. By what you are
describing it seems the pages are not inheriting the permissions of their
parent documents.
Post by Ray Hendricks
I have two document types "Default" and "Personal"
I have two roles "Default Owner" and "Personal Owner"
I have two Groups "Work" and "Personal"
Jim is a member of the group "Work" and Kelly is a member of the group
"Personal"
The Group "Personal" is a member of the Role "Personal Owner" and the
Group "Work" is a member of the the Role "Default Owner"
This works in that Jim can't view "Personal" documents but Jim also
can't search pages (he can search documents though). Is this expected
behavior?
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
l***@gmail.com
2018-03-01 23:06:02 UTC
Permalink
Found the root of the problem. DocumentPage is registered with the
permission inheritance but the model returned during page searches is not
DocumentPage but DocumentPageResult. DocumentPageResult has not permission
inheritance relationship to Document. That is the reason no pages are
returned unless you are an admin user.

The fix involves a few steps:

1- Add a permission relationship between DocumentPageResult and Document.
This causes an error. The error is caused because the inheritance system
only allows database fields or functions, doesn't support related
references. In this case a related references is needed: DocumentPageResult
-> DocumentVersion -> Document. The related field must allow something like
'document_version__document".
2- Add a function to navigate a related reference down to the actual model
instance being referenced. This function turns the string
'document_version__document" to the instance of Document being referenced.
3- Update the AccessControlList.objects.filter_by_access method to use the
return_related instead of the simple getattr.

This solution allows filtering the queryset at the database instead of
using callable function for each instance in the queryset which is much
faster and cleaner.

My code in the branch 'feature/pagesearch_testing'
at https://gitlab.com/Michael.Price/mayan-edms/commits/feature/pagesearch_testing.
Added a 4 tests for document and document page searching with and without
the document view permissions and they pass with no problem. I think every
app that has a searchable object should have a test_search test suit.

Even after months of working on the code I'm still amazed at how well
written Mayan is. Kudos to Roberto for making something so far ahead than
anything else I've seen in the Django market.

I'll take a stab at the Cabinet pagination problem.

Just helping until Roberto is back in full swing :)
Post by l***@gmail.com
I was referring to Mayan's custom permission inheritance which is handled
by the acls.classes.ModelPermission class. This is different than the model
inheritance used by Django which is limited to just database fields and
methods. Django's model inheritance is meant to emulate Python's class
inheritance whose purpose is reduce repetition of code. Mayan permission
inheritance should be called permission relationships instead to better
reflect its purpose.
Mayan uses two method of the ModelPermission to determine how an object
inherit permission from another. In the documents.apps file it is using the
.register_inheritance to correlate the DocumentPage and the Document model.
ModelPermission.register_inheritance(
model=DocumentPage, related='document',
)
Before that it is using the .register_proxy to correlate the Document
model with the DocumentType model. I don't understand the difference. I'm
tying to figure it out before bothering Roberto for an explanation.
Post by LeVon Smoker
Yes. This specific case is with the DocumentPageResult model which
inherits from DocumentPage which inherits from the standard Django model
not the Document model. DocumentPage as a 'document' property which I used
for my workaround.
Maybe there's a way to trick the function into using the document
property in certain cases.
And while I have your attention, (I think) pagination needs to be added
to the Cabinets details views and Index views. I ran into a situation where
a Cabinet had over 1000 documents and the browser could not handle
rendering all of those thumbnails...
And thank you for picking up this great project.
Post by l***@gmail.com
So to summarize, the document search works but the page search is
broken, using that permissions scheme?
Mayan's permission system supports permission inheritance. That means
that if an object is a child object, it will inherit the permission
requirements of its parent. If you hold the view permission for a document
type, you automatically have that same permission for all the documents of
that type and all the pages of the documents of that type. By what you are
describing it seems the pages are not inheriting the permissions of their
parent documents.
Post by Ray Hendricks
I have two document types "Default" and "Personal"
I have two roles "Default Owner" and "Personal Owner"
I have two Groups "Work" and "Personal"
Jim is a member of the group "Work" and Kelly is a member of the group
"Personal"
The Group "Personal" is a member of the Role "Personal Owner" and the
Group "Work" is a member of the the Role "Default Owner"
This works in that Jim can't view "Personal" documents but Jim also
can't search pages (he can search documents though). Is this expected
behavior?
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michael Price
2018-03-02 03:56:31 UTC
Permalink
The fix for the cabinet pagination was easy. Just make CabinetDetailView a
subclass of DocumentListView instead of TemplateView. In the
cabinet_details.html remove the lines {% with document_list as object_list
%} and {% endwith %} This makes the template display the paginated
object_list provided by DocumentListView and not the raw list of documents
in the document_list variable.
Post by l***@gmail.com
Found the root of the problem. DocumentPage is registered with the
permission inheritance but the model returned during page searches is not
DocumentPage but DocumentPageResult. DocumentPageResult has not permission
inheritance relationship to Document. That is the reason no pages are
returned unless you are an admin user.
1- Add a permission relationship between DocumentPageResult and Document.
This causes an error. The error is caused because the inheritance system
only allows database fields or functions, doesn't support related
references. In this case a related references is needed: DocumentPageResult
-> DocumentVersion -> Document. The related field must allow something like
'document_version__document".
2- Add a function to navigate a related reference down to the actual model
instance being referenced. This function turns the string
'document_version__document" to the instance of Document being referenced.
3- Update the AccessControlList.objects.filter_by_access method to use the
return_related instead of the simple getattr.
This solution allows filtering the queryset at the database instead of
using callable function for each instance in the queryset which is much
faster and cleaner.
My code in the branch 'feature/pagesearch_testing' at
https://gitlab.com/Michael.Price/mayan-edms/commits/feature/pagesearch_testing.
Added a 4 tests for document and document page searching with and without
the document view permissions and they pass with no problem. I think every
app that has a searchable object should have a test_search test suit.
Even after months of working on the code I'm still amazed at how well
written Mayan is. Kudos to Roberto for making something so far ahead than
anything else I've seen in the Django market.
I'll take a stab at the Cabinet pagination problem.
Just helping until Roberto is back in full swing :)
Post by l***@gmail.com
I was referring to Mayan's custom permission inheritance which is handled
by the acls.classes.ModelPermission class. This is different than the model
inheritance used by Django which is limited to just database fields and
methods. Django's model inheritance is meant to emulate Python's class
inheritance whose purpose is reduce repetition of code. Mayan permission
inheritance should be called permission relationships instead to better
reflect its purpose.
Mayan uses two method of the ModelPermission to determine how an object
inherit permission from another. In the documents.apps file it is using the
.register_inheritance to correlate the DocumentPage and the Document model.
ModelPermission.register_inheritance(
model=DocumentPage, related='document',
)
Before that it is using the .register_proxy to correlate the Document
model with the DocumentType model. I don't understand the difference. I'm
tying to figure it out before bothering Roberto for an explanation.
Post by LeVon Smoker
Yes. This specific case is with the DocumentPageResult model which
inherits from DocumentPage which inherits from the standard Django model
not the Document model. DocumentPage as a 'document' property which I used
for my workaround.
Maybe there's a way to trick the function into using the document
property in certain cases.
And while I have your attention, (I think) pagination needs to be added
to the Cabinets details views and Index views. I ran into a situation where
a Cabinet had over 1000 documents and the browser could not handle
rendering all of those thumbnails...
And thank you for picking up this great project.
Post by l***@gmail.com
So to summarize, the document search works but the page search is
broken, using that permissions scheme?
Mayan's permission system supports permission inheritance. That means
that if an object is a child object, it will inherit the permission
requirements of its parent. If you hold the view permission for a document
type, you automatically have that same permission for all the documents of
that type and all the pages of the documents of that type. By what you are
describing it seems the pages are not inheriting the permissions of their
parent documents.
Post by Ray Hendricks
I have two document types "Default" and "Personal"
I have two roles "Default Owner" and "Personal Owner"
I have two Groups "Work" and "Personal"
Jim is a member of the group "Work" and Kelly is a member of the group
"Personal"
The Group "Personal" is a member of the Role "Personal Owner" and the
Group "Work" is a member of the the Role "Default Owner"
This works in that Jim can't view "Personal" documents but Jim also
can't search pages (he can search documents though). Is this expected
behavior?
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
LeVon Smoker
2018-03-02 15:13:05 UTC
Permalink
Thanks!!
Post by Michael Price
The fix for the cabinet pagination was easy. Just make CabinetDetailView a
subclass of DocumentListView instead of TemplateView. In the
cabinet_details.html remove the lines {% with document_list as object_list
%} and {% endwith %} This makes the template display the paginated
object_list provided by DocumentListView and not the raw list of documents
in the document_list variable.
Post by l***@gmail.com
Found the root of the problem. DocumentPage is registered with the
permission inheritance but the model returned during page searches is not
DocumentPage but DocumentPageResult. DocumentPageResult has not permission
inheritance relationship to Document. That is the reason no pages are
returned unless you are an admin user.
1- Add a permission relationship between DocumentPageResult and Document.
This causes an error. The error is caused because the inheritance system
only allows database fields or functions, doesn't support related
references. In this case a related references is needed: DocumentPageResult
-> DocumentVersion -> Document. The related field must allow something like
'document_version__document".
2- Add a function to navigate a related reference down to the actual
model instance being referenced. This function turns the string
'document_version__document" to the instance of Document being referenced.
3- Update the AccessControlList.objects.filter_by_access method to use
the return_related instead of the simple getattr.
This solution allows filtering the queryset at the database instead of
using callable function for each instance in the queryset which is much
faster and cleaner.
My code in the branch 'feature/pagesearch_testing' at
https://gitlab.com/Michael.Price/mayan-edms/commits/feature/pagesearch_testing.
Added a 4 tests for document and document page searching with and without
the document view permissions and they pass with no problem. I think every
app that has a searchable object should have a test_search test suit.
Even after months of working on the code I'm still amazed at how well
written Mayan is. Kudos to Roberto for making something so far ahead than
anything else I've seen in the Django market.
I'll take a stab at the Cabinet pagination problem.
Just helping until Roberto is back in full swing :)
Post by l***@gmail.com
I was referring to Mayan's custom permission inheritance which is
handled by the acls.classes.ModelPermission class. This is different than
the model inheritance used by Django which is limited to just database
fields and methods. Django's model inheritance is meant to emulate Python's
class inheritance whose purpose is reduce repetition of code. Mayan
permission inheritance should be called permission relationships instead to
better reflect its purpose.
Mayan uses two method of the ModelPermission to determine how an object
inherit permission from another. In the documents.apps file it is using the
.register_inheritance to correlate the DocumentPage and the Document model.
ModelPermission.register_inheritance(
model=DocumentPage, related='document',
)
Before that it is using the .register_proxy to correlate the Document
model with the DocumentType model. I don't understand the difference. I'm
tying to figure it out before bothering Roberto for an explanation.
Post by LeVon Smoker
Yes. This specific case is with the DocumentPageResult model which
inherits from DocumentPage which inherits from the standard Django model
not the Document model. DocumentPage as a 'document' property which I used
for my workaround.
Maybe there's a way to trick the function into using the document
property in certain cases.
And while I have your attention, (I think) pagination needs to be added
to the Cabinets details views and Index views. I ran into a situation where
a Cabinet had over 1000 documents and the browser could not handle
rendering all of those thumbnails...
And thank you for picking up this great project.
On Wednesday, February 28, 2018 at 8:00:39 PM UTC-5,
Post by l***@gmail.com
So to summarize, the document search works but the page search is
broken, using that permissions scheme?
Mayan's permission system supports permission inheritance. That means
that if an object is a child object, it will inherit the permission
requirements of its parent. If you hold the view permission for a document
type, you automatically have that same permission for all the documents of
that type and all the pages of the documents of that type. By what you are
describing it seems the pages are not inheriting the permissions of their
parent documents.
Post by Ray Hendricks
I have two document types "Default" and "Personal"
I have two roles "Default Owner" and "Personal Owner"
I have two Groups "Work" and "Personal"
Jim is a member of the group "Work" and Kelly is a member of the
group "Personal"
The Group "Personal" is a member of the Role "Personal Owner" and the
Group "Work" is a member of the the Role "Default Owner"
This works in that Jim can't view "Personal" documents but Jim also
can't search pages (he can search documents though). Is this expected
behavior?
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
LeVon Smoker
2018-03-06 14:09:31 UTC
Permalink
Michael,

Is it possible to get read access to
https://gitlab.com/Michael.Price/mayan-edms/commits/feature/pagesearch_testing?
Post by LeVon Smoker
Thanks!!
Post by Michael Price
The fix for the cabinet pagination was easy. Just make CabinetDetailView
a subclass of DocumentListView instead of TemplateView. In the
cabinet_details.html remove the lines {% with document_list as object_list
%} and {% endwith %} This makes the template display the paginated
object_list provided by DocumentListView and not the raw list of documents
in the document_list variable.
Post by l***@gmail.com
Found the root of the problem. DocumentPage is registered with the
permission inheritance but the model returned during page searches is not
DocumentPage but DocumentPageResult. DocumentPageResult has not permission
inheritance relationship to Document. That is the reason no pages are
returned unless you are an admin user.
1- Add a permission relationship between DocumentPageResult and
Document. This causes an error. The error is caused because the inheritance
system only allows database fields or functions, doesn't support related
references. In this case a related references is needed: DocumentPageResult
-> DocumentVersion -> Document. The related field must allow something like
'document_version__document".
2- Add a function to navigate a related reference down to the actual
model instance being referenced. This function turns the string
'document_version__document" to the instance of Document being referenced.
3- Update the AccessControlList.objects.filter_by_access method to use
the return_related instead of the simple getattr.
This solution allows filtering the queryset at the database instead of
using callable function for each instance in the queryset which is much
faster and cleaner.
My code in the branch 'feature/pagesearch_testing' at
https://gitlab.com/Michael.Price/mayan-edms/commits/feature/pagesearch_testing.
Added a 4 tests for document and document page searching with and without
the document view permissions and they pass with no problem. I think every
app that has a searchable object should have a test_search test suit.
Even after months of working on the code I'm still amazed at how well
written Mayan is. Kudos to Roberto for making something so far ahead than
anything else I've seen in the Django market.
I'll take a stab at the Cabinet pagination problem.
Just helping until Roberto is back in full swing :)
Post by l***@gmail.com
I was referring to Mayan's custom permission inheritance which is
handled by the acls.classes.ModelPermission class. This is different than
the model inheritance used by Django which is limited to just database
fields and methods. Django's model inheritance is meant to emulate Python's
class inheritance whose purpose is reduce repetition of code. Mayan
permission inheritance should be called permission relationships instead to
better reflect its purpose.
Mayan uses two method of the ModelPermission to determine how an object
inherit permission from another. In the documents.apps file it is using the
.register_inheritance to correlate the DocumentPage and the Document model.
ModelPermission.register_inheritance(
model=DocumentPage, related='document',
)
Before that it is using the .register_proxy to correlate the Document
model with the DocumentType model. I don't understand the difference. I'm
tying to figure it out before bothering Roberto for an explanation.
Post by LeVon Smoker
Yes. This specific case is with the DocumentPageResult model which
inherits from DocumentPage which inherits from the standard Django model
not the Document model. DocumentPage as a 'document' property which I used
for my workaround.
Maybe there's a way to trick the function into using the document
property in certain cases.
And while I have your attention, (I think) pagination needs to be
added to the Cabinets details views and Index views. I ran into a situation
where a Cabinet had over 1000 documents and the browser could not handle
rendering all of those thumbnails...
And thank you for picking up this great project.
On Wednesday, February 28, 2018 at 8:00:39 PM UTC-5,
Post by l***@gmail.com
So to summarize, the document search works but the page search is
broken, using that permissions scheme?
Mayan's permission system supports permission inheritance. That means
that if an object is a child object, it will inherit the permission
requirements of its parent. If you hold the view permission for a document
type, you automatically have that same permission for all the documents of
that type and all the pages of the documents of that type. By what you are
describing it seems the pages are not inheriting the permissions of their
parent documents.
Post by Ray Hendricks
I have two document types "Default" and "Personal"
I have two roles "Default Owner" and "Personal Owner"
I have two Groups "Work" and "Personal"
Jim is a member of the group "Work" and Kelly is a member of the
group "Personal"
The Group "Personal" is a member of the Role "Personal Owner" and
the Group "Work" is a member of the the Role "Default Owner"
This works in that Jim can't view "Personal" documents but Jim also
can't search pages (he can search documents though). Is this expected
behavior?
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
e***@gmail.com
2018-03-13 05:35:06 UTC
Permalink
That branch's work was completed merged into versions/next
=> https://gitlab.com/Michael.Price/mayan-edms/commits/versions/next
Post by LeVon Smoker
Michael,
Is it possible to get read access to
https://gitlab.com/Michael.Price/mayan-edms/commits/feature/pagesearch_testing
?
Post by LeVon Smoker
Thanks!!
Post by Michael Price
The fix for the cabinet pagination was easy. Just make CabinetDetailView
a subclass of DocumentListView instead of TemplateView. In the
cabinet_details.html remove the lines {% with document_list as object_list
%} and {% endwith %} This makes the template display the paginated
object_list provided by DocumentListView and not the raw list of documents
in the document_list variable.
Post by l***@gmail.com
Found the root of the problem. DocumentPage is registered with the
permission inheritance but the model returned during page searches is not
DocumentPage but DocumentPageResult. DocumentPageResult has not permission
inheritance relationship to Document. That is the reason no pages are
returned unless you are an admin user.
1- Add a permission relationship between DocumentPageResult and
Document. This causes an error. The error is caused because the inheritance
system only allows database fields or functions, doesn't support related
references. In this case a related references is needed: DocumentPageResult
-> DocumentVersion -> Document. The related field must allow something like
'document_version__document".
2- Add a function to navigate a related reference down to the actual
model instance being referenced. This function turns the string
'document_version__document" to the instance of Document being referenced.
3- Update the AccessControlList.objects.filter_by_access method to use
the return_related instead of the simple getattr.
This solution allows filtering the queryset at the database instead of
using callable function for each instance in the queryset which is much
faster and cleaner.
My code in the branch 'feature/pagesearch_testing' at
https://gitlab.com/Michael.Price/mayan-edms/commits/feature/pagesearch_testing.
Added a 4 tests for document and document page searching with and without
the document view permissions and they pass with no problem. I think every
app that has a searchable object should have a test_search test suit.
Even after months of working on the code I'm still amazed at how well
written Mayan is. Kudos to Roberto for making something so far ahead than
anything else I've seen in the Django market.
I'll take a stab at the Cabinet pagination problem.
Just helping until Roberto is back in full swing :)
Post by l***@gmail.com
I was referring to Mayan's custom permission inheritance which is
handled by the acls.classes.ModelPermission class. This is different than
the model inheritance used by Django which is limited to just database
fields and methods. Django's model inheritance is meant to emulate Python's
class inheritance whose purpose is reduce repetition of code. Mayan
permission inheritance should be called permission relationships instead to
better reflect its purpose.
Mayan uses two method of the ModelPermission to determine how an
object inherit permission from another. In the documents.apps file it is
using the .register_inheritance to correlate the DocumentPage and the
Document model.
ModelPermission.register_inheritance(
model=DocumentPage, related='document',
)
Before that it is using the .register_proxy to correlate the Document
model with the DocumentType model. I don't understand the difference. I'm
tying to figure it out before bothering Roberto for an explanation.
Post by LeVon Smoker
Yes. This specific case is with the DocumentPageResult model which
inherits from DocumentPage which inherits from the standard Django model
not the Document model. DocumentPage as a 'document' property which I used
for my workaround.
Maybe there's a way to trick the function into using the document
property in certain cases.
And while I have your attention, (I think) pagination needs to be
added to the Cabinets details views and Index views. I ran into a situation
where a Cabinet had over 1000 documents and the browser could not handle
rendering all of those thumbnails...
And thank you for picking up this great project.
On Wednesday, February 28, 2018 at 8:00:39 PM UTC-5,
Post by l***@gmail.com
So to summarize, the document search works but the page search is
broken, using that permissions scheme?
Mayan's permission system supports permission inheritance. That
means that if an object is a child object, it will inherit the permission
requirements of its parent. If you hold the view permission for a document
type, you automatically have that same permission for all the documents of
that type and all the pages of the documents of that type. By what you are
describing it seems the pages are not inheriting the permissions of their
parent documents.
Post by Ray Hendricks
I have two document types "Default" and "Personal"
I have two roles "Default Owner" and "Personal Owner"
I have two Groups "Work" and "Personal"
Jim is a member of the group "Work" and Kelly is a member of the
group "Personal"
The Group "Personal" is a member of the Role "Personal Owner" and
the Group "Work" is a member of the the Role "Default Owner"
This works in that Jim can't view "Personal" documents but Jim also
can't search pages (he can search documents though). Is this expected
behavior?
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...