That is a fantastic idea and a good candidate for a MERC proposal
(http://docs.mayan-edms.com/en/stable/mercs/)
Some tip when working with the permission system.
These don't directly apply to the mountindex command since we don't have a
way to know which user is accesing the mounted index. But for the normal
web stuff here is how to filter data:
Don't specify the role label or the permission name, the role label might
get updated by another user and the permission name could change between
releases (unlikely but possible). Use the filter_by_access method of the
AccessControlList manager.
filtered_queryset = AccessControlList.objects.filter_by_access(
permission=permission_document_view, user=self.request.user,
queryset=queryset
)
The permission is obtiained by importing from the .permissions.py module
found in each app. This code here filters the queryset of documents and
allows only those for this the user currently logged (obtained from
self.request, the HTTP request object). The filter code first check if the
use has the global permission assigned (document view for all documents).
And then iterates over all the groups and roles to which the user belongs
as an user can inherit the permission by subscription to a role or an ACL.
If the are no permissions in any of the user's roles, the queryset is
returned empty.
If you just want to know if an user can or cannot to an action use the
"check_access" method.
AccessControlList.objects.check_access(
permissions=permission_document_view, user=request.user,
obj=self.document
)
If works in the same way. First check for a global permission and then for
the permission in each role and then for the ACLs. If not permission is
found the method raised the PERMISSION_DENIED expection and the user
interface redirects to the insufficient permission template.
It would be great to find a way to find which OS user is trying to access a
document from a mounted index and correlate with the Mayan user in the
database to be able to do dynamic filesystem filtering.
Post by LeVon SmokerAnd it would be neat to have some document info/metadata be made available
as extended file attributes through listxattr and getxattr...
Post by LeVon SmokerI ended up creating my own version of the mountindex management command
in a custom app
Post by Roberto RosarioMakes sense to filter documents. An ideal solution would be to
correlation the OS username to a Mayan user to inherit the permission. Or
in the mean time a filtering method via the mountindex command line to
avoid needing to change the code. Your question brings an interesting
proposition to the mountindex feature.
Post by LeVon SmokerI figured it out eventually. In the
mirroring/management/commands/mountindex.py, I added...
acls = AccessControlList.objects.filter(role__label='My Role',
permissions__name='document_view')
queryset = queryset.filter(acls__in=acls)
Post by LeVon SmokerHow can I do this? I intend to make my own version of the mountindex
command that would allow filtering documents based on a role. I assume it's
like filtering on a Generic Relation, but I can't figure it out...
https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.