[Mayan EDMS: 2608] Filtering a document queryset on the ACL/role name

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Mayan EDMS: 2608] Filtering a document queryset on the ACL/role name

LeVon Smoker
How can I do this? I intend to make my own version of the mountindex command that would allow filtering documents based on a role. I assume it's like filtering on a Generic Relation, but I can't figure it out...

https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation

--

---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

[Mayan EDMS: 2612] Re: Filtering a document queryset on the ACL/role name

LeVon Smoker
I figured it out eventually. In the mirroring/management/commands/mountindex.py, I added...
acls = AccessControlList.objects.filter(role__label='My Role', permissions__name='document_view')
queryset
= queryset.filter(acls__in=acls)



On Friday, July 27, 2018 at 10:12:21 AM UTC-4, LeVon Smoker wrote:
How can I do this? I intend to make my own version of the mountindex command that would allow filtering documents based on a role. I assume it's like filtering on a Generic Relation, but I can't figure it out...

<a href="https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fcontrib%2Fcontenttypes%2F%23django.contrib.contenttypes.fields.GenericRelation\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHm6WRtpOgtXOCDn48n6ra3X0aFAw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fcontrib%2Fcontenttypes%2F%23django.contrib.contenttypes.fields.GenericRelation\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHm6WRtpOgtXOCDn48n6ra3X0aFAw&#39;;return true;">https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation

--

---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

[Mayan EDMS: 2624] Re: Filtering a document queryset on the ACL/role name

rosarior
Administrator
Makes sense to filter documents. An ideal solution would be to correlation the OS username to a Mayan user to inherit the permission. Or in the mean time a filtering method via the mountindex command line to avoid needing to change the code. Your question brings an interesting proposition to the mountindex feature.

On Tuesday, July 31, 2018 at 8:52:01 AM UTC-4, LeVon Smoker wrote:
I figured it out eventually. In the mirroring/management/commands/mountindex.py, I added...
acls = AccessControlList.objects.filter(role__label='My Role', permissions__name='document_view')
queryset
= queryset.filter(acls__in=acls)



On Friday, July 27, 2018 at 10:12:21 AM UTC-4, LeVon Smoker wrote:
How can I do this? I intend to make my own version of the mountindex command that would allow filtering documents based on a role. I assume it's like filtering on a Generic Relation, but I can't figure it out...

<a href="https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fcontrib%2Fcontenttypes%2F%23django.contrib.contenttypes.fields.GenericRelation\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHm6WRtpOgtXOCDn48n6ra3X0aFAw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fcontrib%2Fcontenttypes%2F%23django.contrib.contenttypes.fields.GenericRelation\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHm6WRtpOgtXOCDn48n6ra3X0aFAw&#39;;return true;">https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation

--

---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

[Mayan EDMS: 2636] Re: Filtering a document queryset on the ACL/role name

LeVon Smoker
I ended up creating my own version of the mountindex management command in a custom app

On Wednesday, August 8, 2018 at 5:16:01 PM UTC-4, Roberto Rosario wrote:
Makes sense to filter documents. An ideal solution would be to correlation the OS username to a Mayan user to inherit the permission. Or in the mean time a filtering method via the mountindex command line to avoid needing to change the code. Your question brings an interesting proposition to the mountindex feature.

On Tuesday, July 31, 2018 at 8:52:01 AM UTC-4, LeVon Smoker wrote:
I figured it out eventually. In the mirroring/management/commands/mountindex.py, I added...
acls = AccessControlList.objects.filter(role__label='My Role', permissions__name='document_view')
queryset
= queryset.filter(acls__in=acls)



On Friday, July 27, 2018 at 10:12:21 AM UTC-4, LeVon Smoker wrote:
How can I do this? I intend to make my own version of the mountindex command that would allow filtering documents based on a role. I assume it's like filtering on a Generic Relation, but I can't figure it out...

<a href="https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fcontrib%2Fcontenttypes%2F%23django.contrib.contenttypes.fields.GenericRelation\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHm6WRtpOgtXOCDn48n6ra3X0aFAw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fcontrib%2Fcontenttypes%2F%23django.contrib.contenttypes.fields.GenericRelation\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHm6WRtpOgtXOCDn48n6ra3X0aFAw&#39;;return true;">https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation

--

---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

[Mayan EDMS: 2653] Re: Filtering a document queryset on the ACL/role name

LeVon Smoker
And it would be neat to have some document info/metadata be made available as extended file attributes through listxattr and getxattr...

On Thursday, August 9, 2018 at 2:32:56 PM UTC-4, LeVon Smoker wrote:
I ended up creating my own version of the mountindex management command in a custom app

On Wednesday, August 8, 2018 at 5:16:01 PM UTC-4, Roberto Rosario wrote:
Makes sense to filter documents. An ideal solution would be to correlation the OS username to a Mayan user to inherit the permission. Or in the mean time a filtering method via the mountindex command line to avoid needing to change the code. Your question brings an interesting proposition to the mountindex feature.

On Tuesday, July 31, 2018 at 8:52:01 AM UTC-4, LeVon Smoker wrote:
I figured it out eventually. In the mirroring/management/commands/mountindex.py, I added...
acls = AccessControlList.objects.filter(role__label='My Role', permissions__name='document_view')
queryset
= queryset.filter(acls__in=acls)



On Friday, July 27, 2018 at 10:12:21 AM UTC-4, LeVon Smoker wrote:
How can I do this? I intend to make my own version of the mountindex command that would allow filtering documents based on a role. I assume it's like filtering on a Generic Relation, but I can't figure it out...

<a href="https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fcontrib%2Fcontenttypes%2F%23django.contrib.contenttypes.fields.GenericRelation\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHm6WRtpOgtXOCDn48n6ra3X0aFAw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fcontrib%2Fcontenttypes%2F%23django.contrib.contenttypes.fields.GenericRelation\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHm6WRtpOgtXOCDn48n6ra3X0aFAw&#39;;return true;">https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation

--

---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

[Mayan EDMS: 2656] Re: Filtering a document queryset on the ACL/role name

rosarior
Administrator
That is a fantastic idea and a good candidate for a MERC proposal (http://docs.mayan-edms.com/en/stable/mercs/)

Some tip when working with the permission system.

These don't directly apply to the mountindex command since we don't have a way to know which user is accesing the mounted index. But for the normal web stuff here is how to filter data:


Don't specify the role label or the permission name, the role label might get updated by another user and the permission name could change between releases (unlikely but possible). Use the filter_by_access method of the AccessControlList manager.

        filtered_queryset = AccessControlList.objects.filter_by_access(
            permission=permission_document_view, user=self.request.user,
            queryset=queryset
        )

The permission is obtiained by importing from the .permissions.py module found in each app. This code here filters the queryset of documents and allows only those for this the user currently logged (obtained from self.request, the HTTP request object). The filter code first check if the use has the global permission assigned (document view for all documents). And then iterates over all the groups and roles to which the user belongs as an user can inherit the permission by subscription to a role or an ACL. If the are no permissions in any of the user's roles, the queryset is returned empty.

If you just want to know if an user can or cannot to an action use the "check_access" method. 

        AccessControlList.objects.check_access(
            permissions=permission_document_view, user=request.user,
            obj=self.document
        )

If works in the same way. First check for a global permission and then for the permission in each role and then for the ACLs. If not permission is found the method raised the PERMISSION_DENIED expection and the user interface redirects to the insufficient permission template.

It would be great to find a way to find which OS user is trying to access a document from a mounted index and correlate with the Mayan user in the database to be able to do dynamic filesystem filtering.


On Friday, August 17, 2018 at 9:59:23 AM UTC-4, LeVon Smoker wrote:
And it would be neat to have some document info/metadata be made available as extended file attributes through listxattr and getxattr...

On Thursday, August 9, 2018 at 2:32:56 PM UTC-4, LeVon Smoker wrote:
I ended up creating my own version of the mountindex management command in a custom app

On Wednesday, August 8, 2018 at 5:16:01 PM UTC-4, Roberto Rosario wrote:
Makes sense to filter documents. An ideal solution would be to correlation the OS username to a Mayan user to inherit the permission. Or in the mean time a filtering method via the mountindex command line to avoid needing to change the code. Your question brings an interesting proposition to the mountindex feature.

On Tuesday, July 31, 2018 at 8:52:01 AM UTC-4, LeVon Smoker wrote:
I figured it out eventually. In the mirroring/management/commands/mountindex.py, I added...
acls = AccessControlList.objects.filter(role__label='My Role', permissions__name='document_view')
queryset
= queryset.filter(acls__in=acls)



On Friday, July 27, 2018 at 10:12:21 AM UTC-4, LeVon Smoker wrote:
How can I do this? I intend to make my own version of the mountindex command that would allow filtering documents based on a role. I assume it's like filtering on a Generic Relation, but I can't figure it out...

<a href="https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fcontrib%2Fcontenttypes%2F%23django.contrib.contenttypes.fields.GenericRelation\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHm6WRtpOgtXOCDn48n6ra3X0aFAw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fcontrib%2Fcontenttypes%2F%23django.contrib.contenttypes.fields.GenericRelation\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHm6WRtpOgtXOCDn48n6ra3X0aFAw&#39;;return true;">https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericRelation

--

---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.