-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
permissions: Allow record reviewers to also read/update request #31
Conversation
8184203
to
cde0aca
Compare
README.rst
Outdated
class CurationRDMRequestsPermissionPolicy(RDMRequestsPermissionPolicy): | ||
"""Customized permission policy for sane handling of curation requests.""" | ||
|
||
|
||
rdm_policy = RDMRecordPermissionPolicy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not really a great solution but it is working.
Another possibility would be to add a generator for retrieving a certain permission from the entity's service. Will give it a try
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Implemented. It feels a lot cleaner this way.
5cbad2c
to
01abb30
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
permission policies twist my brain a bit and i don't have the full context of community-submissions in mind (as they're currently disabled at TUW, have i mentioned that before?)
but from my understanding, this PR just makes sure that rdm-curations happen before community-submissions, and forwards read permissions to the topic's permission policy to align read/preview permissions some more?
i couldn't identify anything that looks fishy to me, LGTM!
@@ -60,6 +62,59 @@ def _condition(self, request=None, **kwargs): | |||
return False | |||
|
|||
|
|||
class EntityReferenceServicePermission(Generator): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so if i understand correctly, this basically "forwards" the permission check to the service responsible for the referenced entity?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah. An entity will be resolved and passed to the generators of the specified permission.
# the rdm-curation request has been accepted | ||
curation_request_record_review = IfRequestTypes( | ||
[CurationRequest], | ||
then_=[TopicPermission(permission_name="can_review")], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
with the new permission generator (see other comment), this basically checks the record_svc.can_review
?
neat!
* introduce generator for accessing config permission
01abb30
to
cef4a1b
Compare
closes #24 #25
possibly closes #15 (to be tested)
Update the request permission policy to allow users who
can_manage
a record to also view the associated curation request.There is also some renaming in this PR, which adds some noise. Maybe easier to compare the README instead of
permissions.py
.Could be solved by merging #22 and rebasing