|
1
|
|
|
# -*- coding: utf-8 -*- |
|
2
|
|
|
# |
|
3
|
|
|
# This file is part of SENAITE.CORE. |
|
4
|
|
|
# |
|
5
|
|
|
# SENAITE.CORE is free software: you can redistribute it and/or modify it under |
|
6
|
|
|
# the terms of the GNU General Public License as published by the Free Software |
|
7
|
|
|
# Foundation, version 2. |
|
8
|
|
|
# |
|
9
|
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT |
|
10
|
|
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
|
11
|
|
|
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
|
12
|
|
|
# details. |
|
13
|
|
|
# |
|
14
|
|
|
# You should have received a copy of the GNU General Public License along with |
|
15
|
|
|
# this program; if not, write to the Free Software Foundation, Inc., 51 |
|
16
|
|
|
# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
|
17
|
|
|
# |
|
18
|
|
|
# Copyright 2018-2019 by it's authors. |
|
19
|
|
|
# Some rights reserved, see README and LICENSE. |
|
20
|
|
|
|
|
21
|
|
|
from Products.CMFCore.permissions import AccessContentsInformation |
|
22
|
|
|
from Products.CMFCore.permissions import ListFolderContents |
|
23
|
|
|
from Products.CMFCore.permissions import View |
|
24
|
|
|
from bika.lims.api import security |
|
25
|
|
|
from bika.lims.interfaces import IInternalUse |
|
26
|
|
|
from zope.interface import alsoProvides |
|
27
|
|
|
from zope.interface import noLongerProvides |
|
28
|
|
|
from zope.lifecycleevent import modified |
|
29
|
|
|
|
|
30
|
|
|
|
|
31
|
|
|
def ObjectModifiedEventHandler(instance, event): |
|
32
|
|
|
"""Actions to be taken when AnalysisRequest object is modified |
|
33
|
|
|
""" |
|
34
|
|
|
# If Internal Use value has been modified, apply suitable permissions |
|
35
|
|
|
internal_use = instance.getInternalUse() |
|
36
|
|
|
if internal_use != IInternalUse.providedBy(instance): |
|
37
|
|
|
|
|
38
|
|
|
# Update permissions for current sample |
|
39
|
|
|
update_internal_use_permissions(instance) |
|
40
|
|
|
|
|
41
|
|
|
# Mark/Unmark all analyses with IInternalUse to control their |
|
42
|
|
|
# visibility in results reports |
|
43
|
|
|
for analysis in instance.objectValues("Analysis"): |
|
44
|
|
|
if internal_use: |
|
45
|
|
|
alsoProvides(analysis, IInternalUse) |
|
46
|
|
|
else: |
|
47
|
|
|
noLongerProvides(analysis, IInternalUse) |
|
48
|
|
|
|
|
49
|
|
|
# If internal use is True, cascade same setting to partitions |
|
50
|
|
|
if internal_use: |
|
51
|
|
|
for partition in instance.getDescendants(): |
|
52
|
|
|
partition.setInternalUse(internal_use) |
|
53
|
|
|
# Notify the partition has been modified |
|
54
|
|
|
modified(partition) |
|
55
|
|
|
|
|
56
|
|
|
|
|
57
|
|
|
def AfterTransitionEventHandler(instance, event): |
|
58
|
|
|
"""Actions to be taken when AnalsysiRequest object has been transitioned. |
|
59
|
|
|
This function does not superseds workflow.analysisrequest.events, rather it |
|
60
|
|
|
only updates the permissions in accordance with InternalUse value |
|
61
|
|
|
""" |
|
62
|
|
|
update_internal_use_permissions(instance) |
|
63
|
|
|
|
|
64
|
|
|
|
|
65
|
|
|
def update_internal_use_permissions(analysis_request): |
|
66
|
|
|
"""Updates the permissions for the AnalysisRequest object passed in |
|
67
|
|
|
accordance with the value set for field InternalUse |
|
68
|
|
|
""" |
|
69
|
|
|
if analysis_request.getInternalUse(): |
|
70
|
|
|
# Revoke basic permissions from Owner (the client contact) |
|
71
|
|
|
revoke_permission(View, "Owner", analysis_request) |
|
72
|
|
|
revoke_permission(ListFolderContents, "Owner", analysis_request) |
|
73
|
|
|
revoke_permission(AccessContentsInformation, "Owner", analysis_request) |
|
74
|
|
|
|
|
75
|
|
|
# Mark the Sample for Internal use only |
|
76
|
|
|
alsoProvides(analysis_request, IInternalUse) |
|
77
|
|
|
|
|
78
|
|
|
else: |
|
79
|
|
|
# Restore basic permissions (acquired=1) |
|
80
|
|
|
analysis_request.manage_permission(View, [], acquire=1) |
|
81
|
|
|
analysis_request.manage_permission(ListFolderContents, [], acquire=1) |
|
82
|
|
|
analysis_request.manage_permission(AccessContentsInformation, [], |
|
83
|
|
|
acquire=1) |
|
84
|
|
|
|
|
85
|
|
|
# Unmark the Sample |
|
86
|
|
|
noLongerProvides(analysis_request, IInternalUse) |
|
87
|
|
|
|
|
88
|
|
|
analysis_request.reindexObjectSecurity() |
|
89
|
|
|
analysis_request.reindexObject(idxs="getInternalUse") |
|
90
|
|
|
|
|
91
|
|
|
|
|
92
|
|
|
def gather_roles_for_permission(permission, obj): |
|
93
|
|
|
"""Extract all the effective roles for a given permission and object, |
|
94
|
|
|
acquired roles included |
|
95
|
|
|
""" |
|
96
|
|
|
roles = security.get_roles_for_permission(permission, obj) |
|
97
|
|
|
if obj.acquiredRolesAreUsedBy(permission): |
|
98
|
|
|
roles.extend(gather_roles_for_permission(permission, obj.aq_parent)) |
|
99
|
|
|
return list(set(roles)) |
|
100
|
|
|
|
|
101
|
|
|
|
|
102
|
|
|
def revoke_permission(permission, role, obj): |
|
103
|
|
|
"""Revokes a permission for a given role and object |
|
104
|
|
|
""" |
|
105
|
|
|
roles = gather_roles_for_permission(permission, obj) |
|
106
|
|
|
if role in roles: |
|
107
|
|
|
roles.remove(role) |
|
108
|
|
|
obj.manage_permission(permission, roles) |
senaite /
senaite.core
