✨(backend) add duplicate action to the document API endpoint
We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
This commit is contained in:
Samuel Paccoud - DINUM
committed by
Manuel Raynaud
Manuel Raynaud
parent
6976bb7c78
commit
34a208a80d
@@ -13,6 +13,7 @@ from logging import getLogger
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import models as auth_models
|
||||
from django.contrib.auth.base_user import AbstractBaseUser
|
||||
from django.contrib.postgres.fields import ArrayField
|
||||
from django.contrib.sites.models import Site
|
||||
from django.core import mail, validators
|
||||
from django.core.cache import cache
|
||||
@@ -427,10 +428,12 @@ class DocumentQuerySet(MP_NodeQuerySet):
|
||||
|
||||
def readable_per_se(self, user):
|
||||
"""
|
||||
Filters the queryset to return documents that the given user has
|
||||
permission to read.
|
||||
Filters the queryset to return documents on which the given user has
|
||||
direct access, team access or link access. This will not return all the
|
||||
documents that a user can read because it can be obtained via an ancestor.
|
||||
:param user: The user for whom readable documents are to be fetched.
|
||||
:return: A queryset of documents readable by the user.
|
||||
:return: A queryset of documents for which the user has direct access,
|
||||
team access or link access.
|
||||
"""
|
||||
if user.is_authenticated:
|
||||
return self.filter(
|
||||
@@ -459,7 +462,9 @@ class DocumentManager(MP_NodeManager):
|
||||
"""
|
||||
Filters documents based on user permissions using the custom queryset.
|
||||
:param user: The user for whom readable documents are to be fetched.
|
||||
:return: A queryset of documents readable by the user.
|
||||
:return: A queryset of documents for which the user has direct access,
|
||||
team access or link access. This will not return all the documents
|
||||
that a user can read because it can be obtained via an ancestor.
|
||||
"""
|
||||
return self.get_queryset().readable_per_se(user)
|
||||
|
||||
@@ -486,6 +491,21 @@ class Document(MP_Node, BaseModel):
|
||||
)
|
||||
deleted_at = models.DateTimeField(null=True, blank=True)
|
||||
ancestors_deleted_at = models.DateTimeField(null=True, blank=True)
|
||||
duplicated_from = models.ForeignKey(
|
||||
"self",
|
||||
on_delete=models.SET_NULL,
|
||||
related_name="duplicates",
|
||||
editable=False,
|
||||
blank=True,
|
||||
null=True,
|
||||
)
|
||||
attachments = ArrayField(
|
||||
models.CharField(max_length=255),
|
||||
default=list,
|
||||
editable=False,
|
||||
blank=True,
|
||||
null=True,
|
||||
)
|
||||
|
||||
_content = None
|
||||
|
||||
@@ -800,6 +820,7 @@ class Document(MP_Node, BaseModel):
|
||||
"cors_proxy": can_get,
|
||||
"descendants": can_get,
|
||||
"destroy": is_owner,
|
||||
"duplicate": can_get,
|
||||
"favorite": can_get and user.is_authenticated,
|
||||
"link_configuration": is_owner_or_admin,
|
||||
"invite_owner": is_owner,
|
||||
|
||||
Reference in New Issue
Block a user