Merge pull request #12 from oarepo/krist/permissions-naming-fixes

unifying permission classes naming
oarepo · Aug 27, 2024 · 210a932 · 210a932
2 parents 7acdfc2 + 9bdfa44
commit 210a932
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 16 deletions.
diff --git a/oarepo_workflows/__init__.py b/oarepo_workflows/__init__.py
@@ -1,7 +1,7 @@
 from oarepo_workflows.services.permissions import (
     AutoApprove,
     AutoRequest,
-    DefaultWorkflowPermissionPolicy,
+    DefaultWorkflowPermissions,
     IfInState,
     WorkflowPermission,
     WorkflowPermissionPolicy,
@@ -19,7 +19,7 @@
     "IfInState",
     "Workflow",
     "WorkflowPermission",
-    "DefaultWorkflowPermissionPolicy",
+    "DefaultWorkflowPermissions",
     "WorkflowPermissionPolicy",
     "WorkflowRequestPolicy",
     "WorkflowRequest",

diff --git a/oarepo_workflows/base.py b/oarepo_workflows/base.py
@@ -3,14 +3,15 @@
 
 from flask_babel import LazyString
 
+from . import WorkflowPermissionPolicy
 from .requests import WorkflowRequestPolicy
-from .services.permissions import DefaultWorkflowPermissionPolicy
+from .services.permissions import DefaultWorkflowPermissions
 
 
 @dataclasses.dataclass
 class Workflow:
     label: str | LazyString
-    permission_policy_cls: Type[DefaultWorkflowPermissionPolicy]
+    permission_policy_cls: Type[DefaultWorkflowPermissions]
     request_policy_cls: Type[WorkflowRequestPolicy] = WorkflowRequestPolicy
 
     def permissions(self, action, **over):
@@ -20,3 +21,9 @@ def permissions(self, action, **over):
     def requests(self):
         """Return instance of request policy for this workflow."""
         return self.request_policy_cls()
+
+    def __post_init__(self):
+        assert not issubclass(self.permission_policy_cls, WorkflowPermissionPolicy)
+        assert issubclass(self.permission_policy_cls, DefaultWorkflowPermissions)
+
+        assert issubclass(self.request_policy_cls, WorkflowRequestPolicy)
diff --git a/oarepo_workflows/services/permissions/__init__.py b/oarepo_workflows/services/permissions/__init__.py
@@ -1,10 +1,10 @@
 from .generators import AutoApprove, AutoRequest, IfInState, WorkflowPermission
-from .policy import DefaultWorkflowPermissionPolicy, WorkflowPermissionPolicy
+from .policy import DefaultWorkflowPermissions, WorkflowPermissionPolicy
 
 __all__ = (
     "IfInState",
     "WorkflowPermission",
-    "DefaultWorkflowPermissionPolicy",
+    "DefaultWorkflowPermissions",
     "WorkflowPermissionPolicy",
     "AutoApprove",
     "AutoRequest",

diff --git a/oarepo_workflows/services/permissions/generators.py b/oarepo_workflows/services/permissions/generators.py
@@ -19,9 +19,7 @@ def _get_workflow_id(self, record=None, **kwargs):
             if not workflow_id:
                 raise MissingWorkflowError("Workflow not defined on record.")
         else:
-            workflow_id = (
-                kwargs.get("data", {}).get("parent", {}).get("workflow", {})
-            )
+            workflow_id = kwargs.get("data", {}).get("parent", {}).get("workflow", {})
             if not workflow_id:
                 raise MissingWorkflowError("Workflow not defined in input.")
         return workflow_id

diff --git a/oarepo_workflows/services/permissions/policy.py b/oarepo_workflows/services/permissions/policy.py
@@ -13,7 +13,19 @@
 from .generators import IfInState, WorkflowPermission
 
 
-class DefaultWorkflowPermissionPolicy(RecordPermissionPolicy):
+class DefaultWorkflowPermissions(RecordPermissionPolicy):
+    """
+    Base class for workflow permissions, subclass from it and put the result to Workflow constructor.
+    Example:
+        class MyWorkflowPermissions(DefaultWorkflowPermissions):
+            can_read = [AnyUser()]
+    in invenio.cfg
+    WORKFLOWS = {
+        'default': Workflow(
+            permission_policy_cls = MyWorkflowPermissions, ...
+        )
+    }
+    """
     PERMISSIONS_REMAP = {
         "read_draft": "read",
         "update_draft": "update",
@@ -25,13 +37,13 @@ class DefaultWorkflowPermissionPolicy(RecordPermissionPolicy):
         "draft_read_files": "read_files",
         "draft_update_files": "update_files",
         "search_drafts": "search",
-        "search_versions": "search"
+        "search_versions": "search",
     }
 
     system_process = SystemProcess()
 
     def __init__(self, action_name=None, **over):
-        action_name = DefaultWorkflowPermissionPolicy.PERMISSIONS_REMAP.get(
+        action_name = DefaultWorkflowPermissions.PERMISSIONS_REMAP.get(
             action_name, action_name
         )
         can = getattr(self, f"can_{action_name}")
@@ -53,6 +65,10 @@ def __init__(self, action_name=None, **over):
 
 
 class WorkflowPermissionPolicy(RecordPermissionPolicy):
+    """
+    Permission policy to be used in permission presets directly on RecordServiceConfig.permission_policy_cls
+    Do not use this class in Workflow constructor.
+    """
     can_create = [WorkflowPermission("create")]
     can_publish = [WorkflowPermission("publish")]
     can_search = [SystemProcess(), AnyUser()]

diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = oarepo-workflows
-version = 1.0.8
+version = 1.0.9
 description =
 authors = Ronald Krist <[email protected]>
 readme = README.md

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -18,12 +18,12 @@
     WorkflowTransitions,
 )
 from oarepo_workflows.services.permissions import (
-    DefaultWorkflowPermissionPolicy,
+    DefaultWorkflowPermissions,
     IfInState,
 )
 
 
-class RecordOwnersReadTestWorkflowPermissionPolicy(DefaultWorkflowPermissionPolicy):
+class RecordOwnersReadTestWorkflowPermissionPolicy(DefaultWorkflowPermissions):
     can_read = [RecordOwners()]
 
 
@@ -55,7 +55,7 @@ class MyWorkflowRequests(WorkflowRequestPolicy):
 WORKFLOWS = {
     "my_workflow": Workflow(
         label=_("Default workflow"),
-        permission_policy_cls=DefaultWorkflowPermissionPolicy,
+        permission_policy_cls=DefaultWorkflowPermissions,
         request_policy_cls=MyWorkflowRequests,
     ),
     "record_owners_can_read": Workflow(