def ensure_assignee_is_workflow_member(workflow, assignee): """Checks what role assignee has in the context of a workflow. If he has none he gets the Workflow Member role.""" if not assignee: return # Check if assignee is mapped to the Workflow workflow_people = models.WorkflowPerson.query.filter( models.WorkflowPerson.workflow_id == workflow.id, models.WorkflowPerson.person_id == assignee.id).all() if not workflow_people: workflow_person = models.WorkflowPerson(person=assignee, workflow=workflow, context=workflow.context) db.session.add(workflow_person) # Check if assignee has a role assignment from ggrc_basic_permissions.models import UserRole user_roles = UserRole.query.filter( UserRole.context_id == workflow.context_id, UserRole.person_id == assignee.id).all() if not user_roles: workflow_member_role = _find_role('WorkflowMember') user_role = UserRole( person=assignee, role=workflow_member_role, context=workflow.context, modified_by=get_current_user(), ) db.session.add(user_role)
def ensure_assignee_is_workflow_member(workflow, assignee, assignee_id=None): """Checks what role assignee has in the context of a workflow. If he has none he gets the Workflow Member role.""" if not assignee and not assignee_id: return if assignee_id is None: assignee_id = assignee.id if assignee and assignee_id != assignee.id: raise ValueError("Conflict value assignee and assignee_id") if any(assignee_id == wp.person_id for wp in workflow.workflow_people): return # Check if assignee is mapped to the Workflow workflow_people = models.WorkflowPerson.query.filter( models.WorkflowPerson.workflow_id == workflow.id, models.WorkflowPerson.person_id == assignee_id).count() if not workflow_people: models.WorkflowPerson(person=assignee, person_id=assignee_id, workflow=workflow, context=workflow.context) # Check if assignee has a role assignment user_roles = UserRole.query.filter( UserRole.context_id == workflow.context_id, UserRole.person_id == assignee_id).count() if not user_roles: workflow_member_role = _find_role('WorkflowMember') UserRole( person=assignee, person_id=assignee_id, role=workflow_member_role, context=workflow.context, modified_by=get_current_user(), )
def insert_object(self): if self.dry_run or not self.value: return self.remove_current_people() for owner in self.value: workflow_person = wf_models.WorkflowPerson( workflow=self.row_converter.obj, person=owner, context=self.row_converter.obj.context) db.session.add(workflow_person) self.dry_run = True
def _add_workflow_people(self, role_name): """Add people to Workflow with appropriate role. Args: role_name: Workflow user role name """ role = db.session.query(bp_models.Role).filter( bp_models.Role.name == role_name).first() for person in self.value: wf_models.WorkflowPerson( workflow=self.row_converter.obj, person=person, context=self.row_converter.obj.context, modified_by=get_current_user(), ) bp_models.UserRole( person=person, role=role, context=self.row_converter.obj.context, modified_by=get_current_user(), )
def handle_workflow_post(sender, obj=None, src=None, service=None): # noqa pylint: disable=unused-argument source_workflow = None if src.get('clone'): source_workflow_id = src.get('clone') source_workflow = models.Workflow.query.filter_by( id=source_workflow_id).first() source_workflow.copy(obj) db.session.add(obj) db.session.flush() obj.title = source_workflow.title + ' (copy ' + str(obj.id) + ')' db.session.flush() # get the personal context for this logged in user user = get_current_user() personal_context = _get_or_create_personal_context(user) context = obj.build_object_context( context=personal_context, name='{object_type} Context {timestamp}'.format( object_type=service.model.__name__, timestamp=datetime.now()), description='', ) context.modified_by = get_current_user() db.session.add(obj) db.session.flush() db.session.add(context) db.session.flush() obj.contexts.append(context) obj.context = context # add a user_roles mapping assigning the user creating the workflow # the WorkflowOwner role in the workflow's context. workflow_owner_role = _find_role('WorkflowOwner') user_role = UserRole( person=user, role=workflow_owner_role, context=context, modified_by=get_current_user(), ) db.session.add( models.WorkflowPerson( person=user, workflow=obj, context=context, modified_by=get_current_user(), )) # pass along a temporary attribute for logging the events. user_role._display_related_title = obj.title db.session.add(user_role) db.session.flush() # Create the context implication for Workflow roles to default context db.session.add( ContextImplication( source_context=context, context=None, source_context_scope='Workflow', context_scope=None, modified_by=get_current_user(), )) if not src.get('private'): # Add role implication - all users can read a public workflow add_public_workflow_context_implication(context) if src.get('clone'): source_workflow.copy_task_groups( obj, clone_people=src.get('clone_people', False), clone_tasks=src.get('clone_tasks', False), clone_objects=src.get('clone_objects', False)) if src.get('clone_people'): workflow_member_role = _find_role('WorkflowMember') for authorization in source_workflow.context.user_roles: # Current user has already been added as workflow owner if authorization.person != user: db.session.add( UserRole(person=authorization.person, role=workflow_member_role, context=context, modified_by=user)) for person in source_workflow.people: if person != user: db.session.add( models.WorkflowPerson(person=person, workflow=obj, context=context))
def handle_workflow_post(sender, obj=None, src=None, service=None): _validate_post_workflow_fields(obj) source_workflow = None if src.get('clone'): source_workflow_id = src.get('clone') source_workflow = models.Workflow.query.filter_by( id=source_workflow_id ).first() source_workflow.copy(obj) obj.title = source_workflow.title + ' (copy ' + str(obj.id) + ')' # get the personal context for this logged in user user = get_current_user() personal_context = user.get_or_create_object_context(context=1) context = obj.get_or_create_object_context(personal_context) obj.context = context if not obj.workflow_people: # add a user_roles mapping assigning the user creating the workflow # the WorkflowOwner role in the workflow's context. workflow_owner_role = _find_role('WorkflowOwner') user_role = UserRole( person=user, role=workflow_owner_role, context=context, modified_by=get_current_user(), ) models.WorkflowPerson( person=user, workflow=obj, context=context, modified_by=get_current_user(), ) # pass along a temporary attribute for logging the events. user_role._display_related_title = obj.title # Create the context implication for Workflow roles to default context ContextImplication( source_context=context, context=None, source_context_scope='Workflow', context_scope=None, modified_by=get_current_user(), ) if not src.get('private'): # Add role implication - all users can read a public workflow add_public_workflow_context_implication(context) if src.get('clone'): source_workflow.copy_task_groups( obj, clone_people=src.get('clone_people', False), clone_tasks=src.get('clone_tasks', False), clone_objects=src.get('clone_objects', False) ) if src.get('clone_people'): workflow_member_role = _find_role('WorkflowMember') for authorization in source_workflow.context.user_roles: # Current user has already been added as workflow owner if authorization.person != user: UserRole( person=authorization.person, role=workflow_member_role, context=context, modified_by=user) for person in source_workflow.people: if person != user: models.WorkflowPerson( person=person, workflow=obj, context=context)