def ensure_assignee_is_workflow_member(workflow, assignee):
"""Checks what role assignee has in the context of
a workflow. If he has none he gets the Workflow Member role."""
if not assignee:
return
# Check if assignee is mapped to the Workflow
workflow_people = models.WorkflowPerson.query.filter(
models.WorkflowPerson.workflow_id == workflow.id,
models.WorkflowPerson.person_id == assignee.id).all()
if not workflow_people:
workflow_person = models.WorkflowPerson(person=assignee,
workflow=workflow,
context=workflow.context)
db.session.add(workflow_person)
# Check if assignee has a role assignment
from ggrc_basic_permissions.models import UserRole
user_roles = UserRole.query.filter(
UserRole.context_id == workflow.context_id,
UserRole.person_id == assignee.id).all()
if not user_roles:
workflow_member_role = _find_role('WorkflowMember')
user_role = UserRole(
person=assignee,
role=workflow_member_role,
context=workflow.context,
modified_by=get_current_user(),
)
db.session.add(user_role)
def ensure_assignee_is_workflow_member(workflow, assignee, assignee_id=None):
"""Checks what role assignee has in the context of
a workflow. If he has none he gets the Workflow Member role."""
if not assignee and not assignee_id:
return
if assignee_id is None:
assignee_id = assignee.id
if assignee and assignee_id != assignee.id:
raise ValueError("Conflict value assignee and assignee_id")
if any(assignee_id == wp.person_id for wp in workflow.workflow_people):
return
# Check if assignee is mapped to the Workflow
workflow_people = models.WorkflowPerson.query.filter(
models.WorkflowPerson.workflow_id == workflow.id,
models.WorkflowPerson.person_id == assignee_id).count()
if not workflow_people:
models.WorkflowPerson(person=assignee,
person_id=assignee_id,
workflow=workflow,
context=workflow.context)
# Check if assignee has a role assignment
user_roles = UserRole.query.filter(
UserRole.context_id == workflow.context_id,
UserRole.person_id == assignee_id).count()
if not user_roles:
workflow_member_role = _find_role('WorkflowMember')
UserRole(
person=assignee,
person_id=assignee_id,
role=workflow_member_role,
context=workflow.context,
modified_by=get_current_user(),
)
def insert_object(self):
if self.dry_run or not self.value:
return
self.remove_current_people()
for owner in self.value:
workflow_person = wf_models.WorkflowPerson(
workflow=self.row_converter.obj,
person=owner,
context=self.row_converter.obj.context)
db.session.add(workflow_person)
self.dry_run = True
def _add_workflow_people(self, role_name):
"""Add people to Workflow with appropriate role.
Args:
role_name: Workflow user role name
"""
role = db.session.query(bp_models.Role).filter(
bp_models.Role.name == role_name).first()
for person in self.value:
wf_models.WorkflowPerson(
workflow=self.row_converter.obj,
person=person,
context=self.row_converter.obj.context,
modified_by=get_current_user(),
)
bp_models.UserRole(
person=person,
role=role,
context=self.row_converter.obj.context,
modified_by=get_current_user(),
)
def handle_workflow_post(sender, obj=None, src=None, service=None): # noqa pylint: disable=unused-argument
source_workflow = None
if src.get('clone'):
source_workflow_id = src.get('clone')
source_workflow = models.Workflow.query.filter_by(
id=source_workflow_id).first()
source_workflow.copy(obj)
db.session.add(obj)
db.session.flush()
obj.title = source_workflow.title + ' (copy ' + str(obj.id) + ')'
db.session.flush()
# get the personal context for this logged in user
user = get_current_user()
personal_context = _get_or_create_personal_context(user)
context = obj.build_object_context(
context=personal_context,
name='{object_type} Context {timestamp}'.format(
object_type=service.model.__name__, timestamp=datetime.now()),
description='',
)
context.modified_by = get_current_user()
db.session.add(obj)
db.session.flush()
db.session.add(context)
db.session.flush()
obj.contexts.append(context)
obj.context = context
# add a user_roles mapping assigning the user creating the workflow
# the WorkflowOwner role in the workflow's context.
workflow_owner_role = _find_role('WorkflowOwner')
user_role = UserRole(
person=user,
role=workflow_owner_role,
context=context,
modified_by=get_current_user(),
)
db.session.add(
models.WorkflowPerson(
person=user,
workflow=obj,
context=context,
modified_by=get_current_user(),
))
# pass along a temporary attribute for logging the events.
user_role._display_related_title = obj.title
db.session.add(user_role)
db.session.flush()
# Create the context implication for Workflow roles to default context
db.session.add(
ContextImplication(
source_context=context,
context=None,
source_context_scope='Workflow',
context_scope=None,
modified_by=get_current_user(),
))
if not src.get('private'):
# Add role implication - all users can read a public workflow
add_public_workflow_context_implication(context)
if src.get('clone'):
source_workflow.copy_task_groups(
obj,
clone_people=src.get('clone_people', False),
clone_tasks=src.get('clone_tasks', False),
clone_objects=src.get('clone_objects', False))
if src.get('clone_people'):
workflow_member_role = _find_role('WorkflowMember')
for authorization in source_workflow.context.user_roles:
# Current user has already been added as workflow owner
if authorization.person != user:
db.session.add(
UserRole(person=authorization.person,
role=workflow_member_role,
context=context,
modified_by=user))
for person in source_workflow.people:
if person != user:
db.session.add(
models.WorkflowPerson(person=person,
workflow=obj,
context=context))
def handle_workflow_post(sender, obj=None, src=None, service=None):
_validate_post_workflow_fields(obj)
source_workflow = None
if src.get('clone'):
source_workflow_id = src.get('clone')
source_workflow = models.Workflow.query.filter_by(
id=source_workflow_id
).first()
source_workflow.copy(obj)
obj.title = source_workflow.title + ' (copy ' + str(obj.id) + ')'
# get the personal context for this logged in user
user = get_current_user()
personal_context = user.get_or_create_object_context(context=1)
context = obj.get_or_create_object_context(personal_context)
obj.context = context
if not obj.workflow_people:
# add a user_roles mapping assigning the user creating the workflow
# the WorkflowOwner role in the workflow's context.
workflow_owner_role = _find_role('WorkflowOwner')
user_role = UserRole(
person=user,
role=workflow_owner_role,
context=context,
modified_by=get_current_user(),
)
models.WorkflowPerson(
person=user,
workflow=obj,
context=context,
modified_by=get_current_user(),
)
# pass along a temporary attribute for logging the events.
user_role._display_related_title = obj.title
# Create the context implication for Workflow roles to default context
ContextImplication(
source_context=context,
context=None,
source_context_scope='Workflow',
context_scope=None,
modified_by=get_current_user(),
)
if not src.get('private'):
# Add role implication - all users can read a public workflow
add_public_workflow_context_implication(context)
if src.get('clone'):
source_workflow.copy_task_groups(
obj,
clone_people=src.get('clone_people', False),
clone_tasks=src.get('clone_tasks', False),
clone_objects=src.get('clone_objects', False)
)
if src.get('clone_people'):
workflow_member_role = _find_role('WorkflowMember')
for authorization in source_workflow.context.user_roles:
# Current user has already been added as workflow owner
if authorization.person != user:
UserRole(
person=authorization.person,
role=workflow_member_role,
context=context,
modified_by=user)
for person in source_workflow.people:
if person != user:
models.WorkflowPerson(
person=person,
workflow=obj,
context=context)
