From 99af964d8f8dee58551a346db5409bab0aa7eb23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jordi=20Puiggen=C3=A9?= Date: Mon, 10 Feb 2020 16:56:45 +0100 Subject: [PATCH 1/2] Fix error when creating a partition as analyst user Analyst user was allowed to create partitions because the 'create_partition' guard was governed by permission "Edit Results" and the permission required for partition magic view was "ManageAnalysisRequests". Nevertheless, analysts do not have view permissions for some setup objects (like SampleType), so the system was throwing an exception after pressing the button "Create Partitions" from partition magiv view: ``` Traceback (innermost last): Module ZPublisher.Publish, line 138, in publish Module ZPublisher.mapply, line 77, in mapply Module ZPublisher.Publish, line 48, in call_object Module bika.lims.browser.partition_magic, line 97, in call Module bika.lims.utils.analysisrequest, line 480, in create_partition Module bika.lims.utils.analysisrequest, line 87, in create_analysisrequest Module Products.Archetypes.BaseObject, line 636, in processForm Module bika.lims.content.analysisrequest, line 1420, in _renameAfterCreation Module bika.lims.idserver, line 518, in renameAfterCreation Module bika.lims.idserver, line 462, in generateUniqueId Module bika.lims.idserver, line 227, in get_variables AttributeError: 'NoneType' object has no attribute 'getPrefix' ``` This commit makes the "create_partition" transition, and the partition magic view to rely on permission "senaite.core: Add AnalysisRequest", so the transition is not longer available to analyst, and even if he/she tries to access manually to partition magic view, the system will display an "Insufficient privileges" message. --- CHANGES.rst | 1 + bika/lims/browser/configure.zcml | 2 +- .../workflows/bika_ar_workflow/definition.xml | 6 ++--- bika/lims/upgrade/v01_03_003.py | 25 +++++++++++++++++++ 4 files changed, 29 insertions(+), 5 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 193d836444..dc5128d116 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -45,6 +45,7 @@ Changelog **Fixed** +- #1525 Fix error when creating partitions with analyst user - #1522 Fix sporadical timeout issue when adding new samples/remarks - #1506 Changes via manage results don't get applied to partitions - #1506 Fix recursion error when getting dependencies through Calculation diff --git a/bika/lims/browser/configure.zcml b/bika/lims/browser/configure.zcml index 34b5ffebd4..9f7104f540 100644 --- a/bika/lims/browser/configure.zcml +++ b/bika/lims/browser/configure.zcml @@ -76,7 +76,7 @@ for="*" name="partition_magic" class=".partition_magic.PartitionMagicView" - permission="senaite.core.permissions.ManageAnalysisRequests" + permission="senaite.core.permissions.AddAnalysisRequest" layer="bika.lims.interfaces.IBikaLIMS" /> diff --git a/bika/lims/profiles/default/workflows/bika_ar_workflow/definition.xml b/bika/lims/profiles/default/workflows/bika_ar_workflow/definition.xml index 32d41eda92..6920fcfd02 100644 --- a/bika/lims/profiles/default/workflows/bika_ar_workflow/definition.xml +++ b/bika/lims/profiles/default/workflows/bika_ar_workflow/definition.xml @@ -1283,16 +1283,14 @@ - + Create partitions - senaite.core: Edit Results + senaite.core: Add AnalysisRequest python:here.guard_handler("create_partitions") diff --git a/bika/lims/upgrade/v01_03_003.py b/bika/lims/upgrade/v01_03_003.py index 71eb18b6d8..90f60c8a93 100644 --- a/bika/lims/upgrade/v01_03_003.py +++ b/bika/lims/upgrade/v01_03_003.py @@ -329,6 +329,10 @@ def upgrade(tool): # https://github.com/senaite/senaite.core/pull/1517 install_senaite_core_spotlight(portal) + # Don't allow Analysts to create partitions + setup.runImportStepFromProfile(profile, "workflow") + update_wf_received_samples(portal) + # apply resource profiles setup.runImportStepFromProfile(profile, "jsregistry") setup.runImportStepFromProfile(profile, "cssregistry") @@ -723,3 +727,24 @@ def remove_stale_css(portal): for css in CSS_TO_REMOVE: logger.info("Unregistering CSS %s" % css) portal.portal_css.unregisterResource(css) + + +def update_wf_received_samples(portal): + """Updates workflow mappings for root samples that are in received status + """ + logger.info("Updating workflow mappings for received samples ...") + wf_tool = api.get_tool("portal_workflow") + sample_workflow = wf_tool.getWorkflowById("bika_ar_workflow") + query = dict(portal_type="AnalysisRequest", + isRootAncestor=True, + review_state="received") + brains = api.search(query, CATALOG_ANALYSIS_REQUEST_LISTING) + total = len(brains) + for num, brain in enumerate(brains): + if num and num % 1000 == 0: + logger.info("{}/{} samples processed ...".format(num, total)) + sample = api.get_object(brain) + sample_workflow.updateRoleMappingsFor(sample) + sample.reindexObject() + + logger.info("Updating workflow mappings for received samples [DONE]") From bdd788b039f5b959914905eb86ccebae1dc2b0d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jordi=20Puiggen=C3=A9?= Date: Mon, 10 Feb 2020 17:22:31 +0100 Subject: [PATCH 2/2] Do not allow analysts to copy samples --- bika/lims/browser/analysisrequest/analysisrequests.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/bika/lims/browser/analysisrequest/analysisrequests.py b/bika/lims/browser/analysisrequest/analysisrequests.py index f3a6b314db..10b4025250 100644 --- a/bika/lims/browser/analysisrequest/analysisrequests.py +++ b/bika/lims/browser/analysisrequest/analysisrequests.py @@ -761,8 +761,7 @@ def get_progress_percentage(self, ar_brain): @property def copy_to_new_allowed(self): mtool = api.get_tool("portal_membership") - if mtool.checkPermission(ManageAnalysisRequests, self.context) \ - or mtool.checkPermission(ModifyPortalContent, self.context): + if mtool.checkPermission(AddAnalysisRequest, self.context): return True return False