Merge pull request #1416 from open-zaak/feature/1415-force-write-scope

add force-write scope for Catalogi API

bin/postman_tests.sh

@@ -2,7 +2,7 @@
 
 set -x
 
-POSTMAN_TESTS_REF=0fb70d0e38d91db1697ca6d4801e039e839579e6
+POSTMAN_TESTS_REF=792d5d6a3c3548efac022275dcf4d5653db4a9b2
 
 # These client IDs and secrets are dummy variables that are only used by
 # the Docker build in Travis, so they can be public

src/openzaak/components/catalogi/api/scopes.py

@@ -26,6 +26,16 @@
 """,
 )
 
+SCOPE_CATALOGI_FORCED_WRITE = Scope(
+    "catalogi.geforceerd-schrijven",
+    description="""
+**Laat toe om**:
+
+* Gepubliceerde types geforceerd te schrijven. Alle resources zijn beschikbaar.
+""",
+)
+
+
 SCOPE_CATALOGI_FORCED_DELETE = Scope(
     "catalogi.geforceerd-verwijderen",
     description="""

src/openzaak/components/catalogi/api/serializers/relatieklassen.py

@@ -10,7 +10,7 @@
 
 from ...constants import RichtingChoices
 from ...models import ZaakTypeInformatieObjectType
-from ..validators import ZaakTypeInformatieObjectTypeCatalogusValidator
+from ..validators import ZaakTypeInformatieObjectTypeCatalogusValidator, is_force_write
 
 
 class ZaakTypeInformatieObjectTypeSerializer(serializers.HyperlinkedModelSerializer):
@@ -64,6 +64,10 @@ def get_fields(self):
     def validate(self, attrs):
         super().validate(attrs)
 
+        # New in Catalogi 1.2: allow concept update for a specific scope
+        if is_force_write(self):
+            return attrs
+
         if self.instance:
             zaaktype = attrs.get("zaaktype") or self.instance.zaaktype
             informatieobjecttype = (

src/openzaak/components/catalogi/api/validators.py

@@ -10,6 +10,7 @@
 )
 
 from openzaak.client import fetch_object
+from openzaak.components.catalogi.api.scopes import SCOPE_CATALOGI_FORCED_WRITE
 from openzaak.utils.serializers import get_from_serializer_data_or_instance
 
 from ..constants import SelectielijstKlasseProcestermijn as Procestermijn
@@ -288,6 +289,19 @@ def __call__(self, attrs: dict):
             raise ValidationError({"deelzaaktypen": self.message}, code=self.code)
 
 
+def is_force_write(serializer) -> bool:
+    request = serializer.context["request"]
+
+    # if no jwt_auth -> it's used in the admin of the management command
+    if not hasattr(request, "jwt_auth"):
+        return True
+
+    return request.jwt_auth.has_auth(
+        scopes=SCOPE_CATALOGI_FORCED_WRITE,
+        init_component=serializer.Meta.model._meta.app_label,
+    )
+
+
 class ConceptUpdateValidator:
     message = _("Het is niet toegestaan om een non-concept object bij te werken")
     code = "non-concept-object"
@@ -300,6 +314,10 @@ def __call__(self, attrs, serializer):
         if not instance:
             return
 
+        # New in Catalogi 1.2: allow concept update for a specific scope
+        if is_force_write(serializer):
+            return
+
         # updating eindeGeldigheid is allowed through patch requests
         if serializer.partial and list(attrs.keys()) == ["datum_einde_geldigheid"]:
             return
@@ -327,6 +345,7 @@ class ZaakTypeConceptValidator:
         "Updating an object that has a relation to a non-concept zaaktype is forbidden"
     )
     code = "non-concept-zaaktype"
+    requires_context = True
 
     def set_context(self, serializer):
         """
@@ -336,7 +355,11 @@ def set_context(self, serializer):
         # Determine the existing instance, if this is an update operation.
         self.instance = getattr(serializer, "instance", None)
 
-    def __call__(self, attrs):
+    def __call__(self, attrs, serializer):
+        # New in Catalogi 1.2: allow concept update for a specific scope
+        if is_force_write(serializer):
+            return
+
         if self.instance:
             zaaktype = self.instance.zaaktype
             if not zaaktype.concept:
@@ -367,6 +390,10 @@ def __call__(self, attrs, serializer):
         if instance:
             return
 
+        # New in Catalogi 1.2: allow concept create for a specific scope
+        if is_force_write(serializer):
+            return
+
         for field_name in self.concept_related_fields:
             field = attrs.get(field_name, [])
             for related_object in field:
@@ -396,6 +423,10 @@ def __call__(self, attrs, serializer):
         if not instance:
             return
 
+        # New in Catalogi 1.2: allow concept update for a specific scope
+        if is_force_write(serializer):
+            return
+
         einde_geldigheid = attrs.get("datum_einde_geldigheid")
         if einde_geldigheid and len(request.data) == 1:
             return

src/openzaak/components/catalogi/api/viewsets/besluittype.py

@@ -16,6 +16,7 @@
 from ..kanalen import KANAAL_BESLUITTYPEN
 from ..scopes import (
     SCOPE_CATALOGI_FORCED_DELETE,
+    SCOPE_CATALOGI_FORCED_WRITE,
     SCOPE_CATALOGI_READ,
     SCOPE_CATALOGI_WRITE,
 )
@@ -93,8 +94,8 @@ class BesluitTypeViewSet(
         "list": SCOPE_CATALOGI_READ,
         "retrieve": SCOPE_CATALOGI_READ,
         "create": SCOPE_CATALOGI_WRITE,
-        "update": SCOPE_CATALOGI_WRITE,
-        "partial_update": SCOPE_CATALOGI_WRITE,
+        "update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "partial_update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
         "destroy": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_DELETE,
         "publish": SCOPE_CATALOGI_WRITE,
     }

src/openzaak/components/catalogi/api/viewsets/eigenschap.py

@@ -11,6 +11,7 @@
 from ..filters import EigenschapFilter
 from ..scopes import (
     SCOPE_CATALOGI_FORCED_DELETE,
+    SCOPE_CATALOGI_FORCED_WRITE,
     SCOPE_CATALOGI_READ,
     SCOPE_CATALOGI_WRITE,
 )
@@ -78,8 +79,8 @@ class EigenschapViewSet(
     required_scopes = {
         "list": SCOPE_CATALOGI_READ,
         "retrieve": SCOPE_CATALOGI_READ,
-        "create": SCOPE_CATALOGI_WRITE,
-        "update": SCOPE_CATALOGI_WRITE,
-        "partial_update": SCOPE_CATALOGI_WRITE,
+        "create": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "partial_update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
         "destroy": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_DELETE,
     }

src/openzaak/components/catalogi/api/viewsets/informatieobjecttype.py

@@ -16,6 +16,7 @@
 from ..kanalen import KANAAL_INFORMATIEOBJECTTYPEN
 from ..scopes import (
     SCOPE_CATALOGI_FORCED_DELETE,
+    SCOPE_CATALOGI_FORCED_WRITE,
     SCOPE_CATALOGI_READ,
     SCOPE_CATALOGI_WRITE,
 )
@@ -92,8 +93,8 @@ class InformatieObjectTypeViewSet(
         "list": SCOPE_CATALOGI_READ,
         "retrieve": SCOPE_CATALOGI_READ,
         "create": SCOPE_CATALOGI_WRITE,
-        "update": SCOPE_CATALOGI_WRITE,
-        "partial_update": SCOPE_CATALOGI_WRITE,
+        "update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "partial_update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
         "destroy": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_DELETE,
         "publish": SCOPE_CATALOGI_WRITE,
     }

src/openzaak/components/catalogi/api/viewsets/relatieklassen.py

@@ -16,6 +16,7 @@
 from ..filters import ZaakTypeInformatieObjectTypeFilter
 from ..scopes import (
     SCOPE_CATALOGI_FORCED_DELETE,
+    SCOPE_CATALOGI_FORCED_WRITE,
     SCOPE_CATALOGI_READ,
     SCOPE_CATALOGI_WRITE,
 )
@@ -101,9 +102,9 @@ class ZaakTypeInformatieObjectTypeViewSet(
     required_scopes = {
         "list": SCOPE_CATALOGI_READ,
         "retrieve": SCOPE_CATALOGI_READ,
-        "create": SCOPE_CATALOGI_WRITE,
-        "update": SCOPE_CATALOGI_WRITE,
-        "partial_update": SCOPE_CATALOGI_WRITE,
+        "create": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "partial_update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
         "destroy": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_DELETE,
     }
     swagger_schema = ZaakTypeInformatieObjectTypeSchema

src/openzaak/components/catalogi/api/viewsets/resultaattype.py

@@ -11,6 +11,7 @@
 from ..filters import ResultaatTypeFilter
 from ..scopes import (
     SCOPE_CATALOGI_FORCED_DELETE,
+    SCOPE_CATALOGI_FORCED_WRITE,
     SCOPE_CATALOGI_READ,
     SCOPE_CATALOGI_WRITE,
 )
@@ -76,8 +77,8 @@ class ResultaatTypeViewSet(
     required_scopes = {
         "list": SCOPE_CATALOGI_READ,
         "retrieve": SCOPE_CATALOGI_READ,
-        "create": SCOPE_CATALOGI_WRITE,
-        "update": SCOPE_CATALOGI_WRITE,
-        "partial_update": SCOPE_CATALOGI_WRITE,
+        "create": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "partial_update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
         "destroy": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_DELETE,
     }

src/openzaak/components/catalogi/api/viewsets/roltype.py

@@ -11,6 +11,7 @@
 from ..filters import RolTypeFilter
 from ..scopes import (
     SCOPE_CATALOGI_FORCED_DELETE,
+    SCOPE_CATALOGI_FORCED_WRITE,
     SCOPE_CATALOGI_READ,
     SCOPE_CATALOGI_WRITE,
 )
@@ -74,8 +75,8 @@ class RolTypeViewSet(
     required_scopes = {
         "list": SCOPE_CATALOGI_READ,
         "retrieve": SCOPE_CATALOGI_READ,
-        "create": SCOPE_CATALOGI_WRITE,
-        "update": SCOPE_CATALOGI_WRITE,
-        "partial_update": SCOPE_CATALOGI_WRITE,
+        "create": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "partial_update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
         "destroy": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_DELETE,
     }

src/openzaak/components/catalogi/api/viewsets/statustype.py

@@ -11,6 +11,7 @@
 from ..filters import StatusTypeFilter
 from ..scopes import (
     SCOPE_CATALOGI_FORCED_DELETE,
+    SCOPE_CATALOGI_FORCED_WRITE,
     SCOPE_CATALOGI_READ,
     SCOPE_CATALOGI_WRITE,
 )
@@ -76,8 +77,8 @@ class StatusTypeViewSet(
     required_scopes = {
         "list": SCOPE_CATALOGI_READ,
         "retrieve": SCOPE_CATALOGI_READ,
-        "create": SCOPE_CATALOGI_WRITE,
-        "update": SCOPE_CATALOGI_WRITE,
-        "partial_update": SCOPE_CATALOGI_WRITE,
+        "create": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "partial_update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
         "destroy": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_DELETE,
     }

src/openzaak/components/catalogi/api/viewsets/zaaktype.py

@@ -21,6 +21,7 @@
 from ..kanalen import KANAAL_ZAAKTYPEN
 from ..scopes import (
     SCOPE_CATALOGI_FORCED_DELETE,
+    SCOPE_CATALOGI_FORCED_WRITE,
     SCOPE_CATALOGI_READ,
     SCOPE_CATALOGI_WRITE,
 )
@@ -115,8 +116,8 @@ class ZaakTypeViewSet(
         "list": SCOPE_CATALOGI_READ,
         "retrieve": SCOPE_CATALOGI_READ,
         "create": SCOPE_CATALOGI_WRITE,
-        "update": SCOPE_CATALOGI_WRITE,
-        "partial_update": SCOPE_CATALOGI_WRITE,
+        "update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
+        "partial_update": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_WRITE,
         "destroy": SCOPE_CATALOGI_WRITE | SCOPE_CATALOGI_FORCED_DELETE,
         "publish": SCOPE_CATALOGI_WRITE,
     }