You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 16, 2024. It is now read-only.
There was several tries to add parameters passing to trahsition conditions. And every time pull requesters clain the only one use case for that - user permission checking.
Doing that in conditions is basically wrong. And it makes get_all_available_transition method ugly. B/c you can't mix conditions with user param and without, or have to use **kwargs everywhere.
At the end if user have no permission TransitionNotAllowed would be raisen that makes no sence.
The right solution should allow to make model transition without user (in case of background celery task or admin console when user are not available) And checking user permission should raise PermissionDenied exception.
So, i think right solution should be follows:
Add permission arg to transition method that accepts django permission string name or callable that accepts user
Provide additional method for perm check on transition, Ex
This is an interesting approach, however for our use case it falls short. We have an entity, and some users can publish it directly (have can_publish), others have to go through a review process (don't have can_publish). So we have the states NEW, REVIEW and PUBLISHED. Now I'd need to forbid the NEW -> REVIEW transition for users that can publish directly, so I'd need something like permission='!can_publish'.
In another place (we don't use django-fsm there) we have to check for a combination of permissions like can_publish AND !is_trainer.
There was several tries to add parameters passing to trahsition conditions. And every time pull requesters clain the only one use case for that - user permission checking.
Doing that in conditions is basically wrong. And it makes get_all_available_transition method ugly. B/c you can't mix conditions with user param and without, or have to use **kwargs everywhere.
At the end if user have no permission TransitionNotAllowed would be raisen that makes no sence.
The right solution should allow to make model transition without user (in case of background celery task or admin console when user are not available) And checking user permission should raise PermissionDenied exception.
So, i think right solution should be follows:
permission
arg to transition method that accepts django permission string name or callable that accepts userUsage
The text was updated successfully, but these errors were encountered: