Merge pull request #8202 from 4teamwork/ran/TI-2959/spv-excerpt-create-update

Allow SPV users to return protocol excerpt to proposal dossier

Author: Acrop146

changes/TI-2959.feature

@@ -0,0 +1 @@
+Allow SPV to send and update excerpts to proposal dossier. [ran]

docs/public/dev-manual/api/api_changelog.rst

@@ -13,6 +13,8 @@ Breaking Changes
 Other Changes
 ^^^^^^^^^^^^^
 - ``@membership-notes``: Add endpoint to update a note on a membership.
+- ``@ris-return-excerpt``: Add endpoint to allow users from spv to create a proposal excerpt in a dossier they do not have view permission in.
+- ``@ris-update-excerpt``: Add endpoint to allow users from spv to update a proposal excerpt in a dossier they do not have view permission in.
 
 
 2025.8.0 (2025-08-22)

docs/public/dev-manual/api/proposals.rst

@@ -159,3 +159,79 @@ Die Response ist eine Liste die für jede Beilage die folgenden Informationen zu
               "source": "dossier-1/proposal-1/document-76"
           }
       ]
+
+
+Protokollauszug im Antragsdossier ablegen
+=========================================
+
+Mit dem ``@ris-return-excerpt`` Endpoint können Protokollauszüge aus der SPV
+ins Antragsdossier eingereicht werden. Der Endpoint erwartet als Pfad Parameter:
+
+- Mandant ID
+- relative Dossierpfad
+
+
+**Beispiel-Request**:
+
+   .. sourcecode:: http
+
+      POST ordnungssystem/dossier-1/document-1/@ris-return-excerpt HTTP/1.1
+      Accept: application/json
+
+      {
+        "target_admin_unit_id": "fd",
+        "target_dossier_relative_path": "ordnungssystem/dossier-1"
+      }
+
+**Beispiel-Response**:
+
+
+   .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "path": "ordnungssystem/dossier-2/document-2",
+        "intid": 3,
+        "url": "http://gever.onegovgever.ch/fd/ordnungssystem/dossier-2/document-2",
+        "current_version_id": 1,
+      }
+
+
+Protokollauszug im Antragsdossier aktualisieren
+===============================================
+
+Mit dem ``@ris-update-excerpt`` Endpoint können Protokollauszüge aus der SPV
+im Antragsdossier aktualisiert werden. Der Endpoint erwartet als Pfad Parameter:
+
+- Mandant ID
+- relative Dokumentpfad vom Protokollauszug
+
+
+**Beispiel-Request**:
+
+   .. sourcecode:: http
+
+      POST ordnungssystem/dossier-1/document-1/@ris-update-excerpt HTTP/1.1
+      Accept: application/json
+
+      {
+        "target_admin_unit_id": "fd",
+        "target_document_relative_path": "ordnungssystem/dossier-1/document-1"
+      }
+
+**Beispiel-Response**:
+
+
+   .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "path": "ordnungssystem/dossier-2/document-2",
+        "intid": 3,
+        "url": "http://gever.onegovgever.ch/fd/ordnungssystem/dossier-2/document-2",
+        "current_version_id": 1,
+      }

opengever/api/tests/test_proposal.py

@@ -388,3 +388,48 @@ def test_submitting_additional_document_new_version(self, browser):
         self.assertEqual(documents[0].file.data,
                          self.document.file.data)
         self.assertEqual("New", documents[0].file.data)
+
+
+class TestRISExcerptEndpoints(IntegrationTestCase):
+
+    @browsing
+    def test_ris_return_and_update_excerpt(self, browser):
+        self.login(self.regular_user, browser)
+
+        dossier_rel = "/".join(self.dossier.getPhysicalPath()[2:])
+
+        browser.open(
+            self.document.absolute_url() + "/@ris-return-excerpt",
+            method="POST",
+            headers=self.api_headers,
+            data=json.dumps(
+                {
+                    "target_admin_unit_id": "plone",
+                    "target_dossier_relative_path": dossier_rel,
+                }
+            ),
+        )
+
+        self.assertEqual(200, browser.status_code)
+        data = browser.json
+        self.assertEqual(data["current_version_id"], 0)
+
+        excerpt_doc = self.portal.unrestrictedTraverse(data["path"].encode("utf-8"))
+
+        self.assertEqual(excerpt_doc.file.data, self.document.file.data)
+        self.assertTrue(excerpt_doc.is_final_document())
+
+        browser.open(
+            self.document.absolute_url() + "/@ris-update-excerpt",
+            method="POST",
+            headers=self.api_headers,
+            data=json.dumps(
+                {
+                    "target_admin_unit_id": "plone",
+                    "target_doc_relative_path": data["path"],
+                }
+            ),
+        )
+
+        self.assertEqual(browser.json["current_version_id"], 1)
+        self.assertTrue(excerpt_doc.is_final_document())

opengever/core/lawgiver.zcml

@@ -247,6 +247,8 @@
                    opengever.propertysheets: Manage PropertySheets,
                    opengever.repository: Export repository,
                    opengever.ris: Add Proposal,
+                   opengever.ris: Return Excerpt,
+                   opengever.ris: Update Excerpt,
                    opengever.sharing: List Protected Objects,
                    opengever.webactions: Manage own WebActions,
                    opengever.workspace: Add WorkspaceFolder,

opengever/core/profiles/default/rolemap.xml

@@ -284,6 +284,17 @@
       <role name="Administrator" />
     </permission>
 
+    <!-- RIS -->
+    <permission name="opengever.ris: Return Excerpt" acquire="False">
+      <role name="Manager" />
+      <role name="Member" />
+    </permission>
+
+    <permission name="opengever.ris: Update Excerpt" acquire="False">
+      <role name="Manager" />
+      <role name="Member" />
+    </permission>
+
     <!-- SHARING -->
     <permission name="Sharing page: Delegate Administrator role" acquire="True">
       <role name="Administrator" />

opengever/core/tests/test_view_security.py

@@ -36,6 +36,8 @@
     # Add-form views are special adapters were the permission is stored
     # differently. These views are verified manually:
     'opengever.disposition.browser.form.DispositionAddView',
+    'opengever.ris.browser.ris_excerpt.RISReturnExcerptReceive',
+    'opengever.ris.browser.ris_excerpt.RISUpdateExcerptReceive',
 
     # The custom error page needs to be public, since errors may happen
     # during traversal or publish, in both cases security may not yet

opengever/core/upgrades/20250924150922_add_ris_return_excerpt_permission/__init__ .py

@@ -0,0 +1,10 @@
+<rolemap>
+  <permissions>
+
+    <permission name="opengever.ris: Return Excerpt" acquire="True">
+      <role name="Manager" />
+      <role name="Member" />
+    </permission>
+
+  </permissions>
+</rolemap>

opengever/core/upgrades/20250924150922_add_ris_return_excerpt_permission/rolemap.xml

@@ -0,0 +1,9 @@
+from ftw.upgrade import UpgradeStep
+
+
+class AddRisReturnExcerptPermission(UpgradeStep):
+    """Add ris return excerpt permission.
+    """
+
+    def __call__(self):
+        self.install_upgrade_profile()